Agency Information Collection Activities: Information Collection Extension With Revision; Submission for OMB Review; Bank Secrecy Act/Money Laundering Risk Assessment, 52521-52525 [2016-18740]
Download as PDF
52521
Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices
TABLE 3—CALIFORNIA—DESIGNATED HRCQ/RAM ROUTES—Continued
Designation
date
Route
order
10/19/94 ......
B4A
10/19/94 ......
B5
10/19/94 ......
B5A–1.0
10/19/94 ......
B6A–1.0
10/19/94 ......
B6A–2.0
04/01/14 ......
10/19/94 ......
B6A–
2.0A
B7A–2.0
10/19/94 ......
C1
10/19/94 ......
C2
10/19/94 ......
D1
10/19/94 ......
D2A
10/19/94 ......
E
10/19/94 ......
F1
10/19/94 ......
F2A
10/19/94 ......
G
04/01/14 ......
H
Route description
Interstate 15 from Nevada border
to State 60 [Mira Loma].
Interstate 605 from Interstate 210
[Duarte] to Interstate 5 [Santa
Fe Springs].
Interstate 40 from Arizona to
Interstate 15 [Barstow].
Interstate 10 from Arizona to
Interstate 605 [Baldwin Park].
Interstate 210 from Interstate 5
[Sylmar] to State 57 [Glendora].
State Route 57 from Interstate
210 to Interstate 10.
Interstate 5 from Oregon [MP
796] to Interstate 210 [MP
160—Sylmar].
Interstate 280 from Interstate 680
[in San Jose] to Interstate 380
[in San Francisco].
Interstate 680 from Interstate 80
[Cordelia Junction, Fairfield] to
Interstate 280 [San Jose].
Interstate 880 from Interstate 980
[Oakland] to Interstate 238
[San Leandro].
Interstate 980 from Interstate 580
to Interstate 880.
Interstate 238 from Interstate 580
[Ashland] to Interstate 880 [San
Leandro].
Interstate 580 from Interstate 5 to
Interstate 238.
Interstate 205 from Interstate 5
[Lanthrop] to Interstate 580 [Alameda County]’’.
Interstate 80 from Nevada to
Interstate 580 [north of Oakland].
Interstate 505 from Interstate 5 to
Interstate 80.
Issued on: July 23, 2016.
T.F. Scott Darling, III,
Administrator.
Office of the Secretary
Application of Trans Northern Airways
LLC for Commuter Authority
Department of Transportation.
ACTION: Notice of Order to Show Cause
(Order 2016–8–5) Docket DOT–OST–
2016–0057.
AGENCY:
The Department of
Transportation is directing all interested
persons to show cause why it should
not issue an order tentatively finding
Trans Northern Airways LLC fit,
willing, and able to provide scheduled
passenger service as a commuter air
SUMMARY:
Jkt 238001
FMCSA
QA comment
P
Los Angeles
P
P
P
Los Angeles
P
P
P
P
P
Alameda ....
Alameda ....
P
Alameda ....
Oakland .....
P
P
P
P
P
P
Persons wishing to file
objections should do so no later than
August 16, 2016.
DEPARTMENT OF TRANSPORTATION
mstockstill on DSK3G9T082PROD with NOTICES
Designation(s)
(A,B,I,P)
DATES:
BILLING CODE 4910–EX–P
22:23 Aug 05, 2016
County
carrier using small aircraft pursuant to
Part 135 of the Federal Aviation
Regulations.
[FR Doc. 2016–18729 Filed 8–5–16; 8:45 am]
VerDate Sep<11>2014
City
Objections and answers to
objections should be filed in Docket
DOT–OST–2016–0057 and addressed to
U.S. Department of Transportation,
Docket Operations, (M–30, Room W12–
140), 1200 New Jersey Avenue SE., West
Building Ground Floor, Washington, DC
20590, and should be served upon the
parties listed in Attachment A to the
order.
Dated: August 2, 2016.
Susan McDermott,
Deputy Assistant Secretary for Aviation and
International Affairs.
[FR Doc. 2016–18728 Filed 8–5–16; 8:45 am]
BILLING CODE 4910–9X–P
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
Catherine J. O’Toole, Air Carrier Fitness
Division (X–56, Room W86–489), U.S.
Department of Transportation, 1200
New Jersey Avenue SE., Washington,
DC 20590, (202) 366–9721.
PO 00000
Frm 00125
Fmt 4703
Sfmt 4703
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
Agency Information Collection
Activities: Information Collection
Extension With Revision; Submission
for OMB Review; Bank Secrecy Act/
Money Laundering Risk Assessment
Office of the Comptroller of the
Currency (OCC), Treasury.
ACTION: Notice and request for
comments.
AGENCY:
The OCC, as part of its
continuing effort to reduce paperwork
SUMMARY:
E:\FR\FM\08AUN1.SGM
08AUN1
mstockstill on DSK3G9T082PROD with NOTICES
52522
Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices
and respondent burden, invites the
general public and other Federal
agencies to take this opportunity to
comment on a proposed information
collection, as required by the Paperwork
Reduction Act of 1995 (44 U.S.C.
chapter 35) (PRA).
In accordance with the requirements
of the PRA, the OCC may not conduct
or sponsor, and the respondent is not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number.
The OCC is soliciting comments
concerning an information collection
titled ‘‘Bank Secrecy Act/Money
Laundering Risk Assessment,’’ also
known as the Money Laundering Risk
(MLR) System.
The OCC is also announcing that the
proposed collection of information with
extension has been submitted to OMB
for review and clearance under the PRA.
DATES: Comments must be submitted by
September 7, 2016.
ADDRESSES: Because paper mail in the
Washington, DC area and at the OCC is
subject to delay, commenters are
encouraged to submit comments by
email, if possible. Comments may be
sent to: Legislative and Regulatory
Activities Division, Office of the
Comptroller of the Currency, Attention:
1557–0231, 400 7th Street SW., Suite
3E–218, Mail Stop 9W–11, Washington,
DC 20219. In addition, comments may
be sent by fax to (571) 465–4326 or by
electronic mail to prainfo@occ.treas.gov.
You may personally inspect and
photocopy comments at the OCC, 400
7th Street SW., Washington, DC 20219.
For security reasons, the OCC requires
that visitors make an appointment to
inspect comments. You may do so by
calling (202) 649–6700, or for persons
who are deaf or hard of hearing, TTY,
(202) 649–5597. Upon arrival, visitors
will be required to present valid
government-issued photo identification
and submit to security screening in
order to inspect and photocopy
comments.
All comments received, including
attachments and other supporting
materials, are part of the public record
and subject to public disclosure. Do not
include any information in your
comment or supporting materials that
you consider confidential or
inappropriate for public disclosure.
Additionally, please send a copy of
your comments by mail to: OCC Desk
Officer, 1557–0231, U.S. Office of
Management and Budget, 725 17th
Street NW., #10235, Washington, DC
20503, or by email to: oira_submission@
omb.eop.gov.
VerDate Sep<11>2014
22:23 Aug 05, 2016
Jkt 238001
FOR FURTHER INFORMATION CONTACT:
Shaquita Merritt, OCC Clearance
Officer, (202) 649–5490, or for persons
who are deaf or hard of hearing, TTY,
(202) 649–5597, Legislative and
Regulatory Activities Division, Office of
the Comptroller of the Currency, 400 7th
Street SW., Washington, DC 20219.
SUPPLEMENTARY INFORMATION: In
compliance with 44 U.S.C. 3507, the
OCC has submitted the following
proposed collection of information to
OMB for review and clearance.
Bank Secrecy Act/Anti-Money
Laundering Risk Assessment
The MLR System enhances the ability
of examiners and bank management to
identify and evaluate any Bank Secrecy
Act (BSA)/Money Laundering (ML) and
Office of Foreign Assets Control (OFAC)
sanctions risks associated with the
banks’ products, services, customers,
and locations. As new products and
services are introduced, existing
products and services change, and
banks expand through mergers and
acquisitions, a bank’s management’s
evaluation of potential new money
laundering and terrorist financing risks
is expected to evolve as well. The MLR
risk assessment is an important tool for
the OCC’s BSA/Anti-Money Laundering
(AML)/OFAC supervision activities
because it allows the OCC to better
identify those institutions, and areas
within institutions, that pose
heightened risk, and allocate
examination resources accordingly. This
risk assessment is critical to protect
financial institutions of all sizes from
potential abuse from money laundering
or terrorist financing. Absent an
appropriate risk assessment, applicable
controls cannot be effectively
implemented for lines of business,
products, or entities, which would
elevate BSA, AML, and OFAC
compliance risks.
The OCC will collect MLR
information for all financial institutions
supervised by the OCC.
OMB Control No.: 1557–0231.
Type of Review: Regular.
Frequency of Response: Annual.
Burden Estimates:
Community Bank and Federal
Branches and Agencies populations:
Estimated Number of Respondents:
1,450.
Estimated Number of Responses:
1,450.
Frequency of Response: Annually.
Estimated Annual Burden: 8,700
hours.
Midsize Bank population:
Estimated Number of Respondents:
47.
Estimated Number of Responses: 47.
PO 00000
Frm 00126
Fmt 4703
Sfmt 4703
Frequency of Response: Annually.
Estimated Annual Burden: 1,175
hours.
Large Bank population:
Estimated Number of Respondents:
38.
Estimated Number of Responses: 38.
Frequency of Response: Annually.
Estimated Annual Burden: 3,040
hours.
The OCC issued a 60-day Federal
Register notice on January 4, 2016,
soliciting comments concerning
combining this existing community
bank information collection with
expansion to all OCC-supervised
institutions.1 Eight comments were
received: Four from OCC-supervised
banks, two from industry associations,
one from a bank holding company and
one from an individual. Of the five
comments received from a bank holding
company or a bank, three were from
midsize banks, and the remaining two
comments were from community banks.
1. Comments on Practical Utility of the
Data Collection
Comments were invited on whether
the collection of information is
necessary for the proper performance of
the functions of the agency, including
whether the information has practical
utility. Two commenters stated concern
for either the small degree of practical
utility or no practical utility obtained by
requiring all OCC-supervised banks to
report MLR data and linked the cost/
benefit value of the cost of gathering and
reporting the data to the benefit derived
to the bank or to the OCC. An additional
commenter stated that they saw no
prudential or supervisory benefit to
expanding the annual MLR data
collection requirement to midsize or
large banks when the OCC has access to
the information on a dynamic basis. One
commenter stated that the OCC must
clearly demonstrate that costs and
burdens associated with MLR do not
outweigh the benefits. One commenter
stated that the collection of MLR data is
not necessary because the OCC already
has access to the data through its
supervisory process, including the
current BSA/AML risk assessment
expectation.
Six commenters stated that the onesize-fits-all approach or proposed
mandatory uniform approach for
collecting MLR data from all OCCsupervised banks is inconsistent or at
odds with the Federal Financial
Institutions Examination Council
(FFIEC) BSA/AML Examination Manual
(Manual), as the FFIEC Manual provides
for a variety of effective methods and
1 81
E:\FR\FM\08AUN1.SGM
FR 143 (January 4, 2016).
08AUN1
Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices
mstockstill on DSK3G9T082PROD with NOTICES
formats to be used in completing a risk
assessment. Two commenters stated that
requiring only OCC-supervised banks to
report MLR data would create the
equivalent of an ‘‘uneven playing field’’
for national banks and Federal thrifts
and agencies. One commenter stated
that the OCC should explain why
collecting rudimentary MLR summary
data is needed when there are relatively
few BSA enforcement actions and other
supervisory actions related to the BSA.
One commenter stated that the proposal
does not provide analysis of why
extending the MLR to all financial
institutions would enhance the ability
of examiners and bank management to
identify and evaluate BSA/ML and
sanctions risks. The commenter further
stated that the proposal does not explain
how BSA/AML/OFAC risk assessment
provided through the MLR System
enhances the OCC’s understanding of
such risks or why this information is
necessary for the OCC to address
supervisory concerns about those
financial institutions.
Collecting MLR data from all
supervised banks will yield substantial
information that will provide a high
degree of utility for the OCC in meeting
its supervisory obligations under
applicable statutes and regulations.2
The purpose of the MLR System is to
support the OCC’s supervisory
objectives by allowing for the
identification and analysis of BSA/ML
and OFAC sanctions risks across the
population of all OCC-supervised banks,
to assist examiners in carrying out riskbased supervision pursuant to the FFIEC
Manual, and to meet the OCC’s
supervisory obligations under
applicable statutes and regulations.3
Whether to collect MLR data is not in
any way linked to whether an
institution is the subject of a BSA/AML/
OFAC enforcement or any other type of
supervisory action. MLR data is simply
data about a bank’s products, services,
customers, and geographies that is
gathered prior to examinations to
promote effectiveness and efficiency in
OCC examination scoping and
transaction testing. The expansion of the
MLR System to all OCC-supervised
institutions will allow contemporaneous
data to be analyzed consistently across
the agency and thus will allow the OCC
2 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and
implementing regulations 12 CFR 21.21, 31; 12 CFR
21.11 and 163.180, 12 CFR Title X, and Office of
Foreign Assets Control sanction established under
the Trading with the Enemy Act (TWEA); 50 U.S.C.
App 1–44; International Emergency Economic
Powers Act (IEEPA), 50 U.S.C. 1701; 31 U.S.C.
5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR
21.11 and 163.180; and 31 CFR Title X.
3 Ibid.
VerDate Sep<11>2014
22:23 Aug 05, 2016
Jkt 238001
to better identify those institutions, and
areas within institutions, that pose
heightened BSA/ML, and OFAC risk.
The data collected through the MLR
process is not collected by the OCC in
any similar format.
The MLR is not intended to supplant
banks’ full BSA and OFAC risk
assessments. The OCC’s evaluation of a
bank’s full risk assessment is performed
during regular examinations. In addition
to the OCC’s uses, the MLR data can be
used by banks as the first step in the
two-step process of the banks’ BSA and
OFAC risk assessments. The first step in
any risk assessment process is to gather
data, and the MLR data gathered should
be substantially similar to information
needed to perform those internal bank
analyses of BSA and OFAC risks.
Additionally, the self-reported MLR
data are provided back to the bank along
with peer data so that the bank can
conduct comparison and trend analyses
concerning their data and peer data.
While the FFIEC Manual was
developed by the agencies 4 to ensure
consistency in the application of BSA/
AML requirements and to promote
uniformity in the supervision of
financial institutions, each agency has
the ability to supplement the
supervision process with their own
tools. The MLR is one such tool the OCC
uses in its BSA/AML supervision of
banks that permits consistent
identification of potentially higher-risk
products, services, customers and
geographies; expansion of the MLR will
expand this utility across all OCC
business lines and institution sizes.5
Rather than contradict the consistent
and uniform approach that using the
FFIEC Manual provides, the MLR
System complements the Manual’s
procedures for risk assessment and
supervision purposes. The submission
of MLR data in a consistent format
allows the agency to perform effective
data risk analytics. Extending the MLR
to all OCC-supervised banks, Federal
4 The FFIEC is a formal interagency body
empowered to prescribe uniform principles,
standards, and report forms for the federal
examination of financial institutions by the Board
of Governors of the Federal Reserve System (FRB),
the Federal Deposit Insurance Corporation (FDIC),
the National Credit Union Administration (NCUA),
the Office of the Comptroller of the Currency (OCC),
and the Consumer Financial Protection Bureau
(CFPB), and to make recommendations to promote
uniformity in the supervision of financial
institutions. In 2006, the State Liaison Committee
(SLC) was added to the Council as a voting member.
The SLC includes representatives from the
Conference of State Bank Supervisors (CSBS), the
American Council of State Savings Supervisors
(ACSSS), and the National Association of State
Credit Union Supervisors (NASCUS).
5 The OCC cannot address the tools used by the
other agencies in their BSA/AML supervision roles.
PO 00000
Frm 00127
Fmt 4703
Sfmt 4703
52523
thrifts, and Federal branches and
agencies will provide the OCC the same
type of bank data to identify and
evaluate BSA/ML and sanctions risks in
a consistent manner, regardless of
institution size.
2. Comments on Estimate of Burden
The OCC requested comment on the
accuracy of the agency’s estimate of the
burden of the collection of the
information. One commenter questioned
what the OCC included in the estimate
of burden hours. Another commenter
stated that they agree with the estimate
of burden hours for their institution but
also stated concern for peer banks,
noting that cost estimates vary greatly
depending on the size, structure, and
reporting format currently utilized and
technological resources available to
each bank. Six commenters stated that
the estimate of burden is too low. Two
commenters noted the reduction in the
estimate of burden hours from 2013 for
midsize and large bank populations,
with one commenter making the
assumption that technology is the
reason for the reduction in hours.6
The OCC uses the legal standard for
estimating burden hours under the
PRA.7 The term ‘‘burden’’ means time,
effort, or financial resources expended
by persons to generate, maintain, or
provide information to or for a Federal
agency, including the resources
expended for: (a) Reviewing
instructions; (b) acquiring, installing,
and utilizing technology and systems;
(c) adjusting the existing ways to
comply with any previously applicable
instructions and requirements; (d)
searching data sources; (e) completing
and reviewing the collection of
information; and (f) transmitting, or
otherwise disclosing the information.
Collecting MLR data from OCCsupervised institutions is not expected
to impose significant additional burden
on banks because most institutions
already generate or gather substantially
similar data in the normal course of
business in order to perform internal
bank analyses of BSA/ML and OFAC
risks. The burden included in the OCC’s
burden estimate is mainly the additional
resources required to report the MLR
data in an OCC-specified format.
The OCC has ten years’ experience
collecting MLR data from a large
number of banks. The OCC estimates
that the burden hours for midsize and
6 Burden estimates for midsize and large banks
were included in the 2013 MLR PRA renewal notice
published in the Federal Register on March 8, 2013
(78 FR 15121) even though the OCC has not
collected the data from those bank populations up
to this point.
7 44 U.S.C. 3502(2).
E:\FR\FM\08AUN1.SGM
08AUN1
52524
Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices
mstockstill on DSK3G9T082PROD with NOTICES
large bank populations will generally be
higher than for community banks,
Federal thrifts, and Federal branches
and agencies. This is primarily because
most midsize and large banks offer more
products and services, involving a
potentially wider range of customer
types and geographies, than less
complex community banks and Federal
branches and agencies.
The OCC recognizes that each bank is
unique and will have a different MLR
reporting experience. For example, a
bank’s management information
systems, structure, and complexity may
impact the bank’s MLR reporting, and,
therefore, the bank’s reporting burden.
However, the OCC believes the data
requested for MLR purposes is data that
institutions will have readily available
and that for the vast majority of banks,
will not require substantial investment
in technology or systems to collect and
report. The OCC reduced the estimated
burden hours for midsize banks to 25
hours in 2016 from 30 hours in 2013,
and for large banks, reduced estimated
burden hours to 80 hours in 2016 from
100 hours in 2013, due to implementing
a fully automated MLR format. There is
no change in the estimated burden for
community banks and Federal branches
and agencies in 2016 from 2013.
Finally, with regard to the estimate of
burden, one commenter stated that
failure to make publicly available the
MLR risk summary form (RSF) used to
collect the data in advance undermines
the PRA review process and makes it
difficult to comment on the accuracy of
the agency’s estimate of the burden. The
OCC is permitted, but not required, to
include the RSF as part of the 60-day
Federal Register notice. The form is
available, and was available at the time
the 60-day Federal Register notice was
issued, at https://www.reginfo.gov as an
attachment to the OCC’s 2013 PRA
submission https://www.reginfo.gov/
public/do/PRAICList?ref_nbr=2013021557-009.
3. Comments on Possible Data
Enhancements
The OCC requested comment on ways
to enhance the quality, utility, and
clarity of the information to be
collected. One commenter stated that it
was difficult to translate limited MLR
data into BSA/ML risks. Another
commenter stated that the MLR as
currently contemplated is not useful nor
is it worth the costs in terms of staff
hours, system modification and training.
The same commenter stated that the
OCC should consider designing a
customized, flexible cloud-based
architecture within a secure data center.
Additionally, this commenter stated that
VerDate Sep<11>2014
22:23 Aug 05, 2016
Jkt 238001
the OCC should establish an analytic
team dedicated to importing,
extrapolating, and analyzing the data
collection from banks, with the platform
designed to be flexible and dynamic to
account for each individual bank’s size,
geography, and business. After testing,
this commenter stated, consideration
should be given to rolling the platform
out on a risk-based basis to OCCregulated banks. One commenter also
stated that the OCC should consider
making the MLR mandatory only in
instances where the bank’s own risk
assessment is insufficient for the exam
scoping process. Two commenters
expressed concerns that the September
30 as-of report date was inconsistent
with most banks that operate on a
calendar-year basis.
The OCC collects the MLR data on
bank customers, products, services, and
geographies and analyzes the data in a
way that identifies the higher-risk type
customers, products, services, and
geographies, consistent with the FFIEC
Manual. The OCC uses the MLR data
gathered to assist, across the population
of reporting banks, with development of
examination strategies, preparation of
examination scoping to identify
transactions for testing, and meeting the
OCC’s obligations under applicable
statutes and regulations.8 The OCC
regularly reevaluates the infrastructure
around the MLR and makes decisions
about the most efficient and cost
effective infrastructure and processes to
utilize for the MLR System. An example
of the OCC making changes to the MLR
System was the updating of the MLR
risk summary form to a fully automated
data collection tool beginning in 2014.
The OCC analytics team checks for data
integrity issues, confirms various
validity checks on the data, and
analyzes the data used for OCC
supervision purposes.
Through the collection of MLR data
from community banks for the past ten
years, the OCC has determined that this
data allows the agency to better identify
those institutions, and areas within
institutions, that pose heightened risk of
money laundering and terrorist
financing and to allocate examination
resources accordingly. Collecting data in
a uniform fashion over the same time
period from all OCC-supervised
institutions is critical to developing a
8 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and
implementing regulations 12 CFR 21.21, 31; 12 CFR
21.11 and 163.180, 12 CFR Title X, and Office of
Foreign Assets Control sanction established under
the Trading with the Enemy Act (TWEA); 50 U.S.C.
App 1–44; International Emergency Economic
Powers Act (IEEPA), 50 U.S.C. 1701; 31 U.S.C.
5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR
21.11 and 163.180; and 31 CFR Title X.
PO 00000
Frm 00128
Fmt 4703
Sfmt 4703
database that allows effective analytic
reporting and benchmarking risks over
time.
An approach of making MLR data
reporting mandatory only in instances
where the bank’s own risk assessment
was insufficient would add time to the
examination process rather than
expediting it. First, this approach would
likely delay the OCC’s mandated
supervision schedule by taking away an
important source of data for broad-based
risk identification analysis and
benchmarking that facilitates the OCC’s
annual examination strategy
development and pre-planning
activities, which are conducted
potentially months in advance of an
onsite examination. Second, on an
individual bank level, this type of
approach would require the OCC to
review each bank’s risk assessment
during the exam scoping process before
making a decision as to whether that
bank would be required to report the
MLR data, potentially extending the
timeframe for each exam where the
bank’s risk assessment was deemed
insufficient.
In response to the commenters’
concerns that the September 30
reporting period is inconsistent with
most banks’ operating on a calendar
year basis, the OCC notes that this date
has not presented significant concerns
in the ten years experience during
which we have collected MLR data.
4. Comments on Minimizing Burden
Through Information Technology
The OCC invited comment on ways to
minimize the burden of the collection
on respondents, including through the
use of automated collection techniques
or other forms of information
technology. Five commenters stated that
the MLR data is duplicative of
information already gathered in the
normal course of bank supervision.
These commenters recommended that
the OCC not move forward with the
proposal to extend the data collection.
One commenter suggested that the OCC
obtain aggregate domestic and
international wire transfer and ACH
transaction data, along with the various
geographic locations of the international
wires from the Federal Reserve Bank.
One bank commenter stated they have
concerns about customer privacy due to
having the collection of data automated;
however, there was no explanation
provided. Two commenters expressed a
concern for requiring that all banks
submit MLR data annually, and one of
those commenters stated that the
frequency of the MLR data collection
should be linked to the bank’s ML risk
profile. Another commenter stated that
E:\FR\FM\08AUN1.SGM
08AUN1
mstockstill on DSK3G9T082PROD with NOTICES
Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices
MLR data should be collected on an ‘‘as
needed’’ basis.
The OCC notes that the MLR data is
not duplicative or redundant and is not
collected in any other format from OCCsupervised institutions. Wire
transaction and ACH data obtained from
the Federal Reserve Banks for OCCsupervised institutions is not
sufficiently detailed for purposes of
assessing BSA/ML/OFAC risk and
planning exam strategies. Wire
transaction data is limited to domestic
wires only and does not include
international wires, geographic
locations, or whether the wires were
sent Payable Upon Proper Identification
(PUPI). Similarly, ACH data is limited to
domestic ACH data and does not
include cross-border ACH or
international ACH data or geographies.
In addition, not all OCC-supervised
institutions may initiate/send or receive
international wires or ACH transactions
through a Federal Reserve Bank.
The OCC plans to collect the
requested data using an XML form or
other prescribed form submitted
through the OCC BankNet system. The
OCC plans to provide a schema (XML or
otherwise) to institutions in advance of
the required submission and also
provide a window for institutions to
submit test files and receive feedback.
Additionally, the OCC utilizes secure
data portals to communicate with and
receive data from all OCC-supervised
institutions. The OCC does not plan to
collect personally identifiable
information for MLR purposes,
therefore, it is not expected that the
collection would create customer
privacy concerns.
The annual filing requirement
frequency ties in closely with the OCC’s
statutory examination cycle
requirements because banks should
periodically perform risk assessments of
their customers, products, services, and
geographies for BSA/ML and OFAC
sanctions risks purposes. Requesting
MLR data less frequently than annually
would limit its usefulness for the OCC’s
BSA/AML/OFAC supervision
responsibilities and might also
negatively impact the bank’s own risk
assessment process. Collecting MLR
data on an ‘‘as needed’’ basis or tying
the MLR data collection frequency to a
bank’s risk profile would not allow for
the consistent planning and analysis
needed for such data, would lead to
inefficiencies, and would diminish the
ability of the OCC to assess risks over
time and otherwise utilize the data in a
meaningful way.
VerDate Sep<11>2014
22:23 Aug 05, 2016
Jkt 238001
5. Comments on Costs
The OCC invited comment on
estimates of capital or start-up costs and
costs of operation, maintenance, and
purchase of services to provide
information. One commenter stated that
the initial implementation (costs) would
be substantial and the ultimate data
collection system requirements could
result in annual burden estimates for
large banks exceeding the 2013 (100
hours) and 2016 (80 hours) burden
estimates. Another commenter stated
that the costs of additional software
would outweigh the benefits of time
saved in a small institution. One
commenter stated that the costs to
implement would vary greatly
depending on infrastructure, current
risk assessment process, and resources.
While there may be a slightly higher
burden during the first reporting year,
the OCC believes that the data requested
for MLR purposes should be readily
available and will not require
substantial investment in technology or
systems to collect and report. The OCC
does not require the acquisition of
additional software to collect and report
MLR data. Some institutions,
particularly community banks, collect
and organize the data on Excel
spreadsheets using existing bank reports
received on a daily, weekly, or monthly
basis, as the reports become available
throughout the period covered by the
reporting period. However, larger and
more complex institutions may find it
helpful to develop an internal reporting
system to gather data efficiently across
their organizations in a timely and
consistent manner for MLR reporting
purposes. The OCC provides options for
submitting the MLR data including a
fully automated online risk summary
form. Additionally, the MLR risk
summary form online system allows
bankers to upload an XML file to
complete the form. This XML file must
comply with formatting style and
validation requirements in order to be
accepted into the OCC’s secure system.
If the file is valid, the risk summary
form is pre-populated with the data
ready to be submitted to the OCC.
Two commenters stated that the OCC
should go through the rulemaking
process to gain approval to expand the
MLR System to midsize and large banks.
The PRA provides the public with two
opportunities to comment on a
proposed information collection similar
to the public comment opportunity
afforded by the Administrative
Procedure Act for rulemaking actions.
Consistent with the PRA, the OCC
previously sought comment on this
information collection for 60 days and
PO 00000
Frm 00129
Fmt 4703
Sfmt 9990
52525
now is seeking additional comment for
30 days. However, a notice of proposed
rulemaking is unnecessary. Under 12
U.S.C. 161, the Comptroller has the
express authority to require banks to
provide special reports as to matters
within his jurisdiction. BSA/AML
supervision is within the jurisdiction of
the OCC as the OCC has the delegated
authority from the Department of
Treasury’s Financial Crimes
Enforcement Network (FinCEN) to
examine national banks for compliance
with the BSA. The OCC also has the
authority under 12 U.S.C. 481 to make
a thorough examination of all the affairs
of a national bank. The MLR is an
important part of the OCC’s BSA/AML
examination processes that falls within
this broad grant of authority.
The OCC has decided to expand the
MLR reporting requirement to the OCC’s
midsize, large bank and Federal
branches and agencies populations. As
discussed above, a notice of proposed
rulemaking is not necessary. The OCC
previously had OMB approval to
include midsize and large banks in the
annual data collection, but requested
OMB renewal of the data collection in
2010 and 2013 only for community
banks. The OCC determined in 2010 and
2013 to collect only community bank
data for MLR purposes. Pursuant to
OMB requirements, the OCC is
requesting renewal of the existing
community bank MLR data collection
with expansion to midsize and large
bank (including Federal branches and
agencies).
Comments continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
OCC, including whether the information
has practical utility;
(b) The accuracy of the OCC’s
estimate of the burden of the collection
of information;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and
(e) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchase of services
to provide information.
Dated: August 2, 2016.
Karen Solomon,
Deputy Chief Counsel, Office of the
Comptroller of the Currency.
[FR Doc. 2016–18740 Filed 8–5–16; 8:45 am]
BILLING CODE 4810–33–P
E:\FR\FM\08AUN1.SGM
08AUN1
Agencies
[Federal Register Volume 81, Number 152 (Monday, August 8, 2016)]
[Notices]
[Pages 52521-52525]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-18740]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Information Collection
Extension With Revision; Submission for OMB Review; Bank Secrecy Act/
Money Laundering Risk Assessment
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and request for comments.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
[[Page 52522]]
and respondent burden, invites the general public and other Federal
agencies to take this opportunity to comment on a proposed information
collection, as required by the Paperwork Reduction Act of 1995 (44
U.S.C. chapter 35) (PRA).
In accordance with the requirements of the PRA, the OCC may not
conduct or sponsor, and the respondent is not required to respond to,
an information collection unless it displays a currently valid Office
of Management and Budget (OMB) control number.
The OCC is soliciting comments concerning an information collection
titled ``Bank Secrecy Act/Money Laundering Risk Assessment,'' also
known as the Money Laundering Risk (MLR) System.
The OCC is also announcing that the proposed collection of
information with extension has been submitted to OMB for review and
clearance under the PRA.
DATES: Comments must be submitted by September 7, 2016.
ADDRESSES: Because paper mail in the Washington, DC area and at the OCC
is subject to delay, commenters are encouraged to submit comments by
email, if possible. Comments may be sent to: Legislative and Regulatory
Activities Division, Office of the Comptroller of the Currency,
Attention: 1557-0231, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-
11, Washington, DC 20219. In addition, comments may be sent by fax to
(571) 465-4326 or by electronic mail to prainfo@occ.treas.gov. You may
personally inspect and photocopy comments at the OCC, 400 7th Street
SW., Washington, DC 20219. For security reasons, the OCC requires that
visitors make an appointment to inspect comments. You may do so by
calling (202) 649-6700, or for persons who are deaf or hard of hearing,
TTY, (202) 649-5597. Upon arrival, visitors will be required to present
valid government-issued photo identification and submit to security
screening in order to inspect and photocopy comments.
All comments received, including attachments and other supporting
materials, are part of the public record and subject to public
disclosure. Do not include any information in your comment or
supporting materials that you consider confidential or inappropriate
for public disclosure.
Additionally, please send a copy of your comments by mail to: OCC
Desk Officer, 1557-0231, U.S. Office of Management and Budget, 725 17th
Street NW., #10235, Washington, DC 20503, or by email to:
oira_submission@omb.eop.gov.
FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance
Officer, (202) 649-5490, or for persons who are deaf or hard of
hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities
Division, Office of the Comptroller of the Currency, 400 7th Street
SW., Washington, DC 20219.
SUPPLEMENTARY INFORMATION: In compliance with 44 U.S.C. 3507, the OCC
has submitted the following proposed collection of information to OMB
for review and clearance.
Bank Secrecy Act/Anti-Money Laundering Risk Assessment
The MLR System enhances the ability of examiners and bank
management to identify and evaluate any Bank Secrecy Act (BSA)/Money
Laundering (ML) and Office of Foreign Assets Control (OFAC) sanctions
risks associated with the banks' products, services, customers, and
locations. As new products and services are introduced, existing
products and services change, and banks expand through mergers and
acquisitions, a bank's management's evaluation of potential new money
laundering and terrorist financing risks is expected to evolve as well.
The MLR risk assessment is an important tool for the OCC's BSA/Anti-
Money Laundering (AML)/OFAC supervision activities because it allows
the OCC to better identify those institutions, and areas within
institutions, that pose heightened risk, and allocate examination
resources accordingly. This risk assessment is critical to protect
financial institutions of all sizes from potential abuse from money
laundering or terrorist financing. Absent an appropriate risk
assessment, applicable controls cannot be effectively implemented for
lines of business, products, or entities, which would elevate BSA, AML,
and OFAC compliance risks.
The OCC will collect MLR information for all financial institutions
supervised by the OCC.
OMB Control No.: 1557-0231.
Type of Review: Regular.
Frequency of Response: Annual.
Burden Estimates:
Community Bank and Federal Branches and Agencies populations:
Estimated Number of Respondents: 1,450.
Estimated Number of Responses: 1,450.
Frequency of Response: Annually.
Estimated Annual Burden: 8,700 hours.
Midsize Bank population:
Estimated Number of Respondents: 47.
Estimated Number of Responses: 47.
Frequency of Response: Annually.
Estimated Annual Burden: 1,175 hours.
Large Bank population:
Estimated Number of Respondents: 38.
Estimated Number of Responses: 38.
Frequency of Response: Annually.
Estimated Annual Burden: 3,040 hours.
The OCC issued a 60-day Federal Register notice on January 4, 2016,
soliciting comments concerning combining this existing community bank
information collection with expansion to all OCC-supervised
institutions.\1\ Eight comments were received: Four from OCC-supervised
banks, two from industry associations, one from a bank holding company
and one from an individual. Of the five comments received from a bank
holding company or a bank, three were from midsize banks, and the
remaining two comments were from community banks.
---------------------------------------------------------------------------
\1\ 81 FR 143 (January 4, 2016).
---------------------------------------------------------------------------
1. Comments on Practical Utility of the Data Collection
Comments were invited on whether the collection of information is
necessary for the proper performance of the functions of the agency,
including whether the information has practical utility. Two commenters
stated concern for either the small degree of practical utility or no
practical utility obtained by requiring all OCC-supervised banks to
report MLR data and linked the cost/benefit value of the cost of
gathering and reporting the data to the benefit derived to the bank or
to the OCC. An additional commenter stated that they saw no prudential
or supervisory benefit to expanding the annual MLR data collection
requirement to midsize or large banks when the OCC has access to the
information on a dynamic basis. One commenter stated that the OCC must
clearly demonstrate that costs and burdens associated with MLR do not
outweigh the benefits. One commenter stated that the collection of MLR
data is not necessary because the OCC already has access to the data
through its supervisory process, including the current BSA/AML risk
assessment expectation.
Six commenters stated that the one-size-fits-all approach or
proposed mandatory uniform approach for collecting MLR data from all
OCC-supervised banks is inconsistent or at odds with the Federal
Financial Institutions Examination Council (FFIEC) BSA/AML Examination
Manual (Manual), as the FFIEC Manual provides for a variety of
effective methods and
[[Page 52523]]
formats to be used in completing a risk assessment. Two commenters
stated that requiring only OCC-supervised banks to report MLR data
would create the equivalent of an ``uneven playing field'' for national
banks and Federal thrifts and agencies. One commenter stated that the
OCC should explain why collecting rudimentary MLR summary data is
needed when there are relatively few BSA enforcement actions and other
supervisory actions related to the BSA. One commenter stated that the
proposal does not provide analysis of why extending the MLR to all
financial institutions would enhance the ability of examiners and bank
management to identify and evaluate BSA/ML and sanctions risks. The
commenter further stated that the proposal does not explain how BSA/
AML/OFAC risk assessment provided through the MLR System enhances the
OCC's understanding of such risks or why this information is necessary
for the OCC to address supervisory concerns about those financial
institutions.
Collecting MLR data from all supervised banks will yield
substantial information that will provide a high degree of utility for
the OCC in meeting its supervisory obligations under applicable
statutes and regulations.\2\ The purpose of the MLR System is to
support the OCC's supervisory objectives by allowing for the
identification and analysis of BSA/ML and OFAC sanctions risks across
the population of all OCC-supervised banks, to assist examiners in
carrying out risk-based supervision pursuant to the FFIEC Manual, and
to meet the OCC's supervisory obligations under applicable statutes and
regulations.\3\ Whether to collect MLR data is not in any way linked to
whether an institution is the subject of a BSA/AML/OFAC enforcement or
any other type of supervisory action. MLR data is simply data about a
bank's products, services, customers, and geographies that is gathered
prior to examinations to promote effectiveness and efficiency in OCC
examination scoping and transaction testing. The expansion of the MLR
System to all OCC-supervised institutions will allow contemporaneous
data to be analyzed consistently across the agency and thus will allow
the OCC to better identify those institutions, and areas within
institutions, that pose heightened BSA/ML, and OFAC risk. The data
collected through the MLR process is not collected by the OCC in any
similar format.
---------------------------------------------------------------------------
\2\ 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and implementing
regulations 12 CFR 21.21, 31; 12 CFR 21.11 and 163.180, 12 CFR Title
X, and Office of Foreign Assets Control sanction established under
the Trading with the Enemy Act (TWEA); 50 U.S.C. App 1-44;
International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701;
31 U.S.C. 5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR 21.11 and
163.180; and 31 CFR Title X.
\3\ Ibid.
---------------------------------------------------------------------------
The MLR is not intended to supplant banks' full BSA and OFAC risk
assessments. The OCC's evaluation of a bank's full risk assessment is
performed during regular examinations. In addition to the OCC's uses,
the MLR data can be used by banks as the first step in the two-step
process of the banks' BSA and OFAC risk assessments. The first step in
any risk assessment process is to gather data, and the MLR data
gathered should be substantially similar to information needed to
perform those internal bank analyses of BSA and OFAC risks.
Additionally, the self-reported MLR data are provided back to the
bank along with peer data so that the bank can conduct comparison and
trend analyses concerning their data and peer data.
While the FFIEC Manual was developed by the agencies \4\ to ensure
consistency in the application of BSA/AML requirements and to promote
uniformity in the supervision of financial institutions, each agency
has the ability to supplement the supervision process with their own
tools. The MLR is one such tool the OCC uses in its BSA/AML supervision
of banks that permits consistent identification of potentially higher-
risk products, services, customers and geographies; expansion of the
MLR will expand this utility across all OCC business lines and
institution sizes.\5\ Rather than contradict the consistent and uniform
approach that using the FFIEC Manual provides, the MLR System
complements the Manual's procedures for risk assessment and supervision
purposes. The submission of MLR data in a consistent format allows the
agency to perform effective data risk analytics. Extending the MLR to
all OCC-supervised banks, Federal thrifts, and Federal branches and
agencies will provide the OCC the same type of bank data to identify
and evaluate BSA/ML and sanctions risks in a consistent manner,
regardless of institution size.
---------------------------------------------------------------------------
\4\ The FFIEC is a formal interagency body empowered to
prescribe uniform principles, standards, and report forms for the
federal examination of financial institutions by the Board of
Governors of the Federal Reserve System (FRB), the Federal Deposit
Insurance Corporation (FDIC), the National Credit Union
Administration (NCUA), the Office of the Comptroller of the Currency
(OCC), and the Consumer Financial Protection Bureau (CFPB), and to
make recommendations to promote uniformity in the supervision of
financial institutions. In 2006, the State Liaison Committee (SLC)
was added to the Council as a voting member. The SLC includes
representatives from the Conference of State Bank Supervisors
(CSBS), the American Council of State Savings Supervisors (ACSSS),
and the National Association of State Credit Union Supervisors
(NASCUS).
\5\ The OCC cannot address the tools used by the other agencies
in their BSA/AML supervision roles.
---------------------------------------------------------------------------
2. Comments on Estimate of Burden
The OCC requested comment on the accuracy of the agency's estimate
of the burden of the collection of the information. One commenter
questioned what the OCC included in the estimate of burden hours.
Another commenter stated that they agree with the estimate of burden
hours for their institution but also stated concern for peer banks,
noting that cost estimates vary greatly depending on the size,
structure, and reporting format currently utilized and technological
resources available to each bank. Six commenters stated that the
estimate of burden is too low. Two commenters noted the reduction in
the estimate of burden hours from 2013 for midsize and large bank
populations, with one commenter making the assumption that technology
is the reason for the reduction in hours.\6\
---------------------------------------------------------------------------
\6\ Burden estimates for midsize and large banks were included
in the 2013 MLR PRA renewal notice published in the Federal Register
on March 8, 2013 (78 FR 15121) even though the OCC has not collected
the data from those bank populations up to this point.
---------------------------------------------------------------------------
The OCC uses the legal standard for estimating burden hours under
the PRA.\7\ The term ``burden'' means time, effort, or financial
resources expended by persons to generate, maintain, or provide
information to or for a Federal agency, including the resources
expended for: (a) Reviewing instructions; (b) acquiring, installing,
and utilizing technology and systems; (c) adjusting the existing ways
to comply with any previously applicable instructions and requirements;
(d) searching data sources; (e) completing and reviewing the collection
of information; and (f) transmitting, or otherwise disclosing the
information. Collecting MLR data from OCC-supervised institutions is
not expected to impose significant additional burden on banks because
most institutions already generate or gather substantially similar data
in the normal course of business in order to perform internal bank
analyses of BSA/ML and OFAC risks. The burden included in the OCC's
burden estimate is mainly the additional resources required to report
the MLR data in an OCC-specified format.
---------------------------------------------------------------------------
\7\ 44 U.S.C. 3502(2).
---------------------------------------------------------------------------
The OCC has ten years' experience collecting MLR data from a large
number of banks. The OCC estimates that the burden hours for midsize
and
[[Page 52524]]
large bank populations will generally be higher than for community
banks, Federal thrifts, and Federal branches and agencies. This is
primarily because most midsize and large banks offer more products and
services, involving a potentially wider range of customer types and
geographies, than less complex community banks and Federal branches and
agencies.
The OCC recognizes that each bank is unique and will have a
different MLR reporting experience. For example, a bank's management
information systems, structure, and complexity may impact the bank's
MLR reporting, and, therefore, the bank's reporting burden. However,
the OCC believes the data requested for MLR purposes is data that
institutions will have readily available and that for the vast majority
of banks, will not require substantial investment in technology or
systems to collect and report. The OCC reduced the estimated burden
hours for midsize banks to 25 hours in 2016 from 30 hours in 2013, and
for large banks, reduced estimated burden hours to 80 hours in 2016
from 100 hours in 2013, due to implementing a fully automated MLR
format. There is no change in the estimated burden for community banks
and Federal branches and agencies in 2016 from 2013.
Finally, with regard to the estimate of burden, one commenter
stated that failure to make publicly available the MLR risk summary
form (RSF) used to collect the data in advance undermines the PRA
review process and makes it difficult to comment on the accuracy of the
agency's estimate of the burden. The OCC is permitted, but not
required, to include the RSF as part of the 60-day Federal Register
notice. The form is available, and was available at the time the 60-day
Federal Register notice was issued, at https://www.reginfo.gov as an
attachment to the OCC's 2013 PRA submission https://www.reginfo.gov/public/do/PRAICList?ref_nbr=201302-1557-009.
3. Comments on Possible Data Enhancements
The OCC requested comment on ways to enhance the quality, utility,
and clarity of the information to be collected. One commenter stated
that it was difficult to translate limited MLR data into BSA/ML risks.
Another commenter stated that the MLR as currently contemplated is not
useful nor is it worth the costs in terms of staff hours, system
modification and training. The same commenter stated that the OCC
should consider designing a customized, flexible cloud-based
architecture within a secure data center. Additionally, this commenter
stated that the OCC should establish an analytic team dedicated to
importing, extrapolating, and analyzing the data collection from banks,
with the platform designed to be flexible and dynamic to account for
each individual bank's size, geography, and business. After testing,
this commenter stated, consideration should be given to rolling the
platform out on a risk-based basis to OCC-regulated banks. One
commenter also stated that the OCC should consider making the MLR
mandatory only in instances where the bank's own risk assessment is
insufficient for the exam scoping process. Two commenters expressed
concerns that the September 30 as-of report date was inconsistent with
most banks that operate on a calendar-year basis.
The OCC collects the MLR data on bank customers, products,
services, and geographies and analyzes the data in a way that
identifies the higher-risk type customers, products, services, and
geographies, consistent with the FFIEC Manual. The OCC uses the MLR
data gathered to assist, across the population of reporting banks, with
development of examination strategies, preparation of examination
scoping to identify transactions for testing, and meeting the OCC's
obligations under applicable statutes and regulations.\8\ The OCC
regularly reevaluates the infrastructure around the MLR and makes
decisions about the most efficient and cost effective infrastructure
and processes to utilize for the MLR System. An example of the OCC
making changes to the MLR System was the updating of the MLR risk
summary form to a fully automated data collection tool beginning in
2014. The OCC analytics team checks for data integrity issues, confirms
various validity checks on the data, and analyzes the data used for OCC
supervision purposes.
---------------------------------------------------------------------------
\8\ 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and implementing
regulations 12 CFR 21.21, 31; 12 CFR 21.11 and 163.180, 12 CFR Title
X, and Office of Foreign Assets Control sanction established under
the Trading with the Enemy Act (TWEA); 50 U.S.C. App 1-44;
International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701;
31 U.S.C. 5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR 21.11 and
163.180; and 31 CFR Title X.
---------------------------------------------------------------------------
Through the collection of MLR data from community banks for the
past ten years, the OCC has determined that this data allows the agency
to better identify those institutions, and areas within institutions,
that pose heightened risk of money laundering and terrorist financing
and to allocate examination resources accordingly. Collecting data in a
uniform fashion over the same time period from all OCC-supervised
institutions is critical to developing a database that allows effective
analytic reporting and benchmarking risks over time.
An approach of making MLR data reporting mandatory only in
instances where the bank's own risk assessment was insufficient would
add time to the examination process rather than expediting it. First,
this approach would likely delay the OCC's mandated supervision
schedule by taking away an important source of data for broad-based
risk identification analysis and benchmarking that facilitates the
OCC's annual examination strategy development and pre-planning
activities, which are conducted potentially months in advance of an
onsite examination. Second, on an individual bank level, this type of
approach would require the OCC to review each bank's risk assessment
during the exam scoping process before making a decision as to whether
that bank would be required to report the MLR data, potentially
extending the timeframe for each exam where the bank's risk assessment
was deemed insufficient.
In response to the commenters' concerns that the September 30
reporting period is inconsistent with most banks' operating on a
calendar year basis, the OCC notes that this date has not presented
significant concerns in the ten years experience during which we have
collected MLR data.
4. Comments on Minimizing Burden Through Information Technology
The OCC invited comment on ways to minimize the burden of the
collection on respondents, including through the use of automated
collection techniques or other forms of information technology. Five
commenters stated that the MLR data is duplicative of information
already gathered in the normal course of bank supervision. These
commenters recommended that the OCC not move forward with the proposal
to extend the data collection. One commenter suggested that the OCC
obtain aggregate domestic and international wire transfer and ACH
transaction data, along with the various geographic locations of the
international wires from the Federal Reserve Bank. One bank commenter
stated they have concerns about customer privacy due to having the
collection of data automated; however, there was no explanation
provided. Two commenters expressed a concern for requiring that all
banks submit MLR data annually, and one of those commenters stated that
the frequency of the MLR data collection should be linked to the bank's
ML risk profile. Another commenter stated that
[[Page 52525]]
MLR data should be collected on an ``as needed'' basis.
The OCC notes that the MLR data is not duplicative or redundant and
is not collected in any other format from OCC-supervised institutions.
Wire transaction and ACH data obtained from the Federal Reserve Banks
for OCC-supervised institutions is not sufficiently detailed for
purposes of assessing BSA/ML/OFAC risk and planning exam strategies.
Wire transaction data is limited to domestic wires only and does not
include international wires, geographic locations, or whether the wires
were sent Payable Upon Proper Identification (PUPI). Similarly, ACH
data is limited to domestic ACH data and does not include cross-border
ACH or international ACH data or geographies. In addition, not all OCC-
supervised institutions may initiate/send or receive international
wires or ACH transactions through a Federal Reserve Bank.
The OCC plans to collect the requested data using an XML form or
other prescribed form submitted through the OCC BankNet system. The OCC
plans to provide a schema (XML or otherwise) to institutions in advance
of the required submission and also provide a window for institutions
to submit test files and receive feedback. Additionally, the OCC
utilizes secure data portals to communicate with and receive data from
all OCC-supervised institutions. The OCC does not plan to collect
personally identifiable information for MLR purposes, therefore, it is
not expected that the collection would create customer privacy
concerns.
The annual filing requirement frequency ties in closely with the
OCC's statutory examination cycle requirements because banks should
periodically perform risk assessments of their customers, products,
services, and geographies for BSA/ML and OFAC sanctions risks purposes.
Requesting MLR data less frequently than annually would limit its
usefulness for the OCC's BSA/AML/OFAC supervision responsibilities and
might also negatively impact the bank's own risk assessment process.
Collecting MLR data on an ``as needed'' basis or tying the MLR data
collection frequency to a bank's risk profile would not allow for the
consistent planning and analysis needed for such data, would lead to
inefficiencies, and would diminish the ability of the OCC to assess
risks over time and otherwise utilize the data in a meaningful way.
5. Comments on Costs
The OCC invited comment on estimates of capital or start-up costs
and costs of operation, maintenance, and purchase of services to
provide information. One commenter stated that the initial
implementation (costs) would be substantial and the ultimate data
collection system requirements could result in annual burden estimates
for large banks exceeding the 2013 (100 hours) and 2016 (80 hours)
burden estimates. Another commenter stated that the costs of additional
software would outweigh the benefits of time saved in a small
institution. One commenter stated that the costs to implement would
vary greatly depending on infrastructure, current risk assessment
process, and resources.
While there may be a slightly higher burden during the first
reporting year, the OCC believes that the data requested for MLR
purposes should be readily available and will not require substantial
investment in technology or systems to collect and report. The OCC does
not require the acquisition of additional software to collect and
report MLR data. Some institutions, particularly community banks,
collect and organize the data on Excel spreadsheets using existing bank
reports received on a daily, weekly, or monthly basis, as the reports
become available throughout the period covered by the reporting period.
However, larger and more complex institutions may find it helpful to
develop an internal reporting system to gather data efficiently across
their organizations in a timely and consistent manner for MLR reporting
purposes. The OCC provides options for submitting the MLR data
including a fully automated online risk summary form. Additionally, the
MLR risk summary form online system allows bankers to upload an XML
file to complete the form. This XML file must comply with formatting
style and validation requirements in order to be accepted into the
OCC's secure system. If the file is valid, the risk summary form is
pre-populated with the data ready to be submitted to the OCC.
Two commenters stated that the OCC should go through the rulemaking
process to gain approval to expand the MLR System to midsize and large
banks. The PRA provides the public with two opportunities to comment on
a proposed information collection similar to the public comment
opportunity afforded by the Administrative Procedure Act for rulemaking
actions. Consistent with the PRA, the OCC previously sought comment on
this information collection for 60 days and now is seeking additional
comment for 30 days. However, a notice of proposed rulemaking is
unnecessary. Under 12 U.S.C. 161, the Comptroller has the express
authority to require banks to provide special reports as to matters
within his jurisdiction. BSA/AML supervision is within the jurisdiction
of the OCC as the OCC has the delegated authority from the Department
of Treasury's Financial Crimes Enforcement Network (FinCEN) to examine
national banks for compliance with the BSA. The OCC also has the
authority under 12 U.S.C. 481 to make a thorough examination of all the
affairs of a national bank. The MLR is an important part of the OCC's
BSA/AML examination processes that falls within this broad grant of
authority.
The OCC has decided to expand the MLR reporting requirement to the
OCC's midsize, large bank and Federal branches and agencies
populations. As discussed above, a notice of proposed rulemaking is not
necessary. The OCC previously had OMB approval to include midsize and
large banks in the annual data collection, but requested OMB renewal of
the data collection in 2010 and 2013 only for community banks. The OCC
determined in 2010 and 2013 to collect only community bank data for MLR
purposes. Pursuant to OMB requirements, the OCC is requesting renewal
of the existing community bank MLR data collection with expansion to
midsize and large bank (including Federal branches and agencies).
Comments continue to be invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the OCC, including whether the
information has practical utility;
(b) The accuracy of the OCC's estimate of the burden of the
collection of information;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation,
maintenance, and purchase of services to provide information.
Dated: August 2, 2016.
Karen Solomon,
Deputy Chief Counsel, Office of the Comptroller of the Currency.
[FR Doc. 2016-18740 Filed 8-5-16; 8:45 am]
BILLING CODE 4810-33-P