July 2021 Newsletters

Managing ESG Risks

With more and more regulatory pressure driving banks to manage climate risk, a green agenda is becoming a commercial imperative. But what are these specialized skills that are needed to successfully implement a climate-driven initiative? There is a lot of confusion when it comes to risks analysis and banking. ESG issues, or environmental, social and governance, refer to three central factors when it comes to measuring the sustainability and social impact of an investment into a company or business. They are non-financial metrics that are used within an analytical process to identify the materials risks and growth opportunities. 

Environmental considers how a company is being a steward to nature. Social examines how a company manages its relationships with its employees, suppliers, customers and communities in which it operates. Governance is about a company’s leadership, looking to anti-corruption measures, internal controls, and its duty to shareholders and shareholders’ rights. ESG issues have risen within the last few years due to an emphasis by investor concerns as well as pressure on the financial industry. It has accelerated in the regulatory space partly due to the new administration putting climate change as one of its priorities. 

So what does these emerging risks mean for banks? ESG risk affects the entire financial industry. It will require banks to manage new forms of risk while adhering to emerging regulatory disclosure requirements regarding their businesses. This will require enhanced internal oversight and governance in response to a rapidly evolving regulatory environment. Specifically for banks, it will require a focus on managing climate risks. But there are major uncertainties when it comes to what will ultimately be required of community banks when it comes to setting aside capital for identifying, managing and mitigating these risks. 

The U.S. Climate Finance Working Group has been responding to requests for information on how climate change and natural disasters could pose threats to the financial service industry. It is a collaborative effort to create a framework to identify, evaluate and mitigate the risks of climate change on the financial system more broadly. Its principles offer a framework for policymakers to come to a common understanding regarding these emerging risks. But many key questions remain. 

How can financial firms prepare for future ESG regulations? How should ESG efforts and resources align with a bank’s business purpose, strategy and long-term goals? Is there transparency and accountability? Implementation of an ESG Management System may be a solution to these questions. An ESG Management System would need to be practical and easy-to-use, while providing ESG reporting that identifies a baseline of ESG parameters. It would need to allow for continuous monitoring of ESG parameters while interfacing with investment and regulatory processes.  

It is important to remember that ESG is an advanced and elevated push-and-pull—community banks are going to be asked at some point about their ESG performance, especially when it comes to investors, regulators, depositors and customer care. The reputational risks, coupled with enhanced Anti-Money Laundering risks bring about a stewardship requirement currently unparalleled in the financial industry today. 

AML Priorities Ahead

Compliance Alliance is committed to bringing you the latest developments in federal banking regulation and the resources to stay compliant. With how fast the regulatory landscape has been changing in the past year, it is nice when the federal banking agencies preview upcoming changes and let us into their thought processes. Following consultation with other relevant Department of the Treasury offices, as well as Federal and State regulators, law enforcement, and national security agencies, the Financial Crimes Enforcement Network (FinCEN) issued the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (the “Priorities”). The Priorities identify and describe the most significant AML/CFT threats currently facing the United States. The Priorities include corruption, cybercrime, domestic and international terrorist financing, fraud, transnational criminal organizations, drug trafficking organizations, human trafficking and human smuggling, and proliferation financing. Because money laundering is linked to all of the Priorities, combating money laundering remains core to FinCEN’s mission. The formal announcement discusses the methodology FinCEN used to arrive at these Priorities and discusses the impact on the financial system. FinCEN also issued Interagency Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism National Priorities and Statement on the Issuance of the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) National Priorities to provide guidance to covered institutions on how to approach the Priorities. 

The publication of the Priorities makes no immediate changes to Bank Secrecy Act (BSA) requirements or supervisory expectations for banks. Within 180 days of the establishment of the AML/CFT Priorities, FinCEN (in consultation with Federal functional regulators and relevant State financial regulators) will promulgate regulations regarding the AML/CFT Priorities. Although not required by the AML Act, the federal banking agencies plan to revise their BSA regulations, as necessary, to address how the AML/CFT Priorities will be incorporated into banks’ BSA requirements. As these rules are proposed and finalized, you can count on Compliance Alliance to summarize them and provide the guidance you need to comply with the upcoming changes.

While banks are not required to incorporate the AML/CFT Priorities into their risk-based BSA compliance programs until the effective date of the final revised regulations, FinCEN suggests that in preparation for any new requirements, “banks may wish to start considering how they will incorporate the AML/CFT Priorities into their risk-based BSA compliance programs, such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.” As part of this process, our members have access to the tools in our BSA AML OFAC Toolkit, with tools like our BSA/AML/OFAC Overall Risk Assessment, and recent webinars on BSA requirements. Our latest webinar, Annual BSA/AML Training 2021, walks you through the main components which make up your BSA/AML program and provides an overview of the expectations, requirements, and best practices of BSA/AML.

The OCC’s True Lender Rule is No More

Congress recently exercised its power under the Congressional Review Act (“CRA”) to retroactively void the rule submitted by the Office of the Comptroller of Currency relating to “National Banks and Federal Savings Associations as Lenders,” colloquially known as the “true lender” rule. Congressional Democrats spearheaded the repeal with a resolution under the CRA, arguing that the rule helped payday lenders issue predatory loans. The legislation passed in the Senate in May and the House last month on largely party-line votes. President Biden signed this bill into law on June 30, 2021. 

Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Office of the Comptroller of Currency relating to “National Banks and Federal Savings Associations as Lenders”.

Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Office of the Comptroller of Currency relating to “National Banks and Federal Savings Associations as Lenders” (85 Fed. Reg. 68742 (October 30, 2020)), and such rule shall have no force or effect.
S.J.Res.15 — 117th Congress (2021-2022).

The True Lender Rule has been controversial since its inception. The True Lender Rule, enacted by the Office of the Comptroller of the Currency (OCC) last October, was meant to provide legal certainty for lenders. The rule confirmed that when a national bank or federal savings association makes a loan in the context of a partnership between a bank and a third party, such as a marketplace lender, the bank is considered the true lender. Compliance Alliance provided a summary of the rule here. As a result of the recent repeal, the True Lender Rule is voided retroactively. Under the new law, the OCC is barred from issuing any regulation in “substantially the same form” absent express congressional authorization. The revocation does not set a different standard for who is the true lender on a loan; it eliminates the OCC’s bright-line standard and reverts the law to the inconsistent court-created standards governing when a bank is acting as the “true lender.”

Since the Madden Fix worked together with the True Lender Rule, some have questioned whether President Biden’s repeal of the OCC’s True Lender Rule affected the “Madden Fix,” or the “valid-when-made” doctrine.  This doctrine states that a loan that is valid when it is created remains valid when it is sold, even if the purchaser of the loan resides in a jurisdiction where the loan would otherwise be invalid. The repeal does not seem to affect the Madden Fix. S.J.Res.15, retroactively voided “the rule submitted by the Office of the Comptroller of Currency relating to “National Banks and Federal Savings Associations as Lenders” (85 Fed. Reg. 68742 (October 30, 2020)).” The Madden Fix was a separate rulemaking, which was finalized in 85 FR 33530. While the repeal of the True Lender Rule does not affect the separate Madden Fix rules, which have not been subject to a CRA disapproval effort, those rules have been challenged in court by several state attorneys general under the Administrative Procedure Act.

Compliance Alliance is committed to bringing you the updates you need to stay compliant. If you have any questions about the repeal, feel free to chat with us on the Hotline. 

Third Party Partners – Nothing But Net

One thing that was apparent during the COVID pandemic was that banks are very creative by nature and able to step up to meet the needs of their customers and the communities that they serve. This has led to the rapid ascension and adoption of digital products and services that consumers can access 24/7.

With this comes a great responsibility for understanding the risks that are associated with those complex technological advancements while safeguarding against those bad actors trying to sabotage the system. Rest assured that there are keys for that, and it all starts with a trusted partner. 

As banks leverage the expertise of the third-party partners, it’s important to have in place a Third-Party Vendor Risk Management Program designed to fit within the bank’s overall strategic plan, short and long-term goals, and business objectives.

Based on the bank’s directional compass, it’s common to weigh the risk versus reward scenario for the opportunity to pursue these digital advancements. As this starts the risk management process, be sure to take into consideration the relevant risks associated with any relationship, including the generally accepted banking risk categories (such as Credit, Interest Rate, Liquidity, Transaction, Compliance, Strategic, and Reputation.)

  • The due diligence process will further examine those risks determined to be key from the above considerations as the bank will want to tailor this based on the complexity of the third-party relationship (such as a core system provider versus a one-time digital marketing campaign.) At a minimum, consider the following:
  • The third-party’s experience in performing the proposed product or service. It’s important that the bank can verify the expertise with other sources while also completing its own research into available resource (such as the Better Business Bureau, Google, etc.)
  • Determine whether the third-party’s business model appears to support longevity and can withstand changes in the market (such as those due to an unexpected pandemic…who saw that coming?) 
  • Thoroughly review the financial picture of the third-party and any closely related affiliates as credit risk is an important factor for long-term sustainability. 
  • Much like the compliance risk faced by banks, ensure privacy and security measures are functioning as designed especially when dealing with “non-public personal information”, including through analysis of audit reports commonly referred to as “SOC” (service organization controls) reports.
  • The last thing standing in the way (assuming all the boxes are checked) is a safe and sound contract that spells out the responsibilities for both parties and is positioned to protect the bank, related parties, and its customers. Remember, it’s important to have an exit strategy in case the bank’s strategic direction change and the bank needs to pivot.  

By implementing and following a consistent and repeatable third-party risk management process, the bank will put itself in the best position to meet its strategic goals and objectives while positively impact its customers and community it serves. Now, that’s nothing but net, when partners work together…Swish!