March 2022 Newsletters

OCC Clarifies December 2021 CRA with FAQs

In June 2020, the OCC issued its CRA modernization rule to update the regulations implementing the Community Reinvestment Act. Although the regulators normally act together, the OCC decided to go it alone and not only updated the CRA regulations, but also published guidance along the way. At some point, the OCC decided that their CRA changes were premature, and the June 2020 CRA modernization rule was rescinded, leaving the previous 1995 CRA rules which mirrored those of the other regulators in its place, effective January 1, 2022.

Due to the confusion about what the implications are of the modernized CRA rules which were in effect for OCC banks October 2020 – December 2021, the OCC recently published a “frequently asked questions” document, featuring 30 questions related to the rescinding of the June 2020 rule.  The FAQ addresses the areas of Rulemaking Process, Bank Type, Qualifying Activities, Transition Period, Examinations, Assessment Area, Activity Location, Data Reporting, Public Notices, the Public File, and Strategic Plans. By and large, the big takeaway from the FAQs is that plans that were made and put into place to comply the June 2020 rules are no longer necessary unless they’re also necessary to comply with the 1995 rules.  

One of the first things to determine is whether the bank’s reporting and examination requirements will change. With banks reverting to the 1995 rules, certain banks will remain as the same type (Large, Small, Intermediate Small), but some will change as of January 1, 2022. For those banks that were an intermediate small back under the 1995 rules and were an intermediate small bank under the June 2020 rules but will become a large bank under the December 2021 rules, data collection is not required until January 1, 2023, with reporting happening the following year.

However, for those banks that were large banks under the 1995 rules, became intermediate small banks under the June 2020 rules, and are once again becoming large banks under the re-instated 1995 rules, data collection begins in 2022. The December 2021 rule does not contain a specific date by which data collection must begin, but 2022 data must be reported by March 1, 2023. The FAQ indicates that a redesignated large bank will not be out of compliance with the December 2021 rule if the bank’s data collection and record keeping systems are not fully in place in 2022, if the 2022 data is reported by March 1, 2023.

Another change that will have widespread effect is the changes to the notices and public files. Under the 1995 rules there were separate notices required at a bank’s main office and individual branches. The June 2020 rule designated a single notice that was to be posted at both the main office and branches. Additionally, the scope of information to be included in the public file is greater under the 1995 rules than the June 2020 rule, so banks will need to include additional information in their public file and make the file available at their main offices, and for interstate banks, at one branch in each state. Because of the change in requirements and increase in the information required, banks have until April 1, 2022, to comply with these requirements.

Compliance Alliance has a robust CRA toolkit to help with getting your bank back to the 1995 rules, and staying in compliance with the December 2021 rule.

Easier E-Sign Proposed by U.S. Senate

Without giving an in-depth civics lesson, it is somewhat a lengthy process for a bill to become a law.  Not every bill that is introduced in the House or Senate eventually become a law, and those that do, often change significantly from when they were introduced. This is just sort of how it is done in America. So, without further ado, the “E-Sign Modernization Act of 2022” was introduced recently into the U.S. Senate as S.3715. It still needs to pass a vote in the Senate, and the House, and be signed by the President, but the proposed changes are significant. What is proposing to be “modernized” about E-Sign has to do with the demonstrable consent requirement, which would be removed from the E-Sign requirements under the E-Sign Modernization Act of 2022.

Under E-Sign as it currently exists there are both notice and consent requirements. In order to send a customer documents electronically, the bank must provide a notice to the customer that includes 1) whether the consent applies only to a particular transaction, to specific categories of records (disclosures, periodic statements, etc.), or to the customer’s entire relationship with the bank, 2) option to receive any records in paper form, how to request a paper copy, and any fees associated for paper copies, 3) the right to withdraw consent, how to withdraw consent and the consequences of doing so, 4) the procedures for the customer to update their electronic contact information, and 5) a description of the hardware and software requirements to access and retain electronic records. 

After providing the required notice, the customer must affirmatively consent to the receipt of electronic records. There are two parts to this customer consent: 1) the customer must affirmatively consent to receiving electronic records. This normally accomplished by the consumer by signing or checking a box next to language such as, “I request [the bank] provide me with [description of the documents] in electronic format.” 2) the customer must also consent electronically or confirm his/her consent electronically in such a manner that reasonably demonstrates to the bank that the customer can access the information in the electronic form that will be used to provide the information that is the subject of the consent. This part of the consent (or a confirmation of the consent) must be provided to the bank electronically. It could be emailed or submitted to the bank’s website by the customer, but it cannot be completed only in paper form and mailed to the bank without some form of electronic confirmation. 

It is this second part of the consent requirement, the demonstrable consent requirement that is proposing to be modernized. According to the bill’s sponsors, demonstrable consent is an outdated requirement that is no longer necessary given advancements in technology since E-SIGN became law in the year 2000. The E-Sign Modernization Act would remove this requirement, so once a consumer is provided with disclosure information and consents to receiving documents electronically, he or she can obtain them through those means without having to prove that they can receive the documents in the format the bank will be sending them.

What is the likelihood of this bill becoming law? Only time will tell, but this change would be big for banks, so we’ll watch S.3715 with great interest and keep you updated of any changes to the law.

OCC Modifies SAR Requirements

The OCC recently published a final rule modifying the requirement for filing suspicious activity reports (SARs).  In January 2021 the OCC issued a Notice of Proposed Rulemaking (NPRM) to allow the OCC to grant SAR filing exemptions similar to the SAR filing exemptions granted by FinCEN under their own regulations.  This final rule will also make it possible for the OCC to facilitate changes required by the Anti-Money Laundering Act of 2020.  The changes proposed in the NPRM were adopted in the final rule largely as proposed.  The effective date of the final rule is May 1, 2022.

Suspicious activity reporting is addressed in the Bank Secrecy Act regulations published by FinCEN, the FDIC, the FRB, and the OCC.  The SAR regulations published by these four agencies are substantially similar, with the ones published by the regulators (FDIC, FRB and OCC) being slightly broader in scope and requiring SARs to be filed for instances of insider abuse as well as requiring the institution's board of directors to be notified when a SAR has been filed.  Regardless of who an institution’s federal regulator is, every institution is subject to both their regulator’s SAR regulations, as well as FinCEN’s SAR regulations.  

The OCC’s final rule adds a paragraph (m) to 12 CFR 21.11, and can be summarized as follows:

Paragraph (m) section 1 requires banks to submit written requests to their regulator for SAR exemptions.  The OCC will evaluate the request and consult with FinCEN to verify that the bank’s request is consistent with the purposes of the Bank Secrecy Act.  If the bank is seeking an exemption from both OCC regulations and FinCEN regulations, the bank must send a request to both the OCC and FinCEN to receive an exemption from both regulations.

Paragraph (m) section 2 requires the OCC to provide the requesting bank with written response to their request.  If a request for an exemption is granted the OCC must communicate the duration of the exemption.

Paragraph (m) section 3 allows the OCC, through written notice, to revoke or extend the duration of the exemption.  A notice of revocation must include the OCC’s basis for revoking the exemption and provide the bank an opportunity to respond.  The OCC must also consider the bank’s response to the notice of revocation before revoking an exemption, and if the OCC decides, after consideration, to revoke the exemption, their decision must be communicated in writing to the bank.

Paragraph (m) section 4 indicates that banks that receive exemptions from both the OCC and FinCEN regulations will be relieved from the requirements of the SAR regulations, to the extent that the exemption provides relief from those requirements.