The Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department recently issued clarifications of requirements for Customer Due Diligence (CDD) under the Customer Due Diligence Requirements for Financial Institutions (CDD Rule) and related Bank Secrecy Act regulations. The guidance, FIN-2020-G002, was issued August 3, 2020 and includes three Frequently Asked Questions. These new FAQs supplement prior comprehensive FAQs issued in advance of the May 2018 CDD Rule compliance effective date. April 2018 and July 2016 FAQs answered 37 and 26 questions respectively (See FIN-2018-G001 and FIN-2016-G003).

The CDD Rule requires that, among other things, covered institutions identify information about customers to assess potential financial crime risks, including identifying the beneficial owners (natural persons) of legal entity customers who own, control or profit from companies’ accounts. Both 25% entity owners and entity controlling persons must be identified, subject to certain limited exceptions. In addition to requiring effective written policies and procedures to identify and verify customers and beneficial owners, the CDD Rule requires covered institutions to develop customer risk profiles and to monitor and report on suspicious transactions.  Earlier this year in April 2020, the FFIEC released updates to a number of sections of the Bank Secrecy Act / Anti-Money Laundering (BSA/AML) Examination Manual clarifying mandatory requirements or supervisory expectations, including highlighting customer risk profile development and testing relating to potential customer money laundering, terrorist financing and other illicit financial activities. (SR 2011).

Barring further legislative action, the approval window for new Paycheck Protection Program Loans came to a close on August 8, 2020. Since the original launch on April 3rd following the CARES Act, 5,212,128 small businesses have borrowed $525 billion under the Paycheck Protection Program. On August 11th, the SBA published a Paycheck Protection Program Report with additional details.

The overall average loan size under the Paycheck Protection Program was $101 thousand, and this average steadily fell during the lifetime of the Paycheck Protection Program. But even that average number emphasizes the statistical differences between median and mean. While the average loan was just over $100 thousand, over 68% of the loans were for $50 thousand or less (and over 81% of PPP loans were smaller than the average PPP loan).

Yes, in completing a Paycheck Protection Program loan forgiveness application, we believe a borrower can appropriately report actual payroll costs during the applicable covered period in excess of the original PPP loan amount. While actual forgiveness is ultimately limited to the amount of the PPP loan, the calculations provided for in the loan forgiveness application allow payroll costs to exceed the amount of the PPP loan, thereby permitting borrowers to potentially obtain full forgiveness even if the borrower is subject to FTE and/or salary/hourly wage reductions.

(Note: This is a first in what we anticipate to be a series of posts regarding questions about the Paycheck Protection Program and Loan Forgiveness. A list of questions addressed so far is also available on our PPP Resources page. These questions and our answers are based on discussions with colleagues and clients, both lenders and borrowers. Our intention is to cover issues that, while potentially frequently asked, are not explicitly addressed in official FAQs or directly in Interim Final Rules. Our answers may ultimately be subject to change as additional guidance is provided, but reflect our view of the regulations at the time of posting.)

In light of the 24-week covered period and the PPP loan amount being based on effectively 10 weeks of payroll costs, we believe most PPP borrowers will ultimately have payroll costs that significantly exceed the amount of their PPP loan principal. This should not only facilitate full loan forgiveness, but also may ease the calculations under the forgiveness application and reduce the need to be aggressive with regard to questionable forgivable expenses, FTE calculations, or safe harbor certifications. (As reflected in the Forgiveness API FAQ, so long as lenders agree with the final total forgiveness amount, such applications can be submitted as being approved in full, even if there is disagreement on certain line items.)

While a lot has been written and said about the “need” certification when it comes to the Paycheck Protection Program, particularly for public companies, the SBA and Treasury have been relatively quiet about how many borrowers that received PPP funds elected to to take advantage of the government’s subsequent safe harbor to return funds. In connection with the forgiveness process, the SBA has indicated that it will review all loans in excess of $2 million, but will deem all borrowers of $2 million or less to have made the required certification concerning the necessity of the loan request in good faith.

Based on our analysis below, 88% of public borrowers that received PPP loans elected to retain their PPP proceeds, and 75% of borrowers approved for PPP loans of between $5 and $10 million did the same. Based on our discussions with PPP borrowers throughout the country, we think this is consistent with the economic uncertainty that was created by the coronavirus.

SEC Filings

Based on a review of SEC filings, Bryan Cave Leighton Paisner identified over 850 borrowers who indicated that they had received PPP loan approvals. 107 of these borrowers, or roughly 12 percent, subsequently indicated that they either ultimately did not accept the loan, or returned the loan proceeds. About 25% of public companies who returned their loans had PPP borrowings that were less than the $2 million threshold for review indicated above.

Of the 759 public companies that elected not to return their PPP funds, approximately 73% received $2 million or less, while the remaining 27% had PPP loans of more than $2 million. About 8% of the public company recipients received less than $100,000, while over 55% received less than $1 million.

On July 28, 2020, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued a request for information (“RFI”) seeking public and industry input related to the Equal Credit Opportunity Act (“ECOA”) and Regulation B.  The CFPB submitted this RFI in an effort to create a regulatory regime that expands consumer access to credit while ensuring that consumers remain protected from credit transaction discrimination.  The RFI signals a renewed regulatory focus on fair lending in the wake of the broader societal focus on racial equality in the U.S. 

The Bureau presented 10 questions in its RFI related to: disparate impact; Limited English Proficiency products, special purpose credit programs; affirmative advertising to disadvantaged groups; small business lending; sexual orientation and gender identity discrimination; scope of federal preemption of state law; public assistance income; the use of artificial intelligence and machine learning; and ECOA adverse action notices.  We have chosen to highlight a select few below. 

The CFPB’s first question asked whether the Bureau should “provide any additional clarity regarding its approach to disparate impact analysis under ECOA and Regulation B.”  The Supreme Court’s decision in Texas Dept. of Housing and Comm. Affairs v. Inclusive Comm. Project, Inc., 135 S. Ct. 2507 (2015), in which the Court affirmed the cognizability of disparate impact theory under the Fair Housing Act (“FHA”), did not address ECOA.  Likewise, the contours of the Court’s limits on the disparate impact claims left open questions for industry and regulators alike.  Guidance on whether disparate impact theory is cognizable under ECOA and if so what limits might apply would have significant impacts on creditors’ fair lending obligations going forward.        

Just two months ago, the Office of Comptroller of the Currency (“OCC”) addressed the “valid when made” doctrine and held that interest rates established on bank-originated loans remain valid even after the loan is transferred to a non-bank partner.  On July 29, the attorneys general of New York, California, and Illinois sued the OCC alleging federal overreach that undermines state-preemption regarding usury rate caps.  Specifically, the AGs allege the OCC’s rule is “arbitrary and capricious” in violation of the Administrative Procedures Act.  In the complaint, the AGs allege “[t]he rule is beyond the OCC’s power to issue, is contrary to statute and would facilitate predatory lending through sham ‘rent-a-bank’ partnerships designed to evade state law.”

Those tuned into the debate surrounding the “valid when made” rule saw this court battle coming.  The OCC has recently worked to clarify disputed rules regarding privileges afforded to banks under the National Bank Act.  Under the National Bank Act, national banks that are under the supervision of the OCC are permitted to charge interest on loans at the maximum rate permitted by their home state—even in instances where that interest rate would violate state usury laws.  While federal law carves out this exception for federally regulated banks, it does not extend the same exemption to non-banks.  Accordingly, the attorneys general have asked the Northern District of California to declare the rule invalid and hold that the OCC exceeded the authority granted to it by the National Bank Act and the Dodd-Frank Act. 

The CFPB recently announced new publicly available tools to better leverage the Complaints Database and to spot trends and concentrations of consumer complaints. If you are a data nerd, or even if you are not, it might be prudent to familiarize yourself and your teams with these new tools, as they are likely to be utilized by the Bureau and others in a variety of contexts. The industry should assume State AG’s offices and State consumer agencies will access the data in connection with their activities, including any supervision and enforcement. It is likely that consumer protection advocacy groups will analyze and utilize the data in their work. Finally, it is possible that consumer class action litigators may attempt to incorporate data trends or specific topic concentrations into their cases. Even if your institution may not be experiencing a complaint spike, noting the fact that others are, could help your team proactively refine operations procedures and mitigate risk.

Director Kraninger had promised the enhanced resources and tools last year.  In the recent press release, she noted that “these powerful new capabilities allow users to gain deeper insight into changes in the location, type, and volume of complaints over time, which provides valuable context into consumers’ experiences in the financial marketplace.”

On Wednesday, July 22, 2020, Acting Comptroller of the Currency Brian Brooks reaffirmed his interest in being seen as an agent of modernization in a letter clarifying the authority of national banks and federal savings associations to provide cryptocurrency services for customers.

The letter from the Office of the Comptroller of the Currency (“OCC”) discusses the increasing acceptance of cryptocurrency, and especially Bitcoin, as a method of payment and form of investment. It acknowledges a correlating growing demand for “safe places, such as banks, to hold unique cryptographic keys associated with cryptocurrencies on behalf of customers and to provide related custody services.” Three reasons – a safe way to hold cryptocurrency keys; a secure storage service; and custodian services for assets managed by investment advisors – are cited in the letter as driving the demand for cryptocurrency custody services.

The safekeeping services are described as a modernization of special deposit and safe deposit boxes, falling within “longstanding authorities to engage in safekeeping and custody activities.” Thus, “the authority to provide safekeeping services extends to digital activities and, specifically, that national banks may escrow encryption keys used in connection with digital certificates because a key escrow service is a functional equivalent to physical safekeeping.”

COVID-19 has laid bare the need to have good technological solutions for the systems and services upon which we rely. In the financial sector, perhaps more than many others, the pace of innovation is beholden to regulatory parameters, but there is some optimism that Fintechs can help fill the gap in traditional financial products, especially in emerging markets. As in our in recent post about digital banking modernization by the OCC, regulators are feeling out the interest in certain programs. On Monday, July 20, 2020, the FDIC announced a request for public input on a certification program to “promote the efficient and effective adoption of innovative technologies at FDIC-supervised financial institutions.”

More specifically, the FDIC is seeking input regarding whether the development of relevant standards in connection with a voluntary certification process could be applied to third-party models and whether such standards would allow more financial institutions, particularly community banks, to engage with third parties that provide these models, including Fintechs. Such a voluntary certification program could, in theory, reduce costs of doing business for both the financial institutions and providers of models and permit FDIC supervision resources to be used more efficiently and effectively.

On July 20, 2020, the Office of the Comptroller of the Currency (“OCC”) issued a notice of proposed rulemaking that would determine the “true lender” of a national bank or federal savings association loan in the context of a partnership between a bank and a third party.  The proposed rule states that a bank is a true lender of a loan “if, as of the date of origination, it is named as the lender in the loan agreement or funds the loan” and would apply to all national banks and federal savings associations.  Most recently, the OCC addressed the related “valid when made” doctrine and held that interest rates established on bank-originated loans remain valid even after the loan is transferred to a non-bank partner.  This final rule, however, did not address the true lender question, and this week’s proposed rule does just that.     

The OCC proposed this rule in response to the “increasing uncertainty” surrounding the legal principles that apply to the loans made in the course of bank and third party relationships.  Courts are not unified in their analysis and have looked to both “the form of the transaction” and a battery of fact-intensive tests to determine the true lender of a loan.  While federal rulemaking addresses many relationships between banks and third parties such as making payments and taking deposits, there is not much guidance on these relationships as it relates to lending.  See e.g., 12 CFR 5.20(e).  Per the OCC’s proposed rule, this uncertainty “may discourage banks and third parties from entering into relationships, limit competition, and chill the innovation that results from these partnerships.”  Taken together, these unintended consequences would restrict consumer access to affordable and available credit.