FDIC gives green light to ILC final rule, proposing SAR exemptions, 12.9% increase for 2021 budget – and joint security breach notification proposal

A final rule to address parent companies of industrial loan companies and banks, a proposed rule to amend suspicious activity report (SAR) regulation at banks, and a 2021 agency operating budget of $2.28 billion were all approved in other action Tuesday by the Federal Deposit Insurance Corp. (FDIC) Board.

A joint federal banking agency proposal was also approved requiring a banking organization to provide its primary federal regulator with prompt notification of any “computer-security incident” that rises to the level of a “notification incident.”

The final rule on industrial loan companies – approved on a split vote, with Board Member Martin Gruenberg in opposition – would, the FDIC said, require certain conditions and commitments for each deposit insurance application approval, non-objection to a change in control notice, and merger application approval that would result in an insured industrial bank or industrial loan company becoming a subsidiary of a company that is not subject to consolidated supervision by the Federal Reserve Board.

The agency said the final rule will require a covered parent company to enter into written agreements with the FDIC and the industrial bank to: address the company’s relationship with the industrial bank; require capital and liquidity support from the parent to the industrial bank; and establish appropriate recordkeeping and reporting requirements.

The rule also codifies, the agency said, the FDIC’s current supervisory processes and policies with respect to industrial banks and ensure the safe and sound operation of these institutions as well as provide the necessary transparency regarding the FDIC’s supervisory practices.

The final rule takes effect April 1.

The board also voted to:

  • Issue a proposal (with a 30-day comment period) to modify the requirements for FDIC-supervised institutions to file Suspicious Activity Reports (SARs) by allowing the FDIC to issue exemptions from the SAR requirements, making it possible for the agency to “grant relief to FDIC-supervised institutions that develop innovative solutions to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.” More specifically, the proposal would allow additional, case-by-case exemptions from SAR filing requirements in conjunction with the Financial Crimes Enforcement Network (FinCEN) to banks that develop innovative solutions to meet anti-money laundering requirements “more efficiently and effectively.”
  • Approve the annual operating budget for 2021 of $2.28 billion, which is 12.9% higher than the 2020 operating budget. The agency said the increase includes $140 million in additional contingency funding above normal annual contingency amounts, reflecting a continuing period of extraordinary uncertainty from the coronavirus crisis on the financial condition of FDIC-insured banks next year.
  • Issue a joint proposal (with the other federal banking agencies) requiring banks to provide “prompt notification” to their federal regulators upon the occurrence of a security incident as soon as possible and no later than 36 hours after the banking organization believes in good faith that the incident occurred. The notification requirement, the proposal states, is intended to serve as an early alert to a banking organization’s primary federal regulator “and is not intended to provide an assessment of the incident.”

The FDIC also said that a bank service provider would be required under the prompt-notification proposal to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.

The proposal was issued with a 90-day comment period.

FDIC Approves Rule to Ensure Safety and Soundness of Industrial Banks

FDIC Board Approves Proposed Rule to Amend Suspicious Activity Report Requirements

FDIC Board Approves 2021 Operating Budget

Joint proposal: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers