The Nutter Bank Report is a monthly electronic publication of the firm’s Banking and Financial Services Group and contains regulatory and legal updates with expert commentary from our banking attorneys.
- Division of Banks Advises Massachusetts Banks to Join Cybersecurity Organization
- Banking Agencies Recommend Amendments to Intercompany Tax Allocation Agreements
- SEC Issues New Guidance on Compliance with Municipal Adviser Registration Rules
- OCC Issues Interim Exam Procedures for Volcker Rule Compliance
- Other Developments: Consumer Compliance and Regulatory Burden
1. Division of Banks Advises Massachusetts Banks to Join Cybersecurity Organization
The Massachusetts Division of Banks has issued guidance advising all Massachusetts state-chartered banks to become members of the Financial Services-Information Sharing and Analysis Center (“FS-ISAC”) as a component of a comprehensive cybersecurity program. According to the June 18 letter to bank chief executives, membership in the FS-ISAC is viewed as a best practice by the Division. The FS-ISAC is a nonprofit and private financial services sector organization established in response to Presidential Directive 63, which mandated that the public and private sectors share information about physical and cybersecurity threats and vulnerabilities to help protect critical infrastructure in the U.S. The FS-ISAC’s primary function is to share physical and cybersecurity threat and incident information to enhance the ability of banks and other financial services to prepare for, respond to, and mitigate the risks associated with such threats. The FS-ISAC provides an anonymous information sharing capability across the entire financial services industry. Upon receiving a submission of a potential threat, the FS-ISAC verifies and analyzes the threat and identifies any recommended solutions before alerting FS-ISAC members. The U.S. Department of the Treasury and the U.S. Department of Homeland Security rely on the FS-ISAC to disseminate critical information to the financial services sector in times of crisis. The Division’s guidance also encourages banks to subscribe to other reliable resources that can help quickly identify cybersecurity risks as they emerge.
Nutter Notes: Membership in the FS-ISAC requires an annual fee, the amount of which depends on the size and complexity of the institution and the level of service selected. According to its guidance, the Division does not recommend one level of membership over another. The guidance also encourages banks to consider subscribing to the United States Computer Emergency Readiness Team, the U.S. Secret Service Electronic Crimes Task Force and the FBI InfraGard. In addition, the FFIEC on June 24 launched a cybersecurity web page to provide a central repository for cybersecurity resources available to depository institutions. The FFIEC’s announcement coincided with the beginning of a cybersecurity assessment pilot program to be conducted by state and federal bank examiners at more than 500 community institutions. The cybersecurity assessments will be completed during regularly scheduled examinations, according to the FFIEC. The FFIEC said that the assessments are meant to evaluate how smaller financial institutions are managing cybersecurity and mitigating increasing threats. The FFIEC said that examiners will focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management and cyber incident management and resilience.
2. Banking Agencies Recommend Amendments to Intercompany Tax Allocation Agreements
The federal banking agencies have released final supplemental guidance on intercompany income tax allocation agreements involving holding companies and subsidiary banks recommending that such agreements be amended, if necessary, to acknowledge that an agency relationship exists between the holding company and its subsidiary bank with respect to tax refunds. According to the agencies, the June 13 guidance was issued to reduce confusion about the ownership of tax refunds. The new guidance supplements an interagency policy statement on income tax allocation issued by the agencies in 1998. The 1998 statement said that a holding company that receives a tax refund from a taxing authority obtains such funds as agent for its subsidiary banks and other affiliates. The new supplemental guidance instructs subsidiary banks and their holding companies to review their tax allocation agreements to ensure the agreements expressly acknowledge that the holding company receives any tax refunds as an agent. The new guidance includes a model clause that the agencies recommend be inserted into tax allocation agreements to clarify that an agency relationship exists between the holding company and its subsidiary depository institutions with respect to tax refunds. The guidance also clarifies how sections 23A and 23B of the Federal Reserve Act, which establish certain restrictions on and requirements for transactions between depository institutions and their affiliates, apply to tax allocation agreements.
Nutter Notes: The federal banking agencies said that the new guidance was issued in response to disputes between holding companies in bankruptcy and receivers for failed depository institutions about the ownership of tax refunds. The agencies said that courts have come to differing conclusions about whether holding companies or their depository institution subsidiaries own tax refunds based on their interpretation of language in tax allocation agreements. According to the new guidance, tax allocation agreements should require a holding company to forward promptly any payment due to its depository institution subsidiary under the tax allocation agreement and specify the timing of such payment. Agreements that allow a holding company to hold and not promptly transmit tax refunds received from the taxing authority and owed to a depository institution are inconsistent with the requirements of section 23B of the Federal Reserve Act and subject to supervisory action, according to the new guidance. The guidance provides that an agency’s determination of whether such a provision, or the tax allocation agreement taken as a whole, is consistent with section 23B will be based on the facts and circumstances of the particular tax allocation agreement and any associated refund. In general, section 23B requires affiliate transactions to be made on terms and under circumstances that are substantially the same, or at least as favorable to a bank, as comparable transactions involving nonaffiliated companies or, in the absence of comparable transactions, on terms and circumstances that would in good faith be offered to non-affiliated companies.
3. SEC Issues New Guidance on Compliance with Municipal Adviser Registration Rules
The SEC has updated its answers to frequently asked questions about the final rules for the registration of municipal advisors in part to provide guidance on the application of exemptions from registration requirements available to banks. The May 19 updates clarify the application of bank exemptions as they apply to dual employees and the direct purchase of municipal securities by a bank. The SEC’s updated guidance addresses whether a dual employee of a bank and a broker-dealer affiliate may provide advice to a municipal entity or “obligated person” within the scope of the bank exemption when acting in the employee’s capacity as a bank employee, and advice within the scope of the underwriter exclusion under the final rules when acting in the employee’s capacity as a broker-dealer. (An “obligated person” is a conduit borrower who is committed to support the payment obligations on municipal securities.) According to the SEC guidance, a dual employee may provide advice within the scope of the bank exemption while acting in the capacity of a bank employee and may provide advice within the scope of the underwriter exclusion while acting in the capacity of a broker-dealer “if the dual employee discloses to the municipal entity or obligated person the capacity in which the dual employee is acting in advance of providing any advice.” The guidance explains that, to provide advice in both capacities without triggering the registration requirements, the dual employee must meet and fulfill the requirements of both the bank exemption and the underwriter exclusion under the final rules.
Nutter Notes: The SEC’s updated guidance also clarified that a bank may rely on the bank exemption to make recommendations concerning the structure, timing, terms and similar matters with respect to municipal securities when the bank intends to purchase such securities directly from a municipal entity for the bank’s own account. The bank exemption in the municipal adviser registration rules provides that a bank may provide advice to a municipal entity or obligated person with respect to “the purchase of a municipal security by the bank for its own account.” The SEC stated in its adopting release that “banks providing municipal entities or obligated persons with the terms under which they would purchase securities for their own account are not engaging in municipal advisory activity,” that would trigger the registration requirements. Accordingly, a bank may rely on the bank exemption to give advice to a municipal entity regarding the structure, timing and terms under which the bank would purchase securities for its own account. However, according to the guidance, if a bank provides such advice to a municipal entity or obligated person with respect to an issuance of municipal securities that extends beyond those municipal securities that the bank plans to purchase for its own account, then such advice would constitute municipal advisory activity that would trigger the registration requirements.
4. OCC Issues Interim Exam Procedures for Volcker Rule Compliance
The OCC has issued interim examination procedures that will be used to assess the progress made by national banks and federal savings associations in developing policies and procedures to comply with requirements of the Volcker Rule during the conformance period. The regulations that implement the Volcker Rule became effective on April 1, 2014, and banks must bring their investments and activities into conformance with the Volcker Rule by July 21, 2015. According to the OCC, the interim examination procedures released on June 12 focus on identifying activities subject to the rule, assessing banks’ progress toward establishing compliance programs and evaluating banks’ plans for conforming covered fund securitization, asset management and sponsorship activities. The examination procedures also emphasize the progress made by banks with trading assets and liabilities of $50 billion or more on a worldwide consolidated basis in being able to report quantitative metrics as required by the rule, according to the OCC. Community banks that do not engage in trading activities covered by the Volcker Rule’s implementing regulations, make investments subject to the regulations or sponsor covered funds, have no compliance obligations and are not subject to the new examination procedures. The Volcker Rule—Section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act—and its implementing regulations prohibit banks from engaging in short-term proprietary trading of financial instruments and from owning, sponsoring, or having certain relationships with hedge funds or private equity funds (also known as covered funds).
Nutter Notes: The compliance program requirements under the regulations that implement the Volcker Rule vary depending on a bank’s total consolidated assets. Banks with total consolidated assets of $10 billion or less that are engaged in covered activities can satisfy simplified compliance program requirements under the regulations by including in their existing compliance policies and procedures appropriate references to the requirements of the regulations, and adjustments, as appropriate, given each bank’s activities, size, scope and complexity. Banks with total consolidated assets greater than $10 billion and less than $50 billion must develop and administer standard compliance programs unless they are subject to reporting requirements for trading metrics. A standard compliance program must include written policies and procedures reasonably designed to document, describe, monitor and limit permitted trading and covered fund activities, and must include a system of internal controls reasonably designed to monitor compliance with the regulations. Banks with total consolidated assets of $50 billion or more, or that are required to report trading metrics, must develop and administer compliance programs that are more prescriptive than standard programs. Banks that do not invest in or sponsor covered funds and limit their proprietary trading to eligible government securities are not required to have compliance programs. The federal banking agencies also published on June 10 answers to frequently asked questions about compliance with the Volcker Rule.
5. Other Developments: Consumer Compliance and Regulatory Burden
- Fed Adopts New Community Bank Consumer Compliance Supervision Program
The Federal Reserve released an update to its Consumer Compliance Handbook on June 16 that includes the newly adopted Community Bank Risk-Focused Consumer Compliance Supervision Program. The Fair Lending Regulations and Statutes: Alternative Examinations Approach for Low-Risk Banks section of the handbook, superseded by the new community bank compliance supervision program, has been removed.
Nutter Notes: The Federal Reserve said that consumer compliance examiners will base examination intensity more explicitly on an individual financial institution’s risk profile, including its consumer compliance culture and how effectively it identifies and manages consumer compliance risk, under the new program for state member banks with consolidated assets of $10 billion or less.
- Federal Banking Agencies Seek Comment on Reduction of Regulatory Burdens
The federal banking agencies published a joint notice on June 4 requesting public input to identify outdated, unnecessary or unduly burdensome regulations imposed on insured depository institutions. The notice seeks comment on regulations related to applications and reporting requirements, bank powers and activities, and international operations.
Nutter Notes: The agencies announced that they have divided their regulations into 12 general categories and that, at regular intervals over the next two years, the agencies will publish three additional requests for public comment on the reduction of regulatory burdens. Comments on the first three categories (described above) are due by September 2.