Regulatory Perspectives – February 2023
While risk based Safety and Soundness Examinations of Banks by their Regulators are tailored to specific risk profiles of institutions, there are certain areas of regulatory focus and interest that are generally consistent across the institutions in general due to regulatory changes, macroeconomic issues or increased risks and regulatory changes. This article aims at focusing on some of the areas expected to be under increased regulatory focus during 2023.
Credit Risk
Credit risk management practices are expected to face increased regulatory scrutiny in 2023 due to the overall macro environment including high inflation, higher interest rates and stress from geopolitical events which will increase the risk of credit quality deterioration. In addition, the implementation of the new Current Expected Credit Losses (“CECL”) requirements requiring management to consider forward-looking information in its determination of an allowance for credit losses (ACL). Given the flexibility provided under the CECL standard, banks have implemented it adopting methodologies suitable for them. Banks should, therefore, be ready to meet regulatory expectations for well documented methodology and the underlying assumptions and qualitative adjustments used in determining the allowance for credit losses.
The regulators expect strong processes and controls that can detect vulnerabilities early and allow for coordinated and timely intervention with borrowers that will help manage potential credit losses and avoid unnecessary surprises. They have already raised concerns about the strength of current credit risk practices, for example, the FDIC in the 2022 Supervisory Insights Journal highlighted that the credit risk activities frequently deviate from stated credit policies and procedures and often do not comply with regulatory guidelines. In addition, the Acting Comptroller of the Currency, while addressing the RMA Risk Management Conference in December 2022, stressed the increased need to closely monitor borrower’s financial positions and behavior as the effects of inflation and increasing rates set in. He also mentioned the challenge faced by many community banks to properly estimate possible credit losses under the new CECL standard effective for all financial institutions in 2023.
Cybersecurity
Cybersecurity incidents continue to increase at a rapid pace and remain a challenge for institutions and Boards to determine effective strategies and the amount to invest to manage the risk. In addition, Cybersecurity frameworks, monitoring efforts and internal controls continue to be a high priority for regulators and will remain a focus of examinations in 2023.
The new Federal regulation on Computer Security Incident Notification Requirements became effective on April 1, 2022 with a Compliance date of May 1, 2022, and the FFIEC issued the updated Cybersecurity Resource Guide for Financial Institutions in October 2022. This would be a new area of focus during the regulatory examinations.
While not applicable to many banks, it may be mentioned that many States have other specific cybersecurity compliance requirements and care needs to be taken to ensure compliance with both the Federal and State regulations concerned, especially as the definitions of the terms ‘computer-security incident’, ‘notification incident’, ‘reporting timelines’ and ‘reporting process’ may vary in these regulations.
Anti-Money Laundering and Customer Due Diligence
Since the issuance of the Anti-Money Laundering Act of 2020 and the Corporate Transparency Act (“CTA”), FinCEN has been working on a structured plan to develop new regulations to facilitate the implementation of these laws which is referred to as the Anti-Money Laundering and Countering the Financing of Terrorism (“AML/CFT”) Priorities. The goal of these new regulations is to provide for an improved and more effective risk-based approach to structuring the AML/CFT framework. Once these regulations become finalized, existing bank BSA regulatory requirements will need to be updated.
While addressing the ABA financial Crimes enforcement conference in December 2022, the Acting FinCEN Director commented on the status of the AML/CFT Priorities and referred to the final rule pertaining to beneficial ownership reporting requirements by business entities issued in September 2022 with an effective date of January 1, 2024. Also, close to finalization is the next rule about beneficial ownership which deals with the protocols, security and how access to beneficial ownership information including access by financial institutions will be controlled. Closely connected and required to follow within a year after the effective date of the reporting rule, will be updates to the customer due diligence requirements.
Although banks are not required to have updated Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program until after the effective date of the new regulations, it should be noted that institutions are encouraged to become familiar with the list of items contained within the AML/CFT Priorities. It appears that a key segment of the proposed changes relates to improving knowledge and risk assessment processes concerning Customer Due Diligence (“CDD”) practices, and in particular beneficial ownership issues.
Related to CDD, is the July 2022 joint regulatory agency statement on the risk-based approach to assessing customer relationships and conducting customer due diligence. This regulatory release reinforces the current regulatory expectations that banks must adopt appropriate risk-based procedures for conducting ongoing CDD and emphasized the following key attributes:
- Understanding the nature and purpose of customer relationships in the development of customer profiles
- Conducting ongoing monitoring to identify and report suspicious transactions on a risk basis and update customer information and risk ratings accordingly.
In anticipation of the updated regulations that will evolve from the AML/CFT Priorities, regulators are sending a message to start reassessing and improving risk based CDD processes.
Crypto-Assets
In January 2023, the regulatory agencies issued a joint statement on crypto-asset risks and activities related to crypto-assets. These agencies continue to evaluate whether and how crypto related activities can be conducted in a safe and sound manner and in compliance with applicable regulations including anti-money laundering rules. The statement notes that issuing or holding as principal crypto assets that are issued, stored, or transferred on an open, public and/or decentralized network or similar system is inconsistent with safe and sound banking practices.
In addition, the Agencies indicated that they would continue to closely monitor crypto-asset exposures of banking organizations. In general, any crypto activities that are undertaken must be performed in a manner that protect consumers, be conducted in a safe and sound manner, and be legally permissible complying with banking regulations.
The Agencies noted that they will continue to be engaged with relevant authorities and the banks on issues arising from crypto activities.
Fair Lending – Updated Guide
In January 2023, the OCC issued an updated version of the Comptroller’s Handbook on Fair Lending. The booklet provides information and examination procedures to assist OCC examiners in assessing fair lending risks. The booklet replaces the one issued in January 2010. The new booklet reflects changes to laws and regulations since the prior booklet and outlines the OCC approach to fair lending examinations and expands risk factors for a variety of examination types.
This is a useful guide and should help institutions, even those regulated by other regulatory agencies, in keeping themselves prepared for fair lending examinations.
For further guidance or assistance contact us at: info@RGSGlobalAdvisors.com
