Read Between the Lines

Each month Bank Insights reviews news from regulators and others to give perspective on regulatory challenges.

Make Sure Your Business Continuity Plan Includes IT

In yet another sign of increasing regulatory focus on cybersecurity, the prudential regulators have added an appendix to the FFIEC Information Technology Examination Handbook to cover outsourced technology services.  The new section discusses a bank’s reliance on third-party service providers and reminds examiners to make sure that there are effective policies to identify, measure, monitor and mitigate risks associated with outsourcing, especially when it comes to recovering IT and critical functions in an emergency.

OCC Deputy Comptroller Beth Dugan repeated those themes in a Feb. 11 speech in Chicago. “Financial institutions need to expand their disruption scenarios to consider the impacts of cyber threats not only to themselves and their critical systems and operations, but also from and to their third-party relationships, their customers, and the critical infrastructure components on which they depend.”

Study Recommends Cost-Benefit Analyses for Financial Regs

A new Harvard Kennedy School paper, “The State and Fate of Community Banking,” explores whether the Dodd-Frank law is responsible for community banks’ declining market share since 2010. The paper suggests that “inappropriately designed regulation and inadequate regulatory coordination” may be responsible for industry consolidation. It recommends that Congress conduct cost-benefit analyses of financial regulations and simplify capital rules.

FDIC Tells Senate that ‘Strong Capital’ is Essential

The Senate Banking Committee held hearings again this month on the community bank regulatory burden. The FDIC’s Doreen Eberley, director of the risk management division, testified that changes to Call Reports are in the works that will include “a more robust process for bank agency users to justify retaining or adding items.”  She made it clear, however, that “strong capital, strong risk management” is crucial to preserving the long-term health of the industry.

Senior Deputy Comptroller Toney Bland reiterated the OCC’s position that the Volcker Rule should not apply at all to community banks with assets of less than $10 billion, noting that it would cost money and resources just for community banks to determine whether they even have compliance obligations.

The Federal Reserve’s Maryann Hunter, deputy director of the division of banking supervision and regulation, revealed that the Fed has a new  program that involves using “forward-looking risk analytics” to identify at-risk banks that need  focused supervision.

CFPB: Exams are Private

The CFPB issued a bulletin reminding financial institutions that confidential supervisory information should not be shared.  Among items  that should not be disclosed are exam reports and  documents prepared “by,  or on behalf of, or for” the CFPB  for use during supervision of a financial institution.

Regulators Release New  Regulatory Capital Tool

The OCC, the FDIC and the Fed have developed an automated tool to help banks calculate risk-based capital for securitization exposures under the revised capital rules. Use of the tool is discretionary.

Fed Small Bank Rule Will Eliminate Filings

The proposed Fed small bank holding company rule, would eliminate some quarterly filings (FRY-9C), which banks have complained are an unnecessary and duplicative burden. The Fed is taking comments on the proposal.

CFPB Prepaid Rule Could Signal Short-Term Credit Actions

An interesting report from the Jones Day law firm suggests that the CFPB’s proposed prepaid products rule could signal future action on checking accounts, because it treats overdraft services as credit.