Top Story Technology Related

The Federal Reserve's FedPayments Improvement group has released its April 2019 progress report on Strategies for Improving the U.S. Payment System.

The OCC will hold Innovation Office Hours, June 11–12, in New York to promote responsible innovation in the federal banking system. Office Hours are one-on-one meetings with OCC officials to discuss financial technology (fintech), new products or services, partnering with a bank or fintech company, or other matters related to responsible innovation in the federal banking system. OCC staff will provide feedback and respond to questions. Each meeting will last no longer than one hour.

Interested parties should request an Office Hours session by May 3, 2019, and are asked to provide information on why they are interested in meeting with the OCC. Specific meeting times and arrangements will be determined after the OCC receives and accepts the request.

• Press release

A six-year plan to modernize IRS business operations has been released by Treasury and the IRS. The plan is organized around the following four “Modernization Pillars” critical to the IRS’s mission and future development:

• Taxpayer Experience
• Core Taxpayer Services and Enforcement
• Modernized IRS Operation
• Cybersecurity and Data Protection

OFAC has posted a technical notice for users of its sanctions lists data files. On or about May 16, 2019, OFAC will be expanding the "Program" field found in OFAC’s legacy data files (DEL, PIP, FF, and CSV formats) from 50 to 200 characters. Updated data specification files for both the SDN and Consolidated Lists will also be published on May 16 as part of the update.

The OCC will host two workshops at the Hotel Indigo Pittsburgh East Liberty in Pittsburgh, May 21-22, for directors of national community banks and federal savings associations supervised by the OCC.

• The Risk Governance: Improving Director Effectiveness workshop on May 21 provides practical information for directors to effectively measure and manage risks. The workshop also focuses on the OCC’s approach to risk-based supervision and major risks in the financial industry.
• The Credit Risk: Directors Can Make a Difference workshop on May 22 focuses on credit risk within the loan portfolio and techniques for managing them, such as identifying trends and recognizing problems. The workshop also covers the roles of the board and management, how to stay informed of changes in credit risk, and how to effect change.
  Each workshop is limited to 35 registrants.

The NCUA has published [84 FR 14976, 4/12/2019] a Notice of Funding Opportunity to announce the availability of technical assistance grants for low-income designated credit unions through the Community Development Revolving Loan Fund grant program. The grant program serves as a source of financial support in the form of awards that better enable LICUs to support the communities in which they operate. All grant awards made under the program are subject to funds availability and are at the NCUA's discretion.

Yesterday, the FDIC issued FIL-19-2019 to share examiner observations about gaps in financial institutions' contracts with technology service providers that may require financial institutions to take additional steps to manage their own business continuity and incident response. The FIL reminded agency-supervised financial institutions that:

• Their boards of directors and senior management are responsible for managing risks related to relationships with technology service providers.
• Effective contracts are an important risk management tool for overseeing technology service provider risks, including business continuity and incident response.
• Recent FDIC examination findings noted that some financial institution contracts with technology service providers lack sufficient detail regarding the contract parties' respective rights and responsibilities for business continuity and incident response.
• When contracts do not adequately address such risks, financial institutions remain responsible for assessing those risks and implementing appropriate mitigating controls.
• Financial institutions have a responsibility under Section 7 of the Bank Service Company Act to notify their FDIC regional office of contracts or relationships with technology service providers that provide certain services to the institution.

FDIC examiners have noted that some contracts do not require the service provider to maintain a business continuity plan, establish recovery standards, or define contractual remedies if the technology service provider misses a recovery standard. Other contracts did not sufficiently detail the technology service provider's security incident responsibilities such as notifying the financial institution, regulators, or law enforcement. Also, some contracts do not clearly define key terms used in contractual provisions relating to business continuity and incident response. Undefined and unclear key contract terms could contribute to ambiguity in financial institution rights and service provider responsibilities, and could increase the risk that technology service provider business disruptions or security incidents will impair financial institution operations or compromise customer information.

The FIL included links to several resources that institutions can use to guide them in managing their technology service provider agreements.

The FDIC and Duke University's Fuqua School of Business and Innovation and Entrepreneurship Initiative will co-host "Fintech and the Future of Banking," their first financial technology and research conference, on Wednesday, April 24, 2019.

FDIC Chairman Jelena McWilliams and Treasury Secretary Steven Mnuchin will open the conference with a conversation about the role of financial technology and innovation in banking, followed by a series of discussions on regulatory innovation; data and technology in lending; the competitive landscape of 2019 and beyond; fintech funding; and financial advice and consumer decision-making.

The conference will be held from 8:00 a.m. to 6:00 p.m. EDT in the FDIC's Sheila C. Bair Auditorium, 3501 Fairfax Drive, Arlington, Virginia, 22226. Registration is required to attend. Those wishing to attend should complete the online registration by Wednesday, April 3.

The Federal Trade Commission has announced that Office Depot, Inc. and a California-based tech support software provider have agreed to pay a total of $35 million to settle Commission allegations that the companies tricked customers into buying millions of dollars’ worth of computer repair and technical services by deceptively claiming their software had found malware symptoms on the customers’ computers. Office Depot has agreed to pay $25 million and its software supplier, Support.com, Inc., has agreed to pay $10 million as part of their settlements with the FTC. The FTC intends to use these funds to provide refunds to consumers.

In its complaint, the FTC alleges that Support.com worked with Office Depot for nearly a decade to sell technical support services at its stores. Office Depot and Support.com used PC Health Check, a software program, as a sales tool to convince consumers to purchase tech repair services from Office Depot and OfficeMax, Inc., which merged in 2013.

The OCC will host two workshops in Manhattan, Kansas, at the Four Points by Sheraton Manhattan, May 7 and 8, for directors of national community banks and federal savings associations.

• The Compliance Risk workshop on May 7 addresses the critical elements of an effective compliance risk management program. The workshop also focuses on major compliance risks and critical regulations. Topics of discussion include the Bank Secrecy Act, Flood Disaster Protection Act, Fair Lending, Home Mortgage Disclosure Act, Community Reinvestment Act, and other compliance hot topics.
• The Operational Risk workshop on May 8 focuses on the key components of operational risk—people, processes, and systems. The workshop also covers governance, third-party risk, vendor management, internal fraud, and cybersecurity.