All Things FinReg

More than six years after it was decided, the practical consequences of the US Court of Appeals for the Second Circuit’s Madden v. Midland Funding, LLC decision continue to diminish. The decision—which held that, under some circumstances, a loan originated by a bank became subject to state usury laws once transferred to a non-bank—implicitly rejected the long-standing doctrine of “valid when made” and once threatened to upend the lending industry. It has been repeatedly narrowed and rarely expanded.

The three federal banking agencies (i.e., the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency—collectively, the Agencies) published a final rule (the Rule) on November 23, 2021, requiring “banking organizations” to notify their primary federal regulator within 36 hours in the event of certain types of computer-security incidents. The Rule separately requires “bank service providers” to notify banking organization customers as soon as possible in the event of any incident that has or is reasonably likely to materially affect those customers for four or more hours.

As highlighted previously, three federal banking agencies (the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency) recently issued proposed risk management guidance regarding third-party relationships (Proposed Guidance). Among other things, the Proposed Guidance specifies that banking organizations should adopt third-party risk management processes that are commensurate with the identified level of risk and complexity from the third-party relationships, and with the organizational structure of each banking organization.

Three federal banking agencies (the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency – collectively Agencies) issued proposed risk management guidance on July 13 regarding third-party relationships. The Agencies have each previously released individual guidance on this topic, but the proposed guidance seeks to provide a consistent and clearly articulated framework based on sound risk management principles for all banking organizations under the Agencies’ remit. In their press release, the Agencies noted that the proposed guidance covers fintech entities as well.

Congress has enacted and President Joseph Biden has signed a joint resolution of disapproval under the Congressional Review Act (CRA) of the Office of the Comptroller of the Currency’s (OCC’s) “true lender” rule, which, as we previously discussed, had provided that a national bank is as a matter of law the lender on any loan for which it is the named lender or for which it provides the loan funding.

The OCC granted preliminary conditional approval on April 23 to an application to charter Paxos National Trust (Paxos) as an uninsured national trust bank. Paxos, which currently operates as a New York state-charted limited liability trust company regulated by the New York Department of Financial Services and has indicated in public statements that it intends to maintain both federal and state licenses, will be permitted under the OCC approval to provide “a range of services associated with digital assets,” including custody, payment, exchange, and other agent services related to cryptocurrency.

Senator Chris Van Hollen (D-MD) introduced a Congressional Review Act (CRA) resolution of disapproval on March 26 that would invalidate the Office of the Comptroller of the Currency’s (OCC’s) true lender final rule. The resolution is co-sponsored by Senate Banking Committee Chair Sherrod Brown (D-OH) and Senators Jack Reed (D-RI), Elizabeth Warren (D-MA), Catherine Cortez-Masto (NV), Tina Smith (D-MN), and Dianne Feinstein (D-CA). Representative Chuy Garcia (D-IL), who serves on the House of Representatives Committee on Financial Services, participated in the introduction of the resolution, which appears to indicate support for the resolution by House Democrats.

The OCC, the Federal Reserve Bank, and the FDIC (collectively, the Banking Regulators) announced an interim final rule on March 9 that revises their capital rules to facilitate implementation of the US Treasury Department’s Emergency Capital Investment Program.

The Agencies issued a joint Fact Sheet that lists considerations for a risk-based approach when it comes to charities and nonprofits. While the Fact Sheet purports to not impose additional obligations on banks, it is hard to view the “considerations” as anything but.

The five federal banking agencies (Federal Reserve, CFPB, FDIC, NCUA, and OCC – collectively Agencies) issued a proposed rule on October 20 on the role of supervisory guidance. The proposal codifies and expands upon a 2018 statement from the same agencies about which we previously reported. In November 2018, the Agencies (aside from the NCUA) received a petition for a rulemaking, as permitted under the Administrative Procedure Act, requesting that the Agencies codify the 2018 statement.