Financial Services Weekly Roundup - October 2018

Alexander Callen, Jessica Craig, Matthew Dyckman, Nicole Griffin, Mac Laban, William McCurdy
Goodwin
Contact
LinkedIn
Facebook
X
Send
Embed

Goodwin

Editor's Note

In This Issue. The Office of the Comptroller of the Currency (OCC) released its annual supervision operating plan outlining its bank supervision priorities, issued an updated Truth in Lending Act booklet, and provided guidance on prompt corrective action; the Financial Crimes Enforcement Network (FinCEN) joined forces with federal banking regulators to provide customer identification program relief for premium finance loans; the Consumer Financial Protection Bureau (CFPB) requested public comment on its collection and treatment of consumer data; and the Securities and Exchange Commission (SEC) charged a broker-dealer/investment advisory firm with deficient cybersecurity procedures. These and other recent developments are covered below.

Please note: The Roundup will be on hiatus due to the federal holiday observed next week. We will resume publication on October 17.

Regulatory Developments

OCC Releases Annual Supervision Operating Plan, Bank Supervision Priorities

On September 25, the Committee on Bank Supervision (CBS) of the OCC released its annual supervision operating plan outlining the OCC’s bank supervision priorities. The plan will guide CBS managers and staff in the development of their supervisory priorities, planning, and resource allocations for the fiscal year spanning October 1, 2018, to September 30, 2019 (FY 2019). In FY 2019, the OCC will focus on the following priorities: (1) cybersecurity and operational resiliency; (2) commercial and retail credit loan underwriting, concentration risk management, credit risk management, and allowance for loan and lease losses; (3) Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance; (4) process management for consumer compliance-related changes, including the Home Mortgage Disclosure Act, the integrated mortgage disclosure requirements under the Truth in Lending Act and Real Estate Settlement Procedures Act, and the Military Lending Act; and (5) internal controls and end-to-end processes necessary for product and service delivery, including emphasis on implementation of new and revised products or strategic partnerships. In FY 2019, CBS managers will differentiate among regulated institutions according to size, complexity, and risk profile when developing supervisory strategies and will devote resources to risk-focused examinations of technology service providers supporting critical processing and services.

FinCEN and Federal Banking Agencies Provide CIP Relief for Premium Finance Loans

On September 28, FinCEN and the OCC, Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration (Federal Banking Agencies) announced an exemption from the requirements of the customer identification program (CIP) rules implementing section 326 of the USA PATRIOT Act for loans extended by banks and their subsidiaries to commercial customers to facilitate purchases of property and casualty insurance policies (premium finance loans). Premium finance loans provide short-term financing to businesses to facilitate their purchases of property and casualty insurance policies. According to FinCEN, the exemption is appropriate as premium finance loans present a low risk of money laundering because of the purpose for which the loans are extended and limitations on the ability of a customer to use such funds for any other purpose. 

OCC Updates TILA Booklet of Comptroller’s Handbook

On September 26, the OCC issued a new Truth in Lending Act (TILA) booklet of the Comptroller’s Handbook. The Comptroller’s Handbook is prepared for use by OCC examiners in connection with their examination and supervision of national banks and federal savings associations. The new TILA booklet provides background information and optional expanded examination procedures for TILA and Regulation Z. This new TILA booklet replaces the prior booklet issued in December 2014.

OCC Updates Guidance on Prompt Corrective Action

On September 28, the OCC issued a bulletin setting forth the guidelines and procedures by which the OCC implements its authority under section 38 of the Federal Deposit Insurance Act, entitled “Prompt Corrective Action.” The purpose of prompt corrective action is to resolve the problems of insured depository institutions at the least possible long-term loss to the Deposit Insurance Fund. The bulletin rescinds Banking Circular 268, “Prompt Corrective Action,” and OCC Bulletin 1994-43, “Prompt Corrective Action – Capital Restoration Plans Guidelines: Guidelines.”

CFPB Request for Information on Collection and Treatment of Consumer Data

The CFPB, in assessing its current practices regarding the CFPB’s collection and treatment of consumer data, is seeking public feedback regarding its data governance program. More specifically, the CFPB is reviewing and seeking comment on how data should, or should not, be used for multiple functions, ways of reducing reporting burdens and increasing efficiency around data collections, and feedback on areas it could expand to better support the statutory objectives. The CFPB provides in its request for information the areas, in addition to the above, in which commenters should focus their comments. In conjunction, the CFPB issued a report on the Sources and Uses of Data at the Bureau of Consumer Financial Protection, which is available on the CFPB website. Comments are due December 27, 2018.

Client Alert: SEC Publishes Guidance on Form 10-Q

On September 24, the staff of the SEC Division of Corporation Finance published Guidance on how the disclosure simplification amendments adopted on August 17, 2018, will affect upcoming Form 10-Q quarterly reports. The guidance clarifies questions about the effective date of the amendments and provides important interpretive relief concerning the requirement to present changes in shareholders’ equity in interim financial statements contained in Form 10-Q quarterly reports. For more information, read the client alert issued by Goodwin’s Public Companies practice.

Enforcement & Litigation

SEC Charges Firm With Deficient Cybersecurity Procedures

On September 26, the SEC announced that Voya Financial Advisors, Inc. (VFA), a broker-dealer and investment adviser, settled charges related to violations of the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and prevent identity theft. This is the first SEC enforcement action charging violations of the Identity Theft Red Flags Rule. In the settlement order, the SEC alleged that, in 2016, cyber intruders impersonated VFA contractors over a six-day period by calling VFA’s support line and requesting that the contractors’ passwords be reset. The intruders then: 1) used the new passwords to gain access to the personal information of 5,600 VFA customers; 2) used the customer information to create new online customer profiles; and 3) used the customer profiles to obtain unauthorized access to multiple customers’ account documents. The order further alleged that VFA’s failure to terminate the intruders’ access stemmed from weaknesses in its cybersecurity procedures, some of which had been exposed during prior incidents involving similar conduct. According to the SEC, VFA also failed to apply its cybersecurity procedures to the systems used by its independent contractors, who comprise the largest segment of VFA’s workforce. Without admitting or denying the SEC’s findings, VFA consented to a cease and desist and censure and agreed to pay a $1 million penalty, and will retain an independent consultant to evaluate its policies and procedures for compliance with the Safeguards Rule, the Identity Theft Red Flags Rule and other related regulations. Commenting on this matter, Robert A. Cohen, Chief of the SEC Division of Enforcement’s Cyber Unit, stated that “this case is a reminder to brokers and investment advisers that cybersecurity procedures must be reasonably designed to fit their specific business models,” and that “[t]hey also must review and update the procedures regularly to respond to changes in the risks they face.”

Industry Groups Seek Preliminary Injunction to Enjoin CFPB’s Enforcement of the Payday Lending Rule

On September 14, the Community Financial Services Association of America, Ltd. and the Consumer Service Alliance of Texas (Industry Groups) moved for a preliminary injunction to prevent many of the provisions of the CFPB’s payday lending rule (12 C.F.R. Part 1041) from becoming effective on August 19, 2019. The payday lending rule tightly regulates loans with repayment terms of less than 45 days, and has been the subject of much contention. The Industry Groups argue that the rule will effectively “deny[] access to the crucial financial flexibility that many payday borrowers rely on.” For more information, view the LenderLaw Watch blog post.

 

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Goodwin | Attorney Advertising

Written by:

Goodwin
Goodwin
Contact
more
less

Goodwin on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide