SDBA eNews

October 19, 2017

SDBA Encourages Banks to Take Part in National Cyber Security Awareness Month

Photo of a HackerNational Cyber Security Awareness Month (NCSAM), now in its 14th year, dedicates October to reminding all digital citizens and businesses that protecting our computers and networks is “Our Shared Responsibility” and that everyone plays a critical role in promoting safe computing.The NCSAM is led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS).

The month’s primary goal is to provide Internet users and businesses with the information and tools they need to be safer and more secure online, including education about how to protect personal information in today’s highly-connected world. Everyone can join in and be a part of the something big by becoming a NCSAM 2017 Champion. Hundreds of organizations and individuals have officially signed on as champions to support the month. NCSAM Champions strengthen and boost the greater effort by spreading the word and host NCSAM partner events about online safety at home, at work and in the community.

NCSAM 2017 kicked off on Oct. 1 with a strong reminder for all digital citizens to: STOP: make sure security measures are in place; THINK: about the consequences of your actions and behaviors online; and CONNECT: and enjoy the Internet. The rest of the month's themes are: Cybersecurity in the Workplace is Everyone's Business; Today's Predictions for Tomorrow's Internet; and The Internet Wants You: Consider a Career in Cybersecurity. Learn more.

On a related note, SBS CyberSecurity will host a special Hacker Hour: Security Awareness Round Table on Wednesday, Oct. 25, at 2 p.m. CDT. Join SBS for an interactive discussion focused on building a stronger security culture for your board of directors, employees and customers. Throughout the free webinar, SBS will document the innovative ways others have developed their security awareness program and share the results with everyone that registers. Register for the webinar.


CFPB Outlines Principles for Third-Party Data Access

The Consumer Financial Protection Bureau yesterday issued nine guiding principles for protecting consumers that choose to share their financial data with third parties and data aggregators. The principles were released after the CFPB last year conducted a formal investigation into “screen scraping,” a process in which consumers provide their online banking credentials to a third-party app or tool. The principles do not reflect new or alter any existing guidance.

While the CFPB affirmed that consumers should generally have the ability to share their financial data, it noted that consumers should not be required to give up their banking credentials to do so. The principles establish that third parties that are granted access to customer data should use it only to the extent necessary to provide the products and services selected by the customer, and that the data should be accessed, stored and used safely and securely. In addition, the CFPB emphasized that consumers should have the ability to quickly review who has access to their data and have disputes over unauthorized access resolved in a timely manner.

ABA welcomed the CFPB’s commitment to protecting consumer financial data as new technologies continue to emerge and noted that the principles incorporate several recommendations the association made in previous comments to the bureau. “Customers deserve bank-level security wherever they share their financial information, and the CFPB principles pay particular attention to protecting this sensitive data,” said ABA VP Rob Morgan. “ABA believes customers should understand and control how third parties use their information.”

Morgan added that per ABA’s recommendation, “CFPB recognized that customers should not be required to share their online banking username and password to facilitate data sharing. There are technologies that can facilitate more secure access, and the banking industry will continue to work closely with technology companies to give customers the ability to share their financial data securely.” View the principles. For more information, contact Morgan.


State Associations Call for Continued Bipartisan Work on Reg Reform

Fifty-one state bankers associations on Monday wrote to members of the Senate Banking Committee encouraging lawmakers to continue pursuing the goal of bipartisan regulatory reform. The associations called on the committee to include in its overall proposal for regulatory reform several bills that are part of ABA’s Blueprint for Growth, including those that would allow regulators to tailor actions based on banks’ business models and risk profile, revise capital and liquidity requirements and allow mortgage loans held in portfolios to be considered “qualified mortgages.”

In addition, the associations noted that several other legislative proposals for regulatory reform have support on both sides of the aisle, such as a bill to recalibrate the systemic risk designation process and a bill to allow banks to hold municipal bonds and accept municipal deposits. They also called for legislative action on stress testing and the Volcker Rule, both of which were highlighted in the recent Treasury Department report on regulatory reform.

“The cumulative weight of thousands of pages of new regulations and guidance has overwhelmed many of America’s financial institutions, resulting in the loss of 2,800 banks--most of them community banks--in the last decade,” the associations wrote. “It is of the utmost importance that our remaining member banks are able to provide products and services to consumers that are affordable and help grow communities.” Read the letter.


Revised OCC Exam Policy Aligns Ratings with CRA Purposes

The OCC has changed its Community Reinvestment Act supervision policies to ensure a “logical nexus” between banks’ CRA-related activities and CRA performance evaluation ratings and to give “full consideration” to banks’ efforts to take corrective action, the agency said last week. The OCC issued a revised section of its policies and procedures manual that outlines how examiners will approach CRA ratings.

“The Community Reinvestment Act was established 40 years ago to encourage insured depository institutions to serve consumer credit needs and community reinvestment opportunities by lending, serving and investing in the communities they serve,” said Acting Comptroller of the Currency Keith Noreika. “Related OCC policies and practices must always work toward that goal and should never result in the unintended consequence of making it harder for banks to support the consumers, businesses and communities they exist to serve.”

For example, the policy now states that “limited, technical or immaterial instances of discriminatory or illegal credit practices directly related to CRA lending activities in the context of otherwise good-to-excellent performance” may warrant criticism in the performance evaluation but that a downgrade of the composite rating “should be supported by strong evidence of quantitatively and qualitatively material instances of discriminatory or illegal credit practices directly related to CRA lending activities that have resulted in material harm to customers.”

Likewise, the OCC will “fully consider” corrective actions taken by the bank. “[A]s a general matter, if the bank has remediated or taken appropriate corrective actions to address the evidence of discriminatory or other illegal credit practices, the ratings of the bank should not be lowered solely based on the existence of the practice prior to commencement of the CRA evaluation,” the policy says, noting that rating penalties for activities already being addressed “unnecessarily distract and divert the bank’s resources from lending, investing or serving the relevant communities and thereby frustrate the CRA’s purposes.” Read the revised manual. For more information, contact ABA's Krista Shonk.


Credit Reporting Bill Introduced in Wake of Equifax Breach

As the fallout continues from the Equifax data breach, Rep. Patrick McHenry (R-N.C.) last week introduced a bill making several changes to federal regulation of “large consumer reporting agencies” like Equifax, Experian and TransUnion. The bill requires the Federal Financial Institutions Examinations Council to subject large credit bureaus to cybersecurity supervision and exams by a designated FFIEC agency.

McHenry’s bill would target the practice of using Social Security numbers to verify identity by prohibiting large consumer reporting agencies from making credit reports with SSNs or using them for identification purposes.

The bill would also require credit bureaus to place security freezes on consumers’ credit files within five days of a consumer’s request. Bureaus may charge no more than $5 for placing, lifting or removing a freeze, and no fee may be assessed for identity theft victims, minors, seniors or active-duty service members. It includes provisions on temporary lifting of these freezes. Under the bill, if a lender requests access to a credit report in connection with an application for credit and the file is frozen, the loan application may be treated as incomplete. Read more.


ABA Urges FDIC to Rescind Guidance on Deposit Advance Services

In a letter to the FDIC last Friday, ABA called on the agency to rescind its 2013 guidance on direct deposit advance services. The guidance established prescriptive supervisory expectations for underwriting, credit risk monitoring and limits on customer usage that caused almost all banks to discontinue those services.

ABA’s request came on the heels of last week’s announcement by the OCC rescinding similar guidance to avoid subjecting OCC-regulated banks to underwriting requirements and cooling-off periods that are inconsistent with the requirements in the CFPB’s final small-dollar lending rule, which was also released last week. The association pointed out that the FDIC’s guidance imposes similar requirements and is therefore inconsistent with the CFPB’s final rule.

“Banks are eager to innovate and expand their offerings of small dollar credit products,” ABA wrote. “We urge you to facilitate the establishment of bank programs that offer fair, convenient, and sustainable small dollar loans to customers.” Read the comment letter. For more information, contact ABA's Jonathan Thessin.

Fed Names Team to Create Faster Payments Governance Framework

The Federal Reserve last Friday announced the members of its Governance Framework Formation Team, an initiative created by the Faster Payments Task Force and outlined in the task force’s final report, which was released earlier this year. The 27 members will work together to develop--with the help of public input--an initial faster payments governance framework that will help support the overarching goal of real-time payment ubiquity by 2020.

Team members include ABA VP Steve Kenneally, as well as individuals from five ABA member banks, including U.S. Bank, Wells Fargo, The Bankers Bank in Oklahoma City, Okla., Commerce Bank in Kansas City, Mo., and Bankers’ Bank in Madison, Wis. Read more.

GSB Adds New Sales and Marketing School to Offerings

The Graduate School of Banking (GSB) at the University of Wisconsin-Madison heard from bankers across the country about the need for a comprehensive school that focuses on sales, marketing, the business of banking and how these elements work together to create business growth. GSB has collaborated with current and former bankers and some of the financial services industry's biggest names in sales and marketing to develop a program that's in keeping with GSB's reputation for educational excellence.  

The result is the GSB Sales and Marketing School to be held Oct. 14-19, 2018, in Madison, Wis. This week-long program will be facilitated by exceptional faculty who bring decades of relevant experience to the classroom. They'll teach using a unique and powerful blend of lecture, small group exercises and individualized application sessions to maximize retention and provide skills and tools you can put to use immediately at your bank. 

Enrollment is limited to ensure a quality learning experience. This program is sure to fill quickly, so GSB encourages you to apply now while space remains. Learn more and register.


Compliance AllianceQuestion of the Week

Question: Is HVCRE collateral driven or purpose drive? For example, if the bank does an equity out loan to purchase land, and the land being purchased will not be the bank’s collateral, would this loan still qualify as HVCRE, since the purpose of the loan is to purchase the land?

Answer: First, to qualify for an HVCRE, it would be purpose driven to determine whether or not ADC applied. HVCRE technically covers the "acquisition, development OR construction" (ADC) of commercial real estate, so it's possible that purchasing land might still fall under the HVCRE risk weighting. However, if the loan is solely for the purpose of developing agricultural land, then it would also be exempt, per the regulation.

The complete definition of HVCRE can be found here: https://www.fdic.gov/regulations/laws/rules/2000-4350.html.

However, the exemptions are what would bring collateral in to the equation. HVCRE exceptions include:

  1. ADC (acquisition, development, or construction) loans for 1-4 family residential properties, including loans secured by land for developing or constructing 1-4 family residential properties, and loans to finance the acquisition of lots zoned for 1-4 family residential properties;
  2. ADC loans for real property that qualifies as community development investments; and
  3. ADC loans for land used for agricultural purposes.

CA does offer a High Volatility Commercial Real Estate (HVCRE) Summary of the most frequently asked questions in effect of having HVCRE in bank portfolios.

https://www.compliancealliance.com/find-a-tool/tool/high-volatility-commercial-real-estate-hvcre-summary

Not a Compliance Alliance member? Learn more about membership with Compliance Alliance by attending one of our live demos:

Compliance rules and regulations change quickly. For timely compliance updates, subscribe to Compliance Alliance’s email newsletters.

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call 888.353.3933 or email.


SDBA eNews Archive
View past issues of the SDBA enews

Advertising Opportunity
Learn more about sponsoring the SDBA eNews.

Questions/Comments
Contact Alisa DeMers, SDBA, at 800.726.7322 or via email.