December 2019 Compliance Journal: Compliance Notes

The below article is the Compliance Notes section of the December 2019 Compliance Journal. The full issue may be viewed by clicking here.

FRB, FDIC, OCC, FinCEN, and the Conference of State Bank Supervisors issued a statement clarifying the legal status of hemp growth and production and the relevant requirements under the Bank Secrecy Act (BSA) for banks providing services to hemp-related businesses. The statement emphasizes that banks are no longer required to file suspicious activity reports (SAR) for customers solely because they are engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations. For hemp-related customers, banks are expected to follow standard SAR procedures, and file a SAR if indicia of suspicious activity warrants. The joint guidance may be viewed at:

FDIC approved a 2020 Operating Budget of $2.017 billion, down nearly $43 million or 1.3 percent from 2019. FDIC’s 2020 Operating Budget includes nearly $1.9 billion for ongoing operations, $75 million for receivership funding, and nearly $43 million for the Office of the Inspector General (OIG). In addition, the Board also approved an authorized 2020 staffing level of 5,755 positions, a net reduction of 160 positions from 2019. The budget may be viewed at: 

The U.S. District Court for the Western District of Texas has again continued its stays of the litigation of pending case Community Financial Services Association of America, Ltd. et al v. Consumer Financial Protection Bureau et al and of the August 19, 2019, compliance date of CFPB’s Payday Lending Rule, and ordered that the parties file a Joint Status Report about proceedings related to the Rule and litigation no later than April 24, 2020. 

FDIC has updated its Consumer Compliance Examination Manual to add new section X-6.1 on Disclosure Requirements for Sweep Accounts, to include examination procedures for FDIC Part 360.8(e), which requires consumer disclosures for sweep account transactions to inform whether the swept funds are deposits. The manual may be viewed at:

OCC has issued its Semiannual Risk Perspective for Fall 2019. The report indicates that operational, credit, and interest rate risks are among the key themes for the federal banking system. The report also highlights cybersecurity and technology management as a special topic in emerging risks. The full report may be viewed at:

OFAC took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware. Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft. This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers. Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader. The announcement may be viewed at:

The U.S. Department of Justice joined with the U.S. Department of State and the United Kingdom’s National Crime Agency in charging two Russian nationals with a vast and long-running cybercrime spree that stole from thousands of individuals and organizations in the United States and abroad. Along with several co-conspirators, Maksim V. Yakubets and Igor Turashev are charged with an effort that infected tens of thousands of computers with a malicious code called Bugat. Once installed, the computer code, also known as Dridex or Cridex, allowed the criminals to steal banking credentials and funnel money directly out of victims’ accounts. The long-running scheme involved a number of different code variants, and later version also installed ransomware on victim computers. The criminals then demanded payment in cryptocurrency for returning vital data or restoring access to critical systems. The announcement may be viewed at:

FinCEN released a new strategic analysis of Bank Secrecy Act (BSA) reporting, indicating that elders face an increased threat to their financial security by both domestic and foreign actors. Elder financial exploitation Suspicious Activity Report (SAR) filings increased dramatically over the six-year study period, from about 2,000 filings per month in 2013 to reaching a peak of nearly 7,500 filings per month in August 2019. The yearly dollar amount of suspicious activity reported for elder financial exploitation also rose. The report may be viewed at: 

CFPB, FRB, FDIC, OCC, and NCUA issued a joint statement on the use of alternative data in underwriting by banks, credit unions, and non-bank financial firms. The statement explains that a well-designed compliance management program provides for a thorough analysis of relevant consumer protection laws and regulations to ensure firms understand the opportunities, risks, and compliance requirements before using alternative data. Alternative data includes information not typically found in consumers’ credit reports or customarily provided by consumers when applying for credit. Alternative data include cash flow data derived from consumers’ bank account records. The agencies recognize that use of alternative data in a manner consistent with applicable consumer protection laws may improve the speed and accuracy of credit decisions and may help firms evaluate the creditworthiness of consumers who currently may not obtain credit in the mainstream credit system. The statement may be viewed at:

FDIC posted its Formal and Informal Enforcement Actions Manual to its website to provide greater transparency regarding the FDIC’s enforcement program. The manual provides direction for professional staff related to the work necessary to pursue formal and informal enforcement actions. Developed by the Division of Risk Management Supervision and the Division of Depositor and Consumer Protection, the manual is intended to support the work of field office, regional office, and Washington office staff involved in processing and monitoring enforcement actions. The manual may be viewed at:

FRB announced it has joined the U.S. Faster Payments Council (FPC) as a founding sponsor. The FPC and its members seek to facilitate faster payments in the United States, enabling Americans to securely pay anyone, anywhere, at any time with near-immediate funds availability. Its priorities include faster payments education and fraud mitigation. The announcement may be viewed at:

FFIEC revised the “Business Continuity Management” booklet, one of a series of booklets that make up the FFIEC Information Technology Examination Handbook (IT Handbook). The revised “Business Continuity Management” booklet provides information for examiners to assess the adequacy of a bank’s risk management related to the availability of critical financial products and services. The revised booklet replaces the “Business Continuity Planning” booklet issued in February 2015 and rescinds “FFIEC Information Technology Examination Handbook: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet.” The booklet may be viewed at:

FRB released its Supervision and Regulation Report, which summarizes banking conditions and the Federal Reserve’s supervisory and regulatory activities, in conjunction with semiannual testimony before Congress by the Vice Chairman for Supervision. The report may be viewed at:

OCC released its schedule of Community Reinvestment Act (CRA) evaluations to be conducted in the first quarter and second quarter 2020. The schedule may be viewed at: 

By, Ally Bates