Trending publication

10.31.2023 | Legal Update

Headlines

1. Federal Banking Agencies Release Final Changes Meant to Modernize CRA Regulations
2. CFPB and DOJ Issue Warning to Lenders About Improper Use of Immigration Status
3. Agencies Announce Principles for Climate Risk Management for Large Financial Institutions
4. FDIC Publishes Proposed Corporate Governance Standards for Larger Banks
5. Other Developments: Consumer Data Sharing and Information Security

1. Federal Banking Agencies Release Final Changes Meant to Modernize CRA Regulations

The federal banking agencies have jointly issued a final rule that will modify how examiners assess compliance with the Community Reinvestment Act (CRA). Among other changes to the CRA regulations announced on October 24, the final rule is meant to tailor performance standards to bank size, business model, and local conditions, according to the agencies. The final rule will update asset size thresholds for small, intermediate, and large banks, and banks will be evaluated. Depending on a bank’s asset size or limited purpose bank designation, it will be evaluated under one or a combination of the following seven performance tests: the Retail Lending Test; the Retail Services and Products Test; the Community Development Financing Test; the Community Development Services Test; the Intermediate Bank Community Development Test; the Small Bank Lending Test; and the Community Development Financing Test for Limited Purpose Banks. The final rule maintains a focus on evaluating CRA performance in geographic areas where brick-and-mortar offices are located, but will add evaluations of retail lending activities occurring in Retail Lending Assessment Areas outside of the traditional CRA assessment areas. The final rule also provides consideration for banks’ community development activities nationwide. Click here for a copy of the final rule.

Nutter Notes:  The final rule will update asset size thresholds for small, intermediate, and large banks. Large banks—those with assets of $2 billion or more—will be subject to additional performance tests: the Retail Services and Products Test and the Community Development Services Test. Both large banks and intermediate banks—those with assets of $600 million or more, but less than $2 billion—will be evaluated under the Retail Lending Test. Intermediate banks also may choose to continue to be evaluated under the existing community development test applicable to intermediate small banks under the current CRA rule, or opt into the new Community Development Financing Test. Small banks—those with assets under $600 million—may continue to be evaluated under the existing lending test under the current CRA rule, or into the new Retail Lending Test. The Retail Lending Test includes an evaluation of how banks are serving low- and moderate-income individuals, small businesses, small farms, and low- and moderate-income census tracts in the bank’s traditional CRA assessment area and, as applicable, retail lending assessment areas and outside retail lending areas. Limited purpose banks will be evaluated under a tailored version of the new Community Development Financing Test.

2. CFPB and DOJ Issue Warning to Lenders About Improper Use of Immigration Status

The CFPB and the U.S. Department of Justice have released a joint statement warning that banks and other lenders may not use immigration status to illegally discriminate against loan applicants. The joint statement released on October 12 reminds lenders that all credit applicants are protected from discrimination on the basis of their national origin, race, and other protected characteristics defined in the Equal Credit Opportunity Act (ECOA), regardless of their immigration status. The joint statement explains that ECOA does allow lenders to consider immigration status when necessary to ascertain the lender’s rights or remedies related to repayment. However, the joint statement cautions that “unnecessary or overbroad reliance on immigration status in the credit decisioning process, including when that reliance is based on bias, may” cause lenders to violate ECOA’s antidiscrimination provisions and may also result in violations of other laws, such as state anti-discrimination laws. Click here for a copy of the joint statement.

Nutter Notes:  The joint statement discusses some ways in which lenders may run afoul of the anti-discrimination provisions of ECOA and its implementing rule, Regulation B, when considering immigration status. For example, if a lender has a blanket policy of refusing to consider applications from certain groups of noncitizens regardless of the credit qualifications of individual borrowers within that group, that policy may risk violating ECOA and Regulation B. According to the joint statement, this risk arises because some individuals within those groups may have sufficient credit scores or other individual circumstances that may resolve concerns about the lender’s rights and remedies regarding repayment. To the extent that a lender relies on immigration status for a reason other than determining its rights or remedies for repayment, and the creditor cannot show that such reliance is necessary to meet other binding legal obligations, the creditor may risk engaging in unlawful discrimination. Among the binding legal obligations for which a lender may consider immigration status are restrictions on dealings with citizens of particular countries under federal economic sanctions administered by the Office of Foreign Assets Control.

3. Agencies Announce Principles for Climate Risk Management for Large Financial Institutions

The federal banking agencies have jointly released their final guidance to large financial institutions that provides a high-level framework for the safe and sound management of exposures to climate-related financial risks. The joint guidance issued on October 24 applies to those banking organizations with over $100 billion in total consolidated assets, and is intended to support their efforts to focus on key aspects of climate-related risk management. The joint guidance contains high-level principles covering six areas: governance; policies, procedures, and limits; strategic planning; risk management; data, risk measurement, and reporting; and scenario analysis. In addition, the joint guidance describes how climate-related financial risks can be addressed in the management of traditional risk areas. The joint guidance acknowledges that financial institutions are “likely to be affected by both the physical risks and transition risks associated with climate change,” and that weaknesses in how they identify, measure, monitor, and control climate-related financial risks could adversely affect their safety and soundness. Click here for a copy of the joint guidance.

Nutter Notes:  The final climate-related risk management principles do not prohibit or discourage large financial institutions from providing banking services to customers of any specific class or type. The joint guidance clarifies that any decision about whether to make a loan or to open, close, or maintain an account is within the discretion of the financial institution, so long as the financial institution complies with applicable laws and regulations. The joint guidance also indicates that the federal banking agencies expect that differences in the complexity of operations and business models of large financial institutions will result in different approaches to addressing climate-related financial risks. According to the joint guidance, “the agencies encourage large financial institutions to take a risk-based approach in assessing the climate-related financial risks associated with individual customer relationships and to take into account the financial institution’s ability to manage the risk.”

4. FDIC Publishes Proposed Corporate Governance Standards for Larger Banks

The FDIC has proposed amendments to its safety and soundness rule that would impose new guidelines on banks with total consolidated assets of $10 billion or more regarding corporate governance, risk management, and board of directors’ oversight. The proposed guidelines released on October 5 would be added as a new Appendix C to the FDIC’s safety and soundness rule at 12 C.F.R. part 364 (Part 364). The proposed guidelines would describe the general obligations of the board of directors of a covered bank to ensure good corporate governance by, among other things, being “active and involved,” protecting the interests of the covered bank, setting goals, approving a strategic plan and policies, and selecting and supervising senior management. The proposed guidelines would also include the supervisory expectation that the board of directors should adopt a code of ethics requiring “high ethical standards” in the covered bank’s operations, and create a committee structure designed to permit the board to actively oversee the affairs of the bank. Public comments on the proposed guidelines are due by December 11, 2023. Click here for a copy of the proposed guidelines.

Nutter Notes:  The FDIC’s proposed corporate governance guidelines are a reaction in part to the FDIC’s experiences with bank failures during the 2008 financial crisis and more recent bank failures in 2023, in which the FDIC observed that poor corporate governance and risk management practices were contributing factors to bank failures. In addition to describing the general obligations of a bank’s board of directors, the proposed guidelines would clarify supervisory expectations for the obligations of individual directors, including obligations to “exercise independent judgment” and to ensure that “they are not excessively influenced by a single dominant policymaker, who may be a director, management, shareholder, or other individual.” The proposed guidelines also would include recommendations for the composition of the board of directors, such as diversity of demographic representation, opinion, experience, and ownership level.

5. Other Developments: Consumer Data Sharing and Information Security

• CFPB Proposes Rule to Govern Personal Financial Data Rights

The CFPB released a proposed rule on October 19 that would give consumers control over their personal financial data and provide new protections against companies misusing their data. The proposed rule would require banks and other financial services providers to make available to consumers and to authorized third parties certain electronic data relating to consumers’ transactions and accounts, and would provide basic standards for data access. Public comments on the proposed rule are due by December 29, 2023.

Nutter Notes:  The proposed rule also would establish obligations for third parties that access a consumer’s data, including privacy protections for that data. Click here for a copy of the proposed rule.

• State Bank Regulators Offer Updated Ransomware Self-Assessment Tool

The Massachusetts Division of Banks joined the Conference of State Bank Supervisors on October 27 in releasing an update to the Ransomware Self-Assessment Tool (R-SAT), Version 2.0 for banks. The R-SAT helps banks to periodically assess their own efforts to mitigate risks and provides management with an overview of the bank’s preparedness for identifying, protecting, detecting, responding to, and recovering from a ransomware attack.

Nutter Notes:  Version 2.0 of the R-SAT reflects updates that account for the evolution of the ransomware threat environment and the behaviors of cyber attackers, as well as changes in bank control environments that have occurred since the original issuance of the R-SAT in 2020. Click here to access the R-SAT, Version 2.0.

Nutter Bank Report
Nutter Bank Report is a monthly electronic publication of the Banking and Financial Services Group of the law firm of Nutter McClennen & Fish LLP. Chambers and Partners, the international law firm rating service, after interviewing our clients and our peers in the profession, has ranked Nutter’s Banking and Financial Services practice among the top banking practices in the nation. Visit the U.S. rankings at Chambers.com. The Nutter Bank Report is edited by Matthew D. Hanaghan. Assistance in the preparation of this issue was provided by Heather F. Merton. The information in this publication is not legal advice. For further information, contact:

Kenneth F. Ehrlich kehrlich@nutter.com Tel: (617) 439-2989	Matthew D. Hanaghan mhanaghan@nutter.com Tel: (617) 439-2583	Michael K. Krebs mkrebs@nutter.com Tel: (617) 439-2288

This update is for information purposes only and should not be construed as legal advice on any specific facts or circumstances. Under the rules of the Supreme Judicial Court of Massachusetts, this material may be considered as advertising.