Headlines
- FDIC Directs Banks to Provide Notice Before Engaging in Crypto-related Activities
- FHFA Instructs Mortgage Servicers to Suspend Foreclosures for HAF Relief Applicants
- FDIC Highlights Risks Related to Fees Generated by Re-presentment of Electronic Payments
- Cybersecurity Agency Warns of Increased Risk of Russian Cyberattacks on Banks and Others
- Other Developments: Climate Risk and Enforcement Actions
1. FDIC Directs Banks to Provide Notice Before Engaging in Crypto-related Activities
According to guidance recently issued by the FDIC, banks that it supervises and that intend to engage in, or are already engaged in, activities involving cryptocurrencies or other digital assets should notify the FDIC and are encouraged to notify their state regulator. The new guidance, Financial Institution Letter no. FIL-16-2022 released on April 7, specifies certain information that a bank should include in such a notice of crypto-related activities. According to the guidance, the initial notice to the FDIC of crypto-related activities should describe the activity in detail and provide the bank’s expected timeline for engaging in the activity. The FDIC will review the initial notification and may request additional information necessary to “assess the safety and soundness, consumer protection, and financial stability implications of such activities,” which will vary on a case-by-case basis depending on the nature of the crypto-related activity. The FDIC will “provide relevant supervisory feedback” according to the guidance. The guidance instructs FDIC-supervised banks to send notices of crypto-related activities to the attention of their appropriate FDIC Regional Director. Click here for a copy of the FDIC’s guidance on notices of crypto-related activities.
Nutter Notes: According to its guidance, the FDIC is concerned about safety and soundness, financial stability, and consumer protection risks implicated by various crypto-related activities. Acting Comptroller of the Currency Michael Hsu noted in a public statement issued on April 27 that the OCC is concerned that stablecoins—a type of cryptocurrency that is designed to have a stable value relative to a fiat currency as compared with other types of cryptocurrency—lack “shared standards and are not interoperable.” Acting Comptroller Hsu proposed a standard setting initiative, similar to that undertaken by the Internet Engineering Task Force and World Wide Web Consortium, be established for stablecoins with representatives from firms engaged in crypto-related activities, academics, and government. Acting Comptroller Hsu also discussed various risks to consumers and financial stability related to stablecoins in his remarks on April 8 at the Institute of International Economic Law at Georgetown University Law Center, including policy considerations related to stablecoin stability, interoperability, and separability. He again advocated for an approach to mitigating run risk related to stablecoins based on bank regulation and supervision, with prudential standards to protect stablecoin holders.
2. FHFA Instructs Mortgage Servicers to Suspend Foreclosures for HAF Relief Applicants
The Federal Housing Finance Agency (“FHFA”) has announced that Fannie Mae and Freddie Mac (“GSEs”) will require mortgage servicers, including banks, to suspend foreclosure activities for up to 60 days upon notice that a borrower has applied for mortgage assistance under the U.S. Treasury Department’s Homeowner Assistance Fund (“HAF”). In its April 6 announcement, the FHFA said that it will continue to monitor effects of pandemic-related loan servicing policies on borrowers, the GSEs and their counterparties, and the mortgage market generally. Under the American Rescue Plan Act of 2021, the HAF can fund up to $9.96 billion in financial relief for states, territories, and tribal entities to provide homeowners with assistance to prevent mortgage delinquencies and defaults, foreclosures, loss of utilities or home energy services, and displacement of homeowners experiencing financial hardship after January 21, 2020. To qualify for relief from the HAF, a borrower must have experienced a COVID-related impact to their finances that caused them to miss three or more mortgage payments. Click here for a copy of the FHFA’s announcement.
Nutter Notes: In Massachusetts, the HAF Program is being administered by the Massachusetts Housing Partnership and the Massachusetts Housing Finance Agency in collaboration with a number of other agencies, including the Division of Banks. As we reported last month, the Division expects that all mortgage servicers under the Division’s supervision, including banks, will participate in the Massachusetts HAF Program for eligible consumers as consumers exit pandemic-related forbearances. The types of COVID-related hardships that may qualify a consumer for relief under the Massachusetts HAF Program include, but are not limited to, job loss, reduction in income, reduction in hours worked, increased costs due to health care, and increased costs due to the need to care for family members. Massachusetts HAF Program assistance is only available to owner-occupants of a single-family home, condominium, or 2- 3- or 4-family home located in Massachusetts who are using the home as their primary residence, have an income equal to or less than 150% of Area Median Income (which differs by region and household size), and have a conforming loan and not a jumbo loan (loan limits also vary by region).
3. FDIC Highlights Risks Related to Fees Generated by Re-presentment of Electronic Payments
The FDIC has issued a warning to banks that inadequate account disclosures and non-sufficient funds (“NSF”) fee practices for re-presentment of automated clearinghouse (“ACH”) payments and other items may result in heightened risk of violations of Section 5 of the Federal Trade Commission (“FTC”) Act, which applies to both business and consumer deposit accounts. The FDIC’s Spring 2022 Consumer Compliance Supervisory Highlights published on March 31 suggests a number of risk-mitigating measures that banks may consider to reduce the possibility of harm to depositors and avoid potential violations of Section 5 of the FTC Act. Those measures include eliminating NSF fees altogether or declining to charge more than one NSF fee for the same transaction, regardless of whether the item is re-presented. The FDIC also suggested that banks consider disclosing information about when NSF fees may be charged and how such fees will be imposed, including information about how multiple NSF fees may be assessed in connection with a single transaction, the frequency with which such fees can be assessed, and the maximum number of fees that can be assessed in connection with a single transaction. Click here for a copy of the Spring 2022 Consumer Compliance Supervisory Highlights.
Nutter Notes: Section 5 of the FTC Act prohibits unfair and deceptive acts or practices. If examiners determine that a bank’s disclosure of its NSF fee policies is inadequate or re-presentment charges are unfair to consumers, the bank may be required to review and refund the NSF fees charged to consumers that resulted from re-presentment of items. Under Massachusetts law, a bank may also be exposed to liability to consumers for re-presentment charges deemed unfair or deceptive under the Massachusetts consumer protection statute, Chapter 93A of the General Laws. Private claims, including class action claims, may be brought under Section 5 of the FTC Act and Chapter 93A of the General Laws of Massachusetts. Although the FDIC noted in the Spring 2022 Consumer Compliance Supervisory Highlights that re-presentment occurs when a merchant re-presents an ACH payment or electronic check on more than one occasion after the initial transaction was declined, it did not acknowledge the technical difficulties that banks face in distinguishing between the original presentment of an item and a re-presentment of the same item, or that ACH network rules often require banks to process re-presented items. At a minimum, banks should carefully review their customer disclosures regarding whether and how NSF may be charged for re-presented items.
4. Cybersecurity Agency Warns of Increased Risk of Russian Cyberattacks on Banks and Others
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) issued an alert warning U.S. businesses, including banks, of an increased risk of cyberattacks by Russian state-sponsored groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups. The Cybersecurity Advisory released jointly with several other nations on April 20 indicated that such attacks may come in response to the economic sanctions imposed on Russia and the support provided by the United States and its allies to Ukraine. The Cybersecurity Advisory includes information, security recommendations, and resources available to address the heightened threat of cyberattacks to critical infrastructure organizations. Recommendations provided by CISA for mitigating risks related to Russian cyberattacks include prioritizing software updates to patch known exploited vulnerabilities and critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment and prohibiting the use of passwords across multiple accounts and the storage of passwords on a system to which an unauthorized party may have access. Click here for a copy of the CISA Cybersecurity Advisory.
Nutter Notes: According to the Cybersecurity Advisory, Russian state-sponsored actors, such as the Russian Federal Security Service, have demonstrated capabilities to compromise information technology (“IT”) networks, maintain long-term, persistent access to IT networks, copy or remove sensitive data from IT and operational technology (“OT”) networks, and disrupt critical industrial control systems and OT functions by deploying destructive malware. Cybercrime groups that have independently pledged support for the Russian government or the Russian people or threatened to conduct cyber operations to retaliate against perceived attacks against Russia or support for Ukraine also pose an increased threat according to the Cybersecurity Advisory, including certain groups that have targeted banks in the past. The Cybersecurity Advisory recommends that organizations vulnerable to cyberattack prepare for cyber incidents by creating, maintaining, and exercising a cyber incident response and continuity of operations plan that includes policies specific to responding to ransomware and disruptive denial of service (or DDoS) attacks. The Cybersecurity Advisory also includes recommendations for identity and access management, protective controls and architecture, and related topics.
5. Other Developments: Climate Risk and Enforcement Actions
FDIC Publishes Draft Climate Risk Principles for Large Financial Institutions
The FDIC has requested public comment on draft principles that would provide a high-level framework for the safe and sound management of exposures to climate-related financial risks for the largest financial institutions. While the draft principles on climate-related financial risk management released on March 30 would apply to institutions with over $100 billion in total consolidated assets, they could be indicative of policies that may eventually apply to smaller banks. Public comments are due by June 3, 2022. Click here for a copy of the draft principles.
Nutter Notes: The FDIC’s draft principles on climate-related financial risk include the expectation that an institution’s board and management should “demonstrate an appropriate understanding of climate-related financial risk exposures and their impact on risk appetite to facilitate oversight.” The draft principles would also direct an institution’s board and management to consider and incorporate climate-related financial risks when identifying and mitigating all types of risk.
Federal Banking Agencies Propose Changes to Modernize Enforcement Proceedings
Federal banking agencies on April 13 jointly proposed changes to the Uniform Rules of Practice and Procedure applicable to administrative hearings to incorporate standards for the use of electronic communications and to “otherwise increase the efficiency and fairness of administrative adjudications.” Public comments on the joint proposal are due by June 13, 2022. Click here for a copy of the joint proposal on rules governing enforcement proceedings.
Nutter Notes: The proposed amendments to the rules governing formal enforcement proceedings issued also include a proposal by the OCC that would integrate certain rules so that one set of rules for enforcement proceedings applies to both national banks and federal savings associations.
