Product Updates for November 2023
The Product Updates for November 2023 from BankPolicies.com feature the following new and revised policy and form template products:
These new and updated products were developed in response to client requests that we create a policy regarding the subject of artificial intelligence (AI). In general, AI refers to the theory and development of systems that perform tasks or functions normally associated with human intelligence, such as reasoning, learning, and self-improvement. The new policy template is intended to address a financial institution’s Artificial Intelligence Risk Management Program.
These new and updated products were developed in response to the Federal Reserve’s Press Release entitled “Federal Reserve Board Finalizes a Rule Establishing Capital Requirements for Insurers Supervised by the Board” dated 10/06/23 that includes a framework, known as the Building Block Approach, that builds on existing state-based insurance requirements, accounts for risks that are specific to the business of insurance, and is different from the calculations used for bank capital requirements. Under the Building Block Approach, a Board-supervised insurer is required to aggregate its top-tier company’s capital requirements with its subsidiaries’ requirements to determine its enterprise-wide requirement.
All Board-supervised insurers currently hold enough capital to comply with this rule, which takes effect as of January 1, 2024.
Climate Risk Policy Template – NEW!
This new product was developed in response to client requests and the Joint Press Release entitled “Agencies Issue Principles for Climate-Related Financial Risk Management for Large Financial Institutions” dated 10/24/23 that finalized principles that provide a high-level framework for the safe and sound management of exposures to climate-related financial risks for large financial institutions.
The principles are consistent with the risk management framework described in the agencies’ existing rules and guidance, and are intended for the largest financial institutions, those with $100 billion or more in total assets, and address physical and transition risks associated with climate change.
Venture Loan Policy Template – NEW!
These new and updated products were developed in response to OCC Bulletin 2023-34 entitled “Commercial Lending: Venture Loans to Companies in an Early, Expansion, or Late Stage of Corporate Development” dated 11/01/23 that provides policy guidance that applies to commercial loans to early-, expansion-, and late-stage companies (commonly referred to as “venture loans”). In general, the bulletin presents background information on venture lending, describes venture lending risks, discusses risk management practices for venture lending, and provides guidance for risk-rating venture loans and evaluating repayment capacity.
The update to these products is in response to FinCEN’s final rule entitled “FinCEN Finalizes Rule on Use of FinCEN Identifiers in Beneficial Ownership Information Reporting” dated 11/07/23 that specifies the circumstances in which a reporting company may report an entity’s FinCEN identifier in lieu of information about an individual beneficial owner. In general, a FinCEN identifier is a unique number that FinCEN will issue upon request after receiving required information. Although there is no requirement to obtain a FinCEN identifier, doing so can simplify the reporting process and allows entities or individuals to provide the required identifying information directly to FinCEN.
The update to this product is in response to:
FinCEN Alert FIN-2023-Alert006 entitled “FinCEN Alert to Financial Institutions to Counter Financing to Hamas and its Terrorist Activities” dated 10/20/23 that assists financial institutions in identifying funding streams supporting the terrorist organization Hamas. FinCEN is urging financial institutions to be vigilant in identifying suspicious activity relating to financing Hamas and reporting such activity to FinCEN.
FinCEN and BIA Joint Notice FIN-2023-NTC2 entitled “FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Announce New Reporting Key Term and Highlight Red Flags Relating to Global Evasion of U.S. Export Controls” dated 11/06/23 that assists financial institutions in identifying export control evasion occurring in support of other nation-state adversaries and illicit actors globally, and providing U.S. financial institutions with red flags to assist them in identifying transactions potentially tied to the illicit acquisition of items subject to the Export Administration Regulations (EAR), including, for example, advanced technologies that can be used in new or novel ways to enhance adversaries’ military capabilities or support mass surveillance programs that enable human rights abuses.
As a reminder, the BSA Suspicious Activity Report Notices Template is included in the purchase price of the Bank Secrecy Act Policy Template – Comprehensive Version.
The update to these products is in response to OCC Bulletin 2023-35 entitled “Telephone Consumer Protection Act: Revised Interagency Examination Procedures and Rescissions” dated 11/01/23 that announced revised interagency examination procedures for the Telephone Consumer Protection Act (TCPA). The OCC, Federal Deposit Insurance Corporation, and the National Credit Union Administration have revised the interagency examination procedures to reflect amendments to the TCPA that became effective on October 25, 2021.
With the publication of the revised interagency examination procedures, the OCC has rescinded the “Telephone Consumer Protection Act and Junk Fax Protection Act” section of the “Other Consumer Protection Laws and Regulations” booklet of the Comptroller’s Handbook, and OCC examiners will rely on the interagency procedures.
The update to this product is in response to client requests that we incorporate guidance from CFPB Circular 2023-03 entitled “Adverse Action Notification Requirements and the Proper Use of the CFPB’s Sample Forms Provided in Regulation B” dated 09/19/23 and CFPB Circular 2022-03 entitled “Adverse Action Notification Requirements in Connection with Credit Decisions Based on Complex Algorithms” dated 05/26/22 regarding adverse action notification requirements when using artificial intelligence (AI).
The update to this product is in response to the FTC Press Release entitled “FTC Amends Safeguards Rule to Require Non-Banking Financial Institutions to Report Data Security Breaches” dated 10/27/23 that approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. In general, the FTC’s Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.
The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC must include certain information about the event, such as the number of consumers affected or potentially affected. The breach notification requirement becomes effective 180 days after publication of the rule in the Federal Register.
Keeping You Informed
We provide this Product Update Blog as a courtesy to all clients regarding new and revised products released by BankPolicies.com. We feel that it is important to keep our clients well informed of changes to the financial institution industry, including keeping on top of federal regulatory changes, and industry recommended best practices. In this regard, we encourage you to subscribe to our newsletter in which these types of announcements are made including any special offers that can save you time and money. Just contact us to be added to our distribution list.