Regulatory Developments

Agencies Issue Joint Proposal to Strengthen and Modernize CRA Regulations

On May 5, the FDIC, the FRB and the OCC issued a joint Notice of Proposed Rulemaking (NPR) to “strengthen and modernize” the regulations that implement the CRA, which have not been significantly revised since 1995.

The agencies’ joint announcement of the NPR states that the proposed rules are intended to strengthen and modernize the CRA by providing greater clarity, consistency and transparency in the application of the regulations. The NPR would add more standardized metrics for regulators’ CRA examinations and more clearly delineate activities that will qualify for CRA credit.

Key components of the NPR include:

• Setting higher asset size thresholds for small, intermediate and large banks—small banks would be defined as those with assets of up to $600 million, intermediate banks would be those with assets of at least $600 million but less than $2 billion, and large banks would be those with assets of at least $2 billion;
• While maintaining “facility-based” CRA assessment areas as a baseline, expanding the scope of assessment areas beyond locations in which banks maintain offices, branches and other facilities to include activities associated with online and mobile banking, branchless banking and hybrid models;
•  Developing and maintaining a publicly available list of examples of activities that qualify for CRA credit, as well as establishing a process for banks to obtain confirmation of the eligibility of certain activities;
• Clarifying eligibility criteria for community development activities, and incorporating concepts currently set forth in interagency guidance directly in the regulations;
• Expanding activities that qualify for CRA credit, including for mission–based entities that serve minority groups, women and low-income consumers and Native Land Areas;
• Emphasizing smaller value loans and investments;
• Permitting small banks to continue to be evaluated under the existing CRA regulatory framework, with the option to be evaluated under aspects of the new proposed framework;
• Establishing four tests for large banks, and applying more detailed versions of those tests to large banks with assets of at least $10 billion; and
• Requiring large banks with at least $10 billion in assets to collect, maintain and report data for their retail deposits lending and services, community development loans, investments and services, and assessment areas.

The agencies will accept public comments on the NPR through August 5, 2022. Interested parties should carefully review the NPR and provide their comments to help shape these substantial revisions to the CRA regulations.

SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit

On May 3, the SEC announced its plan to allocate 20 additional positions to the newly renamed Crypto Assets and Cyber Unit (the Unit) in the Division of Enforcement (the Division), for a total of 50 dedicated positions within the Division. The Unit is responsible for investigating securities violations regarding crypto asset offerings, crypto asset exchanges, lending and staking products, decentralized platforms, non-fungible tokens and stable coins. The SEC stated that it is important to dedicate additional resources to the Division and the Unit as more investors access the crypto markets. Since 2017, the formally named Cyber Unit has brought over 80 enforcement actions resulting in more than $2 billion in monetary relief. 

“The bolstered Crypto Assets and Cyber Unit will be at the forefront of protecting investors and ensuring fair and orderly markets in the face of these critical challenges.”
- SEC Division of Enforcement Director Gurbir S. Grewal

FINRA Notifies Member Firms of CISA Alert

On May 2, FINRA notified its member firms of a previously issued alert from CISA. On April 20, CISA joined cybersecurity authorities across Australia, Canada, New Zealand and the United Kingdom in issuing an alert (the Alert) concerning the threat of malicious cyber activity related to the Russian invasion of Ukraine and the economic sanctions the U.S. and its allies and partners imposed upon Russia. The Alert noted that the Russian government is exploring options for potential cyberattacks. Previous Russian state-sponsored cyber operations have included distributed denial-of-service attacks, and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations. Additionally, the Alert outlines a number of controls and best practices that firms should implement to prevent issues, to prepare for cyberattacks and to respond to incidents if they do occur.

Acting Comptroller Discusses Bank Mergers

On May 9, Acting Comptroller of the Currency Michael J. Hsu discussed the need to update the framework used to analyze bank merger applications. In his remarks, Mr. Hsu discussed proposed mergers in the context of bank competition, financial stability and facilitating the needs of communities. The goal of the updated frameworks is to reduce the risk bad mergers and allow for good mergers to happen. Mr. Hsu remarked that bank mergers should serve communities, support financial stability and industry resilience, enhance competition, and enable diversity and dynamism of the banking industry. Mr. Hsu directed senior members of his staff to work with the U.S. Department of Justice and the other federal banking agencies to review merger frameworks. 

CFPB to Supervise Fintechs Based on Consumer Risk

On April 25, the CFPB announced that it will examine fintechs and other nonbank financial enterprises, based on reasonably determined consumer risk, supported by complaints received by the CFPB or other sources of information. This announcement was featured again in the CFPB’s Supervisory Highlights, Issue 26, Spring 2022. 

Read the client alert for Goodwin’s take on the supervisory risk to nonbanks and nonbank risk mitigation.

CFPB Issues Advisory Opinion on Coverage of ECOA

On May 9, the CFPB published an advisory opinion affirming that the term “applicant” in the ECOA applies to individuals and businesses both during the process of requesting credit as well as after credit has been extended, protecting all consumers from discrimination in all aspects of a credit arrangement, including existing borrowers or accountholders. The CFPB emphasized creditors’ obligation to notify consumers in the event of an adverse action with respect to a consumer’s credit, including revocation of credit or any other unfavorable change in the terms of a credit arrangement.

U.S. Blocks Additional Russian Interests and Restricts Certain Management and Related Services and the Export of Certain Non-Dual Use Items in Latest Actions Against Russia

On May 8 and on May 11, the U.S. Government has announced additional measures to counter Russia’s war against Ukraine. 

Read the client alert to learn more about these actions.

Four Lessons from Two FINRA Enforcement Actions Against Crowdfunding Portals

On May 4, FINRA announced that it had fined two FINRA-registered funding portals a combined $1.75 million for failing to comply with securities laws and rules designed to protect crowdfunding investors. In its announcement, FINRA said that the enforcement actions against the two funding portals originated from FINRA’s examination program. 

Read the client alert to read about the findings from these actions.

[View source.]