In coordinated actions, the
Key Takeaways:
- NYDFS coordinates with federal prudential regulators for enforcement related to banking institutions.
- Maintaining confidentiality of CSI is a significant interest of regulators and disclosure can only be made with approval of the relevant regulatory authority.
- Financial institutions are expected to have policies and procedures in place to properly manage recordkeeping and disclosure of CSI.
- Regulators, particularly NYDFS, have strong expectations for financial institutions to self-report certain conduct. Governance and Self-Reporting Expectations
Governance and Self-Reporting Expectations
NYDFS has heightened expectations for self-reporting misconduct, which is codified in its regulations. For example, § 300.1(a) of Title 3 of the New York Codes, Rules and Regulations requires immediate reporting (upon discovery) of misconduct relating to "embezzlement, misapplication, larceny, forgery, fraud, dishonesty, making of false entries and omission of true entries, or other misconduct, whether or not a criminal offense, in which any director, trustee, partner, officer, employee (excluding tellers), or agent of such organization is involved." In this ICBC Consent Order, NYDFS found that the Branch had violated § 300.1(a) because a bank employee backdated signatures on certain client certifications in connection with its Know Your Customer program. Despite the Branch and ICBC representing that the certifications did not become part of the bank client's files, NYDFS found the action a violation of New York Banking Law § 200-c for failing to maintain appropriate books and records. Furthermore, NYDFS faulted the bank for failing to immediately report this incident upon discovery, when originally flagged to ICBC by one of its employees in 2017. The issue was internally investigated by ICBC and the investigation concluded in
Confidential Supervisory Information
CSI can be broadly defined and varies in its scope across different state and federal regulators. For example, NYDFS defines CSI as any "reports of examinations and investigations [of NYDFS-supervised institution and affiliates], correspondence and memoranda concerning or arising out of such examination and investigations, including duly authenticated copy or copies thereof," as well as any confidential materials shared by NYDFS with any governmental agency or unit. 3 NYCCR § 7.1(1); New York Banking Law § 36.10. Meanwhile, FRB defines CSI as "information that is or was created or obtained in furtherance of the [
At issue in these consent orders are examination-related documents that generated CSI pursuant to New York Banking Law § 36.10. These CSI materials were not permitted to be disclosed without NYDFS and FRB's approval. 3 NYCCR § 7.2.; 12 C.F.R. §§ 261.4, 261.20. However, ICBC failed to comply with these requirements when transferring a Branch employee to an overseas affiliate in
In addition to the assessed total fines of
The Bottom Line
Financial institutions are expected to have policies and procedures, internal controls, and adequate governance surrounding the handling of and protection of CSI, even when dealing with affiliates. Additionally, in its consent order, NYDFS has made it very clear how seriously it takes self-reporting and that, in this instance, waiting two weeks post-discovery of a reportable incident did not meet its "immediate" reporting expectation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Ms
Jenner & Block
Suite 900
20001-4412
Tel: 202639 6000
Fax: 202639 6066
E-mail: JSchiappacasse@jenner.com
URL: www.jenner.com
© Mondaq Ltd, 2024 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source