In the April edition of Compliance Insights, we discuss the Office of the Comptroller of the Currency’s draft supplement, released in March, which further outlines the application guidelines for fintech bank charters (covered previously in our January issue). We also lay out previously unknown details of the “Russian Laundromat” money laundering scheme, as reported by the Organized Crime and Corruption Reporting Project, and we touch on the CFPB’s latest, $1.75 million enforcement action. Listen to our interview with Steven Stachowicz, Managing Director with Protiviti’s Risk and Compliance practice, at the audio link below. Full transcript of the conversation follows.
In-Depth Interview, Compliance Insights [transcript]
April 24, 2017
Kevin Donahue: Hello. This is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new installment of Powerful Insights. I’m talking today with Steven Stachowicz, a Managing Director and leader with Protiviti’s Risk and Compliance practice, and we’re going to be covering just some of the highlights from the April edition of Protiviti’s Compliance Insights newsletter. Steven, as always, thanks for joining me.
Steven Stachowicz: Hi, Kevin. Thanks for having me today.
Kevin Donahue: Steve, to start off, in the lead article of this month’s newsletter, we summarize a new licensing manual supplement from the OCC that applies to fintechs seeking a special-purpose national bank charter. Steven, what are some of the notable points in the OCC’s draft supplement?
Steven Stachowicz: Sure. There’s a handful of points that I think are remarkable about the OCC’s supplement. The first is that, and this shouldn’t be a big surprise, but they’ve leveraged fairly heavily their existing chartering procedures. While there are definitely differences, there are a great number of similarities as well. A couple of the key differences though that we outlined in the Compliance Insights that I think are notable include a couple of items; the first being the Office of Innovation, which is something that they established in 2016 when all of this came to fore. Applicants for one of the special-purpose national charters need to first contact the Office of Innovation, which will work with the applicant through the application process. It’s defined a very specific role for the Office of Innovation, which serves as their primary contact and also a liaison to the applicant fintech firm to ensure that they are actually fully ready to apply for the charter. So there’s an expectation that there probably would be some good degree of back and forth between the fintechech applicant and the Office of Innovation.
The second piece that I think is certainly noticeable, and not without some degree of controversy, is the concept of a financial inclusion plan or an FIP. It’s an item that’s required as part of the fintech applicant’s overall comprehensive business plan, but the financial inclusion plan is how the applicant fintech firm demonstrates or intends to demonstrate its commitment to financial inclusion — fair access to financial services and fair treatment of their customers. It’s notable, I think, because of its Community Reinvestment Act or CRA-like characteristics, though the OCC stops short of applying that exact framework to these applicants, because, as many of you know, the CRA does not necessarily apply to fintech firms that do not or do not intend to take deposits or receive insurance from the FDIC. Nonetheless, it’s one of the OCC’s critical evaluation points that any fintech firm that is going to apply for and receive this special-purpose national charter is considerate or is cognizant of fair access to its financial products and services and how that institution, that fintech firm, is going to serve its customers.
Kevin Donahue: Steven, at a high level, are these new requirements likely to encourage or discourage existing fintechs?
Steven Stachowicz: I know that’s been debated a bit when the OCC came out with the idea of extending national bank charters to these types of firms. The conversation was around whether financial technology, or fintech firms, would even bother. The bar would be raised so high that it really wouldn’t be worth the effort. I don’t know that that conversation had been resolved by any means, but I don’t know that the proposed supplement for the chartering of these firms really changes the conversation much one way or the other.
So, you asked the question, “Encourage or discourage existing fintechs?” I guess I would say, neither, or remains to be seen. I think what we just see here is that you have a clear articulation of what the OCC expects, and I don’t know that the outline procedures and the supplement are vastly different from what might have been expected. The OCC has long said that non-bank fintech firms that apply for its charters will be held to the same high level or the same high standards that the OCC applies to banking institutions, so that bar has always been high. I don’t know that the supplement really changes that. I think it just remains to be seen whether the net effect of all of this is to really encourage or discourage —or neither — fintechs from applying for the charter.
Kevin Donahue: Another article in the newsletter this month is titled “Russia Airs its Dirty Laundry.” Steven, what is this about and why is this scheme news now?
Steven Stachowicz: It’s a good question because the story or the actual activity that gives rise to the article is not new. It’s an item that was identified by the Organized Crime and Corruption Reporting Project some time back. What is noteworthy or newsworthy now with respect to this particular extensive money laundering scheme is that together with the project and a number of other investigative journalists, they’ve been able to piece together how the scheme specifically worked, how many different banks were implicated in how many different countries, who some of the players were that may have benefited from the particular money laundering scheme as well.
The Compliance Insights for April goes into a summary step-by-step description of how the scheme specifically works, so I would definitely encourage you to review that. These details may have been understood at a high level previously; now they have a lot more flesh behind them in terms of the whos and the whats and the whys that didn’t exist previously, and as you know, there’s been quite a bit of attention recently with respect to Russia, its relationship to the United States and some of the other ancillary political concerns related to them.
This, I think, is newsworthy for a number of those types of reasons right now, but it’s an interesting read in terms of how the scheme worked and who is sort of implicated in this. I think, for financial institutions, the fight against money laundering and financial crimes is a moving target — always has been, always will be. The more information that’s out there in terms of how these things are working, the better for these institutions so they can understand how their own system of internal controls could have prevented or at least detected and stopped this type of activity to the extent that their own systems or their own institution was affected.
Kevin Donahue: Thanks, Steven. For my final question, let me shift to another newsworthy topic of late which has been the Consumer Financial Protection Bureau. The CFPB is continuing with enforcement actions even though its future appears uncertain after its structure was challenged in court. What should the CFPB’s latest action communicate to banks about compliance with the bureau’s rules?
Steven Stachowicz: The CFPB is definitely in an uncertain state given the political machinations in Washington right now about the Dodd-Frank Act and enforcement of existing laws and regulations by the CFPB and indeed others. It’s definitely, for the CFPB, an unsettled time, but I think any financial institution that is subject to the CFPB’s oversight, any financial institution that needs to comply must comply with laws or regulations that are enforced by the CFPB. I think the message here is simply, “Don’t take your eye off the ball. Don’t be distracted by what’s going on necessarily in Washington.” While it’s important to be paying attention to those things, it continues to be important that financial institutions have implemented robust compliance management systems that address the fundamental technicalities of these laws and regulations on a day-to-day basis.
Something like the Home Mortgage Disclosure Act is a law or regulation that’s been around for decades, and there are changes that are coming in 2018 with respect to data collection and data reporting that are very important for institutions to be aware of. This particular institution and the concerns that were raised in its enforcement action, its consent order with the CFPB, have to do with current state, have to do with the rules that exist today and really that have not changed now for a number of years. Simply put, this institution did not have an adequate system of controls in place to prevent errors from occurring in their data reporting to detect them as they were happening and to correct them timely. What they ended up with was a number of years in which they were furnishing information about their lending activities that was incomplete or had a level of error that was outside of the CFPB’s tolerance. That’s the genesis for the consent order, and it’s a fairly sizable one because of the nature of the errors that were noted and the size of the institution, but again, it goes back to fundamental compliance.
The Home Mortgage Disclosure Act is one of these very fundamental laws or regulations that mortgage lenders, any bank or non-bank that engages in residential, real estate-related lending needs to comply with and needs to have basic systems of controls in place to do so in an accurate and complete manner and that’s what failed here. The CFPB, at the end of the day, is charged with, has a mandate to enforce, consumer protection laws and regulations to which it was assigned. Even with the uncertainties that exist out there in Washington, I think what you see here is they’re not afraid, at the moment, to take the actions or steps that they need to to enforce that mandate even as things are still shifting in Washington.
Kevin Donahue: Steven, I want to thank you very much for joining me today to discuss some of the highlights from the April edition of Compliance Insights. I want to invite our audience to visit protiviti.com/compliance-insights where you can find the latest issue as well as prior issues of our newsletter.[End of transcript]