IBA Compliance Connection

Your go to source for compliance!

We are a state bank and are creating a pandemic disaster recovery guide for our retail department. Is it mandatory for us to make safe deposit box entry available, and must we provide mailed ten-day certificate of deposit (CD) renewal notices? Are there any guidelines for reducing our typical services to a minimum?

by

admin

Generally, your obligations to your safe deposit box customers will be dictated by the terms of your safe deposit box rental agreements, and Regulation DD dictates the disclosures you must provide to consumers with CD accounts. However, in the event of a viral pandemic, your bank’s ability to provide certain services or to comply with certain regulations may be impacted. Consequently, we recommend reviewing the resources discussed below, including two new webinars on pandemic contingency planning that are free to IBA members.

The Federal Financial Institutions Examination Council (FFIEC) recently published a guidance on pandemic planning providing that “[c]onsideration should be given toward visitor procedures and whether restrictions should be implemented for visitors accessing the facilities.” The FDIC also has published a statement acknowledging that “financial institutions may need to temporarily close a facility due to staffing challenges or to take precautionary measures” such as “limit[ing] foot traffic within a branch and provid[ing] services only through the drive-through lanes.” However, the FDIC also has encouraged financial institutions “to reduce disruptions to their customers, provide alternative service options when practical, and reopen affected facilities when it is safe to do so.” As such, you may wish to consider reducing the hours during which you provide access to safe deposit boxes — as opposed to suspending all access — to reduce disruptions to your customers. You also may wish to consider providing access to boxes by appointment only to serve your customers while minimizing foot traffic in your branches.

The FDIC’s statement also encourages financial institutions “to notify their primary federal or state regulator and their customers of temporary closure of an institution’s facilities and the availability of any alternative service options as soon as practical.” Additionally, the FFIEC’s guidance provides that “[c]ommunication with customers and the media is . . . critical to ensure that accurate information is disseminated about business operations.” Therefore, we recommend notifying the Illinois Department of Financial and Professional Regulation, the FDIC and your customers of any temporary closures, reduced hours or other service disruptions. (We note that the OCC has provided similar guidance for national banks, which is included in the resources.)

Regarding your obligations to consumers with CD accounts, Regulation DD requires ten days notice before maturity of existing CDs with maturities longer than one year that do not renew automatically at maturity. For CDs with maturities longer than one month that renew automatically at maturity, institutions must mail or deliver disclosures “at least 30 calendar days before maturity of the existing account” or “[a]lternatively . . . at least 20 calendar days before the end of the grace period on the existing account, provided a grace period of at least five calendar days is allowed.” The failure to provide such disclosures may result in administrative sanctions.

However, the FDIC has stated that its “staff stands ready to work with financial institutions that may experience challenges fulfilling their reporting responsibilities, taking into account each financial institution’s particular circumstances” and that it “will not assess penalties or take other supervisory action against institutions that take reasonable and prudent steps to comply with regulatory reporting requirements if those institutions are unable to fully satisfy those requirements because of the effects of COVID-19.” Although your obligations under Regulation DD are not “regulatory reporting requirements,” we believe it would be prudent to notify your regional FDIC office if you are unable to fully satisfy Regulation DD’s disclosure requirements due to the effects of a pandemic, and you might discuss possible alternatives to mailing notices of maturity.

Additionally, we note that Regulation DD requires institutions to “retain evidence of compliance . . .  for a minimum of two years after the date disclosures are required to be made or action is required to be taken.” Thus, a pandemic contingency plan that allows certain employees to work remotely also must include procedures for meeting all record retention requirements, including maintaining records securely and confidentially. This and several other relevant topics ­— including employees’ use of personal phones and computers, cross training employees to fulfill vital functions, critical service providers and force majeure clauses in contracts, sick leave policies, Americans with Disabilities Act considerations, and much more — were covered in the IBA’s March 13, 2020, pandemic contingency planning webinar, which will be available to download at the link below. The IBA also is hosting a second pandemic contingency planning webinar on March 24, 2020.

We also recommend reviewing the resources on the FDIC’s COVID-19 webpage and the IBA’s COVID-19 webpage, which is continually being updated.

For resources related to our guidance, please see:

  • FFIEC, Interagency Statement on Pandemic Planning, page 3 (March 6, 2020) (“Consideration should be given toward visitor procedures and whether restrictions should be implemented for visitors accessing the facilities. The framework should consider the impact of customer reactions and the potential demand for, and increased reliance on, online banking, telephone banking, ATMs, and call support services. In addition, consideration should be given to possible actions by public health and other government authorities that may affect critical business functions of a financial institution.”)
  • FDIC Statement on Financial Institutions Working with Customers Affected by the Coronavirus and Regulatory and Supervisory Assistance (March 13, 2020) (“The FDIC understands that financial institutions may need to temporarily close a facility due to staffing challenges or to take precautionary measures. For example, some institutions may wish to limit foot traffic within a branch and provide services only through the drive-through lanes. The FDIC encourages financial institutions to reduce disruptions to their customers, provide alternative service options when practical, and reopen affected facilities when it is safe to do so. Affected financial institutions are encouraged to notify their primary federal or state regulator and their customers of temporary closure of an institution’s facilities and the availability of any alternative service options as soon as practical. In such case in which operational challenges persist, the FDIC, working with the state authority, will expedite, as appropriate, any request to operate temporary facilities to provide more convenient availability of services. In most cases, a telephone notice to the FDIC or state authority will suffice to start the approval process, with the necessary written notification being submitted shortly thereafter.”)
  • FFIEC, Interagency Statement on Pandemic Planning, page 3 (March 6, 2020) (“Open communication and coordination with third parties, including critical service providers, is an important aspect of pandemic planning. Financial institutions should coordinate information sharing efforts through participation in business and community working groups and develop coalitions with outside parties to provide support and maintenance for vital services during a pandemic. Efforts could include consideration of cooperative arrangements with other financial institutions within the institution’s geographical trade area. In addition, management should coordinate its pandemic planning efforts with local public health and emergency management teams, identify authorities that can take specific actions (e.g., who has the ability to close a building or alter transportation), and plan to alert local and state agencies regarding significant employee absenteeism that may be caused by a sudden pandemic outbreak. Communication with customers and the media is also critical to ensure that accurate information is disseminated about business operations.”)
  • OCC Bulletin 2020-15, Pandemic Planning: Working With Customers Affected by Coronavirus and Regulatory Assistance (March 13, 2020) (“The OCC understands that banks may need to temporarily close or otherwise reduce access to a facility because of staffing challenges or to take precautionary measures. The OCC encourages banks to reduce disruptions to their customers, provide alternative service options when practical, and reopen affected facilities when it is safe to do so. Affected banks are encouraged to notify their OCC supervisory office and their customers of temporary closure of a bank’s facilities and the availability of any alternative service options as soon as practical.”)
  • Regulation DD, 12 CFR 1030.5(c) (“For time accounts with a maturity longer than one year that do not renew automatically at maturity, institutions shall disclose to consumers the maturity date and whether interest will be paid after maturity. The disclosures shall be mailed or delivered at least 10 calendar days before maturity of the existing account.”)
  • Regulation DD, 12 CFR 1030.5(b) (“For time accounts with a maturity longer than one month that renew automatically at maturity, institutions shall provide the disclosures described below before maturity. The disclosures shall be mailed or delivered at least 30 calendar days before maturity of the existing account. Alternatively, the disclosures may be mailed or delivered at least 20 calendar days before the end of the grace period on the existing account, provided a grace period of at least five calendar days is allowed.”)
  • Regulation DD, 12 CFR 1030.2(m) (“Grace period means a period following the maturity of an automatically renewing time account during which the consumer may withdraw funds without being assessed a penalty.”)
  • Regulation DD, 12 CFR 1030.9(a) (“Section 270 of the act (12 U.S.C. 4309) contains the provisions relating to administrative sanctions for failure to comply with the requirements of the act and this part. Compliance is enforced by the agencies listed in that section.”)
  • FDIC PR-25-2020, Agencies Encourage Financial Institutions to Meet Financial Needs of Customers and Members Affected by Coronavirus (March 9, 2020) (“The agencies understand that many financial institutions may face current staffing and other challenges. In cases in which operational challenges persist, regulators will expedite, as appropriate, any request to provide more convenient availability of services in affected communities.”)
  • Regulation DD, 12 CFR 1030.9(c) (“A depository institution shall retain evidence of compliance with this part for a minimum of two years after the date disclosures are required to be made or action is required to be taken. The administrative agencies responsible for enforcing this part may require depository institutions under their jurisdiction to retain records for a longer period if necessary to carry out their enforcement responsibilities under section 270 of the act.”)
  • IBA Webinar, Is Your Bank’s Pandemic Contingency Plan Ready for Implementation? (March 13, 2020) (Description: In light of the current outbreak of Coronavirus (and the illness it causes — COVID-19), it is urgent for all entities — including every financial institution — to review and update their pandemic contingency plans. Most of these plans have not been reviewed since the banking regulators issued their original guidance on pandemic planning and response in 2006. With new interagency guidance released just last Friday, there is no excuse for an outdated or impractical plan. It is time to revisit your pandemic contingency plan to ensure it is current and matches how your bank is operating today!)
  • IBA Webinar, Dusting off the Pandemic Plan in the Wake of COVID-19 (March 24, 2020) (Description: The recent outbreak of the COVID-19 (Coronavirus 2019) has created a sense of urgency for companies, including financial institutions, to review and update their pandemic contingency plans. Most of those plans hadn’t been exercised, reviewed, or even updated since the H1N1 outbreak in 2009. Now is the time to dust off and update the pandemic contingency plan to ensure it reflects how your business operates today.)
  • FDIC FIL-17-2020, Working with Customers Affected by the Coronavirus (“The FDIC has launched a COVID-19 webpage on its public website to provide useful information to bankers, consumers, and others. Financial institutions that have questions about guidance in the statement are encouraged to contact their FDIC Regional Office.”)