Trending publication

09.30.2022 | Legal Update

Headlines

1. OCC Publishes Security Standards for Video Teleconferencing With Agency Staff
2. CFPB Imposes Civil Penalty and Customer Refunds for Authorized-Positive Overdraft Fees
3. Treasury Department Recommends Regulatory Actions to Address Digital Asset Activities
4. SEC Adopts Final Rule Requiring Disclosures of Executive Pay Versus Performance
5. Other Developments: Climate Risk and Assessment Rates

1. OCC Publishes Security Standards for Video Teleconferencing With Agency Staff

The OCC has issued guidance to explain expectations for national banks and federal savings associations to protect non-public OCC information shared on video teleconferencing (VTC) services that are operated or managed by a bank or by a third-party vendor. The guidance released on September 7 indicates that OCC staff may not attend meetings hosted on a non-OCC VTC service unless the VTC service supports an encrypted connection with end-point devices used by each participant, communications across participants in the meeting are encrypted, and certain other security measures are in place. Those security measures include access controls, such as waiting rooms or “lock and remove attendee” features, screen capture functionality must be disabled or its use is prohibited for meetings in which non-public OCC information is transmitted, and no recording or transcript may be made of a meeting in which OCC staff communicate non-public OCC information. The OCC also expects that any VTC service will be “securely configured and routinely patched to protect against cyber intrusion and data loss or compromise,” according to the guidance. Although the guidance only applies to national banks and savings associations, it may be instructive about the standards that other bank regulators will apply for VTC services used by banks they supervise. Click here for a copy of the OCC’s guidance.

Nutter Notes:  The OCC’s new guidance on security expectations for VTC services is meant to protect non-public OCC information, a term that is defined by the OCC’s regulations and includes OCC reports of examination and related information, such as CAMELS ratings and the Uniform Rating System for Information Technology ratings. Other examples of non-public OCC information include supervisory correspondence from the OCC and responses by a bank, investigatory files, matters requiring attention and other enforcement-related information, and proprietary or confidential information obtained by the OCC in connection with the performance of bank oversight and its other responsibilities. National banks and federal savings associations are prohibited by OCC regulations from disclosing such non-public OCC information without prior approval from the OCC, except in very limited circumstances. The risks for unauthorized disclosure or use of non-public OCC information without the permission of the OCC include the possibility of criminal penalties under federal law. FDIC and the Federal Reserve regulations impose substantially similar confidentiality requirements on stated-chartered banks and bank holding companies for non-public supervisory information.

2. CFPB Imposes Civil Penalty and Customer Refunds for Authorized-Positive Overdraft Fees

The CFPB has ordered a large regional bank to refund at least $141 million to customers and to pay a $50 million penalty into the CFPB’s victims relief fund based on findings of unfair, deceptive, and abusive acts and practices (UDAAP) in connection with overdraft fees charged to consumer customers. According to the September 28 consent order, the CFPB found that the bank charged overdraft fees on transactions in which customers’ accounts had a sufficient balance at the time the bank authorized certain ATM withdrawals and debit card purchases, but then later settled with an insufficient balance. The CFPB’s order characterized such fees as “surprise overdraft fees,” and are also known as authorized-positive overdraft fees. The CFPB’s consent order emphasized that many of the bank’s consumer customers did not understand the bank’s overdraft practices or how to reasonably avoid authorized-positive overdraft fees, and that the bank was aware of this situation. In addition, the CFPB found that the bank’s senior management had decided to end the practice of charging authorized-positive overdraft fees, but delayed implementation of this decision while the bank made changes to its posting order in an attempt to generate new fee revenue to offset the expected revenue loss from eliminating authorized-positive overdraft fees. Click here for a copy of the consent order.

Nutter Notes:  The CFPB’s enforcement action in this case may be indicative of how the federal financial regulators intend to approach enforcement actions related to UDAAP violations involving overdraft fees. In the FDIC’s June 2019 Consumer Compliance Supervisory Highlights, the FDIC gave examples of potential UDAAP violations by banks using an available balance method to assess overdraft fees along with examples of risk mitigation techniques. The examples of steps banks had taken to mitigate overdraft risk include “ensuring that any transaction authorized against a positive available balance does not incur an overdraft fee, even if the transaction later settles against a negative available balance.” In its July 2018 Consumer Compliance Supervisory Bulletin, the Federal Reserve noted that a bank had violated the law when it charged authorized-positive overdraft fees on certain debit card purchases “based on insufficient funds in the account’s available balance at the time of posting, even though the bank had previously authorized the transaction based on sufficient funds in the account’s available balance when the consumer entered into the transaction.” The CFPB’s enforcement order indicates that the federal financial regulators have established that certain overdraft fee practices, including authorized-positive overdraft fees, violate federal laws prohibiting unfair, deceptive, or abusive acts and practices, including Section 5 of the Federal Trade Commission Act and Sections 1053 and 1055 of the Consumer Financial Protection Act of 2010.

3. Treasury Department Recommends Regulatory Actions to Address Digital Asset Activities

The U.S. Treasury Department has released a number of reports that outline recommendations for the regulation of digital assets, including cryptocurrencies, by federal financial regulators. The three reports issued by the Treasury Department on September 16 are part of a series of nine reports published by federal agencies in response to President Biden’s March 9, 2022 Executive Order on Ensuring Responsible Development of Digital Assets. Among the Treasury Department’s recommendations are that the federal financial regulators should pursue supervisory guidance and new rulemaking to ensure that digital asset intermediaries, including banks, “properly account for novel operational risks, cyber risks, and consumer protection.” The Treasury Department also recommended that federal regulators should aggressively pursue enforcement against illegal practices in digital asset markets, “with a particular focus on consumer, investor, and market protection.” In particular, the Treasury Department focused on illicit financing risks posed by digital assets with an action plan that anticipates amendments to existing Bank Secrecy Act/anti‑money‑laundering regulations. Click here to access the Treasury Department reports.

Nutter Notes: The Treasury Department’s reports noted that the federal banking agencies have already taken a number of steps to exercise their current authority to provide guidance on risk mitigation and clarify supervisory expectations for banks engaged in digital asset activities. For example, the OCC has issued interpretive letters that clarify expectations for national banks and federal savings associations for safeguarding digital assets for customers, holding deposits that serve as reserves backing a stablecoin, and using distributed ledger technology to facilitate payments. The Treasury Department also noted that the FDIC has taken enforcement actions for false or misleading representations about deposit insurance. The Treasury Department recommends collaboration and coordination among the federal financial regulators to implement “appropriate supervision, oversight, regulation, collection, and disclosure requirements” for digital asset products and services.

4. SEC Adopts Final Rule Requiring Disclosures of Executive Pay Versus Performance

The SEC has adopted a final rule that implements a provision of the Dodd-Frank Wall Street Reform and Consumer Protection (Dodd-Frank) Act requiring new disclosures by publicly-traded companies, including those that are bank holding companies, of information reflecting the relationship between executive compensation actually paid by the company and the company’s financial performance. The final rule released on August 25 will require the new pay versus performance disclosure in proxy or information statements in which other executive compensation disclosure is required. The final rule will require publicly-traded companies to provide a table disclosing specified executive compensation and financial performance measures for the company’s five most recently completed fiscal years. The table must include, for the principal executive officer and, as an average, for certain other named executive officers, the SEC Regulation S-K Summary Compensation Table measure of total compensation and a measure reflecting “executive compensation actually paid,” calculated as prescribed by the final rule. The final rule will become effective on October 11, 2022. Companies generally must begin to comply with the new pay versus performance disclosure requirements in proxy and information statements that are required to include Item 402 of Regulation S-K disclosures for fiscal years ending on or after December 16, 2022. Click here to access the final rule and the SEC’s fact sheet.

Nutter Notes:  The performance measures required to be included in the pay versus performance table are total shareholder return for the company, total shareholder return for the company’s peer group, the company’s net income, and a company-selected measure of financial performance that, “in the registrant’s assessment, represents the most important financial performance measure the registrant uses to link compensation actually paid to the registrant’s [named executive officers] to company performance for the most recently completed fiscal year.” The final rule also will require that the pay versus performance disclosures include a description of the relationships between each of these financial performance measures and the executive compensation actually paid to its principal executive officer and, on average, to its other named executive officers over the five most recently completed fiscal years. The final rule will require a description of the relationship between the company’s total shareholder return and its peer group’s total shareholder return.

5. Other Developments: Climate Risk and Assessment Rates

• Federal Reserve to Conduct Climate Risk Exercise With Large Banks

The Federal Reserve announced on September 29 that six of the nation’s largest banks will participate in a climate scenario analysis exercise in which the resilience of each bank will be assessed under different hypothetical climate scenarios to assess climate-related financial risks. The outcome of the climate scenario analysis exercise may inform future regulatory guidance to banks about climate risk management practices. Click here for a copy of the announcement.

Nutter Notes:  The Federal Reserve said that it plans to publish insights gained from the climate scenario analysis exercise in the aggregate, including what has been learned about climate risk management practices, but that no bank-specific information will be released. The Federal Reserve will begin the exercise in early 2023 and will publish details of the climate, economic, and financial variables that make up the climate scenario narratives at that time. The Federal Reserve expects to complete the exercise near the end of that year.

• OCC Plans to Reduce Assessment Rates

Acting Comptroller of the Currency Michael J. Hsu announced on September 1 that the OCC will reduce assessment rates for all national banks and federal savings associations by 40% on their first $200 million in total balance sheet assets and by 20% on balance sheet assets above $200 million and up to $20 billion. According to the Acting Comptroller, the reduction in assessments is part of an effort to “level the playing field with the cost of supervision compared to state community bank charters.” Click here for a copy of the announcement.

Nutter Notes:  The reduction in assessments will be published in the OCC’s notice of assessment rates issued in December 2022, and will become effective in March 2023 for national banks and federal savings associations according to Acting Comptroller Hsu.

Nutter Bank Report

Nutter Bank Report is a monthly electronic publication of the Banking and Financial Services Group of the law firm of Nutter McClennen & Fish LLP. Chambers and Partners, the international law firm rating service, after interviewing our clients and our peers in the profession, has ranked Nutter’s Banking and Financial Services practice among the top banking practices in the nation. Visit the U.S. rankings at Chambers.com. The Nutter Bank Report is edited by Matthew D. Hanaghan. Assistance in the preparation of this issue was provided by Heather F. Merton. The information in this publication is not legal advice. For further information, contact:

Kenneth F. Ehrlich kehrlich@nutter.com Tel: (617) 439-2989	Matthew D. Hanaghan mhanaghan@nutter.com Tel: (617) 439-2583	Michael K. Krebs mkrebs@nutter.com Tel: (617) 439-2288

This update is for information purposes only and should not be construed as legal advice on any specific facts or circumstances. Under the rules of the Supreme Judicial Court of Massachusetts, this material may be considered as advertising.