Main Menu
Download Print
11/19/2014

Client Alert: ABA’s 2014 Washington Banking Law Committee Meeting

Observations for our Clients

We wanted to share some observations from the American Bar Association’s Banking Law Committee meeting in Washington, D.C., that some of us recently attended. As usual, the meeting assembled senior officials from all of the bank regulatory agencies, and those of us who regularly practice in this area. Although much of the meeting was devoted to large “significantly important financial institutions,” there were important takeaways for our “significantly important” community and regional bank clients that we wanted to pass along in this Client Alert.

Heightened Expectations & Other Cultural Issues

Participants at the meeting said much about governance issues, starting with the OCC’s September 2014 “heightened expectations” issuance.

Those guidelines provide that larger national banks, generally those over $50 billion in assets, should establish and adhere to a formal risk governance framework to manage and control their risk-taking activities, such as by establishing a risk appetite review, monitoring and communication process. That guidance also describes minimum standards for Boards to oversee their bank’s risk governance framework, including by providing active oversight of management and providing for ongoing training. We encourage our clients to become familiar with these guidelines, because we would expect elements of those requirements to quickly trickle down into examinations by all regulators for all banks.

Also discussed was the Workshop on Reforming Culture and Behavior in the Financial Services Industry, hosted last month by the Federal Reserve Bank of New York. In an effort to promote a discussion on how banks can improve their cultures, one of the speakers at the workshop said a bank’s leadership at a minimum must:

These are all important issues addressed in the Board and management training we provide to our clients.

Cybersecurity

At the meeting, the regulators consistently discussed how recent cyberattacks against banks have focused their attention on the full spectrum of issues surrounding cybersecurity. They responded by conducting targeted examinations in the last few months and issuing responsive guidance, including the following:

That guidance, and others, makes it clear that information technology issues can no longer only be confined to the realm of the Chief Information Officer, but need to be diffused throughout the organization, including at the Board level.

Our Technology & Data Integrity Team has handled a number of data breaches for our clients and cannot stress enough the need for an “all-hands” approach to ensure the development of an effective response. One of the best methods we’ve seen to help avoid data breaches is for banks to have strong security protocols surrounding the use by employees of laptop computers and external storage devices.

Bank Secrecy Act/Anti-Money Laundering

There was a consensus among meeting participants that with the financial crisis behind us, regulators will likely continue to increase their scrutiny of BSA/AML programs at banks of all sizes. Having spent significant time recently focusing on BSA/AML issues for our clients, we agree with that consensus. Most significant in that regard is FinCEN’s Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance (August 11, 2014).

In that guidance, FinCEN tells banks to strengthen their BSA/AML compliance culture by ensuring that:

We invite you to join us as we frequently host The Anti-Money Laundering Association’s events at our firm, during which we tackle these issues in an informal environment. Email bfekina@bfkn.com to subscribe to our events notices.

Unfair, Deceptive or Abusive Acts or Practices (UDAAP)

Not surprisingly, meeting participants predicted that the issue of alleged unfair, deceptive or abusive acts or practices would continue to be important for banks in the upcoming year. We frequently see this issue arise when customer disclosures appear to be inconsistent with actual bank practices. Banks should be particularly sensitive about engaging in practices that could be deemed “abusive” because they are improperly aimed at what are perceived to be vulnerable customers. Banks need to work with counsel to avoid potential UDAAP violations, such as by reviewing customer disclosures and agreements, and to defend and remedy them after they have been alleged.

References

Subscribe

Related Practice Areas

Back to Page