Your monthly compliance news roundup
Virtual currency has become a prominent component of the global financial system. Although the legal and regulatory obligations associated with this emerging technology are not entirely clear, 2018 was a significant year in their development. Virtual currency, of which Bitcoin is the most prominent example, is a digital representation of value that can function as a medium of exchange. Efforts are currently underway by various regulatory entities, including the Financial Crimes Enforcement Network (FinCEN), the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC) and the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), to increase regulation over virtual currency and related digital assets.
In March 2018, OFAC issued Frequently Asked Questions (FAQs) related to sanctions compliance and monitoring digital currencies and other emerging payment technologies. Among other guidance, the FAQs clarify digital asset terminology and address identifying digital currency-related information and the format of digital addresses. The FAQs signaled that OFAC is actively monitoring emerging payment systems and the underlying technology supporting them. In November 2018, OFAC took aim at the illicit use of digital assets by adding two digital addresses to the Specially Designated Nationals and Blocked Persons (SDN) List associated with two Iranian individuals. Parties potentially dealing with digital assets, including coin operators, developers, issuers, administrators and miners, have an ongoing obligation to ensure associated transactions are not linked to a blocked interest.
In December 2018, shortly after OFAC added the first digital asset addresses to the SDN List, the Under Secretary for Terrorism and Financial Intelligence gave remarks at an industry conference communicating the industry’s heightened focus on mitigating vulnerabilities associated with emerging technologies. Further, the Under Secretary communicated the need for targeted action against the risks associated with these technologies, including increased international cooperation when regulating digital asset activity.
Due to the developing nature of digital asset technology, it is difficult to predict the potential issues, risks and consequences that may arise in the future. However, it appears clear that regulators are closely tracking the digital asset ecosystem and will likely maintain this focus in the future. To safeguard against violating sanctions compliance, businesses should review their sanctions compliance obligations and ensure that their risk-based approach is appropriate for the size and scope of the institution, which may include understanding how software can and should incorporate data to screen for digital addresses with an OFAC-affirmed SDN association.
In December 2018, the Consumer Financial Protection Bureau (CFPB) entered into a consent order with a U.S. financial institution related to its practices of furnishing information to credit reporting agencies and obtaining consumer credit reports. With respect to these practices, the CFPB found that the bank violated the Fair Credit Reporting Act (FCRA), the CFPB’s Regulation V and the Consumer Financial Protection Act of 2010. The specific violations identified within the consent order are described below.
- The bank obtained consumer reports on consumers who were not seeking an extension of credit or involved in any bank credit transaction that would provide a permissible purpose. The bank also inadvertently initiated credit applications on the wrong consumers or initiated applications for consumers who had not applied for a loan, thereby obtaining a consumer report and generating a credit inquiry for the wrong consumers.
- The bank furnished account information on the wrong consumers, reported current accounts as delinquent, and reported inaccurate past due amounts and payment histories that directly conflicted with information contained in credit applications, loan files or the institution’s system of record.
- After determining that information it furnished to a credit reporting agency (CRA) was not complete or accurate, the bank took multiple months to correct the information even when consumers made repeated requests for correction.
- In certain instances, the bank furnished disputed information to CRAs without providing the notice required by the FCRA stating that the consumer disputed the completeness or accuracy of the information furnished.
In addition to the findings related to the institution’s practices, the CFPB found that the institution failed to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of the information that it furnishes to CRAs. The requirement to establish and implement such policies and procedures is set forth within Regulation V. The terms of the consent order stipulate that the bank must not violate the FCRA or Regulation V and must implement and maintain reasonable written policies, procedures and processes to address the practices at issue in the consent order.
This consent order should serve as a reminder to financial institutions of the risks associated with obtaining and using consumer reports and furnishing consumer reporting information. Users of consumer reports should employ procedures, controls and other safeguards to ensure that consumer reports can only be obtained where there is a defined permissible purpose. Furnishers of consumer reporting information should ensure that they have established and implemented effective policies and procedures regarding the accuracy and integrity of the information furnished to CRAs, as required by Regulation V. Policies and procedures should be commensurate with the nature, size, complexity and scope of the furnisher’s activities, and should consider the interagency guidelines set forth in Appendix E of Regulation V. Additionally, institutions should ensure that their compliance program for consumer reporting activities includes training of staff on the requirements of the FCRA, monitoring and testing of consumer reporting information and processes, and reasonable investigations of consumer reporting complaints and disputes.
In November 2018, the CFPB and the Federal Reserve Board (Board) jointly issued a proposed rule to amend Regulation CC (2018 Proposed Rule) and, at the same time, reopened for public comment a proposal to amend Regulation CC issued by the Board in 2011 (2011 Proposed Rule). Regulation CC implements the Expedited Funds Availability Act of 1987 and sets forth availability schedules within which banks must make funds available for withdrawal, exceptions to those schedules, and requirements for disclosure of funds availability policies and payment of interest.
The purpose of the 2018 Proposed Rule is to implement a statutory requirement created by the Dodd-Frank Act to adjust relevant dollar thresholds for inflation on a periodic basis. The dollar thresholds impacted include the minimum amount of deposited funds banks must make available on the next business day (currently $200), the minimum amount of deposited funds banks must make available in cash on the day in which the funds are available (currently $400), and various dollar thresholds which define the circumstances when a bank may use certain types of exception holds (all currently $5,000). Civil liability amounts for failure to comply with the regulation are also impacted. While it is common for certain regulatory thresholds to be tied to an inflation index, the inherent complexity of Regulation CC and the various dollar thresholds impacted could make such adjustments more than routine. The agencies anticipate publishing the first set of adjustments in the first quarter of 2019 with an effective date of April 1, 2020, with subsequent adjustments at five-year intervals.
In addition to proposing the amendments above, the 2018 Proposal notified the public that the CFPB and the Board were providing additional opportunity for comment on certain provisions of the 2011 Proposed Rule which was never finalized. The proposed changes reopened for public comment relate to the funds availability provisions of the regulation and represent that portion of the regulation over which the CFPB and the Board have joint rulemaking authority. The proposed changes are largely directed at updating the regulation to account for the Board’s adoption of a single check processing region and the resulting elimination of non-local checks in 2010. However, the proposal also sets forth a shortened availability schedule under various circumstances based on the Board’s evaluation of the current electronic check processing environment.
Depository institutions should assess their current controls and processes associated with funds availability and identify a course of action for ensuring readiness in their systems, whether developed in-house or via third parties. Institutions should also evaluate the impact of this new requirement on their compliance management systems (CMS), including policies, processes, procedures, systems and training, as these areas may require updates to comply with the amended regulation.
In December 2018, the Financial Industry Regulatory Authority (FINRA) released its annual report on examination findings (Annual Report). The Annual Report is a summary of selected observations identified by FINRA during its periodic examinations of brokerage firms and is issued to educate firms and facilitate compliance with rules and regulations.
The 2018 Annual Report describes four observations that FINRA considers worth highlighting due to their potential impact on investors and markets or the frequency with which the deficiencies occur. A summary of these four observations is provided below:
- Suitability: FINRA noted instances where broker-dealers were not conducting the reasonable diligence necessary to reach a proper suitability analysis. As a result, firms either recommended unsuitable securities, allowed overconcentration in a security or excessively traded on behalf of a customer. In addition, some broker-dealers recommended variable annuities that were not suitable for the customers. One of the more notable examples of unsuitable transactions was the marketing of products that required customers to bet on volatility remaining low. When volatility skyrocketed in February 2018, customers who invested in these securities lost large amounts of money.
- Fixed-Income Mark-up Disclosures: In May 2018 FINRA and the Municipal Securities Rulemaking Board (MSRB) implemented amendments to FINRA Rule 2232 (Customer Confirmations) and MSRB Rule G-15. During its review for compliance with these amendments, FINRA noted several areas where firms were falling short of compliance: failure to enter information into the firms’ order entry systems, improper adjustments to prevailing market price, inadequate disclosure for trades conducted on an agency basis, failure to provide disclosures for structured notes, incorrect designation of institutional accounts, improper security-specific hyperlinks and brief descriptions, and vendor challenges. Within the Annual Report, FINRA recommends that firms review their own confirmations provided to customers after trades to ensure they are providing all the required information pursuant to the amended requirements.
- Abuse of Authority: FINRA noted concerns where firms were abusing their authority to trade on behalf of customers. Broker-dealers have additional responsibilities when they have discretionary trading power to ensure they exercise this discretion appropriately. NASD Rule 2510 (Discretionary Accounts) is intended to protect against brokers putting their interests ahead of their customers. However, FINRA discovered instances in which the firms did not fully comply with these rules, which resulted in situations where some registered representatives exercised discretionary power without proper authorization. In other instances, the authorization was either invalid or abused in some way.
- Reasonable Diligence for Private Placements: FINRA observed instances where firms failed to conduct reasonable diligence on private placements prior to recommending an offering to its investors, and failed to meet supervisory requirements pursuant to FINRA Rule 3110 (Supervision) and FINRA Regulatory Notice 10-22. Specifically, no additional research was performed on new offerings with the same issuers, or firms were not investigating red flags identified during a reasonable diligence review process. FINRA also noted an overreliance on third-party vendors’ review of due diligence reports without independently evaluating results or red flags identified by third parties.
In addition to the aforementioned topics, the Annual Report includes a summary of various additional observations identified by FINRA at regulated firms over the course of the year.
Broker-dealer compliance with FINRA’s rules should be a continuous focus for a firm. Broker-dealers would benefit from reviewing the FINRA Annual Report in detail and taking steps to ensure they have adequate policies, procedures and controls to prevent the occurrence of similar deficiencies.