Compliance Insights - April 2017

Compliance Insights - April 2017

OCC Releases Licensing Manual Supplement for Fintech Companies Applying for a Special Purpose National Bank Charter

In the January 2017 issue of Compliance Insights, we provided a summary of the Office of the Comptroller of the Currency’s (OCC) plan to grant special-purpose national bank charters to a broad range of business models, particularly companies engaged in financial technologies (fintech) related to payment services, lending and other core banking functions. In March 2017, the OCC further expanded on the application guidelines for these charters by releasing a draft supplement (supplement) to the Comptroller’s Licensing Manual, which provides instruction on how to initiate the charter application process (including what type of information to include in the application, and submission of a business plan), as well as some transparency into the OCC evaluation and decision-making processes.

The OCC took into consideration public comments received in relation to its December 2016 whitepaper on issuing such charters, and leveraged existing chartering requirements and standards. The following summarizes the key nuances in the supplement for non-bank firms to consider:

  • The OCC will require applicant firms to first contact its Office of Innovation, and to maintain communication with this office throughout the application process. The OCC indicates that the Office of Innovation will serve as the applicant’s primary contact for this process, and will work with applicants to ensure their readiness to apply for the charter in an “iterative” manner prior to actually submitting an application.
  • For firms providing lending or other financial services to consumers or small businesses, the OCC will require applicant firms to submit:
    • A comprehensive business plan that articulates a path to profitability, the applicant’s goals for, and approach to, serving its relevant markets and community, and evidence of the skills and experience of management in financial services. The business plan must also support that the applicant has the capital necessary to support the volume of proposed activities.

      The OCC recognizes that existing minimum leverage and risk-based capital requirements may not be appropriate for fintech companies given limited assets and off-balance sheet exposures and, as such, it may impose additional approaches to determining these items. The OCC further indicates that it may request that applicants provide details on alternative business strategies, contingency plans or recovery/exit strategies if submitted plans do not materialize or adverse conditions are experienced after a charter is granted.

    • A Financial Inclusion Plan (FIP) in which the applicant firm must demonstrate its commitment to financial inclusion. The OCC requires applicants to provide fair access to financial services and to treat their customers fairly. Final approval of the charter application will be conditioned upon the applicant firm’s implementation of the FIP, which the OCC views as important to aid communities in benefitting from financial innovation. This requirement is notable for its Community Reinvestment Act-like characteristics, though the OCC stops short of applying the exact framework of the CRA to these applicants (fintech firms that do not take deposits or receive insurance from the FDIC are not required to comply with the CRA).
    • Documentation of a comprehensive risk assessment that addresses key risks to the business plan, the applicant’s risk appetite, and how it intends to manage its key risks.
    • Documentation supporting the applicant’s records, systems and internal controls, minimum leverage and ability to meet capital requirements.
  • The OCC will grant approval of the charter in two steps:
    • A preliminary conditional approval, which makes the implementation of the FIP enforceable. The OCC notes that this preliminary approval signals its intent to move forward with the process, but does not guarantee that a charter will be granted, and
    • A final approval, upon which the charter is granted to the applicant.

At each stage, the OCC indicates that it may include standard or specific (tailored to the unique business strategy) conditions that can be enforceable and reviewed in its routine examination schedule of the applicant.

The supplement provides the clearest detail yet on the application process for special-purpose national bank charters by fintech firms. Companies interested in applying should review and determine their readiness against the requirements prior to starting the process through an inquiry with the Office of Innovation. In addition, fintech firms should use this supplement as a guide to understand the primary areas of concern from the OCC related to fintech companies, as well as how the supervision requirements may impact their company’s strategies for growth.

 

Russia Airs its Dirty Laundry

From 2010 to 2014, nearly $21 billion was siphoned out of Russia by exploitation of the Moldovan banking and legal system, illegal use of shell companies, bribery, and misdirection. The Organized Crime and Corruption Reporting Project (OCCRP), an investigative reporting platform formed by non-profit investigative centers, first uncovered and reported on this scandal in 2014 and labeled the scheme “The Russian Laundromat.” The scheme was complex and sophisticated, and reportedly impacted 732 global banks in 96 countries. Banks in the United Arab Emirates (UAE), one of the countries which unwittingly played a role in the scheme, handled more than $434 million in illicit funds. The OCCRP’s investigative report notes that several of the companies used to facilitate the movement of funds were registered in the UAE, highlighting the country’s rising level of involvement in high profile money laundering scandals. Recently, the OCCRP and the Moscow-based investigative newspaper Novaya Gazeta released a report, entitled “The Russian Laundromat Exposed,” which provides details on how the dirty money was transferred out of Russia and moved around the world, and how the world’s most prominent international banks failed to detect and dismantle the scheme.

The scheme appeared to work as follows:

  • In the case of The Russian Laundromat, money launderers collected “dirty money” or illicit funds derived from various sources and methods, in particular corrupt state contracts and tax evasion.
  • To help move the illicit money out of several Russian banks, the money launderers utilized a series of shell companies set up in various countries that masked the owners’ identities and were established as a mechanism to aid criminals. Shell companies typically do not have a physical presence and generate limited economic value, and the lack of transparency around shell companies is desirable to fraudsters seeking to disguise their ownership and business purpose.
  • The shell companies were disguised as legitimate companies acting as debtors and creditors to one another. Specifically, one shell company would lend fake money to another shell company, creating a bogus loan guaranteed by a separate Russian business.
  • Once the debtor would default on its bogus loan, the creditor would call in the guarantee and demand repayment from the guarantor, the Russian business.
  • While many of these schemes were designed to be partially guaranteed by a Moldovan citizen, resolution of this repayment was required to be settled in a Moldovan court. The Moldovan legal system was equipped with corrupt judges ordering repayment of the debt to a court bank account in which the fake debt was placed.
  • At this stage, the dirty money was legitimized, and the Russian debtor was then able to extract the now clean money out of Moldova and integrate it into the global banking system.

OCCRP’s exposure of the intricacies of this scheme is another current example that sheds light on the flow of illicit criminal funds through reputable banks and jurisdictions. The scheme underscores the need for enhanced information sharing between the public and private sectors as well as weakness inherent in the global banking systems, including lax transaction monitoring controls designed to help detect suspicious transactions and the illegal use of shell companies. To continue strengthening the fight against financial crime, global financial institutions should continue to improve enhanced due diligence protocols around identifying beneficial ownership and ensure rigorous tests are performed to help confirm that transaction monitoring controls are working as intended.

 

CFPB Announces $1.75 Million Fine for HMDA Violations

In March 2017, the Consumer Financial Protection Bureau (CFPB) announced a $1.75 million dollar civil money penalty and consent order against a large, non-bank mortgage lender related to violations of the Home Mortgage Disclosure Act (HMDA). The action is the largest HMDA-related civil penalty imposed by the CFPB to date.

HMDA, as implemented by the CFPB’s Regulation C, requires mortgage lenders to collect and regulatory report certain key information about home purchase, home improvement and refinance-purpose loans for which the lender receives applications, and where the lender originates or purchases the loans. These data points, which include information about the institution, borrower and loan, are used by regulatory agencies and consumer groups alike to evaluate the lending activities of an institution in relation to how the institution is meeting the needs of its communities and refraining from potentially discriminatory lending patterns. The importance of accurate and complete reporting was emphasized as recently as 2013 in a bulletin issued by the CFPB, which routinely examines compliance with this requirement.

In the consent order, the CFPB noted material exception rates exceeding the CFPB’s thresholds under which lenders should re-submit the HMDA data related to the accuracy and completeness of the information furnished by the non-bank lender. The CFPB outlined the following deficiencies with the lender’s HMDA reporting compliance mechanisms, notably:

  • Insufficient and decentralized HMDA data collection and validation procedures, including inconsistencies across business lines due to differing interpretations of reporting requirements
  • Unclear and inconsistent assignment of roles and responsibilities for its HMDA data collection and reporting processes
  • Inadequate “self-policing” (through compliance monitoring, testing and auditing) of its data collection and reporting processes, including of third-party service providers
  • Failure to implement controls adequate to detect and prevent data collection, validation and reporting deficiencies.

In addition to the civil penalty, the lender will also be required to enhance its HMDA compliance management framework, and correct and re-submit its HMDA data from the period between 2012 and 2014 to its regulators.

Click here to access all series