Bryan Cave Leighton Paisner Banking Blog

Bank Bryan Cave

Bank Regulations

Main Content

FinCEN Outreach to Community Banks

FinCEN has announced a new outreach effort targeted at depository institutions under $5 billion in total assets to determine how these institutions comply with the Bank Secrecy Act and the specific compliance hurdles they confront.   If your institution has assets under $5 billion, please see our client alert about FinCEN’s outreach proposal.

As part of its ongoing outreach efforts, FinCEN is now seeking to engage smaller to moderate size depository institutions who are working to implement the four pillars of the Bank Secrecy Act regulatory regime: (1) policies, procedures and internal controls; (2) designation of a compliance officer; (3) ongoing training; and (4) independent testing.

Read More

Malicious Computer Programs Highlights Error of “Not My Computer, Not My Problem”

As new capabilities evolve through technology, so do new opportunities for hackers and thieves to compromise a customer’s data. These technologies stand as a major threat to a bank’s customers. In addition to general concerns of reputation and customer loyalty, banks should not forget they have certain expectations of helping keep customers informed about threats to online security and protective steps that can be taken.

Evolving Threats

One malware program that chillingly shows how far these programs have come (and is recently getting significant press for this) involves literally stealing money from a customer’s account under his or her nose. Once downloaded, the program first takes the customer’s login information for internet banking. After stealing the customer’s password, this program begins transferring money from the account to the thief’s account – a scheme which has been done before. The catch is the program also intercepts the code coming from the bank and manipulates it. That means, when the customer refreshes or relaunches his or her account page, the numbers remain the same. So, to the customer, his or her account looks untouched. All the while, until the customer logs on to an uninfected machine or realizes something is fishy (be it because none of his or her recent transactions start appearing or his or her debit card starts getting declined), the cyberthief can escape and cover his or her tracks. Just like crime in the real world, the longer the thief has to flee, the tougher he or she is to catch. Therefore, given the nature of this program, prevention is the only effective solution.

Read More

FDIC Amends Annual Audit and Reporting Requirements

On June 23, 2009, the FDIC issued Financial Institutions Letter FIL-33-2009, which contains final amendments to Part 363 of the FDIC’s regulations regarding annual independent audit and reporting requirements for insured institutions with $500 million or more in total assets.   The amendments are intended to clarify what must be included in a Part 363 Annual Report.  The reporting obligations differ between institutions with total assets, as of the beginning of the fiscal year, between $500 million and less than $1 billion, and of $1 billion or more.   Unless otherwise noted the amendments became effective on August 6, 2009.  We summarize the main elements of Part 363, as amended, below.

Audit Report Requirements

Part 363 requires the following to be included in the Part 363 Annual Report:

For institutions with total assets between $500 million and less than $1 billion

  1. Audited comparative financial statements;
  2. The independent public accountant’s report on the audited financials; and
  3. A management report containing (i) a statement of management’s responsibilities for preparing annual financial statements, establishing and maintaining adequate internal controls, and complying with safety and soundness laws and regulations pertaining to insider loans and dividend restrictions, and (ii) a management assessment of the institution’s ability to comply with laws and regulations relating to insider loans and dividend restrictions, stating management’s conclusion on compliance with the laws and regulations.

For institutions with total assets of $1 billion or more

In addition to the items required for institutions with total assets between $500 million and less than $1 billion, institutions with total assets of $1 billion or more must provide the following:

  1. The management report must also contain an assessment by management on the effectiveness of the institution’s internal controls over financial reporting that identifies the internal control framework, states that the assessment included controls to ensure financial statements were prepared in accordance with regulatory instructions, states management’s conclusion whether this internal control is effective, and discloses any material weaknesses in these internal controls; and
  2. The independent public accountant’s attestation report concerning the effectiveness of the institution’s internal controls over financial reporting.
Read More

Update on FDIC Extended De Novo Period

Since the FDIC published Financial Institution Letter (FIL) 50-2009 extending the de novo period for state nonmember institutions from three to seven years, we have heard that FDIC believes the new policy has been misinterpreted in certain respects.  The FDIC has explained to the American Bankers Association that the policy is intended to apply as follows:

  • for banks chartered after August 28, 2009, the entire policy applies, including the requirement to maintain a Tier 1 leverage ratio of 8% for seven years;
  • for banks less than three years old on August 28, 2009, only the new exam schedule and the requirement to submit updated business plans for years four through seven apply; and
  • for banks more than three years old, but less than seven years old, on August 28, 2009, only the new exam schedule applies.

We do not know if the FDIC intends to publicly issue updated guidance to clarify these points.  The text of the Financial Institution Letter itself is relatively vague, although the FDIC’s summary of the Letter explicitly states that the new “procedures apply to existing newly insured institutions.”

In addition, FinCriAdvisor has reported that the OCC, OTS and Federal Reserve have confirmed that they will not be following suit and that their existing de novo periods will remain unchanged.

Read More

Bank Eligibility to Bid for Loss Sharing Arrangements

We have advised a number of banks on the feasibility of bidding to acquire the assets of failed institutions.  The loss sharing arrangements currently being offered by the FDIC can be an attractive means to increase market presence or to expand into new markets.

The specific criteria used by the FDIC will vary from project to project based on the characteristics of the troubled institution, the time available for marketing, and other factors.  However, the FDIC has indicated the following base criteria:

Supervisory Criteria:

  • Total Risk Based Capital ratio of 10% or higher
  • Tier 1 Risk Based Capital ratio of 6% or higher
  • Tier 1 Leverage Capital ratio of 4% or higher
  • CAMELS composite rating of 1 or 2
  • CAMELS Management component rating of 1 or 2
  • Compliance rating of 1 or 2
  • RFI/C rating of 1 or 2
  • CRA rating of at least Satisfactory
  • Satisfactory AML Record
Read More

Georgia DBF Explanation of Lending Limit Changes

As we’ve previously discussed, the Georgia Department of Banking and Finance had proposed to modify the way in which loans to related entities are treated, among other changes.  No material changes to the proposed rules have been made, and the new final rules are effective on September 7, 2009.  The new final rules are available from the DBF’s website.

The new rules, effectively consolidating many related party loans, may cause the consolidated relationships to become in technical violation of Georgia’s loans to one borrower rule upon renewal.  However, the DBF, in recognition of the current economic environment, has allowed for a transitional phase for loans that were previously made and separately remain in compliance with the DBF’s prior rule on an unconsolidated basis.  Those loans should be reworked to comply with the new regulations if feasible, but will otherwise be treated as grandfathered under the prior rules.  So long as such loans are modified or renewed by the bank without any additional extension of credit, the loans will not be cited for a violation of the Georgia legal lending limit.

The DBF has NOT provided any relief from loan to one borrower issuers in the context of declining legal lending limits due to reduced capital.  Under the Georgia regulations, where the bank’s statutory capital base is reduced for any reason, existing debt which was in conforming with the legal limitations at the time it originated are not construed to be non-conforming with new legal limitations resulting from the reduced statutory capital base.  However, extensions, renewals and rollovers are generally considered to be a new loan, and must conform to the new, lower lending limitations.

In the current economic environment this places banks in an untenable situation because borrowers are unable to pay off the loans due to a lack of liquidity and no other financial institutions are willing to take over the credits.  There are few options left for a bank in such a situation; e.g., enter into some sort of forbearance agreement with the borrower.  The result of that, however, is that after 90 days the loan will need to be downgraded to substandard, regardless of whether the borrower is able to keep interest payments current.  We have had extensive discussions with the Georgia DBF on this issue, focused on the OCC rules, which permit extensions or renewals in this situation.  However, the Georgia DBF has stated that it will not modify its position at this time.

Read More

FDIC Extends “De Novo Period” from Three to Seven Years

On August 28, 2009, the FDIC published Financial Institution Letter (FIL) 50-2009 announcing that the de novo period for state nonmember institutions is increasing from three years to seven years.  The new policy is in response to depository institutions insured fewer than seven years being overrepresented on the list of failed institutions in 2008 and 2009.

Bottom line

Pay attention to your business plans!  First, banks less than seven years old must keep a close eye on how their performance matches up with the projections in the bank’s approved business plan.  Second, such banks need to seek prior regulatory approval for an amended business plan if the bank expects to materially deviate from that plan.  Third, such banks should be particularly mindful to avoid loan concentrations and to avoid using brokered deposits or other wholesale funding at levels not contemplated in their approved business plan.


The new policy applies to existing newly insured institutions (banks less than seven years old).  There is a general exception for de novo institutions that are subsidiaries of “eligible holding companies.”  Eligible holding companies are those with consolidated assets of at least $150 million, BOPEC ratings of at least 2 for bank holding companies and an above average or “A” rating for thrift holding companies, and at least 75% of their consolidated depository institution assets comprised of “eligible depository institutions.”  An “eligible depository institution” is one that received a 1 or 2 composite rating and compliance rating at its most recent exams, has a satisfactory or better CRA rating, is well-capitalized, and is not subject to any type of regulatory enforcement action.  Even for subsidiaries of “eligible holding companies,” the FDIC has retained discretion to extend the new policy to this set of eligible holding companies.

Heightened capital requirements

Newly insured banks are required to maintain a Tier 1 leverage ratio of 8% during the de novo period.  Under the new policy, all banks less than seven years old will be required to maintain this heightened ratio.

Read More

FDIC Extends Transaction Account Guarantee until June 30, 2010

Update: On April 13, 2010, the FDIC granted a further extension until December 31, 2010.

On August 26, 2009, the FDIC extended the Transaction Account Guarantee (TAG) portion of the Temporary Liquidity Guarantee Program for six months, through June 30, 2010.  In addition to extending the expiration date of the TAG program, the FDIC’s final rule (1) increases the assessment fee for participation; and (2) provides an opportunity for participating institutions to opt out of the program as of January 1, 2010 (and thereby avoid the additional assessments).

All currently participating institutions have until November 2, 2009 to determine whether to continue in the program (at increased cost) or opt out of the program.  Attorneys in Bryan Cave’s financial institutions practice can discuss the advantages and disadvantages of opting out for particular financial institutions.

Six-Month Extension

Funds held in non-interest bearing demand deposit accounts (as well as NOW accounts that are obligated to pay less than 50 basis points and IOLTA accounts) will be fully guaranteed by the FDIC for participating entities through June 30, 2010.

The FDIC received comments supporting no extension, as well as supporting extensions for up to three years.  The FDIC determined a six-month extension of the TAG program “will provide the optimum balance between continuing to provide support to those institutions most affected by the recent financial and economic turmoil and phasing out the program in an orderly manner.”

Increased Assessment

Beginning January 1, 2010, participants in the TAG program will be subject to increased quarterly fees.  The amount of the assessment will depend on the institution’s Risk Category rating assigned with respect to regular FDIC assessments.  The fee will continue to be assessed only on the amount of deposits that exceed the existing deposit insurance limits.

Institutions in Risk Category I (generally well-capitalized institutions with composite CAMELS 1 or 2 ratings) will pay an annualized assessment rate of 15 basis points.  Institutions in Risk Category II (generally adequately capitalized institutions with composite CAMELS 3 or better) will pay an annualized assessment rate of 20 basis points.  Institutions in Risk Category III or IV (generally under capitalized or composite CAMELS 4 or 5) will pay an annualized assessment rate of 25 basis points.  (Through December 31, 2009, the fee will remain an annualized 10 basis point assessment for all participating institutions.)

Read More

Reminder Regarding Inclusion of Trust Preferred Securities in Tier 1 Capital

Although the trust preferred securities (“TPS”) market has been quiet (or non-existent) for the past few years, many bank holding companies have issued TPS in the past to take advantage of the hybrid capital treatment afforded to TPS by the Federal Reserve.  In 2005, the Federal Reserve revised its rules permitting the inclusion of a limited amount of TPS in the Tier 1 capital to provide stricter quantitative limits. Under the 2005 rule, which became effective on March 31, 2009, bank holding companies may include TPS in Tier 1 capital in an amount up to 25% of all core capital elements less goodwill and any associated deferred tax liability. Core capital elements include common shareholders’ equity, noncumulative perpetual preferred stock (including preferred stock issued pursuant to the Troubled Asset Relief Program (TARP)), and minority interests directly issued by a consolidated U.S. depository institution or foreign bank subsidiary. Any TPS issued in excess of this limit may be included in Tier 2 capital.

Prior to March 31, 2009, bank holding companies were permitted to calculate the limit for TPS without deducting goodwill and associated deferred tax liability from Tier 1 capital. The regulators are now taking note that some bank holding companies with outstanding TPS have not revised their Tier 1 calculations to comply with the newly-effective rule. If your bank has a holding company with outstanding TPS, be sure that you are limiting the TPS component of Tier 1 capital to 25% of core capital elements less goodwill and any associated deferred tax liability.

In addition, in the current economic environment, many bank holding companies are experiencing deterioration in capital. When the core capital elements of Tier 1 capital decline, the amount of TPS that may be included in Tier 1 capital also declines, thereby further reducing a bank holding company’s leverage ratio. When calculating capital ratios, bank holding companies must remember to re-evaluate the inclusion of TPS in Tier 1 capital as capital declines.

Read More

COMPLIANCE REMINDER – Red Flag Rules Delayed to November 1

The FTC has delayed the compliance date for the Red Flag Rules, the federal bank regulatory agencies and the National Credit Union Administration, to November 1, 2009 to give companies greater time to prepare their systems and protocols.  The Rules have not changed.  Companies should still take proper steps to ensure compliance by the November deadline.  Click here for help on steps your company can take.

Although the FTC intends to publish sample Plans for “low-risk” and “high-risk” companies (terms that are still somewhat hazy at this point), it has not done so as of yet (although it has published a helpful FAQs website).  Therefore, many companies are seeking outside business and legal counsel to better understand the Red Flag Rules and to ensure their plan addresses the requirements of these new regulations.

Read More
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.