Top Story Technology Related

The FDIC Board yesterday announced it has approved a final rule to strengthen resolution planning for insured depository institutions (IDIs) with at least $50 billion in total assets. After careful consideration of comments received, the FDIC issued a final rule that incorporates several changes from the agency’s proposed rule published in September of 2023.

Under the rule announced yesterday, the FDIC will require large banks with total assets of at least $100 billion to submit comprehensive resolution plans that meet enhanced standards to support the FDIC’s ability to undertake an efficient and effective resolution under the Federal Deposit Insurance Act should such an institution fail.

The rule will require IDIs with total assets of at least $50 billion but less than $100 billion to submit more limited “informational filings” to assist in their potential resolution. The agency will not require these institutions to develop a resolution strategy and related valuation information as part of their submissions. These institutions are also exempt from submitting certain strategy-related content requirements regarding the institution’s franchise components.

The new rule strengthens the existing IDI resolution planning framework under 12 CFR § 360.10 by requiring a full resolution submission from most covered IDIs every three years with limited supplements filed in the off years. Covered IDIs affiliated with U.S. global systemically important banking organizations must file a full resolution submission every two years.

The final rule will take effect on October 1, 2024, and the first submissions are expected next year.

• Fact sheet
• FIL-34-2024
• Statement by Acting Comptroller of the Currency Michael J. Hsu
• Statement by CFPB Director Rohit Chopra
• Publication update: Published at 89 FR 56620 in the 7/9/2024 Federal Register

The OCC has reported the key issues facing the federal banking system in its Semiannual Risk Perspective for Spring 2024.

The OCC reported that the overall condition of the federal banking system remains sound. However, the maturing economic cycle may cause consumer headwinds. It is important for banks to continue identifying material risks and their interconnected impacts. Continuous risk management improvement remains appropriate as this allows banks to guard against complacency.

The OCC highlighted credit, market, operational, and compliance risks as the key risk themes in the report.

The Federal Trade Commission has taken action against software maker Adobe and two of its executives — Maninder Sawhney and David Wadhwani — for deceiving consumers by hiding the early termination fee for its most popular subscription plan and making it difficult for consumers to cancel subscriptions.

A federal court complaint filed by the Department of Justice upon notification and referral from the FTC charges that Adobe pushed consumers toward the “annual paid monthly” subscription without adequately disclosing that cancelling the plan in the first year could cost hundreds of dollars. Wadhwani is the president of Adobe’s digital media business, and Sawhney is an Adobe vice president.

According to the complaint, when consumers purchase a subscription through the company’s website, Adobe pushes consumers to its “annual paid monthly” subscription plan, pre-selecting it as a default. Adobe prominently shows the plan’s “monthly” cost during enrollment, but it buries the early termination fee (ETF) and its amount, which is 50 percent of the remaining monthly payments when a consumer cancels in their first year. Adobe’s ETF disclosures are buried on the company’s website in small print or require consumers to hover over small icons to find the disclosures.

In addition to failing to disclose the ETF to consumers when they subscribe, the complaint also alleges that Adobe uses the ETF to ambush consumers to deter them from cancelling their subscriptions. The complaint also alleges that Adobe’s cancellation processes are designed to make cancellation difficult for consumers. When consumers have attempted to cancel their subscription on the company’s website, they have been forced to navigate numerous pages in order to cancel.

When consumers reach out to Adobe’s customer service to cancel, they encounter resistance and delay from Adobe representatives. Consumers also experience other obstacles, such as dropped calls and chats, and multiple transfers. Some consumers who thought they had successfully cancelled their subscription reported that the company continued to charge them until discovering the charges on their credit card statements.

The complaint charges that Adobe’s practices violate the Restore Online Shoppers’ Confidence Act.

• Press release

The OCC has released information on enforcement actions taken against national banks and federal savings associations and individuals currently or formerly affiliated with banks the OCC supervises.

• A Formal Agreement with Credit Suisse AG New York Branch, New York, NY, to address deficiencies in the branch’s compliance related to the Bank Secrecy Act and other anti-money laundering laws and regulations. The branch’s execution of this formal agreement was a condition for the branch’s conversion to a federal license. The provisions of the formal agreement are substantially the same as a December 2020 written agreement between the branch and the Federal Reserve Bank of New York and the New York State Department of Financial Services.
• A Formal Agreement with Touchmark National Bank, Alpharetta, GA, for unsafe or unsound practices, including those relating to the bank’s strategic planning, board and management oversight, liquidity risk management, interest risk management, credit risk management, audit, and information technology.

The OCC also issued Orders of Prohibition against:

• Manuel Alejandro Ramirez Perez, former relationship banker and credit solutions advisor at Bonita Springs and North Naples, Florida, branches of Bank of America, N.A., Charlotte, NC, for improperly accessing customer accounts and providing information on those accounts to a third-party individual.
• Aviana Rivera, former personal banker at a Bryan, Texas, branch of First National Bank Texas, Killeen, TX, for embezzling $11,500 from the account of a bank customer.

The Federal Reserve Board on Friday announced its issuance of a Consent Cease and Desist Order against Evolve Bancorp, Inc., and Evolve Bank & Trust, both of West Memphis, Arkansas, for deficiencies in the bank's anti-money laundering, risk management, and consumer compliance programs.

Evolve partners with various financial technology companies that, in turn, provide access to banking products and services to their end customers. Examinations conducted in 2023 found that Evolve engaged in unsafe and unsound banking practices by failing to have in place an effective risk management framework for those partnerships. In addition, Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.

The Board is requiring the bank to improve its policies and programs in those areas, in addition to requiring other remedial improvements. For current partnerships with financial technology companies, the Board's action requires Evolve to strengthen its risk management practices to address potential risks, including compliance and fraud risks, by implementing appropriate oversight and monitoring of those relationships, including through enhanced procedures related to recordkeeping and consumer compliance programs. The Board's enforcement action against Evolve is independent of the bankruptcy proceedings regarding Synapse Financial Technologies, Inc.

The Board's action was taken in conjunction with the Arkansas State Bank Department, the state supervisor of Evolve.

The Treasury Department on Wednesday announced it has issued sweeping new measures guided by G7 commitments to intensify the pressure on Russia for its continued cruel and unprovoked war against Ukraine. Yesterday’s actions ratchet up the risk of secondary sanctions for foreign financial institutions that deal with Russia’s war economy; restrict the ability of Russian military-industrial base to take advantage of certain U.S. software and information technology (IT) services; and, together with the Department of State, target more than 300 individuals and entities both in Russia and outside its borders—including in Asia, the Middle East, Europe, Africa, Central Asia, and the Caribbean—whose products and services enable Russia to sustain its war effort and evade sanctions.

To help clarify the risk foreign financial institutions face by conducting or facilitating significant transactions or providing any service involving Russia’s designated banks, OFAC has updated the Specially Designated Nationals and Blocked Persons List (SDN List) information for five sanctioned Russian financial institutions, to include the addresses and aliases of their foreign locations.

Specifically, OFAC has updated the listings for Promsvyazbank Public Joint Stock Company to include its locations in Beijing, People’s Republic of China (PRC), Bishkek, Kyrgyz Republic, and New Delhi, India; for State Corporation Bank for Development and Foreign Economic Affairs Vnesheconombank to include its locations in Beijing, PRC and Mumbai, India; for Sberbank to include its locations in Beijing, PRC and New Delhi and Mumbai, India; for VTB to include its locations in New Delhi, India, and Beijing and Shanghai, PRC; and for VTB Capital Holdings Closed Joint Stock Company to include its location in Hong Kong, PRC.

For the names and identification information of the designated parties, and information on related OFAC actions, see the June 12, 2024, BankersOnline OFAC Update.

The Treasury Department has released a Request for Information on the Uses, Opportunities, and Risks of Artificial Intelligence (AI) in the Financial Services Sector.

Through this RFI, Treasury seeks to increase its understanding of how AI is being used within the financial services sector and the opportunities and risks presented by developments and applications of AI within the sector, including potential obstacles for facilitating responsible use of AI within financial institutions, the extent of impact on consumers, investors, financial institutions, businesses, regulators, end-users, and any other entity impacted by financial institutions’ use of AI, and recommendations for enhancements to legislative, regulatory, and supervisory frameworks applicable to AI in financial services. Treasury is particularly interested in understanding how AI innovations can help promote a financial system that delivers inclusive and equitable access to financial services.

UPDATE: Published at 89 FR 50048 in the June 12, 2024, Federal Register, with a comment period ending on August 12, 2024.

The CFPB yesterday announced it has finalized a rule outlining the qualifications for becoming a recognized industry standard setting body that can issue standards that companies can use to help them comply with the CFPB’s upcoming Personal Financial Data Rights Rule. The new rule identifies the attributes that standard setting bodies must demonstrate in order to be recognized by the CFPB. The rule also includes a step-by-step guide for how standard setters can apply for recognition and how the CFPB will evaluate applications.

The CFPB is working to accelerate the shift to open banking in the United States. In 2010, Congress passed into law new personal financial data rights for consumers. Guaranteeing a consumer’s right to their data will open up more opportunities for smaller financial institutions and startups offering products and services. However, these new rights have not taken full effect, because the CFPB never issued a rule. In October 2023, the CFPB proposed a rule to implement these rights and will finalize it in the coming months.

As part of the upcoming Personal Financial Data Rights rule, the CFPB expects to allow companies to use technical standards developed by standard-setting organizations recognized by the CFPB. The final rule announced yesterday kicks off the process for standard-setting organizations to seek formal recognition. It also includes a mechanism for the CFPB to revoke the recognition of standard setters and a maximum recognition duration of five years, after which recognized standard setters will have to apply for re-recognition. These protections will ensure recognized standard setters’ ongoing adherence to the attributes codified in the rule.

UPDATE 6/11/2024: The final rule was published at 89 FR 49084 in the Federal Register on 6/11/2024. It will become effective July 11, 2024.

The Treasury Department yesterday announced it has published a 2024 Non-fungible Token (NFT) Illicit Finance Risk Assessment. The risk assessment explores how vulnerabilities associated with NFTs and NFT platforms may be exploited by illicit actors for money laundering, terrorist financing, and proliferation financing.

The assessment finds that NFTs are highly susceptible to use in fraud and scams and are subject to theft. The report determines that illicit actors can use NFTs to launder proceeds from predicate crimes, often in combination with other methods to obfuscate the illicit source of proceeds of crime. It also found little evidence of the misuse of NFTs by terrorists or proliferators, in contrast to fraudsters, to date. The assessment finds that inadequate cybersecurity protections, challenges related to copyright and trademark protections, and the hype and fluctuating pricing of NFTs can enable criminals to perpetrate fraud and theft related to NFTs and NFT platforms. Moreover, some NFT firms and platforms lack appropriate controls to mitigate risks to market integrity and to combat money laundering and terrorist financing, and sanctions evasion. The assessment recognizes that mitigation measures, such as industry tools, law enforcement authorities, and analysis of public blockchain data, can partially mitigate such risks.

To address outstanding risks, the risk assessment recommends several U.S. government actions, including:

• Raising awareness within industry of existing obligations
• Continuing to enforce existing laws and regulations related to NFTs and NFT platforms; and
• Considering further application of regulations to NFTs and NFT platforms

Acting Comptroller of the Currency Michael J. Hsu discussed recovery planning via livestream in remarks May 27 at the Entrepreneurship, Markets and Technology: Regulation's Challenges in a Changing World Conference in Zurich, Switzerland.

In his remarks, Mr. Hsu discussed the importance of recovery planning and how it can mitigate the too-big-to-fail problem. He highlighted the importance of recovery planning at large banks in the context of the bank failures in March 2023 and offered thoughts on expanding recovery planning guidelines to apply to banks with at least $100 billion in assets.