In This Issue. The NYDFS revised its proposed cybersecurity regulations, the FDIC sought comment on its new de novo bank deposit insurance handbook, federal banking agencies finalized streamlined call reports for smaller banks and the CFPB entered into consent orders with two national credit reporting agencies over allegations that the agencies violated the Consumer Financial Protection Act. These and other developments are covered below.
Regulatory Developments
New York Revises New Cybersecurity Rules
On December 28, the New York Department of Financial Services (DFS) announced that it had revised its proposed cybersecurity regulations in response to public comments that they would be too burdensome, particularly on smaller institutions. The proposed rules, which were initially announced on September 13, 2016, and set to take effect on January 1, 2017, were billed as a “first-in-the-nation regulation” to protect New York residents from cyberattacks. It would require banks, insurers and other financial services companies regulated by DFS to set up a cybersecurity program aimed at protecting consumer information from cyberattacks. The revised regulation eases certain reporting and encryption requirements, and exempts small institutions from complying with certain sections of the rule. The rule, as revised, is set to take effect March 1, 2017.
Comments Sought for Proposed Deposit Insurance Application Handbook
On December 22, the Federal Deposit Insurance Corporation (FDIC) announced the development of, and invited public comment on, a new handbook designed to assist de novo bank organizers applying for federal deposit insurance. The handbook is meant to be a resource for organizers navigating a de novo institution’s initial organizational phases, including pre-filing activities, the federal deposit insurance application process and pre-opening activities. While functioning as a centralized reference, the handbook also contains helpful links, references and other resources. The handbook is intended to clarify the FDIC’s process, not to establish new or modify current FDIC policy or guidance. The 60-day comment period ends on February 20, 2017.
Federal Agencies Streamline Call Reports for Smaller Banks
On December 30, the federal banking agencies finalized a new, streamlined quarterly consolidated report of condition and income (a.k.a., a call report) for banks with less than $1 billion in assets and no foreign offices. The new call report, effective with the March 31, 2017, filing date, reduces the total number of pages for small banks from 85 to 61 as a result of removing approximately 40% of the currently required data items. Recognizing that small institutions operate under widely varying business models, a supplemental schedule to the streamlined call report, to the extent applicable, would be used to collect data on complex and specialized activities.
OCC Finalizes Rule Banning Industrial Or Commercial Metal
On December 28, Office of the Comptroller of the Currency (OCC) issued a final rule that prohibits national banks from investing or dealing in any industrial or commercial metal. This prohibition came about as a result of various federal agencies reviewing banking activities as required by the Dodd Frank Act. Previously, on the basis of an interpretive letter issued in 1995, banks were permitted to buy and sell copper on the grounds that trading copper, at that time, was becoming increasingly similar to trading gold, silver, platinum and palladium. The 1995 interpretive letter stated that national banks could buy and sell copper under the express authority to buy and sell coin and bullion and as part of or incidental to the business of banking. The final rule, which supersedes the 1995 letter, (1) excludes industrial and commercial metals from the terms “coin,” and “bullion”; and (2) provides that dealing or investing in industrial or commercial metal is not part of, or incidental to, the business of banking. The final rule also provides a one-year divestiture period for banks that currently hold industrial or commercial metal, and explicitly applies the prohibition to federal savings associations.
Agencies Release Annual CRA Asset-Size Threshold Adjustments for Small and Intermediate Small Institutions
On December 29, the federal bank regulatory agencies announced final rule adjustments to the asset-size thresholds they use to define “small bank” or “small savings association” and “intermediate small bank” or “intermediate small savings association” under the Community Reinvestment Act (CRA) regulations, effective on January 1, 2017. The CRA requires annual adjustments to the asset-size thresholds, which are based on changes in the Consumer Price Index (CPI). As a result of a 0.84 percent increase in the CPI in this cycle, the definition of “small bank” or “small savings association” has changed to mean an institution that, as of December 31 of either of the prior two calendar years, had assets of less than $1.226 billion. Similarly, the definition of an “intermediate small bank” or “intermediate small savings association” has changed to mean an institution with assets of at least $307 million as of December 31 of both of the prior two calendar years and less than $1.226 billion as of December 31 of either of the prior two calendar years. A list of the current and historical asset-size thresholds is available on the Federal Financial Institutions Examination Council’s website.
CFPB Updates Resources for HMDA Filers
The Consumer Financial Protection Bureau (CFPB) has updated its Resources for HMDA Filers webpage. The 2017 Loan/Application Register Formatting Tool has been released and modifications have been made to the Technology Preview, Filing Instructions Guide for data collected in or after 2018, and Frequently Asked Questions (FAQs).
Enforcement & Litigation
CFPB Enters Consent Orders With Credit Reporting Agencies Over Allegedly Deceptive Credit Scores
On January 3, the CFPB announced that it had entered into two consent orders, available here and here, with two national credit reporting agencies over allegations that the agencies violated the Consumer Financial Protection Act by misrepresenting how lenders use certain credit scores that the agencies sell to consumers. The CFPB also alleged that the agencies enrolled consumers in monthly credit monitoring subscription services without obtaining consumers’ informed consent. View the Enforcement Watch blog post.
National Mortgage Lender Settles False Claims Act Allegations For $48 Million
On December 28, the U.S. Department of Justice (DOJ) announced a $48 million settlement with a national mortgage lender, resolving allegations that the lender violated the False Claims Act by underwriting and endorsing Federal Housing Administration (FHA)-insured loans that failed to comply with FHA underwriting guidelines. View the Enforcement Watch blog post.
DOJ Settles With Ohio Banks Over Alleged Lending Discrimination
On December 28, the U.S. Department of Justice (DOJ) announced that it filed a complaint against, and entered a consent order with, two Ohio-based banks, resolving allegations that the banks had violated the Fair Housing Act and Equal Credit Opportunity Act by engaging in discriminatory lending. View the Enforcement Watch blog post.
