FDIC Advisory Establishes New Expectations Related to Board Oversight and BSA/AML Compliance Risk Management for Purchased Loans and Participations
On November 6, 2015, the FDIC issued an Advisory on Effective Risk Management Practices for Purchased Loans and Purchased Loan Participations (the “2015 Advisory”), which establishes “supervisory expectations” for state non-member banks in purchasing loans and loan participations.1 The 2015 Advisory is based upon principles established in outstanding guidance,2 but rescinds and replaces the FDIC’s September 12, 2012 Advisory on Effective Credit Risk Management Practices for Purchased Loan Participations (the “2012 Advisory”).3 The 2015 Advisory was presumably issued, at least in substantial part, in response to the reported sharp increase in bank loan purchases from so-called “FinTech” and other non-bank lenders and appears to respond to certain of the related safety and soundness concerns that have been expressed. Although the 2015 Advisory applies by its terms only to state non-member banks, it should be relevant for other banks as well.
Both the 2012 and 2015 Advisories are aimed at avoiding the potentially significant credit losses that can result from a purchasing bank’s undue reliance on a selling institution, as occurred in the lead-up to the 2008 financial crisis, but the 2015 Advisory is considerably more expansive than the 2012 Advisory and imposes substantial new obligations on state nonmember banks. Among other things, the 2015 Advisory establishes explicit expectations related to board oversight, Bank Secrecy Act/anti-money laundering (“BSA/AML”) compliance, and third-party risk management.
A. THIRD-PARTY RISK MANAGEMENT
Prompted by the increasing number of financial institutions purchasing loans from non-bank third parties and relying on third-party arrangements to facilitate the purchase of loans, the 2015 Advisory highlights the importance of managing these arrangements through an effective “third-party risk management” process. Specifically, bank management is expected to “perform due diligence prior to entering into a third-party relationship, as well as periodically during the course of the relationship.” The FDIC provides some insight into the steps an institution should (and should not) take to meet the FDIC’s expectations. First, third-party due diligence may not be outsourced. Second, due diligence must be performed with respect to any third party the purchasing institution relies on, including the loan broker, seller, originator, or servicer. Third, the due diligence should include an analysis of the third party’s financial capacity, as well as a review of the third party’s business reputation, experience, and compliance with federal and state laws, rules, and regulations, such as consumer protection and AML requirements. Depending on the circumstances, it could prove difficult to secure reliable information about such matters as compliance with federal and state legal and regulatory requirements.
B. BOARD OVERSIGHT
The 2015 Advisory establishes an expectation that management will “ensure that prior approvals from the board, or an appropriate committee, are obtained as necessary, including prior to entering into material third-party arrangements.” Further, management should “ensure that reports to the board provide sufficient account of the activity, performance, and risk of purchased loans and participations.”
C. BSA/AML COMPLIANCE
Under the 2015 Advisory, institutions are expected to “ensure compliance with outstanding BSA/AML requirements and should consider purchased loans and participation portfolios for the institution’s BSA/AML risk assessment.” The 2015 Advisory lacks detail, however, concerning these BSA/AML-related expectations, and it is unclear what steps the bank is expected to take to “ensure” another institution’s compliance.
D. OTHER NEW EXPECTATIONS
Other expectations introduced in the 2015 Advisory include the following:
- Institutions should conduct a profitability analysis of loan purchase and participation activity relative to the rate of return, taking into account the costs of properly overseeing the credits, and conduct an assessment of each credit’s rate of return and determine whether it is commensurate with the level of risk taken.
- Management should assess the ability to transfer, sell, or assign the interest, including the impact of contractual terms or market conditions and the liquidity and marketability of the interest. Any limitations are to be considered in the institution’s liquidity management function and when managing credit concentration limits. Purchasing institutions should ensure that they are not limited in their ability to transfer or sell an interest if necessary to maintain the institution’s safety and soundness or to comply with regulatory requirements. The ultimate resolution of Madden v. Midland Funding, LLC,4 which deals with the applicable usury laws on purchased loans, could have a significant impact on this analysis.
- Institutions should report purchased interests in accordance with generally accepted accounting principles. The FDIC notes that accounting treatment and the structure of a participation may impact the availability of safe harbor benefits under FDIC rules relating to receiverships and resolutions.
- Loan purchase and participation programs should be incorporated into the institution’s audit and loan review program.
Both the 2012 and the 2015 Advisories address bank lending policies, loan participation agreements, credit and collateral analyses, and due diligence and monitoring of participations. The 2015 Advisory, however, includes expanded discussions of the FDIC’s expectations in each of these areas.
A. LENDING POLICIES
The 2015 Advisory, like the 2012 Advisory, advises banks to establish a loan policy that outlines procedures for the subject loans, requires thorough borrower due diligence, mandates an assessment of the purchasing bank’s contractual rights and obligations, and considers certain aggregate concentration limits. The 2015 Advisory explains that the loan policy should also define loan types that are acceptable for purchase, establish concentration limits for a broader range of purchased loans and participations, require thorough independent credit and collateral analysis, and establish credit underwriting and administration requirements that are tailored to the risks and characteristics of the loans that may be purchased.
B. LOAN PARTICIPATION AGREEMENTS
Under the 2012 Advisory, participation agreements should be written and describe the lead institution’s responsibilities. The 2015 Advisory requires that such agreements include descriptions of the roles and responsibilities of all parties to the agreement, including the lead institution, lender, broker, and purchaser/participant. Similarly, while the 2012 Advisory was focused more narrowly on including in participation agreements requirements for obtaining timely borrower credit information, the 2015 Advisory refers broadly to securing timely “information and reports,” including credit information. The 2015 Advisory also emphasizes the importance of assessing and understanding all the terms of loan purchase or participation agreements, including any limitations placed on the purchasing institution, such as on the ability to participate in loan modifications, and states that institutions should “seek appropriate legal counsel to review purchase and participation agreements before they are finalized to determine rights, obligations, and limitations.”
C. INDEPENDENT CREDIT AND COLLATERAL ANALYSIS
Under both the 2012 and 2015 Advisories, institutions should perform the same degree of independent credit and collateral analysis when purchasing as they would originating a loan or participation. The 2015 Advisory provides additional insight into what constitutes an adequate analysis. Under the 2015 Advisory, an institution must have the requisite knowledge and expertise specific to the type of loans or participations purchased, secure all appropriate information needed to make an independent determination, and determine whether the loans or participations purchased are consistent with the board’s risk appetite and comply with loan policy guidelines both prior to commitment and on an ongoing basis. In the 2015 Advisory, the FDIC precludes institutions from contracting out independent credit and collateral analysis to a third party.
Of particular importance, if a purchasing institution relies on a third party’s credit models for credit decisions, the institution should perform due diligence to assess the validity of that credit model. The validation may be outsourced, provided the institution reviews the validation for sufficiency using the institution’s own staff with the requisite knowledge and expertise to understand the validation.
D. DUE DILIGENCE AND MONITORING
The 2015 Advisory, like the 2012 Advisory, provides that management should exercise caution and perform extensive due diligence with respect to out-of-territory loans to borrowers in an unfamiliar industry and ensure that the obligor, source of repayment, market conditions, and potential vulnerabilities are understood and monitored. The 2015 Advisory explains that this due diligence should occur prior to committing funds and on an ongoing basis and that management should monitor economic conditions in such industries and markets and respond to changes.
The 2015 Advisory is considerably more expansive than its predecessor and imposes substantial new obligations on state non-member banks related to loan purchases. It remains to be seen what impact the 2015 Advisory will have on such purchases, particularly from non-bank originators, by all banks