Agency Information Collection Activities: Information Collection Extension With Revision; Submission for OMB Review; Bank Secrecy Act/Money Laundering Risk Assessment, 52521-52525 [2016-18740]

Download as PDF 52521 Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices TABLE 3—CALIFORNIA—DESIGNATED HRCQ/RAM ROUTES—Continued Designation date Route order 10/19/94 ...... B4A 10/19/94 ...... B5 10/19/94 ...... B5A–1.0 10/19/94 ...... B6A–1.0 10/19/94 ...... B6A–2.0 04/01/14 ...... 10/19/94 ...... B6A– 2.0A B7A–2.0 10/19/94 ...... C1 10/19/94 ...... C2 10/19/94 ...... D1 10/19/94 ...... D2A 10/19/94 ...... E 10/19/94 ...... F1 10/19/94 ...... F2A 10/19/94 ...... G 04/01/14 ...... H Route description Interstate 15 from Nevada border to State 60 [Mira Loma]. Interstate 605 from Interstate 210 [Duarte] to Interstate 5 [Santa Fe Springs]. Interstate 40 from Arizona to Interstate 15 [Barstow]. Interstate 10 from Arizona to Interstate 605 [Baldwin Park]. Interstate 210 from Interstate 5 [Sylmar] to State 57 [Glendora]. State Route 57 from Interstate 210 to Interstate 10. Interstate 5 from Oregon [MP 796] to Interstate 210 [MP 160—Sylmar]. Interstate 280 from Interstate 680 [in San Jose] to Interstate 380 [in San Francisco]. Interstate 680 from Interstate 80 [Cordelia Junction, Fairfield] to Interstate 280 [San Jose]. Interstate 880 from Interstate 980 [Oakland] to Interstate 238 [San Leandro]. Interstate 980 from Interstate 580 to Interstate 880. Interstate 238 from Interstate 580 [Ashland] to Interstate 880 [San Leandro]. Interstate 580 from Interstate 5 to Interstate 238. Interstate 205 from Interstate 5 [Lanthrop] to Interstate 580 [Alameda County]’’. Interstate 80 from Nevada to Interstate 580 [north of Oakland]. Interstate 505 from Interstate 5 to Interstate 80. Issued on: July 23, 2016. T.F. Scott Darling, III, Administrator. Office of the Secretary Application of Trans Northern Airways LLC for Commuter Authority Department of Transportation. ACTION: Notice of Order to Show Cause (Order 2016–8–5) Docket DOT–OST– 2016–0057. AGENCY: The Department of Transportation is directing all interested persons to show cause why it should not issue an order tentatively finding Trans Northern Airways LLC fit, willing, and able to provide scheduled passenger service as a commuter air SUMMARY: Jkt 238001 FMCSA QA comment P Los Angeles P P P Los Angeles P P P P P Alameda .... Alameda .... P Alameda .... Oakland ..... P P P P P P Persons wishing to file objections should do so no later than August 16, 2016. DEPARTMENT OF TRANSPORTATION mstockstill on DSK3G9T082PROD with NOTICES Designation(s) (A,B,I,P) DATES: BILLING CODE 4910–EX–P 22:23 Aug 05, 2016 County carrier using small aircraft pursuant to Part 135 of the Federal Aviation Regulations. [FR Doc. 2016–18729 Filed 8–5–16; 8:45 am] VerDate Sep<11>2014 City Objections and answers to objections should be filed in Docket DOT–OST–2016–0057 and addressed to U.S. Department of Transportation, Docket Operations, (M–30, Room W12– 140), 1200 New Jersey Avenue SE., West Building Ground Floor, Washington, DC 20590, and should be served upon the parties listed in Attachment A to the order. Dated: August 2, 2016. Susan McDermott, Deputy Assistant Secretary for Aviation and International Affairs. [FR Doc. 2016–18728 Filed 8–5–16; 8:45 am] BILLING CODE 4910–9X–P ADDRESSES: FOR FURTHER INFORMATION CONTACT: Catherine J. O’Toole, Air Carrier Fitness Division (X–56, Room W86–489), U.S. Department of Transportation, 1200 New Jersey Avenue SE., Washington, DC 20590, (202) 366–9721. PO 00000 Frm 00125 Fmt 4703 Sfmt 4703 DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities: Information Collection Extension With Revision; Submission for OMB Review; Bank Secrecy Act/ Money Laundering Risk Assessment Office of the Comptroller of the Currency (OCC), Treasury. ACTION: Notice and request for comments. AGENCY: The OCC, as part of its continuing effort to reduce paperwork SUMMARY: E:\FR\FM\08AUN1.SGM 08AUN1 mstockstill on DSK3G9T082PROD with NOTICES 52522 Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on a proposed information collection, as required by the Paperwork Reduction Act of 1995 (44 U.S.C. chapter 35) (PRA). In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is soliciting comments concerning an information collection titled ‘‘Bank Secrecy Act/Money Laundering Risk Assessment,’’ also known as the Money Laundering Risk (MLR) System. The OCC is also announcing that the proposed collection of information with extension has been submitted to OMB for review and clearance under the PRA. DATES: Comments must be submitted by September 7, 2016. ADDRESSES: Because paper mail in the Washington, DC area and at the OCC is subject to delay, commenters are encouraged to submit comments by email, if possible. Comments may be sent to: Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, Attention: 1557–0231, 400 7th Street SW., Suite 3E–218, Mail Stop 9W–11, Washington, DC 20219. In addition, comments may be sent by fax to (571) 465–4326 or by electronic mail to prainfo@occ.treas.gov. You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649–6700, or for persons who are deaf or hard of hearing, TTY, (202) 649–5597. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect and photocopy comments. All comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure. Additionally, please send a copy of your comments by mail to: OCC Desk Officer, 1557–0231, U.S. Office of Management and Budget, 725 17th Street NW., #10235, Washington, DC 20503, or by email to: oira_submission@ omb.eop.gov. VerDate Sep<11>2014 22:23 Aug 05, 2016 Jkt 238001 FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance Officer, (202) 649–5490, or for persons who are deaf or hard of hearing, TTY, (202) 649–5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Washington, DC 20219. SUPPLEMENTARY INFORMATION: In compliance with 44 U.S.C. 3507, the OCC has submitted the following proposed collection of information to OMB for review and clearance. Bank Secrecy Act/Anti-Money Laundering Risk Assessment The MLR System enhances the ability of examiners and bank management to identify and evaluate any Bank Secrecy Act (BSA)/Money Laundering (ML) and Office of Foreign Assets Control (OFAC) sanctions risks associated with the banks’ products, services, customers, and locations. As new products and services are introduced, existing products and services change, and banks expand through mergers and acquisitions, a bank’s management’s evaluation of potential new money laundering and terrorist financing risks is expected to evolve as well. The MLR risk assessment is an important tool for the OCC’s BSA/Anti-Money Laundering (AML)/OFAC supervision activities because it allows the OCC to better identify those institutions, and areas within institutions, that pose heightened risk, and allocate examination resources accordingly. This risk assessment is critical to protect financial institutions of all sizes from potential abuse from money laundering or terrorist financing. Absent an appropriate risk assessment, applicable controls cannot be effectively implemented for lines of business, products, or entities, which would elevate BSA, AML, and OFAC compliance risks. The OCC will collect MLR information for all financial institutions supervised by the OCC. OMB Control No.: 1557–0231. Type of Review: Regular. Frequency of Response: Annual. Burden Estimates: Community Bank and Federal Branches and Agencies populations: Estimated Number of Respondents: 1,450. Estimated Number of Responses: 1,450. Frequency of Response: Annually. Estimated Annual Burden: 8,700 hours. Midsize Bank population: Estimated Number of Respondents: 47. Estimated Number of Responses: 47. PO 00000 Frm 00126 Fmt 4703 Sfmt 4703 Frequency of Response: Annually. Estimated Annual Burden: 1,175 hours. Large Bank population: Estimated Number of Respondents: 38. Estimated Number of Responses: 38. Frequency of Response: Annually. Estimated Annual Burden: 3,040 hours. The OCC issued a 60-day Federal Register notice on January 4, 2016, soliciting comments concerning combining this existing community bank information collection with expansion to all OCC-supervised institutions.1 Eight comments were received: Four from OCC-supervised banks, two from industry associations, one from a bank holding company and one from an individual. Of the five comments received from a bank holding company or a bank, three were from midsize banks, and the remaining two comments were from community banks. 1. Comments on Practical Utility of the Data Collection Comments were invited on whether the collection of information is necessary for the proper performance of the functions of the agency, including whether the information has practical utility. Two commenters stated concern for either the small degree of practical utility or no practical utility obtained by requiring all OCC-supervised banks to report MLR data and linked the cost/ benefit value of the cost of gathering and reporting the data to the benefit derived to the bank or to the OCC. An additional commenter stated that they saw no prudential or supervisory benefit to expanding the annual MLR data collection requirement to midsize or large banks when the OCC has access to the information on a dynamic basis. One commenter stated that the OCC must clearly demonstrate that costs and burdens associated with MLR do not outweigh the benefits. One commenter stated that the collection of MLR data is not necessary because the OCC already has access to the data through its supervisory process, including the current BSA/AML risk assessment expectation. Six commenters stated that the onesize-fits-all approach or proposed mandatory uniform approach for collecting MLR data from all OCCsupervised banks is inconsistent or at odds with the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual (Manual), as the FFIEC Manual provides for a variety of effective methods and 1 81 E:\FR\FM\08AUN1.SGM FR 143 (January 4, 2016). 08AUN1 Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices mstockstill on DSK3G9T082PROD with NOTICES formats to be used in completing a risk assessment. Two commenters stated that requiring only OCC-supervised banks to report MLR data would create the equivalent of an ‘‘uneven playing field’’ for national banks and Federal thrifts and agencies. One commenter stated that the OCC should explain why collecting rudimentary MLR summary data is needed when there are relatively few BSA enforcement actions and other supervisory actions related to the BSA. One commenter stated that the proposal does not provide analysis of why extending the MLR to all financial institutions would enhance the ability of examiners and bank management to identify and evaluate BSA/ML and sanctions risks. The commenter further stated that the proposal does not explain how BSA/AML/OFAC risk assessment provided through the MLR System enhances the OCC’s understanding of such risks or why this information is necessary for the OCC to address supervisory concerns about those financial institutions. Collecting MLR data from all supervised banks will yield substantial information that will provide a high degree of utility for the OCC in meeting its supervisory obligations under applicable statutes and regulations.2 The purpose of the MLR System is to support the OCC’s supervisory objectives by allowing for the identification and analysis of BSA/ML and OFAC sanctions risks across the population of all OCC-supervised banks, to assist examiners in carrying out riskbased supervision pursuant to the FFIEC Manual, and to meet the OCC’s supervisory obligations under applicable statutes and regulations.3 Whether to collect MLR data is not in any way linked to whether an institution is the subject of a BSA/AML/ OFAC enforcement or any other type of supervisory action. MLR data is simply data about a bank’s products, services, customers, and geographies that is gathered prior to examinations to promote effectiveness and efficiency in OCC examination scoping and transaction testing. The expansion of the MLR System to all OCC-supervised institutions will allow contemporaneous data to be analyzed consistently across the agency and thus will allow the OCC 2 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and implementing regulations 12 CFR 21.21, 31; 12 CFR 21.11 and 163.180, 12 CFR Title X, and Office of Foreign Assets Control sanction established under the Trading with the Enemy Act (TWEA); 50 U.S.C. App 1–44; International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701; 31 U.S.C. 5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR 21.11 and 163.180; and 31 CFR Title X. 3 Ibid. VerDate Sep<11>2014 22:23 Aug 05, 2016 Jkt 238001 to better identify those institutions, and areas within institutions, that pose heightened BSA/ML, and OFAC risk. The data collected through the MLR process is not collected by the OCC in any similar format. The MLR is not intended to supplant banks’ full BSA and OFAC risk assessments. The OCC’s evaluation of a bank’s full risk assessment is performed during regular examinations. In addition to the OCC’s uses, the MLR data can be used by banks as the first step in the two-step process of the banks’ BSA and OFAC risk assessments. The first step in any risk assessment process is to gather data, and the MLR data gathered should be substantially similar to information needed to perform those internal bank analyses of BSA and OFAC risks. Additionally, the self-reported MLR data are provided back to the bank along with peer data so that the bank can conduct comparison and trend analyses concerning their data and peer data. While the FFIEC Manual was developed by the agencies 4 to ensure consistency in the application of BSA/ AML requirements and to promote uniformity in the supervision of financial institutions, each agency has the ability to supplement the supervision process with their own tools. The MLR is one such tool the OCC uses in its BSA/AML supervision of banks that permits consistent identification of potentially higher-risk products, services, customers and geographies; expansion of the MLR will expand this utility across all OCC business lines and institution sizes.5 Rather than contradict the consistent and uniform approach that using the FFIEC Manual provides, the MLR System complements the Manual’s procedures for risk assessment and supervision purposes. The submission of MLR data in a consistent format allows the agency to perform effective data risk analytics. Extending the MLR to all OCC-supervised banks, Federal 4 The FFIEC is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB), and to make recommendations to promote uniformity in the supervision of financial institutions. In 2006, the State Liaison Committee (SLC) was added to the Council as a voting member. The SLC includes representatives from the Conference of State Bank Supervisors (CSBS), the American Council of State Savings Supervisors (ACSSS), and the National Association of State Credit Union Supervisors (NASCUS). 5 The OCC cannot address the tools used by the other agencies in their BSA/AML supervision roles. PO 00000 Frm 00127 Fmt 4703 Sfmt 4703 52523 thrifts, and Federal branches and agencies will provide the OCC the same type of bank data to identify and evaluate BSA/ML and sanctions risks in a consistent manner, regardless of institution size. 2. Comments on Estimate of Burden The OCC requested comment on the accuracy of the agency’s estimate of the burden of the collection of the information. One commenter questioned what the OCC included in the estimate of burden hours. Another commenter stated that they agree with the estimate of burden hours for their institution but also stated concern for peer banks, noting that cost estimates vary greatly depending on the size, structure, and reporting format currently utilized and technological resources available to each bank. Six commenters stated that the estimate of burden is too low. Two commenters noted the reduction in the estimate of burden hours from 2013 for midsize and large bank populations, with one commenter making the assumption that technology is the reason for the reduction in hours.6 The OCC uses the legal standard for estimating burden hours under the PRA.7 The term ‘‘burden’’ means time, effort, or financial resources expended by persons to generate, maintain, or provide information to or for a Federal agency, including the resources expended for: (a) Reviewing instructions; (b) acquiring, installing, and utilizing technology and systems; (c) adjusting the existing ways to comply with any previously applicable instructions and requirements; (d) searching data sources; (e) completing and reviewing the collection of information; and (f) transmitting, or otherwise disclosing the information. Collecting MLR data from OCCsupervised institutions is not expected to impose significant additional burden on banks because most institutions already generate or gather substantially similar data in the normal course of business in order to perform internal bank analyses of BSA/ML and OFAC risks. The burden included in the OCC’s burden estimate is mainly the additional resources required to report the MLR data in an OCC-specified format. The OCC has ten years’ experience collecting MLR data from a large number of banks. The OCC estimates that the burden hours for midsize and 6 Burden estimates for midsize and large banks were included in the 2013 MLR PRA renewal notice published in the Federal Register on March 8, 2013 (78 FR 15121) even though the OCC has not collected the data from those bank populations up to this point. 7 44 U.S.C. 3502(2). E:\FR\FM\08AUN1.SGM 08AUN1 52524 Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices mstockstill on DSK3G9T082PROD with NOTICES large bank populations will generally be higher than for community banks, Federal thrifts, and Federal branches and agencies. This is primarily because most midsize and large banks offer more products and services, involving a potentially wider range of customer types and geographies, than less complex community banks and Federal branches and agencies. The OCC recognizes that each bank is unique and will have a different MLR reporting experience. For example, a bank’s management information systems, structure, and complexity may impact the bank’s MLR reporting, and, therefore, the bank’s reporting burden. However, the OCC believes the data requested for MLR purposes is data that institutions will have readily available and that for the vast majority of banks, will not require substantial investment in technology or systems to collect and report. The OCC reduced the estimated burden hours for midsize banks to 25 hours in 2016 from 30 hours in 2013, and for large banks, reduced estimated burden hours to 80 hours in 2016 from 100 hours in 2013, due to implementing a fully automated MLR format. There is no change in the estimated burden for community banks and Federal branches and agencies in 2016 from 2013. Finally, with regard to the estimate of burden, one commenter stated that failure to make publicly available the MLR risk summary form (RSF) used to collect the data in advance undermines the PRA review process and makes it difficult to comment on the accuracy of the agency’s estimate of the burden. The OCC is permitted, but not required, to include the RSF as part of the 60-day Federal Register notice. The form is available, and was available at the time the 60-day Federal Register notice was issued, at http://www.reginfo.gov as an attachment to the OCC’s 2013 PRA submission http://www.reginfo.gov/ public/do/PRAICList?ref_nbr=2013021557-009. 3. Comments on Possible Data Enhancements The OCC requested comment on ways to enhance the quality, utility, and clarity of the information to be collected. One commenter stated that it was difficult to translate limited MLR data into BSA/ML risks. Another commenter stated that the MLR as currently contemplated is not useful nor is it worth the costs in terms of staff hours, system modification and training. The same commenter stated that the OCC should consider designing a customized, flexible cloud-based architecture within a secure data center. Additionally, this commenter stated that VerDate Sep<11>2014 22:23 Aug 05, 2016 Jkt 238001 the OCC should establish an analytic team dedicated to importing, extrapolating, and analyzing the data collection from banks, with the platform designed to be flexible and dynamic to account for each individual bank’s size, geography, and business. After testing, this commenter stated, consideration should be given to rolling the platform out on a risk-based basis to OCCregulated banks. One commenter also stated that the OCC should consider making the MLR mandatory only in instances where the bank’s own risk assessment is insufficient for the exam scoping process. Two commenters expressed concerns that the September 30 as-of report date was inconsistent with most banks that operate on a calendar-year basis. The OCC collects the MLR data on bank customers, products, services, and geographies and analyzes the data in a way that identifies the higher-risk type customers, products, services, and geographies, consistent with the FFIEC Manual. The OCC uses the MLR data gathered to assist, across the population of reporting banks, with development of examination strategies, preparation of examination scoping to identify transactions for testing, and meeting the OCC’s obligations under applicable statutes and regulations.8 The OCC regularly reevaluates the infrastructure around the MLR and makes decisions about the most efficient and cost effective infrastructure and processes to utilize for the MLR System. An example of the OCC making changes to the MLR System was the updating of the MLR risk summary form to a fully automated data collection tool beginning in 2014. The OCC analytics team checks for data integrity issues, confirms various validity checks on the data, and analyzes the data used for OCC supervision purposes. Through the collection of MLR data from community banks for the past ten years, the OCC has determined that this data allows the agency to better identify those institutions, and areas within institutions, that pose heightened risk of money laundering and terrorist financing and to allocate examination resources accordingly. Collecting data in a uniform fashion over the same time period from all OCC-supervised institutions is critical to developing a 8 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and implementing regulations 12 CFR 21.21, 31; 12 CFR 21.11 and 163.180, 12 CFR Title X, and Office of Foreign Assets Control sanction established under the Trading with the Enemy Act (TWEA); 50 U.S.C. App 1–44; International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701; 31 U.S.C. 5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR 21.11 and 163.180; and 31 CFR Title X. PO 00000 Frm 00128 Fmt 4703 Sfmt 4703 database that allows effective analytic reporting and benchmarking risks over time. An approach of making MLR data reporting mandatory only in instances where the bank’s own risk assessment was insufficient would add time to the examination process rather than expediting it. First, this approach would likely delay the OCC’s mandated supervision schedule by taking away an important source of data for broad-based risk identification analysis and benchmarking that facilitates the OCC’s annual examination strategy development and pre-planning activities, which are conducted potentially months in advance of an onsite examination. Second, on an individual bank level, this type of approach would require the OCC to review each bank’s risk assessment during the exam scoping process before making a decision as to whether that bank would be required to report the MLR data, potentially extending the timeframe for each exam where the bank’s risk assessment was deemed insufficient. In response to the commenters’ concerns that the September 30 reporting period is inconsistent with most banks’ operating on a calendar year basis, the OCC notes that this date has not presented significant concerns in the ten years experience during which we have collected MLR data. 4. Comments on Minimizing Burden Through Information Technology The OCC invited comment on ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology. Five commenters stated that the MLR data is duplicative of information already gathered in the normal course of bank supervision. These commenters recommended that the OCC not move forward with the proposal to extend the data collection. One commenter suggested that the OCC obtain aggregate domestic and international wire transfer and ACH transaction data, along with the various geographic locations of the international wires from the Federal Reserve Bank. One bank commenter stated they have concerns about customer privacy due to having the collection of data automated; however, there was no explanation provided. Two commenters expressed a concern for requiring that all banks submit MLR data annually, and one of those commenters stated that the frequency of the MLR data collection should be linked to the bank’s ML risk profile. Another commenter stated that E:\FR\FM\08AUN1.SGM 08AUN1 mstockstill on DSK3G9T082PROD with NOTICES Federal Register / Vol. 81, No. 152 / Monday, August 8, 2016 / Notices MLR data should be collected on an ‘‘as needed’’ basis. The OCC notes that the MLR data is not duplicative or redundant and is not collected in any other format from OCCsupervised institutions. Wire transaction and ACH data obtained from the Federal Reserve Banks for OCCsupervised institutions is not sufficiently detailed for purposes of assessing BSA/ML/OFAC risk and planning exam strategies. Wire transaction data is limited to domestic wires only and does not include international wires, geographic locations, or whether the wires were sent Payable Upon Proper Identification (PUPI). Similarly, ACH data is limited to domestic ACH data and does not include cross-border ACH or international ACH data or geographies. In addition, not all OCC-supervised institutions may initiate/send or receive international wires or ACH transactions through a Federal Reserve Bank. The OCC plans to collect the requested data using an XML form or other prescribed form submitted through the OCC BankNet system. The OCC plans to provide a schema (XML or otherwise) to institutions in advance of the required submission and also provide a window for institutions to submit test files and receive feedback. Additionally, the OCC utilizes secure data portals to communicate with and receive data from all OCC-supervised institutions. The OCC does not plan to collect personally identifiable information for MLR purposes, therefore, it is not expected that the collection would create customer privacy concerns. The annual filing requirement frequency ties in closely with the OCC’s statutory examination cycle requirements because banks should periodically perform risk assessments of their customers, products, services, and geographies for BSA/ML and OFAC sanctions risks purposes. Requesting MLR data less frequently than annually would limit its usefulness for the OCC’s BSA/AML/OFAC supervision responsibilities and might also negatively impact the bank’s own risk assessment process. Collecting MLR data on an ‘‘as needed’’ basis or tying the MLR data collection frequency to a bank’s risk profile would not allow for the consistent planning and analysis needed for such data, would lead to inefficiencies, and would diminish the ability of the OCC to assess risks over time and otherwise utilize the data in a meaningful way. VerDate Sep<11>2014 22:23 Aug 05, 2016 Jkt 238001 5. Comments on Costs The OCC invited comment on estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. One commenter stated that the initial implementation (costs) would be substantial and the ultimate data collection system requirements could result in annual burden estimates for large banks exceeding the 2013 (100 hours) and 2016 (80 hours) burden estimates. Another commenter stated that the costs of additional software would outweigh the benefits of time saved in a small institution. One commenter stated that the costs to implement would vary greatly depending on infrastructure, current risk assessment process, and resources. While there may be a slightly higher burden during the first reporting year, the OCC believes that the data requested for MLR purposes should be readily available and will not require substantial investment in technology or systems to collect and report. The OCC does not require the acquisition of additional software to collect and report MLR data. Some institutions, particularly community banks, collect and organize the data on Excel spreadsheets using existing bank reports received on a daily, weekly, or monthly basis, as the reports become available throughout the period covered by the reporting period. However, larger and more complex institutions may find it helpful to develop an internal reporting system to gather data efficiently across their organizations in a timely and consistent manner for MLR reporting purposes. The OCC provides options for submitting the MLR data including a fully automated online risk summary form. Additionally, the MLR risk summary form online system allows bankers to upload an XML file to complete the form. This XML file must comply with formatting style and validation requirements in order to be accepted into the OCC’s secure system. If the file is valid, the risk summary form is pre-populated with the data ready to be submitted to the OCC. Two commenters stated that the OCC should go through the rulemaking process to gain approval to expand the MLR System to midsize and large banks. The PRA provides the public with two opportunities to comment on a proposed information collection similar to the public comment opportunity afforded by the Administrative Procedure Act for rulemaking actions. Consistent with the PRA, the OCC previously sought comment on this information collection for 60 days and PO 00000 Frm 00129 Fmt 4703 Sfmt 9990 52525 now is seeking additional comment for 30 days. However, a notice of proposed rulemaking is unnecessary. Under 12 U.S.C. 161, the Comptroller has the express authority to require banks to provide special reports as to matters within his jurisdiction. BSA/AML supervision is within the jurisdiction of the OCC as the OCC has the delegated authority from the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) to examine national banks for compliance with the BSA. The OCC also has the authority under 12 U.S.C. 481 to make a thorough examination of all the affairs of a national bank. The MLR is an important part of the OCC’s BSA/AML examination processes that falls within this broad grant of authority. The OCC has decided to expand the MLR reporting requirement to the OCC’s midsize, large bank and Federal branches and agencies populations. As discussed above, a notice of proposed rulemaking is not necessary. The OCC previously had OMB approval to include midsize and large banks in the annual data collection, but requested OMB renewal of the data collection in 2010 and 2013 only for community banks. The OCC determined in 2010 and 2013 to collect only community bank data for MLR purposes. Pursuant to OMB requirements, the OCC is requesting renewal of the existing community bank MLR data collection with expansion to midsize and large bank (including Federal branches and agencies). Comments continue to be invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; (b) The accuracy of the OCC’s estimate of the burden of the collection of information; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Dated: August 2, 2016. Karen Solomon, Deputy Chief Counsel, Office of the Comptroller of the Currency. [FR Doc. 2016–18740 Filed 8–5–16; 8:45 am] BILLING CODE 4810–33–P E:\FR\FM\08AUN1.SGM 08AUN1

Agencies

[Federal Register Volume 81, Number 152 (Monday, August 8, 2016)]
[Notices]
[Pages 52521-52525]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-18740]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency


Agency Information Collection Activities: Information Collection 
Extension With Revision; Submission for OMB Review; Bank Secrecy Act/
Money Laundering Risk Assessment

AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.

ACTION: Notice and request for comments.

-----------------------------------------------------------------------

SUMMARY: The OCC, as part of its continuing effort to reduce paperwork

[[Page 52522]]

and respondent burden, invites the general public and other Federal 
agencies to take this opportunity to comment on a proposed information 
collection, as required by the Paperwork Reduction Act of 1995 (44 
U.S.C. chapter 35) (PRA).
    In accordance with the requirements of the PRA, the OCC may not 
conduct or sponsor, and the respondent is not required to respond to, 
an information collection unless it displays a currently valid Office 
of Management and Budget (OMB) control number.
    The OCC is soliciting comments concerning an information collection 
titled ``Bank Secrecy Act/Money Laundering Risk Assessment,'' also 
known as the Money Laundering Risk (MLR) System.
    The OCC is also announcing that the proposed collection of 
information with extension has been submitted to OMB for review and 
clearance under the PRA.

DATES: Comments must be submitted by September 7, 2016.

ADDRESSES: Because paper mail in the Washington, DC area and at the OCC 
is subject to delay, commenters are encouraged to submit comments by 
email, if possible. Comments may be sent to: Legislative and Regulatory 
Activities Division, Office of the Comptroller of the Currency, 
Attention: 1557-0231, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-
11, Washington, DC 20219. In addition, comments may be sent by fax to 
(571) 465-4326 or by electronic mail to prainfo@occ.treas.gov. You may 
personally inspect and photocopy comments at the OCC, 400 7th Street 
SW., Washington, DC 20219. For security reasons, the OCC requires that 
visitors make an appointment to inspect comments. You may do so by 
calling (202) 649-6700, or for persons who are deaf or hard of hearing, 
TTY, (202) 649-5597. Upon arrival, visitors will be required to present 
valid government-issued photo identification and submit to security 
screening in order to inspect and photocopy comments.
    All comments received, including attachments and other supporting 
materials, are part of the public record and subject to public 
disclosure. Do not include any information in your comment or 
supporting materials that you consider confidential or inappropriate 
for public disclosure.
    Additionally, please send a copy of your comments by mail to: OCC 
Desk Officer, 1557-0231, U.S. Office of Management and Budget, 725 17th 
Street NW., #10235, Washington, DC 20503, or by email to: 
oira_submission@omb.eop.gov.

FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance 
Officer, (202) 649-5490, or for persons who are deaf or hard of 
hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities 
Division, Office of the Comptroller of the Currency, 400 7th Street 
SW., Washington, DC 20219.

SUPPLEMENTARY INFORMATION: In compliance with 44 U.S.C. 3507, the OCC 
has submitted the following proposed collection of information to OMB 
for review and clearance.

Bank Secrecy Act/Anti-Money Laundering Risk Assessment

    The MLR System enhances the ability of examiners and bank 
management to identify and evaluate any Bank Secrecy Act (BSA)/Money 
Laundering (ML) and Office of Foreign Assets Control (OFAC) sanctions 
risks associated with the banks' products, services, customers, and 
locations. As new products and services are introduced, existing 
products and services change, and banks expand through mergers and 
acquisitions, a bank's management's evaluation of potential new money 
laundering and terrorist financing risks is expected to evolve as well. 
The MLR risk assessment is an important tool for the OCC's BSA/Anti-
Money Laundering (AML)/OFAC supervision activities because it allows 
the OCC to better identify those institutions, and areas within 
institutions, that pose heightened risk, and allocate examination 
resources accordingly. This risk assessment is critical to protect 
financial institutions of all sizes from potential abuse from money 
laundering or terrorist financing. Absent an appropriate risk 
assessment, applicable controls cannot be effectively implemented for 
lines of business, products, or entities, which would elevate BSA, AML, 
and OFAC compliance risks.
    The OCC will collect MLR information for all financial institutions 
supervised by the OCC.
    OMB Control No.: 1557-0231.
    Type of Review: Regular.
    Frequency of Response: Annual.
    Burden Estimates:
    Community Bank and Federal Branches and Agencies populations:
    Estimated Number of Respondents: 1,450.
    Estimated Number of Responses: 1,450.
    Frequency of Response: Annually.
    Estimated Annual Burden: 8,700 hours.
    Midsize Bank population:
    Estimated Number of Respondents: 47.
    Estimated Number of Responses: 47.
    Frequency of Response: Annually.
    Estimated Annual Burden: 1,175 hours.
    Large Bank population:
    Estimated Number of Respondents: 38.
    Estimated Number of Responses: 38.
    Frequency of Response: Annually.
    Estimated Annual Burden: 3,040 hours.
    The OCC issued a 60-day Federal Register notice on January 4, 2016, 
soliciting comments concerning combining this existing community bank 
information collection with expansion to all OCC-supervised 
institutions.\1\ Eight comments were received: Four from OCC-supervised 
banks, two from industry associations, one from a bank holding company 
and one from an individual. Of the five comments received from a bank 
holding company or a bank, three were from midsize banks, and the 
remaining two comments were from community banks.
---------------------------------------------------------------------------

    \1\ 81 FR 143 (January 4, 2016).
---------------------------------------------------------------------------

1. Comments on Practical Utility of the Data Collection

    Comments were invited on whether the collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information has practical utility. Two commenters 
stated concern for either the small degree of practical utility or no 
practical utility obtained by requiring all OCC-supervised banks to 
report MLR data and linked the cost/benefit value of the cost of 
gathering and reporting the data to the benefit derived to the bank or 
to the OCC. An additional commenter stated that they saw no prudential 
or supervisory benefit to expanding the annual MLR data collection 
requirement to midsize or large banks when the OCC has access to the 
information on a dynamic basis. One commenter stated that the OCC must 
clearly demonstrate that costs and burdens associated with MLR do not 
outweigh the benefits. One commenter stated that the collection of MLR 
data is not necessary because the OCC already has access to the data 
through its supervisory process, including the current BSA/AML risk 
assessment expectation.
    Six commenters stated that the one-size-fits-all approach or 
proposed mandatory uniform approach for collecting MLR data from all 
OCC-supervised banks is inconsistent or at odds with the Federal 
Financial Institutions Examination Council (FFIEC) BSA/AML Examination 
Manual (Manual), as the FFIEC Manual provides for a variety of 
effective methods and

[[Page 52523]]

formats to be used in completing a risk assessment. Two commenters 
stated that requiring only OCC-supervised banks to report MLR data 
would create the equivalent of an ``uneven playing field'' for national 
banks and Federal thrifts and agencies. One commenter stated that the 
OCC should explain why collecting rudimentary MLR summary data is 
needed when there are relatively few BSA enforcement actions and other 
supervisory actions related to the BSA. One commenter stated that the 
proposal does not provide analysis of why extending the MLR to all 
financial institutions would enhance the ability of examiners and bank 
management to identify and evaluate BSA/ML and sanctions risks. The 
commenter further stated that the proposal does not explain how BSA/
AML/OFAC risk assessment provided through the MLR System enhances the 
OCC's understanding of such risks or why this information is necessary 
for the OCC to address supervisory concerns about those financial 
institutions.
    Collecting MLR data from all supervised banks will yield 
substantial information that will provide a high degree of utility for 
the OCC in meeting its supervisory obligations under applicable 
statutes and regulations.\2\ The purpose of the MLR System is to 
support the OCC's supervisory objectives by allowing for the 
identification and analysis of BSA/ML and OFAC sanctions risks across 
the population of all OCC-supervised banks, to assist examiners in 
carrying out risk-based supervision pursuant to the FFIEC Manual, and 
to meet the OCC's supervisory obligations under applicable statutes and 
regulations.\3\ Whether to collect MLR data is not in any way linked to 
whether an institution is the subject of a BSA/AML/OFAC enforcement or 
any other type of supervisory action. MLR data is simply data about a 
bank's products, services, customers, and geographies that is gathered 
prior to examinations to promote effectiveness and efficiency in OCC 
examination scoping and transaction testing. The expansion of the MLR 
System to all OCC-supervised institutions will allow contemporaneous 
data to be analyzed consistently across the agency and thus will allow 
the OCC to better identify those institutions, and areas within 
institutions, that pose heightened BSA/ML, and OFAC risk. The data 
collected through the MLR process is not collected by the OCC in any 
similar format.
---------------------------------------------------------------------------

    \2\ 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and implementing 
regulations 12 CFR 21.21, 31; 12 CFR 21.11 and 163.180, 12 CFR Title 
X, and Office of Foreign Assets Control sanction established under 
the Trading with the Enemy Act (TWEA); 50 U.S.C. App 1-44; 
International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701; 
31 U.S.C. 5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR 21.11 and 
163.180; and 31 CFR Title X.
    \3\ Ibid.
---------------------------------------------------------------------------

    The MLR is not intended to supplant banks' full BSA and OFAC risk 
assessments. The OCC's evaluation of a bank's full risk assessment is 
performed during regular examinations. In addition to the OCC's uses, 
the MLR data can be used by banks as the first step in the two-step 
process of the banks' BSA and OFAC risk assessments. The first step in 
any risk assessment process is to gather data, and the MLR data 
gathered should be substantially similar to information needed to 
perform those internal bank analyses of BSA and OFAC risks.
    Additionally, the self-reported MLR data are provided back to the 
bank along with peer data so that the bank can conduct comparison and 
trend analyses concerning their data and peer data.
    While the FFIEC Manual was developed by the agencies \4\ to ensure 
consistency in the application of BSA/AML requirements and to promote 
uniformity in the supervision of financial institutions, each agency 
has the ability to supplement the supervision process with their own 
tools. The MLR is one such tool the OCC uses in its BSA/AML supervision 
of banks that permits consistent identification of potentially higher-
risk products, services, customers and geographies; expansion of the 
MLR will expand this utility across all OCC business lines and 
institution sizes.\5\ Rather than contradict the consistent and uniform 
approach that using the FFIEC Manual provides, the MLR System 
complements the Manual's procedures for risk assessment and supervision 
purposes. The submission of MLR data in a consistent format allows the 
agency to perform effective data risk analytics. Extending the MLR to 
all OCC-supervised banks, Federal thrifts, and Federal branches and 
agencies will provide the OCC the same type of bank data to identify 
and evaluate BSA/ML and sanctions risks in a consistent manner, 
regardless of institution size.
---------------------------------------------------------------------------

    \4\ The FFIEC is a formal interagency body empowered to 
prescribe uniform principles, standards, and report forms for the 
federal examination of financial institutions by the Board of 
Governors of the Federal Reserve System (FRB), the Federal Deposit 
Insurance Corporation (FDIC), the National Credit Union 
Administration (NCUA), the Office of the Comptroller of the Currency 
(OCC), and the Consumer Financial Protection Bureau (CFPB), and to 
make recommendations to promote uniformity in the supervision of 
financial institutions. In 2006, the State Liaison Committee (SLC) 
was added to the Council as a voting member. The SLC includes 
representatives from the Conference of State Bank Supervisors 
(CSBS), the American Council of State Savings Supervisors (ACSSS), 
and the National Association of State Credit Union Supervisors 
(NASCUS).
    \5\ The OCC cannot address the tools used by the other agencies 
in their BSA/AML supervision roles.
---------------------------------------------------------------------------

2. Comments on Estimate of Burden

    The OCC requested comment on the accuracy of the agency's estimate 
of the burden of the collection of the information. One commenter 
questioned what the OCC included in the estimate of burden hours. 
Another commenter stated that they agree with the estimate of burden 
hours for their institution but also stated concern for peer banks, 
noting that cost estimates vary greatly depending on the size, 
structure, and reporting format currently utilized and technological 
resources available to each bank. Six commenters stated that the 
estimate of burden is too low. Two commenters noted the reduction in 
the estimate of burden hours from 2013 for midsize and large bank 
populations, with one commenter making the assumption that technology 
is the reason for the reduction in hours.\6\
---------------------------------------------------------------------------

    \6\ Burden estimates for midsize and large banks were included 
in the 2013 MLR PRA renewal notice published in the Federal Register 
on March 8, 2013 (78 FR 15121) even though the OCC has not collected 
the data from those bank populations up to this point.
---------------------------------------------------------------------------

    The OCC uses the legal standard for estimating burden hours under 
the PRA.\7\ The term ``burden'' means time, effort, or financial 
resources expended by persons to generate, maintain, or provide 
information to or for a Federal agency, including the resources 
expended for: (a) Reviewing instructions; (b) acquiring, installing, 
and utilizing technology and systems; (c) adjusting the existing ways 
to comply with any previously applicable instructions and requirements; 
(d) searching data sources; (e) completing and reviewing the collection 
of information; and (f) transmitting, or otherwise disclosing the 
information. Collecting MLR data from OCC-supervised institutions is 
not expected to impose significant additional burden on banks because 
most institutions already generate or gather substantially similar data 
in the normal course of business in order to perform internal bank 
analyses of BSA/ML and OFAC risks. The burden included in the OCC's 
burden estimate is mainly the additional resources required to report 
the MLR data in an OCC-specified format.
---------------------------------------------------------------------------

    \7\ 44 U.S.C. 3502(2).
---------------------------------------------------------------------------

    The OCC has ten years' experience collecting MLR data from a large 
number of banks. The OCC estimates that the burden hours for midsize 
and

[[Page 52524]]

large bank populations will generally be higher than for community 
banks, Federal thrifts, and Federal branches and agencies. This is 
primarily because most midsize and large banks offer more products and 
services, involving a potentially wider range of customer types and 
geographies, than less complex community banks and Federal branches and 
agencies.
    The OCC recognizes that each bank is unique and will have a 
different MLR reporting experience. For example, a bank's management 
information systems, structure, and complexity may impact the bank's 
MLR reporting, and, therefore, the bank's reporting burden. However, 
the OCC believes the data requested for MLR purposes is data that 
institutions will have readily available and that for the vast majority 
of banks, will not require substantial investment in technology or 
systems to collect and report. The OCC reduced the estimated burden 
hours for midsize banks to 25 hours in 2016 from 30 hours in 2013, and 
for large banks, reduced estimated burden hours to 80 hours in 2016 
from 100 hours in 2013, due to implementing a fully automated MLR 
format. There is no change in the estimated burden for community banks 
and Federal branches and agencies in 2016 from 2013.
    Finally, with regard to the estimate of burden, one commenter 
stated that failure to make publicly available the MLR risk summary 
form (RSF) used to collect the data in advance undermines the PRA 
review process and makes it difficult to comment on the accuracy of the 
agency's estimate of the burden. The OCC is permitted, but not 
required, to include the RSF as part of the 60-day Federal Register 
notice. The form is available, and was available at the time the 60-day 
Federal Register notice was issued, at http://www.reginfo.gov as an 
attachment to the OCC's 2013 PRA submission http://www.reginfo.gov/public/do/PRAICList?ref_nbr=201302-1557-009.

3. Comments on Possible Data Enhancements

    The OCC requested comment on ways to enhance the quality, utility, 
and clarity of the information to be collected. One commenter stated 
that it was difficult to translate limited MLR data into BSA/ML risks. 
Another commenter stated that the MLR as currently contemplated is not 
useful nor is it worth the costs in terms of staff hours, system 
modification and training. The same commenter stated that the OCC 
should consider designing a customized, flexible cloud-based 
architecture within a secure data center. Additionally, this commenter 
stated that the OCC should establish an analytic team dedicated to 
importing, extrapolating, and analyzing the data collection from banks, 
with the platform designed to be flexible and dynamic to account for 
each individual bank's size, geography, and business. After testing, 
this commenter stated, consideration should be given to rolling the 
platform out on a risk-based basis to OCC-regulated banks. One 
commenter also stated that the OCC should consider making the MLR 
mandatory only in instances where the bank's own risk assessment is 
insufficient for the exam scoping process. Two commenters expressed 
concerns that the September 30 as-of report date was inconsistent with 
most banks that operate on a calendar-year basis.
    The OCC collects the MLR data on bank customers, products, 
services, and geographies and analyzes the data in a way that 
identifies the higher-risk type customers, products, services, and 
geographies, consistent with the FFIEC Manual. The OCC uses the MLR 
data gathered to assist, across the population of reporting banks, with 
development of examination strategies, preparation of examination 
scoping to identify transactions for testing, and meeting the OCC's 
obligations under applicable statutes and regulations.\8\ The OCC 
regularly reevaluates the infrastructure around the MLR and makes 
decisions about the most efficient and cost effective infrastructure 
and processes to utilize for the MLR System. An example of the OCC 
making changes to the MLR System was the updating of the MLR risk 
summary form to a fully automated data collection tool beginning in 
2014. The OCC analytics team checks for data integrity issues, confirms 
various validity checks on the data, and analyzes the data used for OCC 
supervision purposes.
---------------------------------------------------------------------------

    \8\ 31 U.S.C. 5311, 12 U.S.C. 1818(s)(2), and implementing 
regulations 12 CFR 21.21, 31; 12 CFR 21.11 and 163.180, 12 CFR Title 
X, and Office of Foreign Assets Control sanction established under 
the Trading with the Enemy Act (TWEA); 50 U.S.C. App 1-44; 
International Emergency Economic Powers Act (IEEPA), 50 U.S.C. 1701; 
31 U.S.C. 5311; 12 U.S.C. 1818(s)(2); 12 CFR 21.21; 12 CFR 21.11 and 
163.180; and 31 CFR Title X.
---------------------------------------------------------------------------

    Through the collection of MLR data from community banks for the 
past ten years, the OCC has determined that this data allows the agency 
to better identify those institutions, and areas within institutions, 
that pose heightened risk of money laundering and terrorist financing 
and to allocate examination resources accordingly. Collecting data in a 
uniform fashion over the same time period from all OCC-supervised 
institutions is critical to developing a database that allows effective 
analytic reporting and benchmarking risks over time.
    An approach of making MLR data reporting mandatory only in 
instances where the bank's own risk assessment was insufficient would 
add time to the examination process rather than expediting it. First, 
this approach would likely delay the OCC's mandated supervision 
schedule by taking away an important source of data for broad-based 
risk identification analysis and benchmarking that facilitates the 
OCC's annual examination strategy development and pre-planning 
activities, which are conducted potentially months in advance of an 
onsite examination. Second, on an individual bank level, this type of 
approach would require the OCC to review each bank's risk assessment 
during the exam scoping process before making a decision as to whether 
that bank would be required to report the MLR data, potentially 
extending the timeframe for each exam where the bank's risk assessment 
was deemed insufficient.
    In response to the commenters' concerns that the September 30 
reporting period is inconsistent with most banks' operating on a 
calendar year basis, the OCC notes that this date has not presented 
significant concerns in the ten years experience during which we have 
collected MLR data.

4. Comments on Minimizing Burden Through Information Technology

    The OCC invited comment on ways to minimize the burden of the 
collection on respondents, including through the use of automated 
collection techniques or other forms of information technology. Five 
commenters stated that the MLR data is duplicative of information 
already gathered in the normal course of bank supervision. These 
commenters recommended that the OCC not move forward with the proposal 
to extend the data collection. One commenter suggested that the OCC 
obtain aggregate domestic and international wire transfer and ACH 
transaction data, along with the various geographic locations of the 
international wires from the Federal Reserve Bank. One bank commenter 
stated they have concerns about customer privacy due to having the 
collection of data automated; however, there was no explanation 
provided. Two commenters expressed a concern for requiring that all 
banks submit MLR data annually, and one of those commenters stated that 
the frequency of the MLR data collection should be linked to the bank's 
ML risk profile. Another commenter stated that

[[Page 52525]]

MLR data should be collected on an ``as needed'' basis.
    The OCC notes that the MLR data is not duplicative or redundant and 
is not collected in any other format from OCC-supervised institutions. 
Wire transaction and ACH data obtained from the Federal Reserve Banks 
for OCC-supervised institutions is not sufficiently detailed for 
purposes of assessing BSA/ML/OFAC risk and planning exam strategies. 
Wire transaction data is limited to domestic wires only and does not 
include international wires, geographic locations, or whether the wires 
were sent Payable Upon Proper Identification (PUPI). Similarly, ACH 
data is limited to domestic ACH data and does not include cross-border 
ACH or international ACH data or geographies. In addition, not all OCC-
supervised institutions may initiate/send or receive international 
wires or ACH transactions through a Federal Reserve Bank.
    The OCC plans to collect the requested data using an XML form or 
other prescribed form submitted through the OCC BankNet system. The OCC 
plans to provide a schema (XML or otherwise) to institutions in advance 
of the required submission and also provide a window for institutions 
to submit test files and receive feedback. Additionally, the OCC 
utilizes secure data portals to communicate with and receive data from 
all OCC-supervised institutions. The OCC does not plan to collect 
personally identifiable information for MLR purposes, therefore, it is 
not expected that the collection would create customer privacy 
concerns.
    The annual filing requirement frequency ties in closely with the 
OCC's statutory examination cycle requirements because banks should 
periodically perform risk assessments of their customers, products, 
services, and geographies for BSA/ML and OFAC sanctions risks purposes. 
Requesting MLR data less frequently than annually would limit its 
usefulness for the OCC's BSA/AML/OFAC supervision responsibilities and 
might also negatively impact the bank's own risk assessment process. 
Collecting MLR data on an ``as needed'' basis or tying the MLR data 
collection frequency to a bank's risk profile would not allow for the 
consistent planning and analysis needed for such data, would lead to 
inefficiencies, and would diminish the ability of the OCC to assess 
risks over time and otherwise utilize the data in a meaningful way.

5. Comments on Costs

    The OCC invited comment on estimates of capital or start-up costs 
and costs of operation, maintenance, and purchase of services to 
provide information. One commenter stated that the initial 
implementation (costs) would be substantial and the ultimate data 
collection system requirements could result in annual burden estimates 
for large banks exceeding the 2013 (100 hours) and 2016 (80 hours) 
burden estimates. Another commenter stated that the costs of additional 
software would outweigh the benefits of time saved in a small 
institution. One commenter stated that the costs to implement would 
vary greatly depending on infrastructure, current risk assessment 
process, and resources.
    While there may be a slightly higher burden during the first 
reporting year, the OCC believes that the data requested for MLR 
purposes should be readily available and will not require substantial 
investment in technology or systems to collect and report. The OCC does 
not require the acquisition of additional software to collect and 
report MLR data. Some institutions, particularly community banks, 
collect and organize the data on Excel spreadsheets using existing bank 
reports received on a daily, weekly, or monthly basis, as the reports 
become available throughout the period covered by the reporting period. 
However, larger and more complex institutions may find it helpful to 
develop an internal reporting system to gather data efficiently across 
their organizations in a timely and consistent manner for MLR reporting 
purposes. The OCC provides options for submitting the MLR data 
including a fully automated online risk summary form. Additionally, the 
MLR risk summary form online system allows bankers to upload an XML 
file to complete the form. This XML file must comply with formatting 
style and validation requirements in order to be accepted into the 
OCC's secure system. If the file is valid, the risk summary form is 
pre-populated with the data ready to be submitted to the OCC.
    Two commenters stated that the OCC should go through the rulemaking 
process to gain approval to expand the MLR System to midsize and large 
banks. The PRA provides the public with two opportunities to comment on 
a proposed information collection similar to the public comment 
opportunity afforded by the Administrative Procedure Act for rulemaking 
actions. Consistent with the PRA, the OCC previously sought comment on 
this information collection for 60 days and now is seeking additional 
comment for 30 days. However, a notice of proposed rulemaking is 
unnecessary. Under 12 U.S.C. 161, the Comptroller has the express 
authority to require banks to provide special reports as to matters 
within his jurisdiction. BSA/AML supervision is within the jurisdiction 
of the OCC as the OCC has the delegated authority from the Department 
of Treasury's Financial Crimes Enforcement Network (FinCEN) to examine 
national banks for compliance with the BSA. The OCC also has the 
authority under 12 U.S.C. 481 to make a thorough examination of all the 
affairs of a national bank. The MLR is an important part of the OCC's 
BSA/AML examination processes that falls within this broad grant of 
authority.
    The OCC has decided to expand the MLR reporting requirement to the 
OCC's midsize, large bank and Federal branches and agencies 
populations. As discussed above, a notice of proposed rulemaking is not 
necessary. The OCC previously had OMB approval to include midsize and 
large banks in the annual data collection, but requested OMB renewal of 
the data collection in 2010 and 2013 only for community banks. The OCC 
determined in 2010 and 2013 to collect only community bank data for MLR 
purposes. Pursuant to OMB requirements, the OCC is requesting renewal 
of the existing community bank MLR data collection with expansion to 
midsize and large bank (including Federal branches and agencies).
    Comments continue to be invited on:
    (a) Whether the collection of information is necessary for the 
proper performance of the functions of the OCC, including whether the 
information has practical utility;
    (b) The accuracy of the OCC's estimate of the burden of the 
collection of information;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the collection on respondents, 
including through the use of automated collection techniques or other 
forms of information technology; and
    (e) Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchase of services to provide information.

    Dated: August 2, 2016.
Karen Solomon,
Deputy Chief Counsel, Office of the Comptroller of the Currency.
[FR Doc. 2016-18740 Filed 8-5-16; 8:45 am]
 BILLING CODE 4810-33-P