Yesterday FinCEN announced a new outreach initiative targeted at depository institutions with assets under $5 billion. The outreach initiative builds upon knowledge FinCEN previously gained from its meetings with larger financial institutions. As part of its ongoing outreach efforts, FinCEN is now seeking to engage smaller to moderate size depository institutions who are working to implement the four pillars of the Bank Secrecy Act regulatory regime: (1) policies, procedures and internal controls; (2) designation of a compliance officer; (3) ongoing training; and (4) independent testing.
For more information, please read the client alert published by Bryan Cave LLP’s Financial Institutions Client Service Group on October 15, 2009.
We are aware of several fraudulent emails circulating purporting to be from the FDIC. Subject lines include: “FDIC has officially named your bank a failed bank” and “FDIC Alert: you need to check your Bank Deposit Insurance Coverage.”
These e-mails and the associated Web site are fraudulent. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.
The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.
The FDIC has released a special alert confirming that these announcements are not from the FDIC.
The official FDIC website does contain useful information if you have questions about FDIC insurance; alternatively, we encourage you to contact your bank if you have questions about whether your deposited funds are insured.
Barring some last minute legislative/regulatory activity, the FTC will expect companies to be red flags rule compliant as of November 1, 2009. Companies should recognize that there is not a ”one size” approach to addressing identity theft risks in making a Red Flags Rule Plan. Instead, the FTC expects each company’s plan to be tailored to its own needs and circumstances. Click here for help on steps your company can take.
On September 29, 2009, the FDIC announced a proposed rule that would require institutions to prepay on December 30, 2009, an estimated quarterly risk-based assessments for the 4th quarter of 2009 and for all 2010, 2011, and 2012. For a synopsis, see our prior summary of the proposed rule. Comments to the proposed rule are due by October 28, 2009.
Tax Treatment of Prepayments
The general rule is that prepayments that benefit more than one taxable period cannot be deducted in full, but must be deducted over the periods for which the benefits are obtained. Thus, a payment of 3 years worth of insurance premiums cannot be deducted in a single tax year regardless of whether the institution is an S corporation or a C corporation. The rule also is the same for cash method taxpayers, with one limited exception. A cash method taxpayer can prepay up to 12 months of expenses and claim a deduction when paid. For example, an institution could prepay its 2010 insurance premiums in December of 2009 and claim the deduction in 2009. However, if the institution prepaid 3 years worth of insurance premiums in 2009, it could not deduct the entire amount paid.
As a reminder, the FDIC has extended the Transaction Account Guarantee portion of the Temporary Liquidity Guarantee Program until June 30, 2010. Institutions that have not previously opted-out of the program will automatically continue in the program (at increased costs) unless they pro-actively opt-out of the extension.
Starting January 1, 2009, the FDIC assessment for its full guarantee of funds held in non-interest bearing demand deposit accounts will rise to an annualized rate of 15 to 25 basis points, depending on the Risk Category rating of the institution.
The deadline to affirmatively opt out of the Transaction Account Guarantee program is November 2, 2009. We have previously posted information about how to opt out.
On October 21, 2009, President Obama announced the broad outlines of a new program to provide additional capital to community banks in an effort to spur lending to smaller business.
Actual facts about the new program are currently very sparse. A review of the currently available information does provide some details that may be attractive to community banks that current have TARP CPP funds, as well as those that currently do not have funds. However, it does not appear that there will be any change in the Treasury’s determination of which community banks are eligible for TARP funds; participating institutions appear to still need to be viable without the funds.
There are three basic sources of official information:
- the text of President Obama’s speech in Landover, Maryland;
- the press release announcing the speech; and
- a fact sheet on the President’s Small Business Lending Initiatives.
Known Facts
- The funds will be available to “viable banks with less than $1 billion in assets.” The announcement does not give any indication that the Treasury will alter its existing viability standards.
- Participants will be required to submit a small business lending plan explaining how the additional capital will allow them to increase lending to small businesses, and will be required to submit quarterly reports detailing their small business lending activities.
- The initial dividend rate will be 3% rather than the 5% required under the current TARP Capital Purchase Program. The dividend will rise to 9% after five years, consistent with the existing TARP Capital Purchase Program. Presumably, Subchapter S institutions will receive a comparable reduction in the rate paid on the subordinated debt.
- The amount of capital is limited to 2% or the institution’s risk-weighted assets. This is less than the 3% permitted under the existing TARP Capital Purchase Program, and less than the 5% currently permitted for institutions that are less than $500 million in total assets.
- The Treasury is working to finalize program terms “in the coming weeks.”
- The Treasury will also determine how to handle existing Capital Purchase Program participants to allow them to replace existing capital with investments under the new program (effectively reducing their dividend costs in exchange for a commitment to increase small business lending).
- Community Development Financial Institutions (CDFIs), including CDFI credit unions, will be able to apply for funds with a dividend rate of 2% for eight years, after which it will increase to 9%.
FinCEN has announced a new outreach effort targeted at depository institutions under $5 billion in total assets to determine how these institutions comply with the Bank Secrecy Act and the specific compliance hurdles they confront. If your institution has assets under $5 billion, please see our client alert about FinCEN’s outreach proposal.
As part of its ongoing outreach efforts, FinCEN is now seeking to engage smaller to moderate size depository institutions who are working to implement the four pillars of the Bank Secrecy Act regulatory regime: (1) policies, procedures and internal controls; (2) designation of a compliance officer; (3) ongoing training; and (4) independent testing.
On October 2, 2009, the Securities and Exchange Commission (SEC) announced a nine-month deferral on Sarbanes-Oxley Act (SOX) Section 404(b) compliance for the smallest publicly reporting companies. Under the provisions of SOX 404, public companies and their independent auditors are each required to report on the effectiveness of company internal controls. All publicly reporting companies are currently required to disclose a report on management’s assessment of internal controls; however, only reporting companies with a public float of $75 million or above are required to disclose an attestation report provided by an independent auditor. The extension granted by the SEC will provide non-accelerated filers, those companies with a public float below $75 million, with a reprieve from independent auditor attestations until annual reports for fiscal years ending on or after June 15, 2010 are filed. Although the SEC has not published the final rule providing for the extension, based on prior extensions, we believe the extended deadline only applies to independent auditor attestations. Consequently, disclosure of management attestations on internal control continues to be required.
Prior to the October 2 announcement, the deadline for the independent auditor disclosure in annual reports for the smallest publicly reporting companies was fiscal years ending on or after December 15, 2009. The previous extension, granted in January 2008, was put in place to allow the SEC’s Office of Economic Analysis to complete a study of whether additional guidance provided to company managers and auditors in 2007 was effective in reducing the costs of compliance. This study was published recently, less than three months before the December 15 deadline, and, as a result, the SEC determined that additional time was appropriate and reasonable so the smallest publicly reporting companies and their auditors could better plan for the required attestation.
As new capabilities evolve through technology, so do new opportunities for hackers and thieves to compromise a customer’s data. These technologies stand as a major threat to a bank’s customers. In addition to general concerns of reputation and customer loyalty, banks should not forget they have certain expectations of helping keep customers informed about threats to online security and protective steps that can be taken.
Evolving Threats
One malware program that chillingly shows how far these programs have come (and is recently getting significant press for this) involves literally stealing money from a customer’s account under his or her nose. Once downloaded, the program first takes the customer’s login information for internet banking. After stealing the customer’s password, this program begins transferring money from the account to the thief’s account – a scheme which has been done before. The catch is the program also intercepts the code coming from the bank and manipulates it. That means, when the customer refreshes or relaunches his or her account page, the numbers remain the same. So, to the customer, his or her account looks untouched. All the while, until the customer logs on to an uninfected machine or realizes something is fishy (be it because none of his or her recent transactions start appearing or his or her debit card starts getting declined), the cyberthief can escape and cover his or her tracks. Just like crime in the real world, the longer the thief has to flee, the tougher he or she is to catch. Therefore, given the nature of this program, prevention is the only effective solution.
(more…)
EPA Finalizes Mandatory Reporting Rule for Greenhouse Gas Emissions
Approximately 10,000 facilities must begin monitoring greenhouse gas (“GHG”) emissions pursuant to federal law beginning on January 1, 2010. On September 22, 2009, the U.S. EPA issued its final rule to require mandatory reporting of GHG emissions within nearly all sectors of the economy. This rule was developed in response to a Congressional mandate and provides the first comprehensive national system for reporting emissions of carbon dioxide and other GHG emission sources in the United States. EPA announced its proposed rule on March 10, 2009.
For more information, please read the client alert published by Bryan Cave LLP’s Environmental Client Service Group on September 29, 2009.
FDIC Issues Final Statement of Policy on Investor Qualifications for Failed Bank Acquisitions
On July 2, 2009, the Board of Directors of the Federal Deposit Insurance Corporation issued for public comment a proposed Statement of Policy that sets forth the qualifications for private equity investors in failed bank acquisitions.
For more information, please read the client alert published by Bryan Cave LLP’s Financial Institutions Client Service Group on September 24, 2009.