- FDIC Shares Examiners’ Expectations for Contracts with Technology Service Providers
- Federal Reserve Proposes Revised Rules for Determining Control of a Banking Organization
- State Banking Regulators Support Safe Harbor for Licensed Marijuana-Related Activities
- Federal Banking Agencies Update Guidance on New CECL Accounting Standard
- Other Developments: HMDA Guidance and Large Bank Failures
1. FDIC Shares Examiners’ Expectations for Contracts with Technology Service Providers
The FDIC has issued guidance on examiners’ expectations for provisions of contracts between banks and technology service providers regarding business continuity and incident response issues. According to the guidance issued on April 2, examiners have expressed concern that some bank contracts with technology service providers do not adequately define the relative rights and responsibilities for business continuity and incident response, or do not provide sufficient detail to allow banks to manage those processes and risks. The guidance warns that, if a contract does not adequately address risks related to business continuity and incident response, the bank’s board of directors and senior management remain responsible for assessing those risks and implementing appropriate mitigating controls. Specifically, the guidance suggests that contracts should expressly require technology service providers to maintain a business continuity plan, establish standards for data recovery, and define contractual remedies if the service provider does not meet a recovery standard. The guidance also suggests that such contracts should define technology service providers’ security incident responsibilities, such as notifying the bank, its regulators, or law enforcement. Click here for a copy of the FDIC’s guidance.
Nutter Notes: The FDIC’s guidance recommends that, if a contract with a technology service provider does not adequately address business continuity and incident response, the bank should assess the resultant risks and implement compensating controls to mitigate them. In such a case, a bank may obtain supplementary business continuity documentation from the service provider or modify the bank’s own business continuity plan to address contractual uncertainties, for example. The guidance also reminds banks that they are required to notify their primary federal banking agency of contracts or relationships with technology service providers that provide certain services under Section 7 of the Bank Service Company Act. Such services include check and deposit sorting and posting, computation and posting of interest, preparation and mailing of checks or statements, and other clerical, bookkeeping, accounting, statistical, or similar functions such as data processing, internet banking, or mobile banking services, according to the guidance.
2. Federal Reserve Proposes Revised Rules for Determining Control of a Banking Organization
The Federal Reserve has released for public comment a proposal to simplify and clarify rules for determining “control” of a banking organization under the Bank Holding Company Act of 1956 (“BHCA”). Under the BHCA, if a company “controls” a banking organization, the company becomes subject to Federal Reserve regulation and supervision as a bank holding company. A company is generally considered to control a banking organization if the company owns or controls 25% or more of any class of voting security of the banking organization. In addition to that bright-line test, a company may exercise a “controlling influence” over a banking organization, depending on the facts and circumstances, and thus find itself subject to the BHCA. The Federal Reserve’s proposal, issued on April 23, describes several factors that the Federal Reserve would use to determine if a company has the ability to exercise a controlling influence over a banking organization or other company. Those factors include the company’s total voting and non-voting equity investment, director, officer, and employee interlocks between the company and the target, and the nature and scope of business relationships between the company and the target. The proposal describes what combination of those factors would or would not trigger control, and includes a chart which shows how different combinations of the presumptive factors would or would not result in control. Comments on the proposal will be due within 60 days after it is published in the Federal Register, which is expected shortly. Click here for a copy of the Federal Reserve’s proposal.
Nutter Notes: The Federal Reserve’s proposed regulatory framework for control determinations will be of interest to Fintechs and their investors considering various bank charter options, particularly those Fintechs with venture capital ownership exploring a full service, FDIC-insured bank charter under a bank holding company structure. Although the BHCA does not apply to an industrial loan company or the OCC’s special purpose fintech charter, both the FDIC and OCC will conduct “control” analyses as part of their review and approval processes for those charters and may look to the Federal Reserve’s tests for guidance. The proposal also will be of interest to Fintechs seeking capital investments from bank holding companies, and banks and investment funds managed and controlled by or affiliated with those institutions. Finally, community banks seeking investors and additional private capital for growth, lending, investment, or other corporate purposes also should benefit from the proposal.
3. State Banking Regulators Support Safe Harbor for Licensed Marijuana-Related Activities
The Massachusetts Division of Banks has co-signed a letter to Congressional leaders asking them to consider legislation that would create a safe harbor for banks and other financial institutions to serve marijuana-related businesses operating legally under state law. The letter sent to Congressional leaders on April 15 requests that Congress consider legislation that would entrust states with the full oversight and jurisdiction over marijuana-related activity. The letter notes that medical marijuana has been legalized in 33 jurisdictions, representing 67% of the population of the United States, with 12 states having established programs for adult recreational use of marijuana, creating a substantial conflict between federal and state law. The letter argues that barriers under federal law for financial institutions to serve marijuana-related businesses diminishes the ability of law enforcement to track the flow of funds from state-licensed marijuana businesses, and creates a public safety hazard related to cash volume. The letter also argues that the conflict between federal and state law raises a risk of loss of economic activity, and hinders workforce development and community development opportunities. Click here for a copy of the letter to Congressional leaders.
Nutter Notes: The Massachusetts Division of Banks issued guidance to banks in 2016, entitled Banking for Marijuana Related Businesses in Massachusetts, in which the Division stated that its “examiners will, as part of its examination processes, review whether financial institutions working with marijuana related business are following the FinCEN guidance.” The Division’s guidance also declared that the Division’s policy is that “[a]dherence to these guidelines and recommendations will satisfy the requirements of the Division of Banks for institutions under its supervisory jurisdiction.” While it remains a crime under the federal Controlled Substances Act to manufacture, distribute, or dispense marijuana, federal prosecution of state-licensed medical marijuana businesses is hampered by the Rohrabacher-Blumenauer Amendment, which prohibits the DOJ from expending funds appropriated by Congress to prevent states from “implementing their own laws that authorize the use, distribution, possession, or cultivation of medical marijuana.” The amendment has been part of DOJ appropriations bills since fiscal year 2015 and has been renewed again through September 30, 2019, as part of the spending bill signed by President Trump on February 15, 2019 following the partial government shutdown earlier this year. It is unclear whether or to what extent the Rohrabacher-Blumenauer Amendment may also impede federal enforcement action against a licensee involved in both medical and recreational distributions, or whether future legislation may expand or repeal protections for state-licensed marijuana businesses.
4. Federal Banking Agencies Update Guidance on New CECL Accounting Standard
The federal banking agencies, together with the National Credit Union Administration, have updated their joint guidance in the form of answers to frequently asked questions (“FAQs”) about the application of the current expected credit losses (“CECL”) accounting standard. The updated FAQs released on April 3 include new questions and answers along with some updates to those issued in 2017 and 2016. The FAQs focus on the application of the CECL methodology for estimating credit loss allowances and related supervisory expectations and regulatory reporting guidance. Issues addressed in the new FAQs include collateral-dependent loans, reasonable and supportable forecasts, internal control considerations related to data, and the continued relevance of concepts, processes, and practices in existing supervisory guidance on the allowance for loan and lease losses. The new standard takes effect in 2020, 2021, or 2022, depending on the institution’s characteristics, such as whether the institution is a public business entity, and, if so, whether it is an SEC-filer. Click here for a copy of the updated FAQs.
Nutter Notes: The Financial Accounting Standards Board (FASB) published the new CECL accounting standard in June 2016. The FAQs discuss how the new standard changes existing U.S. generally accepted accounting principles (“GAAP”), which includes replacing the existing incurred loss methodology with the CECL methodology. Under current U.S. GAAP, institutions use allowance estimation methods scaled to their size and complexity, according to the guidance. The guidance indicates that the federal banking agencies expect a similar array of credit loss estimation methods will be used under CECL. However, according to the guidance, inputs to allowance methods will need to change to properly implement CECL. The guidance indicates that the agencies expect banking organizations to make good faith efforts to apply the CECL accounting standard in a sound and reasonable manner, and to be preparing now to implement the standard. However, the guidance also notes that community institutions are not expected to adopt complex modeling techniques to implement the CECL accounting standard because the CECL methodology is meant to be scalable to institutions of all sizes.
5. Other Developments: HMDA Guidance and Large Bank Failures
- Federal Banking Agencies Issue 2019 Updates to HMDA Guide and Exam Procedures
The federal banking agencies on April 1 issued through the FFIEC an updated A Guide to HMDA Reporting: Getting It Right! for data collected in 2019 and reported in 2020 along with updated interagency Home Mortgage Disclosure Act (“HMDA”) examination procedures. The updated HMDA examination procedures address the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (“EGRRCPA”) amendments to HMDA, 2018 amendments to HMDA’s implementing rule, Regulation C, made by the CFPB, and amendments to Regulation C made by the CFPB in 2015 and 2017.
Nutter Notes: The FFIEC's A Guide to HMDA Reporting: Getting It Right! summarizes key HMDA provisions. The 2019 update applies to 2019 HMDA data reported in 2020 and includes a summary of the EGRRCPA amendments to HMDA and the 2018 HMDA rule. Click here for a copy of the updated A Guide to HMDA Reporting: Getting It Right!, and click here for a copy of the updated interagency HMDA examination procedures.
- Federal Banking Agencies Propose Rule to Limit the Impact of Large Bank Failures
The federal banking agencies proposed a rule on April 2 that would limit the interconnectedness of large banking organizations and reduce the impact from failure of the largest banking organizations. The proposal would discourage global systemically important bank holding companies (“GSIBs”) and advanced approaches banking organizations from purchasing large amounts of certain types of debt issued by other GSIBs under the Federal Reserve’s total loss-absorbing capacity rule. Comments on the proposed rule are due by June 7.
Nutter Notes: The Federal Reserve’s total loss-absorbing capacity rule requires GSIBs, in general, to issue debt with certain features that would be used to recapitalize the holding company during bankruptcy or resolution if it were to fail. The proposed rule would require GSIBs and advanced approaches banking organizations to hold additional capital against substantial investments in such debt. Click here for a copy of the proposed rule.