Agencies Issue Joint Statement on BSA/AML Resource Sharing Arrangements
Massachusetts Grants Its First Recreational Marijuana Sales Licenses
Federal Banking Agencies Publish Revised Guidance on Real Estate Valuations
Financial Trade Groups Publish New Cybersecurity Assessment Tool
Other Developments: Call Reports and Interbank Settlements
1. Agencies Issue Joint Statement on BSA/AML Resource Sharing Arrangements
The federal banking agencies, along with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and the NCUA, have published a joint statement about the circumstances under which certain community banks and credit unions may enter into collaborative arrangements to share Bank Secrecy Act and anti-money laundering (“BSA/AML”) resources. According to the October 3 Interagency Statement on Sharing Bank Secrecy Act Resources, such collaborative arrangements generally would be suitable for institutions with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing. A collaborative arrangement would involve two or more banks or credit unions sharing BSA/AML resources, such as personnel, technology, or other resources to reduce costs, increase operational efficiencies, and leverage specialized expertise. The agencies expect institutions that use such collaborative arrangements to manage BSA/AML obligations will consider the collaboration in relation to the institution’s risk profile, implement adequate documentation of the relationship, consider legal restrictions, and establish appropriate oversight mechanisms consistent with sound principles of corporate governance, according to the joint statement. Click here for a copy of the joint statement.
Nutter Notes: According to the joint statement, potential benefits of collaborative arrangements for pooling BSA/AML resources include managing the costs of meeting BSA/AML compliance requirements and effectively managing the risks related to illicit finance. Such collaborative arrangements may also provide participating institutions with access to specialized expertise that may otherwise be challenging for each institution to acquire independently. The joint statement provides some examples of the types of BSA/AML functions that could be shared among institutions in a collaborative arrangement. One example involves sharing certain internal control functions. According to the joint statement, institutions may enter into a collaborative arrangement to share internal control functions that include reviewing, updating, and drafting BSA/AML policies and procedures, reviewing and developing risk-based customer identification and account monitoring processes, and tailoring monitoring systems and reports for the risks posed. The joint statement advises institutions to approach a collaborative arrangement for BSA/AML functions like other business decisions, including appropriate due diligence and thorough consideration of the risks and benefits.
2. Massachusetts Grants Its First Recreational Marijuana Sales Licenses
The Massachusetts Cannabis Control Commission (“CCC”) has issued its first recreational marijuana licenses to two companies, which may begin selling marijuana to adults over the age of 21 in Massachusetts once the companies have become established in the CCC’s mandatory seed-to-sale tracking system, pass an additional inspection, and satisfy certain final licensing conditions. According to the CCC’s October 4 announcement, both of the companies that have received licenses for retail marijuana operations already have licenses to dispense medical marijuana under the Massachusetts Medical Use of Marijuana Program. Because federal law still prohibits the distribution and sale of marijuana, financial transactions involving a marijuana-related business generally involve funds derived from illegal activity and are subject to BSA/AML reporting requirements and risk considerations. Earlier this year, U.S. Attorney General Jeff Sessions announced the rescission of previous guidance to federal prosecutors, commonly known as the Cole Memos, that described federal marijuana enforcement priorities and clarified whether and to what extent the U.S. Department of Justice (“DOJ”) would enforce federal drug laws against state-licensed, marijuana-related businesses – but declined to publicly announce any new marijuana enforcement priorities. FinCEN’s 2014 guidance, BSA Expectations Regarding Marijuana-Related Businesses, based on the previously announced federal marijuana enforcement priorities, remains effective despite the rescission of the Cole Memos. Click here for a copy of the CCC’s recreational marijuana licensing announcement.
Nutter Notes: The Massachusetts Division of Banks has not rescinded or withdrawn its 2016 guidance, Banking for Marijuana Related Businesses in Massachusetts, in which the Division stated that its “examiners will, as part of its examination processes, review whether financial institutions working with marijuana related business are following the FinCEN guidance.” The Division’s guidance also declared that the Division’s policy is that “[a]dherence to these guidelines and recommendations will satisfy the requirements of the Division of Banks for institutions under its supervisory jurisdiction.” While it is a crime under the federal Controlled Substances Act to manufacture, distribute, or dispense marijuana, federal prosecution of state-licensed medical marijuana businesses is hampered by the Rohrabacher-Blumenauer Amendment, which prohibits the DOJ from expending funds appropriated by Congress to prevent states from “implementing their own laws that authorize the use, distribution, possession, or cultivation of medical marijuana.” The amendment has been part of DOJ appropriations bills since fiscal year 2015 and has been renewed again through December 7, 2018, as part of the short-term spending bill signed by President Trump on September 28, 2018, to avert a government shutdown. It is unclear whether or to what extent the Rohrabacher-Blumenauer Amendment may also impede federal enforcement action against a licensee involved in both medical and recreational distributions, or whether future legislation may expand or repeal protections for state-licensed marijuana businesses.
3. Federal Banking Agencies Publish Revised Guidance on Real Estate Valuations
The federal banking agencies have issued updated guidance in the form of answers to frequently asked questions (“FAQs”) about the agencies’ real estate appraisal regulations and guidelines. The FAQs issued on October 16 explain that the agencies expect banks to have a program for valuing real property to ensure that their real estate lending is conducted in a safe and sound manner and in compliance with Title XI of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“Title XI”) and its implementing regulations. Title XI requires banks to obtain appraisals prepared by state-certified or state-licensed appraisers for all federally related transactions involving real estate. According to the FAQs, the agencies expect that a bank’s real estate appraisal program will be “commensurate with the complexity and nature of its real estate lending activities, risk profile, and business model,” and compliant with applicable law. The FAQs address the types of transactions that require an appraisal, certain exemptions from the appraisal requirements, and appraiser independence standards, among other topics. Click here for a copy of the FAQs.
Nutter Notes: The updated FAQs supersede the FAQs on real estate appraisals that were published on March 22, 2005, although certain of the 2005 FAQs have been incorporated into the updated FAQs. According to the agencies, the updated FAQs do not introduce new policy or guidance, but are meant to distill previously communicated policy and interpretations. Banks should not rely on the FAQs without also consulting Title XI and the agencies’ real estate appraisal regulations, which prescribe which real estate-related financial transactions require the services of an appraiser, which transactions must be appraised by a state-certified appraiser and which by a state-licensed appraiser, and set minimum standards for the performance of real estate appraisals in connection with covered transactions. Banks may also wish to consult the agencies’ real estate lending standards, the 2003 Interagency Statement on Independent Appraisal and Evaluation Functions, the 2010 Interagency Appraisal and Evaluation Guidelines, the 2016 Interagency Advisory on the Use of Evaluations in Real Estate-Related Financial Transactions, and the agencies’ joint rules on appraisals for higher-priced mortgage loans.
4. Financial Trade Groups Publish New Cybersecurity Assessment Tool
The Financial Services Sector Coordinating Council (“FSSCC”), which is composed of several financial services industry trade groups, has released a new Cybersecurity Profile that is intended to provide a common, credible approach to cybersecurity assessment. According to the FSSCC, the Cybersecurity Profile released on October 25 is complementary to the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (“NIST Cybersecurity Framework”) and is based in part on the FFIEC’s Cybersecurity Assessment Tool. The Cybersecurity Profile uses a questionnaire to identify a financial institution’s risk and complexity, and matches it with an appropriate cybersecurity assessment to reduce time spent on regulatory compliance and reconciling different cybersecurity examinations, according to the FSSCC. The Cybersecurity Profile may be used both for self-assessment and, by requiring service providers to complete it, third-party risk management. Click here to access the Cybersecurity Profile.
Nutter Notes: In its overview of the Cybersecurity Profile, the FSSCC said that after mapping financial services regulations, guidance, and supervisory expectations with the NIST Cybersecurity Framework and other industry standards, FSSCC found that over 80% of the supervisory instructions had a similar focus, but used different language or had slightly different compliance requirements. The Cybersecurity Profile is intended to reduce the compliance time needed to reconcile these differences, according to the FSSCC. While the FSSCC anticipates that regulatory agencies may allow financial institutions to use the Cybersecurity Profile self-assessment exercise for supervisory reporting and analysis, the federal banking agencies have not yet issued any public statement regarding the new tool.
5. Other Developments: Call Reports and Interbank Settlements
FFIEC Proposes Changes to Call Reports to Address CECL, HVCRE Exposures
The FFIEC announced proposed revisions to the Consolidated Reports of Condition and Income (“Call Report”) and certain other FFIEC reports on October 2 in response to changes in the accounting for credit losses under the Financial Accounting Standards Board’s Accounting Standards Update (“ASU”) 2016-13 and changes to the reporting of high volatility commercial real estate exposures (“HVCRE”) and reciprocal deposits resulting from the Economic Growth, Regulatory Relief, and Consumer Protection Act (“EGRRCPA”). Public comments on the proposed changes are due by November 27, 2018.
Nutter Notes: The proposal includes changes to the Call Report and the FFIEC 101 report that would implement the federal banking agencies’ proposed revisions to the regulatory capital rules for the current expected credit losses (“CECL”) methodology in ASU 2016-13, including a CECL regulatory capital transition. The reporting changes arising from the EGRRCPA affected the reporting of HVCRE exposures and reciprocal deposits beginning as of the June 30, 2018 report date. Click here for more details about the proposed reporting changes.
Federal Reserve Requests Public Input on its Faster Payments Initiative
The Federal Reserve on October 3 requested public comments on actions the agency could take to support faster electronic payments by facilitating real-time interbank settlements, which may include a service for real-time interbank settlement of faster payments that would be available 24 hours a day, 365 days a year, and a liquidity management tool that would enable transfers between Federal Reserve accounts on the same basis. Public comments are due by December 14, 2018.
Nutter Notes: The Federal Reserve has specifically asked for input on whether these services should be provided by the private sector or the Federal Reserve Banks, and whether these services would help achieve ubiquitous, nationwide access to safe and efficient faster payments. Click here for a copy of the request for public comment.