Our Take: financial services regulatory update – July 26, 2024

• What happened: On July 19th, the Fed, FDIC, OCC and NCUA proposed new requirements for their supervised financial institutions to establish, implement and maintain anti-money laundering/countering the financing of terrorism (AML/CFT) programs and incorporate government-wide AML/CFT priorities in their risk-based programs. The proposal is intended to align the agencies’ requirements with a proposal issued by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) on June 28th.
• What the proposal would require: The proposal both introduces and formalizes certain requirements that are aimed at strengthening and modernizing institutions’ AML/CFT programs to effectively identify, manage and mitigate illicit finance activities, including:
  • Requiring a risk assessment process to identify, evaluate and document money laundering, terrorist financing and other illicit finance activity risk with consideration of (1) FinCEN’s AML/CFT National Priorities; (2) the financial institution’s business activities; and (3) reports filed pursuant to 31 CFR chapter X. Firms would be expected to update the risk assessment periodically.
  • Considering, evaluating and implementing (as warranted) innovative approaches to meet BSA compliance obligations. The agencies note that they recognize the potential benefits of innovative technologies and that they intend to continue exploring processes to encourage or facilitate their use by financial institutions.
  • Having persons in the U.S. responsible for establishing, maintaining and enforcing the AML/CFT program; having independent testing conducted by qualified internal or outside personnel; and formally including customer due diligence (CDD) in program requirements.

The agencies clarify that these expectations would be included in bank supervision and examinations. They also commit to working with FinCEN to develop any necessary corresponding guidance and examination procedures.

• What’s next: Written comments are due 60 days after the proposal is published on the Federal Register, which will likely be several weeks after the September 3rd, 2024 deadline for comments on the FinCEN proposal.

Our Take

Banks may already meet the expectations but would need to more thoroughly demonstrate compliance. While most financial institutions already conduct an AML risk assessment and many use it to drive the structure and resource allocation of their risk-based programs, the new requirements will mandate that institutions more explicitly demonstrate this linkage. Significantly, the requirements to incorporate distribution channels and intermediaries as well as the reports filed (e.g., SARs, CTRs) in their risk assessments will likely require many institutions to re-evaluate and update their risk assessment methodologies. In addition, as this rule would formally require institutions to incorporate the AML/CTF National Priorities for the first time, they should assess their potential exposure to each of the eight priorities and the specific controls in place for any associated risks. This baseline activity will aid institutions in meeting the forthcoming mandate to incorporate the National Priorities into their risk assessment process. The proposal’s requirement that financial institutions have persons responsible for the AML/CFT program based in the United States may also create challenges for financial institutions who have offshored significant elements of their compliance functions in recent years. While the proposal does not provide specific guidance on the extent of personnel needing to remain in the United States, financial institutions need to carefully weigh continued use of offshore centers for any management roles and responsibilities.

Formal requirements mean increased scrutiny and enforcement. Although the agencies note that this proposal largely formalizes existing expectations outlined in guidance, the elevation to rulemaking means that the expectations would become enforceable using mandatory orders, among other enforcement tools. As the proposal is likely to be finalized without significant changes to these expectations, companies should prepare for increased regulatory scrutiny of their AML/CFT programs and engage in the regulatory comment process to highlight any concerns, potential challenges, and areas requiring clarification to help shape the final regulations.

• What happened: On July 17th, the Fed, OCC, FDIC, CFPB, NCUA and FHFA (the Agencies) finalized a rule to require that mortgage originators and secondary market issuers adopt quality control standards for the use of automated valuation models (AVMs)
• What will be required: The rule requires firms to adopt policies, procedures and controls designed to:
  • ensure a high level of confidence in estimates
  • protect against data manipulation
  • avoid conflicts of interest
  • require random sample testing and reviews; and
  • comply with nondiscrimination laws

The rule does not set specific requirements for how institutions are to implement and structure the quality standards for their AVM use, instead opting for a principles-based approach that provides the flexibility to account for the size, risk and complexity of the institution. The rule covers (a) use of AVMs for determination of collateral value for credit decisions, which would exclude other uses such as monitoring value over time or validating an already completed valuation; (b) direct use of AVMs in determining the collateral value, which would exclude use of AVMs by qualified appraisers to assist with value determination; (c) valuation of residential collateral as part of consumer lending, which would exclude any application of AVMs in commercial lending, including small business loan underwriting; (d) valuation of the consumers’ primary dwelling, which would exclude any application of AVMs for underwriting investment properties or second homes; and (e) use only by mortgage originators and secondary market issuers.

• What’s new relative to the proposal: The final rule is substantially similar to the proposal but clarifies the definition of “mortgage originator” and “person” by importing the language used in the Truth in Lending Act (TILA)
• What’s next: The rule is expected to become effective on the first day of the quarter 12 months after publication in the Federal Register, likely October 1st, 2025.

Our Take

High-level principles provide more flexibility than clarity. Although financial institutions generally appreciate flexibility in implementing requirements, this rule’s very high-level principles may not provide sufficient detail for firms to interpret and implement accurately and effectively in certain areas. For example, as many firms (especially smaller organizations) rely on vendor off-the-shelf AVMs, it may not be clear how they can protect against data manipulation if they have no control over or insight into what data their vendors use to develop the models and how the data was processed.

Complying with nondiscrimination laws may be easier said than done. Similarly, we expect that firms using vendor off-the-shelf AVMs, as well as AVM cascades frequently developed by third parties, will find it difficult to understand how they can comply with applicable nondiscrimination laws. In addition to facing the same transparency obstacles described above, many smaller firms likely have transaction volumes that are too low to meaningfully test valuations for discriminatory biases. Applying commonly-used bias/disparate impact measurement approaches would also be very challenging due to the fact that (a) it is impossible to measure “actual” real estate value as the basis for determining AVM error (human appraisals and actual transaction prices are likely to be tainted by the same biases one seeks to measure); and (b) identification of “similarly situated” properties for fair comparison would require significant simplifying assumptions that may drastically impair the reliability of the analyses.

Firms can leverage existing practices. Other requirements are more straightforward. For example, firms will be able to comply with the requirements to ensure confidence in estimates and require random sample testing by leveraging existing detailed regulatory guidance, such as the interagency guidance on model risk management. The requirement to “avoid conflicts of interest” may also be straightforward to implement, at least as it relates to the risk that an entity may “cherry pick” one preferred AVM value out of a range of values they can access from different vendor and/or internal automated valuation models. There are existing industry practices for developing and maintaining thorough multi-model AVM cascades that encompass measurement and reporting of a range of accuracy, bias and coverage metrics that entities can leverage to address this requirement.

• What happened: On July 25th, the Fed, OCC and FDIC issued their second request for comments on opportunities to reduce banks’ regulatory burden, as they are required by law to review their regulations every 10 years to identify any outdated or otherwise unnecessary regulatory requirements for their supervised institutions.
  
  The agencies also announced that they would hold a virtual public outreach meeting on September 25, 2024 to discuss both this and the previous request for comment.

• What the letter says: To facilitate this review, the agencies divided their regulations into 12 categories and are now soliciting comments on their regulations in three new categories: (1) consumer protection; (2) directors, officers and employees; and (3) money laundering.
• What’s next: Comments are due 90 days following publication of the request for comment in the Federal Register. Anyone interested in providing comments in the virtual outreach session will need to register by August 9, 2024, and indicate the regulatory category they would like to discuss. Over the next two years, the agencies are expected to request comment on reducing regulatory burden in the six remaining categories.

Our Take

Comment letters may flood in but to what end? The agencies have once again opened the door to a great opportunity for firms to provide constructive feedback - and pushback - around certain regulations. It is unclear how the regulators will respond to the large amounts of constructive ideas they will receive, and we do not anticipate that this initiative will lead to any major changes in policy direction. However, depending on the results of the upcoming election, a new Administration could use the feedback received from this initiative to loosen regulatory requirements.

These notable developments hit our radar recently:

• FDIC Vice Chair speaks. On July 14th, FDIC Vice Chair Travis Hill spoke on a variety of topics:
  • Bank liquidity and the discount window. Hill discussed the liquidity rule under consideration to require banks to maintain a minimum ratio of cash plus discount window borrowing capacity to uninsured deposits, potentially at 40%. He disagreed with setting a hard ratio and instead suggested incorporating discount window capacity in the liquidity coverage ratio and internal liquidity stress tests. He also encouraged the Fed to explore options to make deposit movement data available in real time.
  • Receivership funding. He suggested several potential improvements to the FDIC’s funding strategy in response to last year’s bank failures, including drawing more from the deposit insurance fund (DIF0, improving access to DIF funds, coordinating with Treasury to redeem DIC securities, and considering alternative borrowing sources such as the Federal Financing Bank or Treasury.
  • Brokered deposits. Hill criticized aspects of the current system, including classification that does not accurately reflect riskiness, lack of adaptation to changes in how deposits are gathered, and inconsistent application. He suggested reevaluating deposit classifications and utilizing a growth cap to manage risky expansion while allowing flexibility in managing deposit outflows.
  • Capital. He alluded to ongoing discussions on the path forward for the controversial Basel III endgame proposal and expressed support for a full joint re-proposal rather than only re-proposing certain provisions or the agencies moving independently. He said the agencies should reverse proposed reversal of aspects of the Fed’s regulatory tailoring framework for banks with $100 billion to $250 billion in assets.
• Agencies finalize guidance on reconsiderations of value. On July 18th, the Fed, CFPB, FDIC, NCUA and OCC finalized joint guidance on reconsiderations of value (ROV) for residential real estate transactions. The guidance describes how financial institutions may enhance their ROV policies and processes to allow customers to provide new information or raise deficiencies in initial appraisals of residential real estate.
• FDIC to meet, propose rules and finalize guidance. On July 30th, the FDIC will meet to discuss a proposal on brokered deposit restrictions, parent companies of industrial banks and industrial loan companies, a request for information on deposits, final guidance on resolution planning for large regional banks, and proposals regarding the Change in Bank Control Act Regulations and Procedures.
• Treasury working group releases cloud resources. On July 17th, the Treasury Department’s public-private Cloud Executive Steering Group released a number of resource documents to address gaps called out in the department’s February 2023 report on the industry’s use of cloud services. The resources include a roadmap for comprehensive or hybrid cloud adoption, leading practices for third-party risks tied to cloud service providers, an assessment of existing oversight authorities for cloud providers, and strengthened transparency and monitoring of cloud services for “security by design” practices. Over the coming months, the group intends to work with the private sector, regulators, and international partners on key initiatives to address the use of artificial intelligence (AI) in the financial sector.
• CFPB proposes rule on paycheck advance products. On July 18th, the CFPB proposed an interpretive rule explaining that many paycheck advance products, sometimes marketed as "earned wage" products, could be consumer loans subject to the Truth in Lending Act.