Posts filed under ‘Regulatory Guidance’

Written by: Lindsay Harden

Yesterday the OCC issued Frequently Asked Questions (“FAQs”) to supplement OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance.” The FAQs provide helpful guidance to banks on subjects including working with fintech companies, reducing oversight costs for lower-risk third-party relationships, and engaging in marketplace lending arrangements with non-bank entities. Portions of this guidance may be particularly useful for community banks who wish to leverage resources by distributing costs among multiple banks. For example, the OCC clarified in the FAQs that banks using a common third-party service provider may collaborate with each other to meet certain OCC expectations with respect to performing due diligence, contract negotiation, and ongoing monitoring responsibilities. The FAQs also make clear that a bank may outsource certain compliance management functions or collaborate with a group of banks to manage cybersecurity issues, as additional cost saving alternatives.

June 8, 2017 at 2:11 pm

Bank/Tech Contract Concerns Issued By FDIC IG

Written by: Lindsay Harden

The FDIC’s independent Office of Inspector General (OIG) issued a report late last week detailing a study it conducted of contracts between financial institutions and technology service providers (TSPs). The report concluded that such contracts are commonly not sufficient to address certain risks that are inherent in these relationships. Specifically, contracts with TSPs frequently lack specificity and completeness with respect to business continuity and incident response procedures and obligations.

For several years the financial regulatory agencies have shown an interest in third-party risk management, including ensuring adequate protection of private customer information. Recently, the FDIC and FFIEC have engaged in further initiatives related to cybersecurity and outsourcing of technology services. However, according to the FDIC’s Division of Risk Management Supervision, contracts with TSPs are generally out of date and do not reflect recent efforts to strengthen cybersecurity.

Based on a review of 48 contracts between financial institutions and TSPs, the OIG report made the following findings:

  • Financial institution analyses do not fully consider business continuity and incident response risks presented by TSPs
  • Key contract provisions provide limited coverage of the TSP’s business continuity planning and incident response and reporting responsibilities
  • Key contract terms lack clear and specific definition
  • The FDIC has implemented numerous initiatives to address cybersecurity risks
  • Financial institution third-party relationship risks remain and will require continued supervisory attention

In addition, the report provided some examples of necessary types of provisions that are frequently missing from contracts. For instance, only half of the contracts reviewed explicitly included business continuity provisions, and only a handful established clear performance standards and remedies for failure to meet those standards. Furthermore, many key terms used in regulatory and supervisory guidance—including “misuse of information,” “unauthorized access,” “significant disruption,” and “cyber event”—were often unused, undefined, or inadequately defined in TSP contracts.

The FDIC has plans to take certain actions by October of 2018 to follow up on the OIG’s recommendations in the report. One such action is continuing to communicate to financial institutions the importance of effective contracts with TSPs through the FDIC’s risk management supervision program, which includes guidance, examination procedures, examinations, and off-site monitoring.

The OIG report and potential FDIC action provide banks with additional leverage in negotiating TSP contracts. Affected banks should closely review existing contracts, and if your contracts are close to renewal, or if you are considering adding services under those contracts, you have an opportunity to address deficiencies.  You should review the terms of the agreement and work with counsel to identify gaps in existing or proposed agreements. Please contact us if you need assistance, as we have significant experience negotiating and drafting contracts with TSPs and assisting banks with TSP vendor diligence.

For more information, please contact Karen Garrett or Steve Cosentino, leaders of our fintech practice.

February 23, 2017 at 10:00 am

CFPB Issues Consent Order for RESPA Violations

Written by:  Robert Harry

On January 31, 2017, the Consumer Financial Protection Bureau (“CFPB”) published a Consent Order with Prospect Mortgage, LLC (“Prospect”) for alleged violations of the Real Estate Settlement Procedures Act (“RESPA”) prohibitions against kickbacks and unearned fees, commonly referred to as “RESPA Section 8”. RESPA Section 8 states that “no person shall give and no person shall accept any fee, kickback or thing of value pursuant to any agreement or understanding, oral or otherwise, that business incident to or a part of a real estate settlement service involving a federally related mortgage loan shall be referred to any person”. RESPA Section 8 applies to, among others, mortgage lenders, title companies, lawyers, servicers, and real estate agents.

The CFPB alleges that Prospect entered into a series of agreements with two real estate brokerage agencies and a loan servicer for mortgage origination referrals. The CFPB noted that Prospect violated RESPA Section 8 by:

1. Using lead agreements to pay brokers for referrals;
2. Using Marketing Services Agreements, commonly referred to as “MSAs” to pay brokers for referrals;
3. Using desk licensing agreements to pay brokers for referrals;
4. Encouraging brokers and agents to require consumers to loan obtain pre-approvals with Prospect’s loan officers
5. Paying the servicer for referrals;
6. Using a third-party’s website advertising to pay real estate brokers for referrals; and
7. Encouraging brokers to use fees and credits to pressure consumers into using Prospect.

The CFPB ordered Prospect to pay a $3.5 million dollar civil money penalty to the bureau. Further, Prospect may still have liability for any private civil action available under RESPA Section 8 to any consumer harmed by these actions, is prohibited from engaging in the activities described in the Consent Order, and must undergo compliance training, and conduct extensive reporting and recordkeeping.

Additionally, and in a departure from the CFPB’s prior RESPA Section 8 enforcement actions, the CFPB also entered into Consent Orders with the two real estate brokerages for accepting the payments in violation of the law. This is the first time the CFPB has enforced RESPA Section 8’s prohibition against kickbacks against real estate brokers under the common use of MSAs, desk licensing, and co-marketing agreements. The two brokerages agreed to pay a combined $230,000.00 in fines and disgorgement due to the alleged violations and may still be held liable under related consumer private causes of action.

The actions by the CFPB reinforce Richard Cordray’s position that the bureau will analyze marketing arrangements between settlement service providers with great scrutiny. The orders rely on internal communications and statements to demonstrate that the facially lawful arrangements under RESPA Section 8 were likely only a means of circumventing the anti-kickback provisions while still paying for referrals. It’s imperative that all settlement service providers carefully evaluate any marketing or business activities with other settlement service providers to ensure compliance with RESPA.

The attorneys at Stinson Leonard Street are uniquely able to counsel and assist clients in the residential real estate finance and sales industry to navigate the complex regulation that is RESPA Section 8.

February 16, 2017 at 10:35 am

Stinson Leonard Street’s Quarterly Banking Seminar – How to Prosper Through Market Change

With the beginning of a new year comes new opportunities in the banking and financial fields. These opportunities, however, are not without potential challenges, obstacles and pitfalls. Focused attention on strategy and problem avoidance is more critical than ever.

Join us Tuesday, January 24 for a panel discussion on some of the hot topics in the banking industry. Learn how new regulations will pose significant compliance and operational challenges for your organization and how you can prepare to implement the right steps to avoid complications and scrutiny.

Our presenters will cover critical changes in the market including :

  • Strategy and Competition
  • Financial Technology
  • Regulatory Landscape
  • Talent Acquisition and Retention
  • Customer Demands
  • The Impact of Global Decisions

This program will be presented from various Stinson Leonard Street locations.

Join us in person in the Denver, Kansas City, Minneapolis, St. Louis and Washington, DC offices for this informative event.

Register online to attend this event.

WHEN:

Tuesday, January 24

Registration: 8:30 – 9 a.m. (MT) 9:30 – 10 a.m. (CT) 10:30 -11 a.m. (ET)

Program: 9 – 11 a.m. (MT) 10 a.m. – 12 p.m. (CT) 11 a.m. – 1 p.m. (ET)

Lunch reception immediately following in Denver, Kansas City, Minneapolis, St. Louis and Washington, DC.

WHERE:

Stinson Leonard Street

Denver [map]

Kansas City [map]

Minneapolis [map]

St. Louis [map]

Washington, DC [map]

December 7, 2016 at 8:00 am

National Bank Charters for FinTech Companies

Written by: P. Michael Campbell

On Friday December 2nd, the Office of the Comptroller of Currency (“OCC”) announced that it would start considering applications for special purpose national bank charters from fintech (financial technology) companies.  The OCC believes that providing fintech companies charters will establish a regulatory framework for the fintech industry.  As noted by the OCC, a company receiving the special purpose national bank charter will be “held to the same rigorous standards of safety and soundness, fair access, and fair treatment of customers that apply to national banks and federal savings associations.”

In addition to regulation by the OCC, a fintech company receiving a charter could be subject to regulation from other governmental bodies, including the Federal Reserve, Federal Deposit Insurance Corporation and the Consumer Financial Protection Bureau.

Any company seeking a special purpose national bank charter is expected to have a well-developed business plan setting forth in “significant detail” the bank’s activities. The plan must also cover the governance structure, capital, liquidity, compliance risk management, financial inclusion and recovery and exit strategies.

SLS is well positioned to advise any company seeking a special purpose national bank charter. SLS has experts in every aspect of the application process and years of experience working with regulatory agencies.

The OCC’s proposal is open for comment until January 15th and is expected to receive many comments as the move has been both applauded and criticized in the financial and banking industry.  SLS will continue to monitor any developments with the OCC’s announcement.

December 6, 2016 at 8:00 am

Older Posts


Enter your email address to follow this blog and receive notifications of new posts by email.

Produced & Maintained By

Stinson Leonard Street Logo

Categories

A legal resource for Banking & Financial Services

Archives


%d bloggers like this: