On August 2, the Federal Financial Institutions Examination Council (FFIEC) announced updates to certain sections and examination procedures in the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual (Manual). The Manual instructs examiners on how to assess a bank’s anti-money laundering/countering the financing of terrorism (AML/CFT) program and its compliance with other AML/CFT regulatory requirements. The FFIEC cautions that the updates should not be seen as new instructions or an increased focus on certain areas, but instead as offering further transparency into the examination process and supporting risk-focused examination work.

As discussed here, on April 26, the Texas Bankers Association, the American Bankers Association (ABA), and Rio Bank, McAllen, Texas (Rio Bank) filed a complaint in the U.S. District Court for the Southern District of Texas challenging the Consumer Financial Protection Bureau’s (CFPB or Bureau) final rule under § 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Final Rule). As discussed here, § 1071 amended the Equal Credit Opportunity Act (ECOA) to impose significant data collection and reporting requirements on small business creditors. The plaintiffs’ complaint relied heavily on the Fifth Circuit’s decision in Community Financial Services Association (CFSA) v CFPB, finding the CFPB’s funding structure unconstitutional and, therefore, rules promulgated by the Bureau invalid. The CFPB’s appeal of the Fifth Circuit’s decision is currently pending before the U.S. Supreme Court (discussed here).

On July 26, the Securities and Exchange Commission (SEC) adopted, by a 3-2 margin, a final rule to require more immediate disclosure of material cybersecurity incidents by public companies. In addition, the final rule requires annual disclosure of material information regarding a public company’s cybersecurity risk management strategy and cybersecurity governance.

On July 28, the Board of Governors of the Federal Reserve System (Federal Reserve), Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, and the National Credit Union Administration (NCUA) (collectively, the agencies) issued an addendum to the agencies’ joint policy statement on funding and liquidity risk management, which advises depository institutions to assess and maintain a broad range of funding sources that can be accessed in adverse circumstances. Specifically, the agencies advised depository institutions to regularly test any contingency borrowing lines to ensure the institution’s staff are well versed in how to access them and that they function as envisioned.

On July 27, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) issued a joint notice of proposed rulemaking that would revise the capital requirements applicable to large banking organizations (those with $100 billion or more in total

Today, the Federal Deposit Insurance Corporation (FDIC) issued a letter to financial institutions (FIL-37-2023) regarding the proper way to report estimated uninsured deposits in accordance with the instructions to the Consolidated Reports of Condition and Income (Call Report). FIL-37-2023 does not impact institutions with less than $1 billion in total assets that do not report estimated uninsured deposits.

CPRA Regulations Delayed. On June 29, 2023, two days before enforcement of the California Consumer Privacy Act (CCPA) was to begin, a Sacramento Superior Court issued a temporary injunction, enjoining enforcement of newly promulgated regulations under the California Privacy Rights Act (CPRA), which amended the CCPA earlier this year. The new regulations were promulgated and purportedly went into effect on March 29, 2023. Specifically, the court enjoined enforcement of these final CPRA regulations, which will be stayed for a period of 12 months from the date that individual regulation becomes final. The court declined to mandate any specific date to finalize the remaining regulations.

In March , the Court of Appeals for the Second Circuit requested that the Securities and Exchange Commission (SEC) submit a brief on whether a syndicated term loan qualifies as a “security.” The brief was highly anticipated after the SEC requested multiple extensions to submit. However, on July 18, the SEC relayed to the court that they will not be filing a brief, stating that “Despite diligent efforts to respond to the Court’s order and provide the Commission’s views, the staff is unfortunately not in a position to file a brief on behalf of the Commission in this matter. We greatly appreciate the Court’s indulgence and regret any inconvenience this may have caused the Court or the parties.”

On July 18, Office of the Comptroller of the Currency (OCC) Senior Deputy Comptroller for Large Bank Supervision Greg Coleman testified on OCC supervision of climate-related financial risks before the U.S. House of Representatives’ Committee on Financial Services’ Subcommittee on Financial Institutions and Monetary Policy.