Site Search

Menu

Capabilities

Menu

Cybersecurity, Risk and Regulatory

Loading Results

Our Take: financial services regulatory update – October 27, 2023

Change remains a constant in financial services regulation. Read "our take" on the latest developments and what they mean.

Current topics – October 27, 2023

1. Agencies finalize Community Reinvestment Act modernization

On October 24th, the Fed, FDIC and OCC finalized their rule to modernize the Community Reinvestment Act (CRA). The CRA was enacted in 1977 to encourage lending, investment, and services in low- and moderate-income (LMI) communities where a bank has branches or deposit-taking ATMs. The final rule includes changes in several key areas:

  • Thresholds and applicability. Similar to the proposal, the final rule outlines a new performance assessment framework that would continue to apply differently to small, intermediate and large banks but would adjust the thresholds: Small banks are defined as having total assets under $600 million (up from $376 million currently), large banks over $2 billion (up from $1.5 billion currently) and intermediate banks would fall between those two thresholds. Additionally, the draft final rule would revise the definition of “limited purpose bank” to include those currently considered “wholesale banks.”

    The final rule retains but modifies a series of tests that would apply based on bank size.
    • Large banks will be evaluated under four performance tests: a new Retail Lending Test, the Retail Services and Products Test, a new Community Development Financing Test, and the Community Development Services Test. Additionally, for large banks with over $10 billion in assets, the evaluation of retail services and products would include digital delivery systems.
    • Intermediate banks will be evaluated under the Retail Lending Test and either the current Intermediate Bank Community Development Test or, at the bank’s option, the Community Development Financing Test.
    • Small banks will be evaluated under either the current Small Bank Lending Test or, at the bank’s option, the Retail Lending Test.
    • Banks of all sizes will maintain the option to elect to be evaluated under an approved strategic plan and the criteria for obtaining approval for such was updated in the final rule.
  • Evaluation test changes from proposal.
    • Under the Retail Lending Test, the final rule includes three major1 product lines (down from six in the proposal) for the distribution analysis for most banks and adjusts the standards for retail lending performance to make the “Low Satisfactory,” “High Satisfactory,” and “Outstanding” ratings more achievable. For example, in the final rule, the agencies consider a list of additional factors (e.g. lending in distressed and underserved nonmetropolitan middle-income census tracts) to account for circumstances in which the retail lending distribution metrics may not fully reflect a bank’s retail lending performance.
    • The Community Development Financing Test was modified by adding a metric and impact factor for banks with over $10 billion in assets and giving more equal weight to all retail activities and community development activities (compared to the proposal’s 60% retail / 40% community development split)
  • Assessment areas. The final rule expands the delineation of assessment areas beyond the areas surrounding physical branches (“facility-based assessment areas”) to account for the growth of digital banking. Specifically, large banks with 80% or less of their lending in areas adjacent to physical branches have to delineate “retail lending assessment areas” where they originate over 150 closed-end mortgage loans or 400 small business loans in two consecutive years (up from 100 and 250 in the proposal). They will also be able to receive credit for certain community development financing and services activities outside of their assessment areas.
  • Community development activities. Consistent with the proposal, the final rule includes definitions of 11 categories of loans, investments, and services that the agencies have determined support community development. In addition, the agencies committed to publishing a non-exhaustive list of eligible community development activities and a pre-approval process for those not on the list.
  • Data collection, maintenance and reporting. Consistent with the proposal, while small and intermediate banks would not face any new data collection or reporting requirements, large banks will need to collect and report data on deposits, retail lending, community development loans and investments, community development services, retail services and products, and the delineation of assessment areas. The final rule requires the agencies to publish on their respective websites certain information related to the distribution by borrower income level, race, and ethnicity of a large bank’s home mortgage loan originations and applications in each of the bank’s assessment areas.
  • Performance conclusions and ratings. Banks subject to CRA requirements will receive a score for each assessment area that would then be combined for a final rating. The final rule does not adopt the proposal’s incorporation of illegal non-credit practices for CRA downgrades and instead maintains the current standard for “discriminatory and other illegal credit practices.”
  • Applicability dates. The rule is expected to take effect on April 1, 2024, with most of the provisions becoming applicable on January 1, 2026. This increases the amount of time for banks to come into compliance with the new requirements from 12 months (as originally proposed) to more than 24 months after the final rule is adopted. The data reporting requirements will begin on April 1, 2027. The agencies expect to issue supervisory guidance, including examination procedures and training, to promote clarity and transparency regarding implementation of the final rule.

Our Take

While the long awaited final rule includes a number of changes that will be favorably received by banks, such as reduced retail categories and product lines under the Retail Lending Test, expanded definitions of qualifying activities, and an expanded implementation period, there will continue to be concern about increased data collection requirements. Although many banks likely already track the expected data in some form, they will still need to standardize it and enhance their reporting processes according to the new requirements. For many institutions this may require a comprehensive gap analysis of current systems and data followed by the design of new validation and reporting processes. Certain large banks will also need to grapple with the designation of new assessment areas. With a number of changes in applicability from the proposal, banks with a high volume of online customers will need to update their analysis of where they originate mortgages and small business loans. They will then need to identify and possibly enhance their CRA-eligible activities in potential new assessment areas as these broadened geographies could make it more difficult to receive top marks when being graded for CRA compliance.

With the industry empowered by legal challenges to CFPB and SEC rulemaking, we could see efforts to block or further delay the rule’s applicability. For example, some consider the expansion of CRA requirements beyond banks’ facility-based assessment areas as beyond the scope of the regulators’ authority under the CRA statute. However, even with the longer run-way for implementation, banks should not wait to prepare for compliance with the new CRA as there are indications that numerous banks still have significant work to do. Beyond adapting to the new assessment areas and data reporting requirements, banks will need to digest the nearly-1500 page rule and close the gaps with respect to their existing CRA program governance, strategic planning, staffing and training.

1 The three product lines are closed-end home mortgage loans, small business loans, and small farm loans. Auto loans will only be considered if they are a major product line or at the discretion of a bank.

2. Bank regulators finalize climate principles as Gensler signals changes to disclosures

Climate risk management principles

On October 24th, the Fed, FDIC and OCC jointly finalized a set of principles for climate-related risk management for financial institutions with over $100 billion in total consolidated assets, or combined U.S. operations in the case of foreign banking organizations. The final principles are largely similar to drafts proposed separately by the three agencies in December 2022, April 2022, and December 2021, respectively. Republican Fed Governors Christopher Waller and Michelle Bowman as well as FDIC board members Travis Hill and Jonathan McKernan voted against the finalization. The principles cover expectations in six areas:

  1. Governance. The final principles include the expectation that the board and management understand the evolution of climate-related risk and their institution’s exposures to those risks over time horizons that “extend beyond the bank’s typical strategic planning horizon.” Relative to the proposed principles, they further clarify the roles of the board and management in overseeing and executing climate risk management, respectively. They also remove discussion of compensation policies, noting that they are covered in other interagency guidance.
  2. Policies, procedures, and limits. The principles call on management to incorporate climate-related risks into policies, procedures and limits in line with the strategy and risk appetite set by the board.
  3. Strategic planning. They also state that the board should consider climate-related risks in setting and monitoring the institution’s business strategy, risk appetite, financial, capital and operational plans. In doing so, they should consider the impact of climate risk on financial condition, operations and business objectives over various time horizons.
  4. Risk management. The principles guide management to design processes to identify, measure, monitor and control climate-related risks within existing risk management frameworks. They also note the importance of obtaining input from and reporting to various internal stakeholders.
  5. Data, risk measurement and reporting. The principles acknowledge the importance of effective reporting of relevant, accurate and timely data and urge management to develop climate risk data aggregation and reporting capabilities.
  6. Scenario analysis. As an important component of forward-looking analysis, the principles support the development of scenario analysis frameworks with clear objectives, oversight, validation and quality control standards.

The principles also cover management of risk areas including credit, liquidity, operational, legal/compliance, and other financial and non-financial risks. Regarding credit risk, the draft principles include examples of effective practices such as conducting sectoral, geographic and single-name concentration analyses, and suggest that they should include monitoring changes in correlations across exposures or asset classes. Other financial risk recommendations include monitoring interest rate risk for climate-related volatility and using the “best measurement methodologies reasonably available” to measure climate price risk. On the non-financial risk front, the principles discuss considering climate-related impacts on all business lines and operations, including third parties, and considering the risk of climate-related activities prompting reputational damage, liability or litigation.

SEC climate risk disclosures update

On October 26th, SEC Chair Gary Gensler discussed the SEC’s climate risk disclosure proposal at a U.S. Chamber of Commerce event. He described his comments as a “pitch to corporate America,” making a case that a U.S. disclosure regime would benefit companies that operate in the EU as its Corporate Sustainability Reporting Directive (CSRD) begins to take effect in January 2024. He also noted that nearly every rule the SEC has finalized under his tenure has been adjusted in response to feedback and cited “a lot of questions and doubts and concern” about the proposal’s requirement to report Scope 3 emissions (i.e., indirect emissions such as financed emissions). He also acknowledged legal challenges the SEC has faced in response to other rules.

Our Take

After climate risk took a back seat to bank stress and traditional risk management for much of this year, these final principles confirm that the regulators still expect banks to incorporate climate considerations into every aspect of their risk management and strategy ‒ with the onus for action on the board and senior management. Although these are principles and therefore not a direct basis for enforcement actions, examiners may increasingly consider the management of core risk stripes (e.g., liquidity, credit and market) inadequate if each does not consider and mitigate potential climate related impact. They will also continue to ask banks about their climate risk management capabilities and make comparisons across peer institutions of which are leading and which are falling behind the curve. This comparison will become a matter of public and investor scrutiny due to mandatory disclosure requirements, particularly once the SEC’s climate risk disclosure regime goes into effect. Based on Gensler’s comments this week, we expect that some proposed requirements will be softened in the final rule, particularly those concerning Scope 3 emissions. However, many large companies will not escape Scope 3 emissions disclosure if they are subject to the recently enacted California laws or looming EU requirements. Accordingly, banks should not wait for formal rulemaking from the U.S. banking regulators to ramp up their climate risk management programs. Given the emphasis on the board throughout the final principles, bank boards should be getting smart on the potential short and long term impacts of both physical and transition risks on their business. They should also ask questions about where their institutions fall short of the expectations outlined in the final principles ‒ before those questions come from examiners and investors.

3. Fed proposes decrease to debit interchange fee cap

On October 25th, the Fed issued a proposed rule to decrease the maximum interchange fee large debit card issuers (those with consolidated assets of more than $10 billion) can charge under Regulation II as well as codify the approach for making such updates going forward based on the Fed’s biennial survey of covered issuers. When Regulation II was adopted in 2011, it implemented the statutory provision called the Durbin Amendment which allows the Fed to ensure the amount of any interchange fee received by a debit card issuer is reasonable and proportional to the cost incurred by the issuer with respect to the debit card transaction and then adjust it accordingly. However, the fee cap has not been adjusted since the regulation was adopted.

Under the current rule, the interchange fee cap comprises (a) 21 cents (the “base component”), (b) 5 basis points multiplied by the value of the transaction (the “ad valorem component”), and (c) a “fraud-prevention adjustment” of 1 cent per transaction for debit card issuers that meet certain fraud-prevention standards. Under the proposal, the base component would decrease from 21.0 cents to 14.4 cents, the ad valorem component would decrease from 5.0 basis points to 4.0 basis points, and the fraud-prevention adjustment would increase from 1.0 cents to 1.3 cents. It is anticipated that the net effect of the rule would be to lower swipe fees for debit cards by about 28%. Furthermore, the proposed revisions would codify in Regulation II an approach for updating the three components of the interchange fee cap every other year going forward based on the latest data reported to the Board by covered issuers.

The proposal will remain open for comment for 90 days after being published in the Federal Register.

Out Take

Since the interchange fee cap was adopted over 12 years ago, it has never been adjusted despite significant changes to the cost of doing business, including decreased transaction processing costs and issuer fraud losses and increased fraud prevention costs. This proposal attempts to address changes in the market but debit card issuers will agree with Governor Bowman’s dissenting argument that it does not fully reflect the actual state of covered debit card issuers today and may have unintended consequences for consumers, particularly those in LMI communities, due to potential changes to pricing and benefits. For example, the proposal could reduce issuers’ economic incentives to offer free checking as well as services like real-time fraud prevention and mitigation.

The proposal could also impact the competitive landscape in which consumers pay for goods and services. For example, it could drive issuers to make credit card rewards more attractive, thereby incentivizing consumers to purchase goods on credit ‒ amidst the CFPB’s most recent biennial report to Congress on the consumer credit card market showing that consumers were charged more than $105 billion in interest and more than $25 billion in fees in 2022. As such, the proposal could benefit banks with large credit card businesses as well as those below the $10 billion dollar threshold which would be able to continue to partner with nonbanks (e.g., fintechs) to grow their market share of debit swipes. Debit card issuers should diligently analyze the economic impact of this proposal and make an evidenced case demonstrating the potential upstream and downstream impacts during the comment period.

4. On our radar

These notable developments hit our radar this week:

  • OCC to hold symposium on the tokenization of real-world assets and liabilities. On October 20th, the OCC announced that it will hold a symposium on the tokenization of real-world assets and liabilities on February 8, 2024 in Washington D.C.
  • FDIC releases proposed rule making on hiring. On October 24th, the FDIC released a notice of proposed rulemaking amending its section 19 regulations to conform with the Fair Hiring in Banking Act (FHBA). Among other provisions, the FHBA excluded or exempted categories of otherwise-covered offenses from the scope of section 19, including certain older offenses, offenses committed by individuals 21 or younger, and “certain lesser offenses.” Comments will be accepted for 60 days after publication in the Federal Register.
  • CFTC to meet next week on proposed rule. On October 25th, the CFTC announced that it will hold a meeting on November 1st to discuss a proposed rule on investment of customer funds by futures commission merchants and derivatives clearing organizations.
  • Barr speaks on payments. On October 27th, Fed Vice Chair for Supervision, Michael Barr spoke on the Fed’s July release of its FedNow instant payments service, the importance of Stablecoin oversight, exploration of central bank digital currencies (CBDCs) and encouraged comments on the new interchange fee cap proposed revisions (as noted above).
  • FSOC to meet next week. On Friday November 3rd, the Financial Stability Oversight Council (FSOC) will meet to discuss its proposed analytic framework for financial stability risk and nonbank financial institution (NBFI) designation guidance.

Download Our Take: PwC financial services update – October 27, 2023

Related content

Follow us
Audit and assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.