Top Story Technology Related

The CFPB has announced it will hold joint, virtual office hours on December 2, 2020, as part of the American Consumer Financial Innovation Network (ACFIN). Joint office hours provide innovators with the opportunity to discuss issues such as financial technology, innovative products or services, and other matters related to financial innovation with officials from the CFPB and state partners. CFPB Director Kathleen L. Kraninger and Colorado Attorney General Philip Weiser will participate in this event.

Innovators interested in participating in a meeting during the joint, virtual office hours should request the meeting and describe the topic(s) they would like to discuss during their session. Requests must be received by November 23, 2020. A confirmation for the specific meeting time will then be provided to the requester.

The OCC has announced the update of its Director’s Toolkit to help bank directors for national banks and federal savings associations fulfill their corporate governance responsibilities. The Toolkit is a helpful guide for bank directors on strategic issues, risk management, and compliance responsibilities. The updated toolkit includes a revised Director's Book: Role of Directors for National Banks and Federal Savings Associations and adds a new publication, the Director’s Reference Guide to Board Reports and Information.

• Bulletin 2020-97

The Federal Reserve Board, FDIC, and OCC have announced their release of a paper, "Sound Practices to Strengthen Operational Resilience," designed to help large banks increase operational resilience. Examples of risks to operational resilience include cyberattacks, natural disasters, and pandemics.

The paper outlines practices to increase operational resilience that are drawn from existing regulations, guidance, statements, and common industry standards. The practices are grounded in effective governance and risk management techniques, consider third-party risks, and include resilient information systems. The paper does not revise the agencies' existing rules or guidance.

The practices are for domestic banks with more than $250 billion in total consolidated assets or banks with more than $100 billion in total assets and other risk characteristics. An Explanatory Note was also posted.

The Federal Reserve Board has published detailed noncash payments data from the 2019 Federal Reserve Payments Study (FRPS). Additional data, estimated from surveys covering 2012 through 2018, supplement the noncash payments overview provided by the top-line data released in December 2019.

The data includes new information about core noncash payments and some evolving areas of payments in the United States:

• The estimated number and value of checks for 2018 are revised to 14.0 billion and $26.8 trillion, respectively. As a result, the estimated decline in the number of checks from 2015 to 2018 is revised to 8.2 percent per year, steeper than the previously reported 7.2 percent per year decline. The estimated decline in the value of checks is revised to 2.8 percent per year, less steep than the previously reported 4.0 percent per year decline.
• Use of alternative payment methods and services continues to grow. For example, according to estimates from processors, the number of payments via person-to-person and money transfer services more than doubled from 2015 to 2018.
• Wire transfers originated by consumers grew at double-digit rates by both number and value from 2012 through 2018.

On Friday, the Department of the Treasury announced that OFAC had designated, in accordance with Section 224 of the Countering America’s Adversaries Through Sanctions Act (CAATSA), a Russian government research institution—State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM)—that is connected to the destructive Triton malware. The Triton malware—known also as TRISIS and HatMan in open source reporting—was designed specifically to target and manipulate industrial safety systems, which provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect lives.

For detailed identification information on TsNIIKhM, see this BankersOnline OFAC Update.

The CFPB announced yesterday an advance notice of proposed rulemaking (ANPR) requesting information related to consumer access to financial records.

The CFPB is asking the public how it might most efficiently and effectively develop regulations to implement Section 1033 of the Dodd-Frank Act, which provides for consumer rights to access financial records. When consumers use financial products and services, the providers of those products and services generally accumulate data about those consumers and their use of those products and services. Consumer access to these data allow consumers to manage their financial accounts and can enhance consumers’ control of their financial matters.

Consumers may realize these benefits by authorizing third parties to access these data on their behalf and allowing those third parties to deliver new or improved financial products and services. Use cases for consumer-authorized data include personal financial management, making and receiving payments, assisting consumers with improving savings outcomes, underwriting credit, and many other services.

While consumer access to financial records can enable the development of innovative and beneficial consumer financial products, it can also present consumer risks. The Bureau’s ANPR seeks comments and information on costs and benefits of consumer data access; competitive incentives; standard-setting; access scope; consumer control and privacy; and data security and accuracy.

Comments on the ANPR will be accepted for 90 days following its publication in the Federal Register.

UPDATE ON PUBLICATION AND COMMENT DUE DATE: Published at 85 FR 71003 on November 6, 2020, in the Federal Register, with comments due by February 4, 2021.

The FDIC has announced the selection of 14 technology companies to compete in the next phase of the agency’s Rapid Prototyping Competition, a tech sprint designed to develop an innovative new approach to financial reporting, particularly for community banks. The FDIC has awarded initial contracts to:

1. Accenture Federal Services, LLC
2. ACTUS Financial Research Foundation, Inc.
3. Amberoon, Inc.
4. Donnelley Financial, LLC
5. DSQuorum, LLC (Data Society)
6. Fed Reporter, Inc.
7. Fidelity Information Services, LLC
8. First Data Government Solutions, LP (Fiserv)
9. Neocova Corporation
10. Novantas, Inc.
11. Palantir Technologies Inc.
12. Synthetic P2P Holding Corporation (PeerIQ)
13. S&P Global Market Intelligence, LLC
14. TrueTandem, LLC

The objective of the Rapid Prototyping Competition is to develop technology for a timelier and less burdensome financial reporting process. Once completed, the system would better equip regulators to detect signs of risk and to take early actions designed to protect consumers, banks, the financial system and the economy.

The FHA has announced the availability of the first module of its FHA Catalyst technology platform for Multifamily lenders doing business with FHA. The module will allow eligible lenders to electronically submit applications for FHA insurance on multifamily properties. The new capability supports lenders in providing FHA-insured mortgage financing while working remotely because of the COVID-19 pandemic.

The OCC announced yesterday it has issued Citibank, N.A., Sioux Falls, South Dakota, a $400 million civil money penalty order related to deficiencies in enterprise-wide risk management, compliance risk management, data governance, and internal controls. The OCC took that action based on the bank’s unsafe or unsound banking practices for its long-standing failure to establish effective risk management and data governance programs and internal controls. This failure also resulted in a violation of 12 CFR Part 30, Appendix D, “OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches.”

The agency also issued a cease and desist order requiring the bank to take broad and comprehensive corrective actions to improve risk management, data governance, and internal controls. The order requires the bank to seek the OCC’s non-objection before making significant new acquisitions and reserves the OCC’s authority to implement additional business restrictions or require changes in senior management and the bank’s board should the bank not make timely, sufficient progress in complying with the order.

Further information on the OCC's actions, with links to the consent orders, can be found HERE, in BankersOnline's Penalty pages.

The Federal Reserve Board announced a separate but related action against Citigroup, the bank’s holding company. In a cease and desist order, the Board requires Citigroup to enhance its firm-wide risk management and internal controls. Among other things, the firm has not taken prompt and effective actions to correct practices previously identified by the Board in the areas of compliance risk management, data quality management, and internal controls.

The OCC yesterday released its bank supervision operating plan for fiscal year 2021. The plan provides the foundation for policy initiatives and for supervisory strategies as applied to individual national banks, federal savings associations, federal branches, federal agencies, and technology service providers. OCC staff members use this plan to guide their supervisory priorities, planning, and resource allocations.

Supervisory strategies for FY 2021 will focus on:

• credit risk management, commercial and residential real estate concentration risk management, allowances for loan and lease losses, and allowances for credit losses
• cybersecurity and operational resilience
• BSA/AML compliance management
• compliance risk management associated with 2020 pandemic-related bank activities
• Community Reinvestment Act performance
• fair lending examinations and risk assessments
• the impact of a low-rate environment and preparation for the phaseout of LIBOR
• proper oversight of significant third-party relationships
• change management over significant operational changes
• payment systems products and services