ABA, Trade Groups: IRS Reporting Proposal Raises Data Privacy Concerns

ABA, along with more than 40 trade associations representing a broad range of U.S. businesses, sent a joint letter to House leadership and members last Friday expressing concerns about a controversial tax reporting provision floated by the Biden administration that would expand mandatory IRS reporting on bank account information. The proposal would require financial institutions to track and provide the IRS with the inflows and outflows of every account above a de minimis threshold of $600.

“While the stated goal of this vast data collection is to uncover tax dodging by the wealthy, this proposal is not remotely targeted to that purpose or that population,” the associations wrote. “In addition to the significant privacy concerns, it would create tremendous liability for all affected parties by requiring the collection of financial information for nearly every American without proper explanation of how the IRS will store, protect and use this enormous trove of personal financial information. We believe that this program is costly for all parties, not fit for purpose, and loaded with potential for unintended and serious negative consequences.”

While the proposal was not included in the earliest stages of the bill’s consideration, administration officials have signaled in recent days that it remains a priority for the Biden White House. ABA, as well as the SDBA, continues to urge banks and their customers to contact their representatives to ensure that this provision stays out of any future versions of the bill. To help engage bank customers on this issue, ABA has created sample language for customer communications and social media posts banks can use. The Association continues to closely monitor developments related to the bill and will provide additional updates as events warrant.

ABA to Hold Virtual Washington Fly-In

Join banking industry peers and industry leaders from across the country for a virtual meeting with banking regulators and ABA policy experts next Monday to Wednesday, Sept. 27-29.

The ABA is hosting this year’s Washington Fly-in, in partnership with state bankers associations, to ensure policies critical to the banking industry remain front and center to agency officials and to provide a forum for bankers' questions. Don’t miss this opportunity to speak directly with regulators about the need for common-sense policies and smart reform that will help America’s banks better serve their communities and grow the economy.

There is no cost to participate in these meetings. Learn more and register at aba.com/flyin.

Basel Committee Urges Banks to Up Their Cyber Risk Preparedness

With cyber incidents continuing to pose a threat to the financial system, the Basel Committee on Banking Supervision this week called on banks to improve cyber threat resilience. In a newsletter, the Committee promoted the widespread adoption of measures to strengthen cybersecurity, following principles released earlier this year on operational resilience and operational risk.“

Since the onset of the COVID-19 pandemic, [cyber security] concerns have heightened,” according to the Committee’s newsletter. “Remote working arrangements and increased provision of financial services using digital channels have enlarged banks' attack surfaces. This means that malicious actors, who have become increasingly sophisticated, have more points of access to banks' systems. Targeted attacks on banks' third-party service providers, including third-party software banks commonly use and intragroup entities, are also a stark reminder that cyber security measures should take into account operational dependencies on such providers.”

The Committee did not endorse a specific tool or framework, but recommended adopting practices that align with widely-accepted industry standards. Doing so, the Committee said, should improve “fundamental elements that include effective cyber risk management, diligent cyber hygiene practices, appropriate methods for identifying and protecting against cyber threats, and enhanced response and recovery capabilities.”

Resources cited by the Committee as aligning with industry standards include the National Institute of Standards and Technology Cybersecurity Framework, International Organization for Standardization 2700x, and the Center for Internet Security Critical Security Controls. Read the newsletter.

Treasury Announces Steps to Counter Ransomware Threat

As part of its ongoing efforts to counter the growing threat of ransomware, the Treasury Department’s Office of Foreign Assets Control (OFAC) on Tuesday released an updated advisory on potential sanctions risks for facilitating ransomware payments. The advisory emphasized that the government discourages paying cyber ransom or extortion demands and stresses the importance of improving cybersecurity.

OFAC also announced sanctions against a virtual currency exchange for the first time. OFAC designated SUEX OTC for facilitating financial transactions for ransomware. More than 40% of SUEX's known transactions history is associated with illicit actors, Treasury said.

The action blocks U.S. citizens and entities from engaging in transactions with SUEX and opens sanctions or enforcement action against financial institutions engaged in transactions with the virtual currency exchange. Read the advisory.

FDIC Launches Mission-Driven Bank Fund

The FDIC last Thursday launched its new mission-driven bank fund, through which private investors—including corporations, financial institutions and philanthropic organizations—have the opportunity to support mission-driven banks that support low- and moderate-income, minority and rural communities.

Mission-driven banks—which include minority depository institutions and community development financial institutions—will be able to make pitches to the fund for potential investments that will help them build size, scale and capacity to provide affordable financial products and services and stimulate economic and community development.

The fund will be managed by a private sector fund manager, and the FDIC will not be involved in funding or investment decisions. To date, the fund has secured $120 million in investments to date from two anchor investors and one founding investor, and FDIC Chairman Jelena McWilliams said she hopes that “more private equity investors will join the growing ranks of those committed to building opportunity and prosperity where this support is needed the most.”

The FDIC is currently in the process of selecting and onboarding a private fund manager and expects to finalize guidelines for the pitch process by the end of the year, with the goal of accepting a first round of pitches by the first quarter of 2022. Read more. Learn more about the fund

Federal Reserve Governor Michelle Bowman to Speak in Brookings

Federal Reserve Governor Michelle Bowman, a onetime Midwest community banker, will speak on making monetary policy and the outlook for the U.S. economy on Wednesday, Oct. 13, at 7 p.m. at South Dakota State University in Brookings.

As the nation’s central bank, the Federal Reserve System is charged by Congress with a dual mandate to promote maximum employment and stable prices in the U.S. economy. The System’s Federal Open Market Committee (FOMC) achieves this mandate by influencing interest rates and financial conditions more generally.

As one of six currently sitting members of the Board of Governors and as a member of the FOMC, Gov. Bowman plays an integral role in shaping U.S. monetary policy, which remains historically loose in the wake of the pandemic and the economic disruptions it has imposed on us all. Gov. Bowman will share her perspective on the paths of U.S. monetary policy and economic performance going forward.

The free event is sponsored by the Dykhouse Scholar Program in Money, Banking and Regulation in the Ness School of Management and Economics at SDSU. It will be held at the SDSU Performing Arts Center Larson Memorial Concert Hall. Learn more.

SDBA to Offer Next Week's IRA School Live in Sioux Falls and Virtually

IRA School image. The SDBA will hold its 2021 IRA School next week live in Sioux Falls at the Clubhouse Hotel & Suites and has added a virtual option to attend the school.

Days one to three of the school, Sept. 28-30, will cover new and current IRA material, and previous topics covered at the school will be expanded. The optional day four, Oct. 1, is for anyone who is involved indirectly or directly in IRA operations, reporting, auditing or compliance and will cover how the SECURE Act will affect bank operations.

In addition to the school being held live in Sioux Falls, sessions will also be live-streamed and recorded to be watched at a later date. Those not comfortable attending in person can simply choose to participate virtually and attend from the comfort of their home or office. See the full agenda and register to attend.

GSB to Offer Hot Topic Online Seminar on New FFIEC AIO Booklet

The Graduate School of Banking in Wisconsin will offer the hot topic online seminar "New FFIEC Guidance—the Architecture, Infrastructure and Operations (AIO) Booklet on Wednesday, Sept. 29, at 2 to 3:30 p.m. CDT.

Released on June 30, this new guidance completely overhauled the previous IT "Operations" booklet from 2004. The new AIO booklet is a much-needed, modern take on how to manage IT operations at a financial institution and includes many new and forward-looking regulatory expectations.

Presenter Jon Waldman with SBS CyberSecurity, LLC will discuss the new booklet, including: AIO guidance structure and overview, architecture, infrastructure, operations and big takeaways (what to look out for going forward). The target audience is information security officers and IT managers.

The price of the online seminar is $199, and the recording will be available through Dec. 29. Register for the seminar.

Compliance Alliance logo

Question of the Week

Question: Is a bank required to notify customers of a deposited check being returned?

Answer: Yes, Regulation CC, § 229.33(h), requires providing notice to a customer of a check being returned by midnight of the banking day following the banking day on which the bank receives notice of the check either being returned or nonpayment. A notice provided in accordance with this section may also satisfy the exception hold notice requirements, if the bank will place an exception hold on the basis of the nonpayment notification and otherwise meets the exception hold notice requirements.

Notification to customer. If the depositary bank receives a returned check, notice of nonpayment, or notice of recovery under §229.35(b), it shall send or give notice to its customer of the facts by midnight of the banking day following the banking day on which it received the returned check, notice of nonpayment, or notice of recovery, or within a longer reasonable time. Regulation CC, § 229.33(h) - https://www.ecfr.gov/cgi-bin/text-idx?SID=35b0b61237b153e41051d2fd905844bb&mc=true&node=se12.3.229_133&rgn=div8

Not a member? Learn more about membership with Compliance Alliance by attending one of our live demos:

Compliance Alliance offers a comprehensive suite of compliance management solutions. To learn how to put them to work for your bank, call 888.353.3933 or email and ask for our Membership Team.

For timely compliance updates, subscribe to Bankers Alliance’s email newsletters.