(New information added on April 20, 2020)
As the coronavirus crisis unfolds, federal and state financial services regulatory agencies have taken multiple actions impacting banks, non-bank financial service providers, and their customers. Below is a summary of those actions to date. We will update this information as new information becomes available.
Guidance on Working with Borowers
On March 9, the Federal Reserve, OCC, FDIC, CFPB, NCUA, and the CSBS issued a joint press release urging financial institutions to meet the needs of their customers. The agencies encouraged financial institutions to "work constructively" with borrowers. In doing so, the agencies stated it would be unlikely that prudent efforts "consistent with safe and sound lending practices" would subject institutions to criticism from their examiners. The regulators will also expedite requests to alter the provision of banking services in communities affected by the virus.
On March 22, the Federal Reserve, FDIC, NCUA, OCC, CFPB, and CSBS issued additional guidance on virus-related loan modifications. This guidance encourages financial institutions to work constructively with borrowers affected by the virus and that the agencies view loan modifications positively because modifications can mitigate adverse effects of the virus on borrowers. The agencies also provide guidance on how to account for loan modifications, including that they will not direct supervised institutions to automatically categorize all virus-related loan modifications as troubled debt restructurings (TDRs). Additionally, lenders are instructed to not label loans as pass due if they provide borrowers a virus-related payment deferral.
On March 26, the Federal Reserve, FDIC, OCC, NCUA, and the CFPB issued a joint statement encouraging regulated financial institutions to offer responsible small-dollar loans to consumers and small businesses. An alert summarizing that guidance is available here.
Implementation of the CARES Act
On March 27, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) intended to aid individuals and businesses during the ongoing public health and economic crisis. Our alert summarizing key provisions of the CARES Act is available here. Subsequently, federal regulatory agencies issued guidance to financial institutions regarding implementation of the CARES Act.
On April 3, the Federal Reserve, OCC, FDIC, CFPB, NCUA, and the CSBS issued a joint statement providing flexibility to mortgage servicers working with consumers who may avail themselves of Section 4022 of the CARES Act, which permits borrowers with a federally backed mortgage loan who are experiencing a financial hardship due to COVID–19 to request forbearance from their servicers. In addition to explaining the application of Regulation X's loss mitigation rules to such requests for forbearance, the agencies stated they do not intend to take action against servicers for delays in sending notices and establishing live contact with delinquent borrowers as required by Regulation X. An alert summarizing that guidance is available here.
On April 7, the Federal Reserve, OCC, FDIC, CFPB, and the NCUA, in consultation with state financial regulators, issued an interagency statement clarifying the interaction between their March 22 guidance on virus-related loan modifications (see above) and Section 4013 of the CARES Act, which allows financial institutions to suspend the requirements to classify certain loan modifications related to COVID-19 as TDRs. The agencies provided further guidance on determining TDR status for loans not eligible for relief under Section 4013.
Appraisals and Evaluations
Regulatory agencies have eased appraisal and evaluation requirements for the purpose of providing liquidity to property owners during the COVID-19 crisis. On April 14, the FDIC, OCC and Federal Reserve issued an interim final rule allowing regulated financial institutions to defer obtaining appraisals or evaluations for up to 120 days after the closing of certain residential and commercial real estate loans. On April 16, the NCUA followed suit with a an identical interim final rule applying to federally insured credit unions.
These agencies, together with the CFPB, issued an interagency statement outlining existing flexibilities in appraisal and evaluation regulations and highlighting temporary changes GSE appraisal standards.
An alert summarizing recent appraisal and evaluation regulations and guidance is available here.
Borrower Protection Program
On April 15, CFPB and FHFA announced a new joint Borrower Protection Program that enables the two agencies to share servicing information to protect borrowers during the COVID-19 pandemic. CFPB will make complaint information and analytical tools available to FHFA and FHFA will make available to CFPB information about forbearances, modifications and other loss mitigation initiatives undertaken by Fannie Mae and Freddie Mac.
Additional Federal Financial Regulatory Response
CFPB. The CFPB has published various blog posts aimed at consumers on how to protect themselves, including a March 13 post advising consumers struggling to make payments on how to work with their lenders and an April 6 guide to coronavirus mortgage relief options.
The CFPB has also issued guidance to financial institutions. On March 26, CFPB issued guidance regarding supervision and enforcement impacts of the coronavirus and on certain reporting obligations including HMDA, prepaid card and credit card reporting, and college credit cards(an alert summarizing that guidance is available here). On April 1, it issued a policy statement addressing credit reporting issues faced by consumers and credit furnishers in light of the COVID-19 pandemic (alert available here).
On April 10, the CFPB issued a policy statement regarding the pending expiration of the Remittance Rule’s temporary exception that allows insured institutions to provide estimated remittance disclosures. Our alert on the policy statement is available here.
On April 13, the CFPB issued an interpretive rule regarding the application of Regulation E and the Electronic Fund Transfer Act's compulsory use prohibition to the CARES Act and similar COVID-19-relief payments made by governments. Our alert on the interpretive rule is available here.
FDIC. On March 13, FDIC issued its first Financial Institution Letter addressing the crisis. FDIC encouraged industry to work with its customers and committed to both rescheduling examinations and increasing the use of off-site reviews to reduce burden. Importantly, FDIC stressed that a financial institution's "prudent efforts" to modify affected customers' loan terms "will not be subject to examiner criticism."
On March 19, FDIC issued a second financial institution letter that addresses certain "Frequently Asked Questions" for Financial Institutions. This document addresses issues such as explaining how creditors can provide accommodations to borrowers. FDIC suggests lenders can address skipped payments by extending the loan's maturity date or making missed payments due in a balloon payment at maturity and doing so with accurate disclosures. Such borrowers should not be reported as "past due." The letter also explains how banks can offer alternatives to opening branch offices and says that FDIC need not be notified of temporary closures. Finally, the letter addresses the wearing of masks inside branches, timing issues for BSA filings, and potential impacts on appraisals.
FRB. On March 13, FRB's Division of Supervision and Regulation issued a letter recommending all financial institutions review prior guidance letters addressing emergency response. FRB called attention to its March 2013 letter, which addresses working with affected borrowers, examination expectations in response to emergency situations, and handling BSA/AML requirements when assisting borrowers and applicants who can provide limited identifying documentation due as a result of the emergency.
OCC. OCC has issued guidance on its dedicated webpage that contains information for consumers and details about other agencies' actions and the OCC's efforts related to money market liquidity and pandemic planning.
FinCEN. FinCEN has issued a notice aimed at assisting financial institutions in complying with the Bank Secrecy Act (BSA) during the COVID-19 pandemic. This notice supplements FinCEN’s March 16 notice on COVID-19 issues. An alert summarizing that guidance is available here.
State Regulatory Guidance (as of March 31, 2020)
To date, most states, D.C., Puerto Rico and Guam have issued guidance to regulated entities regarding working with customers, branch license requirements, allowing employees to work from home, implementing business continuity plans, and other topics. A map of all states' responses (updated regularly) is available here.
Working From Home
On March 5, the State of Washington's Department of Financial Institutions was one of the first states to publish work from home guidance for mortgage loan originators. The guidance allows employees to conduct activities requiring licensure from home, provided that certain data security requirements are met: (1) employee must be able to access the company’s secure origination system using a VPN or similar system that requires passwords or other forms of authentication; (2) all security updates, patches, or other alterations to the devices security must be maintained; and (3) employee must not keep any physical business records at any location other than the licensed main office. The home need not be licensed, unless consumers visit the home.
Multiple states have used Washington's publication as a template, issuing similar written guidance expressly permitting mortgage loan officers to temporarily work from home due to the virus. For example, California requires the use of encrypted VPNs, bars the keeping of physical business at home, and also bars employees from meeting with any customers at home. Arkansas explicitly requires licensees to use VPNs, confirm employees have all required security updates and patches installed on their devices, and continue to maintain physical books and records at the location on file with the state regulator.
Some states, such as Oregon, have similar data security requirements to Washington's and also require that licensees provide copies of their work at home policies to regulators. Some states, such as Texas, require licensees to prepare policies but do not explicitly require submission to regulators.
Some state regulators require licensees to take measures to protect information security when employees work from home, but do not provide specifics. For example, Florida allows employees of licensed mortgage companies to work from an unlicensed home, so long as they do not conduct business in a manner requiring a license and the licensee's company takes steps to ensure the safety and security of all books and records as required by state and federal laws. Ohio similarly requires reasonable supervision of employees and reasonable measures to protect information security under applicable state and federal law, but does not provide guidance on whether employees can use something other than a VPN to access the loan origination system. Connecticut also requires licensees to provide reasonable supervision and safeguards concerning consumer information, though also provides that an individual working from home must tell licensee in writing the reason for working from home, which must be related to the COVID-19 outbreak.
At least one state, Maryland, has not relaxed guidelines but instead referred licensees to existing regulatory authority permitting employees to work from home if certain conditions are met.
While the work at home requirements vary by state, the regulators generally want to make sure that when employees work from home, licensees and employees continue to adhere to privacy and data security requirements and avoid interacting with customers in person.
Branch License Requirements.
Some state regulators explicitly allow licensees to close branches during the crisis. In Texas, for example, the Department of Savings and Mortgage Lending has been authorized to temporarily suspend any requirement that a physical office be open to the public during posted normal business hours. Nebraska regulators understand that financial institutions may need to temporarily close a facility due to staffing challenges or to take precautionary measures and asks financial institutions to notify regulators of temporary closures and availability of alternative service options as soon as possible. In many states experiencing lockdowns, financial services providers have be deemed essential services.
Some states have extended licensure deadlines. For example, on March 20 the Florida Office of Financial Regulation (OFC) tolled the renewal deadline for all licenses issued by the OFC whose renewal deadline occurs in the month of March or April for a period of 30 days. Alaska regulators issued guidance that 14-30 days in quarantine would not be considered the majority a licensee's time over the course of a year under 3 AAC 14.415 (requiring a mortgage loan originator to register his/her home or "other location" as a branch office if such location is used to conduct the majority of activities of loan originator), or 3 AAC 14.515 (making it an unfair and deceptive practice to conduct the majority of activities at a location that is not the main office or a registered branch office).
Minnesota does not have a branch license requirement for its mortgage licensees, only a branch registration for offices located within the state. However, if customers will be going to a Minnesota home for the purposes of obtaining a mortgage loan, the mortgage licensee must complete the branch registration for the home.
Working with Customers
Numerous states, including Florida, Kentucky, Maryland, New Jersey, Oregon, and Washington have issued guidance encouraging financial institutions to assist customers affected by COVID-19 by taking actions such as restructuring loans, extending repayment terms, forgoing reporting of payment information, delaying submission of delinquency notices to credit bureaus easing terms for new loans, and waiving fees.
Some states have also encouraged financial institutions to facilitate consumer's access to cash. California, for example, encourages financial institutions to waive ATM, overdraft, late payment and early withdrawal penalty fees and to increase ATM withdrawal limits. Vermont encourages licensees to reduce ATM, overdraft, credit card and early withdrawal penalty fees. Connecticut (here and here) encourages financial institutions to ensure customer access to financial services, at a minimum, through drive-up windows, night deposit services, ATMs and online banking.
Business Continuity Plans
Some states, including Alabama and Massachusetts, have encouraged licensees to review and update their disaster recovery and business continuity plans. Massachusetts published specific guidance regarding how to document a pandemic strategy, ensure continuity of critical operations, and communicate plans to staff, customers, service providers and regulators, among others.
Regulators in some states, such as Maryland and Oklahoma, have notified licensees they will be flexible in the timing of examinations. Even more states, including California, Colorado, Florida, and Nebraska, have issued guidance that regulators are both flexible in the timing of examinations and will make greater use of offsite examinations.
Many states have been adapting to social distancing by allowing various degrees of remote notarization. A chart tracking the steps, special conditions, and considerations for remote notarization on a state-by-state basis is available here.
New York's Department of Financial Services (NY DFS) has published emergency regulations and several industry letters regarding coronavirus and its impacts.
In emergency regulations published March 24, NY DFS is requiring financial institutions regulated by NY DFS to provide forbearance on residential property mortgages in New York for a period of 90 days to any New York resident who demonstrates financial hardship as a result of the virus, subject to the safety and soundness requirements of the regulated institutions and certain listed exceptions. In addition, for customers facing financial hardships, financial institutions are required to eliminate: (i) ATM fees at the institutions' ATMs, (ii) overdraft fees, and (iii) credit card late fees.
The industry letters require licensees to take action and submit information to DFS.
- NY DFS is requiring regulated banks, credit unions, and licensed lenders to submit a written response to the agency describing the institution's plan to manage the financial risks to it posed by the impacts of the coronavirus within 30 days (by April 9). Institutions' responses must include assessments in six categories: (i) credit risk and ratings of impacted customers, counterparties, and business sectors, (ii) credit exposure, (iii) scope and size of the credits adversely impact by the virus that may move to delinquent status, (iv) valuation of impacted assets and investments, (v) overall impact of the virus on earnings, profits, capital, and liquidity (vi) reasonable and prudent steps to assist those impacted by the virus. The last three factors also apply to virtual currency businesses.
- NY DFS is also requiring regulated businesses (including licensees, banks, credit unions, and virtual currency businesses) to provide assurances that they have preparedness plans in place to address operational and financial risk posed by the coronavirus. The plans must be provided to NY DFS no later than April 9 and the plans must address nine categories: (i) Preventative measures tailored to the institution’s specific profile and operations to mitigate the risk of operational disruption, which should include identifying the impact on customers, and counterparts, (ii) a strategy addressing the impact of the outbreak in stages, so that the entity’s efforts can be appropriately scaled, consistent with the effects of a particular stage of the outbreak; (iii) assessment of all facilities, systems, policies and procedures necessary to continue critical operations and services if members of the staff are unavailable for longer periods or are working off-site, including the effectiveness and security of remote access; (iv) An assessment of potential increased risk of cyber-attacks and fraud due to an outbreak; (v) employee protection strategies, (vi) assessment of the preparedness of critical third-party service providers and suppliers; (vii) development of a communication plan to effectively communicate with customers, counterparties and the public, and to deliver important news and instructions to employees, along with establishing forums for questions to be asked and addressed; (viii) testing the plan to ensure its policies, processes and procedures are effective; and (ix) governance and oversight of the plan, including identifying the critical members of a response team, to ensure ongoing review and updates to the plan, including the tracking of relevant information from government sources and the institution’s own monitoring program.
- NY DFS also issued guidance encouraging licensees and regulated banks to take steps to assist businesses adversely impacted by the virus by offering payment accommodations, waiving overdraft fees, and easing credit terms.
- On April 13, NY DFS also published an industry letter advising licensees of increased cybersecurity risks during the pandemic. Among the risks highlighted, NY DFS noted the risks that could arise during remote working (such as with unsecured personal computers), increased fishing and fraud, and the increased risk to vendors and other third-parties.