Congress Eases Criminal Offense Restrictions for Employment With Financial Institutions

Included in the defense spending bill signed by President Biden in December 2022 is a section with key provisions for financial institutions that will ease restrictions on hiring candidates with criminal records. Section 5705 in the National Defense Authorization Act (NDAA) for Fiscal Year 2023, titled “Fair Hiring in Banking,” further narrows convictions that would constitute a bar to employment under Section 19 of the Federal Deposit Insurance Act (FDIA) absent a written waiver by the Federal Deposit Insurance Corporation (FDIC). A representative for the FDIC confirmed that the changes are effective now and will be implemented by the FDIC in 2023.

Background

Section 19 generally prohibits any person who has been convicted of a crime of “dishonesty or a breach of trust or money laundering or has agreed to enter into a pretrial diversion or similar program in connection with a prosecution for such offense” from working in banking without first obtaining written consent from the FDIC.

Section 19 requires financial institutions to conduct criminal background checks on job candidates, regardless of whether state or local laws limit consideration of criminal histories in hiring. In July 2020, the FDIC issued a final rule that loosened the prohibitions in Section 19 by, among other things, expanding what are considered “de minimis” offenses and expanding the definition of “expungement” to include an order to seal a criminal record or a record relating to a pretrial diversion program.

Older Offenses

The Fair Hiring in Banking provisions go even further, providing that a waiver is not needed if it has been seven years or more since the offense occurred or if the individual was incarcerated with respect to the offense and it has been five years or more since the individual was released from incarceration. The need for a waiver also does not apply to conduct that an individual committed before the age of 21 and if it has been at least thirty months since the sentencing.

De Minimis Offenses

The provisions further permit the FDIC to exempt other “de minimis offenses” that they may determine by rule. Those rules must include a requirement that the offense “was punishable by a term of three years or less.” Applicable de minimis offenses may include offenses for writing bad checks so long as the aggregate value of all the bad checks is $2,000 or less. The FDIC may further designate other “lesser offenses” to be exempt if one year or more has passed since conviction, “including the use of a fake ID, shoplifting, trespass, fare evasion, driving with an expired license or tag, and such other low-risk offenses.”

Consent Applications

According to the provision, when reviewing an application to allow an individual with an applicable criminal conviction to work for a bank, the FDIC must make an “an individualized assessment.” This assessment must take “into account evidence of rehabilitation, the applicant’s age at the time of the conviction or program entry, the time that has elapsed since conviction or program entry, and the relationship of individual’s offense to the responsibilities of the applicable position.” They must further consider the individual’s employment history, letters of recommendation, and the completion of any substance abuse or job preparation programs.

Key Takeaways

The Fair Hiring in Banking provisions clear some barriers for financial institutions to hire individuals who may have committed criminal offenses in the past but have since been rehabilitated, providing needed flexibility in hiring and recruitment. Further, the provisions go beyond the 2020 FDIC rule changes by amending Section 19 of the FDIA to create exceptions to hire individuals convicted of certain criminal offenses without burdensome consent review by the FDIC.

While the federal laws preempt conflicting state and local laws, the Fair Hiring in Banking provisions are in line with the growing number of jurisdictions across the country that have prohibited or limited consideration of job candidates’ criminal histories in the hiring process. Those measures, such as so-called ban-the-box laws, have been imposed in part to promote rehabilitation and concerns that considering criminal histories in hiring disproportionately affects individuals in protected classes.

© 2023, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
For more Employment Law News, click here to visit the National Law Review.

Banking Regulators Publish Proposed Rule to Update Community Reinvestment Act Regulations

On May 5, 2022, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively the agencies) issued a joint notice of proposed rulemaking (the Proposed CRA Rule) that proposes changes to the way the agencies evaluate a bank’s performance under the Community Reinvestment Act (CRA). The team at Bradley is conducting an in-depth review of the Proposed CRA Rule and expects to release a detailed blog post on the significant number of proposed changes to the CRA regulations in the coming days. Below are highlights of a few of the changes the agencies seek to make through the Proposed CRA Rule.

If implemented as written, the Proposed CRA Rule would:

  • Update the CRA evaluation framework, with performance standards tailored to a bank’s size and business model
  • Create four new performance tests to evaluate large bank CRA performance: the Retail Lending Test, Retail Services and Products Test, Community Development Financing Test, and Community Development Services Test
  • Establish specific performance tests for small and intermediate-sized banks
  • Update the requirements for the delineation of assessment areas
  • Create updated record-keeping, data collection, reporting, and disclosure requirements for large banks

These highlights are only a partial selection of the changes proposed by the agencies. Stay tuned for a more expansive description of the details of the Proposed CRA Rule.

The agencies are accepting comments on the Proposed CRA Rule through August 5, 2022. If your organization is considering submitting a public comment on the proposed changes to the CRA regulations, we suggest that you begin reviewing the Proposed CRA Rule soon.

© 2022 Bradley Arant Boult Cummings LLP
For more articles about banking regulations, visit the NLR Financial, Securities & Banking section.

Federal Regulators Issue New Cyber Incident Reporting Rule for Banks

On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation, and Office of the Comptroller of the Currency issued a new rule regarding cyber incident reporting obligations for U.S. banks and service providers.

The final rule requires a banking organization to notify its primary federal regulator “as soon as possible and no later than 36 hours after the banking organization determines that a notification incident has occurred.” The rule defines a “notification incident” as a “computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, a banking organization’s—

  1. Ability to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business;
  2. Business line(s), including associated operations, services, functions, and support, that upon failure would result in a material loss of revenue, profit, or franchise value; or
  3. Operations, including associated services, functions and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States.”

Under the rule, a “computer-security incident” is “an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.”

Separately, the rule requires a bank service provider to notify each affected banking organization “as soon as possible when the bank service provider determines it has experienced a computer-security incident that has materially disrupted or degraded or is reasonably likely to materially disrupt or degrade, covered services provided to such banking organization for four or more hours.” For purposes of the rule, a bank service provider is one that performs “covered services” (i.e., services subject to the Bank Service Company Act (12 U.S.C. 1861–1867)).

In response to comments received on the agencies’ December 2020 proposed rule, the new rule reflects changes to key definitions and notification provisions applicable to both banks and bank service providers. These changes include, among others, narrowing the definition of a “computer security incident,” replacing the “good faith belief” notification standard for banks with a determination standard, and adding a definition of “covered services” to the bank service provider provisions. With these revisions, the agencies intend to resolve some of the ambiguities in the proposed rule and address commenters’ concerns that the rule would create an undue regulatory burden.

The final rule becomes effective April 1, 2022, and compliance is required by May 1, 2022. The regulators hope this new rule will “help promote early awareness of emerging threats to banking organizations and the broader financial system,” as well as “help the agencies react to these threats before they become systemic.”

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.

For more articles on banking regulations, visit the NLR Financial Securities & Banking section.

Blowing The Whistle On Fraud In The Banking Industry [VIDEO]

tz logo 2

The Department of Justice very actively pursues cases involving fraud in the banking industry, and through a law known as the Financial Institutions Anti-Fraud Enforcement Act, is authorized to pay very substantial rewards to whistleblowers that provide the Department of Justice with information about such fraud.

The law covers both fraud on banks, but also fraud by banks.  It also covers other types of unlawful conduct effecting banking, such as embezzlement of bank funds, or the payment of kickbacks to bank loan officers.

Under this banking whistleblower program, the Department of Justice can pay whistleblower awards of up to 30% of the amounts recovered by the government in banking fraud cases.

The law has a number of very unique procedures that govern how information has to be presented to the Department of Justice, which must be followed by a whistleblower who wishes to preserve his or her right to receive a reward. The whistleblower must also file a sworn statement with the Department of Justice, here in Washington, D.C. at its main headquarters, pursuant to those procedures.  It is also recommended that a qui tam whistleblower under this banking fraud program submit a legal memorandum to the Department of Justice, explaining the legal theories behind the case.

If you have information concerning a potential case involving banking fraud, do not hesitate to take action. It is possible that you might be able to bring your own lawsuit under the Financial Institutions Anti-Fraud Enforcement Act, acting as a whistleblower on behalf of the US government. Before filing your lawsuit, be sure to consult with an attorney familiar with the intricacies of this law, as these attorneys are best equipped to help protect your rights and help you gain your share of any monetary reward from a potential settlement.

Of: