Category Archives:Regulatory Compliance

Associations Supporting Regulatory Relief

On September 8, four trade associations representing 14,000 financial institutions – the American Bankers Association, the Credit Union National Association, the Independent Community Bankers of America, and the National Association of Federal Credit Unions – submitted a letter to Senate Banking Committee Chairman Richard Shelby and Ranking Member Sherrod Brown urging them to enact bipartisan legislation that would provide “regulatory relief to community financial institutions.” The letter describes the measures that community banks have been forced to make to address the “growing volume and complexity of regulations,” including cutting back on their loan officers ranks in favor of additional compliance staff and adjusting or eliminating financial products and services offered to consumers. The letter urges the Senate to pass the Financial Regulatory Improvement Act of 2015, S. 1484, which was approved by the Senate Banking Committee in May. This legislation, the letter claims, will “addresses statutory and regulatory obstacles that thwart the ability of community banks and credit unions to fully serve the diverse financial services needs of consumers.”


OCC Host Workshop in Dallas

The Office of the Comptroller of the Currency will host two workshops in Dallas at the Wyndham Dallas Suites – Park Central on October 20-21,  2015 for directors of national community banks and federal savings associations. The workshop is limited to the first 35 registrants and cost $99 to attend.

The Compliance Risk workshop on October 20 combines lectures, discussion, and exercises on the critical elements of an effective compliance risk management program. The workshop also focuses on major compliance risks and critical regulations. Topics of discussion include the Bank Secrecy Act, Anti-Money Laundering and Qualified Mortgage Regulations. The instructors will also touch on the new Truth-in-Lending (TILA) and the Real Estate Settlement Procedures Act of 1974 (RESPA) Integrated Disclosures Rule, also known as TRID.

Revised and updated for 2015, the Credit Risk workshop on October 21 focuses on credit risk within the loan portfolio, such as identifying trends and recognizing problems. The workshop also covers the roles of the board and management, how to stay informed of changes in credit risk, and how to effect change.

 The workshops are taught by experienced OCC staff and are two of the 35 offered nationwide to enhance and expand the skills of national community bank and federal savings association directors. For information, including a complete list of available workshops, or to register for a workshop, visit or call (240) 485-1700.

Community Bank Sensible Regulation Act

Senator Susan M Collins [R-ME] on July 21, 2015 introduced S. 1799, The Community Bank Sensible Regulation Act. The legislation would allow for banking regulators to have more discretion in reducing community bank burden. Last week, Senator Collins successfully was able to add the legislation to the financial services appropriations bill before it was approved by the Senate Appropriations Committee. It was included along with legislation from Senate Banking Committee Chairman Richard Shelby (R-Ala.) containing various provisions from ICBA’s Plan for Prosperity. Should the legislation be enacted community and regional banks under $10 billion in assets would greatly benefit and become exempt from regulations like the Volker Rule.

Remarks from EGRPRA Meeting in Boston

On May 4, OCC Comptroller Thomas J. Curry delivered remarks at the third outreach meeting held under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) in Boston. In his remarks the Comptroller acknowledged that smaller banks and thrifts don’t have the same kind of resources that large institutions can bring to bear on regulatory compliance, and noted that if they could eliminate unnecessary rules and streamline others, it would make it easier for these smaller institutions to serve the economic needs of their communities. With this in mind, it is expected that a fourth outreach meeting will be announced later this year focused solely on rural banks, which face their own unique challenges.

Curry noted that the agency continuing to work with Congress and the FFIEC to remove the outdated and onerous regulatory requirements currently imposed on these institutions: “If it is clear that a regulation is unduly burdensome, and if we have the authority to make changes to eliminate that burden, we will act.” Currently, the agency has presented lawmakers with three specific proposals to remove regulatory burden on smaller banks: (i) raise the asset threshold from $500 million to $750 million so that a greater number of community banks qualify for the 18-month examination cycle; (ii) provide a community bank exemption from the Volcker Rule; and (iii) provide greater flexibility to federal savings associations to change and expand their business strategies without changing their governance structure. Curry further stated, “I think these legislative proposals are meaningful steps which could help a great number of smaller institutions. But we shouldn’t stop there. We should be looking at every approach that might help community banks thrive in the modern financial world.”

In addition Curry noted the success of collaborative ventures between banks.”There are opportunities to save money by collaborating on accounting, clerical support, data processing, employee benefit planning, health insurance – and the list goes on.”

Regulatory Capital Rule's FAQs Released

Financial Institutions are accountable for complex risk-based regulatory capital rules. Some may use internal risk management models approved by the relevant regulator while others must use standardized rules set out in the regulations. On April 6th, The Federal Reserve, Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation (the agencies), issued FAQs for clarification for regulated institutions about the agencies’ regulatory capital rule. The FAQ topics included, but are not limited to:

  • The definition of capital,
  • High-volatility commercial real estate (HVCRE) exposures,
  • Real estate and off-balance-sheet exposures,
  • Equity exposures to investment funds,
  • Qualifying central counterparty, and
  • Credit valuation adjustment.

Reserve Banks are asked to distribute the FAQs to the state member banks, bank holding companies, and relevant savings and loan holding companies in their districts and to appropriate supervision staff.  As the agencies anticipate issuing additional FAQs in response to questions from institutions, the Federal Reserve will periodically update the FAQ document.

Technical Assistance to Meet Regulatory Requirements

Today, the FDIC released it’s third video developed to assist bank employees in meeting regulatory requirements. These videos address compliance with certain mortgage rules issued by the Consumer Financial Protection Bureau (CFPB). The first video, released on November 19, 2014, covered the Ability to Repay and Qualified Mortgage Rule. The second video, released on January 27, 2015, covered the Loan Officer Compensation Rule. The third video, released today, covers the Mortgage Servicing Rules. The three technical assistance videos are intended for compliance officers and staff responsible for ensuring the bank’s mortgage lending and servicing operations comply with CFPB rules.

The FDIC’s technical assistance videos and additional information can be accessed atL

Agencies Seek Comment to Reduce Burdensome Regulations

On June 4, the Fed, FDIC and OCC (“The Agencies”) published the first of several requests for comments to identify “outdated, unnecessary or unduly burdensome regulations imposed on insured depository institutions.”

The Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA) requires the federal banking regulators to review regulations issued by the agencies at least every 10 years. It also requires the regulators to break down the regulations by category, present each category for comment and identify areas of regulations that are outdated, unnecessary or unduly burdensome.

The first notice seeks comment on regulations from three categories: Applications and Reporting; Powers and Activities, and International Operations. The public will have until September 2, 2014, to review and comment on this first set of categories.

The agencies plan to schedule roundtable discussions with bankers and interested parties and will publish details about these sessions on the EGRPRA website as they are finalized.

Federal Register Notice (PDF)

Virtual Currencies Under Texas Money Services Act

On April 3, 2014, The Texas Department of Banking issued a supervisory memorandum interpreting how virtual currencies, including cryptocurrencies, will be regulated under the Texas Money Services Act. Virtual currencies have increased rapidly in recent years and, particularly with the advent of cryptocurrencies like Bitcoin, have raised novel questions in relation to money transmission and currency exchange. Due to this advent and rapid growth, the policy expresses the Department’s interpretation of the Texas Money Services Act, the application of its interpretation to various activities involving virtual currencies, and the regulatory treatment of virtual currencies under existing statutory definitions.

After discussing types of virtual currencies, the Department of Banking determines that for purposes of currency exchange under the Texas Finance Code, cryptocurrencies are not considered currencies under statute as they are not “coin and paper money issued by the government of a country.” Therefore absent a legislative change to the statute, no currency exchange license is required in Texas to conduct any type of transaction exchanging virtual with sovereign currencies.

In regards to money transmission, the Department of Banking declines to offer generalized guidance on centralized virtual currency under the Texas Money Service Act because such schemes require individual analysis. As to whether transactions in cryptocurrency should be considered money transmission, the Department of Banking indicates that the determination turns on the single question of whether they are “money or monetary value.” The Texas Finance Code defines the terms for “money” and “monetary value” to mean “currency or a claim that can be converted into currency through a financial institution, electronic payments network, or other formal or informal payment system.” As noted in the currency exchange analysis, cryptocurrencies are not issued by a government as legal tender and thus are not “currency”. The Department of Banking reasons that because owners of cryptocurrency do not have a guaranteed right to convert their cryptocurrency into sovereign currency, cryptocurrencies are also not a “claim” within the meaning of the statute. Cryptocurrency is therefore not considered “money or monetary value” under the Money Service Act.

Because cryptocurrency is not money under the Money Services Act, receiving it in exchange for a promise to make it available at a later time or different location is not money transmission. Consequently, absent the involvement of sovereign currency in a transaction, no money transmission can occur. However, when a cryptocurrency transaction does include sovereign currency, it may be money transmission depending on how the sovereign currency is handled. To provide further guidance, the regulatory treatment of some common types of transactions involving cryptocurrency can be determined as follows. 

  • Exchange of cryptocurrency for sovereign currency between two parties is not money transmission. This is essentially a sale of goods between two parties. The seller gives units of cryptocurrency to the buyer, who pays the seller directly with sovereign currency. The seller does not receive the sovereign currency in exchange for a promise tomake it available at a later time or different location.
  • Exchange of one cryptocurrency for another cryptocurrency is not money transmission (regardless of how many parties are involved).
  • Transfer of cryptocurrency by itself is not money transmission.
  • Exchange of cryptocurrency for sovereign currency through a third party exchanger is generally money transmission.
  • Exchange of cryptocurrency for sovereign currency through an automated machine is usually but not always money transmission.

Lastly, the Department of Banking highlights three considerations that cryptocurrency businesses that conduct money transmission must comply with for licenses in Texas: (1) because a money transmitter conducting virtual currency transactions conducts business through the Internet, the minimum net worth requirement is $500,000 (and possibly up to $1,000,000), (2) a license holder may not include virtual currency assets in calculations for its permissible investments, and (3) applicants must provide a third party security audit of their computer systems in order to ensure the virtual currency is safeguarded for consumers.

Read more of Supervisory Memorandum – 1037.

Financial Institution's Guidance for Social Media

In 2013, members of the Federal Financial Institutions Examination Council (FFIEC), published final supervisory guidance titled “Social Media: Consumer Compliance Risk Management Guidance.” In the paper the FFIEC provided guidance to address the applicability of federal consumer protection and compliance laws, regulations, and policies to activities conducted via social media by financial institutions. In the paper the FFIEC points out that financial institutions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public, and engaging with existing and potential customers. Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions. The Agencies believe social media, as any new communication technology, has the potential to improve market efficiency. Social media may more broadly distribute information to users of financial services and may help users and providers find each other and match products and services to users’ needs. To manage potential risks to financial institutions and consumers, however, financial institutions should ensure their risk management programs provide oversight and controls commensurate with the risks presented by the types of social media in which the financial institution is engaged, including but not limited to, the risks outlined within this guidance. Financial institutions must be aware that examiners will look at compliance efforts and policies related to the institution’s use of social media. As more institutions utilize social media, such as Facebook, LinkedIn, Twitter and other services to engage customers, the FFIEC has now issued guidelines that must be reviewed and integrated in the risk management program. The new guidance will be used as supervisory guidance by the OCC, Federal Reserve, FDIC, NCUA and CFPB, and the institutions they supervise are “expected to use the Guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement with social media.” Even if social media is not integrated into a financial institution’s operations, the paper suggest that all financial institutions have a guidance plan in place. To formalize the plan they suggest input from compliance, technology, information security, legal, human resources and marketing constituents. Additionally, the Guidance states that institutional should provide guidance and training for employee official use of social media. The FFFIEC has provided a general outline of concepts to include in a risk management program, which are as follows:

  • A governance structure with clear roles and responsibilities whereby the board of directors or senior management direct how using social media contributes to the strategic goals of the institution and establishes controls and ongoing assessment of risk in social media activities;
  • Policies and procedures regarding the use and monitoring of social media and compliance with all applicable consumer protection laws, regulations, and guidance. Further, policies and procedures should incorporate methodologies to address risks from online postings, edits, replies, and retention;
  • A due diligence process for selecting and managing third-party service provider relationships in connection with social media;
  • An employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities;
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or a contracted third party;
  • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance; and
  • Parameters for providing appropriate reporting to the financial institution’s board of directors or senior management that enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

Finally, more than half of the Guidance is dedicated to specific compliance and legal risks presented by social media. This information discusses laws and regulations that may be relevant to a financial institution’s social media activities, and further discusses the following laws:

  • Truth in Savings Act
  • Equal Credit Opportunity Act/Reg B and Fair Housing Act
  • Truth in Lending Act/Reg Z
  • Real Estate Settlement Procedures Act
  • Fair Debt Collection Practices Act
  • Unfair, Deceptive or Abusive Acts or Practices
  • Deposit Insurance or Share Insurance (FDIC/NCUA notices)
  • Electronic Fund Transfer Act/Reg E
  • Rules Applicable to Check Transactions (UCC provisions)
  • Bank Secrecy Act/Anti-Money Laundering Programs
  • Community Reinvestment Act
  • Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines
  • CAN-SPAM and Telephone Consumer Protection Act
  • Children’s Online Privacy Protection Act
  • Fair Credit Reporting Act

Since community banks strive to be a part of the community and interact with their clients, developing a risk management program is essential and laws and regulations need to be addressed. Community banks and other financial institutions should consult the Guidance to identify the specific risks in each of these statutes, as well as other practices that they can implement into part of their risk management programs.

Mid Size Banks Stress Test

Three federal bank regulatory agencies (the Federal Reserve, the FDIC and the Comptroller of the Currency) issued a press release regarding final guidance describing supervisory expectations for annual stress tests. Financial institutions with total assets of $10 – $50 billion are required to conduct the stress tests annually under rules issued pursuant to Dodd-Frank Wall Street Reform (Section 165(i)(2)) and Consumer Protection Act. These firms are required to perform their first stress tests under the Dodd-Frank Act by March 31, 2014.

The final Guidance for Medium-Size Banks is outlined as follows:

  • Stress Test Timelines
  • Scenarios for Stress Tests : Medium-Size Banks must assess the potential impact of a minimum of three macroeconomic scenarios—baseline, adverse, and severely adverse—on their consolidated losses, revenues, balance sheet (including risk-weighted assets), and capital.The Federal Agencies will provide a description of any additional scenarios no later than Nov. 15 each calendar year.
  • Stress Test Methodologies and Practices : In conducting a stress test, Medium-Size Banks must estimate loss projections, PPNR, balance sheet and risk-weighted asset projections, estimates for immaterial portfolios, projections for quarterly provisions and ending allowance for loans and lease losses, and projections for quarterly net income for each scenario. Stress test methodologies and key practices should be commensurate with the bank’s size, complexity and sophistication. Key practices for stress tests include the appropriate use of data sources, data segmentation and model risk management. Medium-Size Banks may use partially validated risk models, provided that such banks have (1) made an effort to identify models based on materiality and highest risk and to prioritize validation activities accordingly; (2) applied compensating controls so that the output from models that are not validated or are only partially validated are not treated the same as the output from fully validated models; and (3) clearly documented such cases and made them transparent in reports to model users, senior management and other relevant parties.
  • Estimating the Potential Impact on Regulatory Capital Levels and Capital Ratios
  • Controls, Oversight and Documentation : Senior management must establish and maintain a system of controls, oversight and documentation, including policies and procedures designed to ensure that its stress-testing processes comply with Dodd-Frank requirements. Board of directors or a committee must then review and approve the stress-testing policies and procedures processes. In addition, the board of directors and senior management must receive a summary of the results of the stress test. The board of directors and senior management must consider the results of the stress test in the normal course of business and as part of the bank’s ongoing capital planning, assessment of capital adequacy and risk management practices.
  • Report to Supervisors : Medium-Size Banks must report the results of the stress test to the appropriate Federal Agencies by March 31 of each year.
  • Public Disclosure of Stress Tests : Medium-Size Banks must also publicly disclose a summary of the results of the stress test in the period beginning on June 15 and ending on June 30 of each year. A summary of the stress test results should also be included on the bank’s website.

The agencies’ stress test rules are flexible to accommodate different risk profiles, sizes, business mixes, market footprints, and complexity for companies in the $10 billion to $50 billion asset range. Consistent with this flexibility, the final guidance describes general supervisory expectations for these companies’ Dodd-Frank Act stress tests, and, where appropriate, provides examples of practices that would be consistent with those expectations.

The final guidance from the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency is similar to proposed guidance issued by the agencies last year. The agencies clarified certain aspects in response to comments received.

Read More Here