FDIC Political Strife Will Leave No Republicans On Board Of Directors

FDIC Political Strife Will Leave No Republicans On Board Of Directors

By Terri Jo Neff |

Jelena McWilliams, the Trump-appointed chairwoman of the Federal Deposit Insurance Corp. (FDIC) and only Republican on the board of directors, is resigning her position after accusing three Democratic directors of engaging in “a hostile takeover” of the agency responsible for maintaining stability and public confidence in the nation’s financial system.

News of McWilliams’s unexpected resignation effective February 4 was buried in a press release issued on New Year’s Eve. She took the helm of the FDIC in June 2018 after being confirmed by Congress to serve a five-year term as chair of what is supposed to be an independent agency that examines and supervises more than 5,200 banks and financial institutions for safety, soundness, and consumer protection. It also manages receiverships and insures deposits.

McWilliams’ announcement came just two weeks after she submitted an op-ed to the Wall Street Journal warning of the politization of America’s banking system.

The former executive vice president for Fifth Third Bank wrote of how for nearly 90 years day-to-day FDIC operations were delegated to its chairman, who controlled the board agenda and “worked collaboratively with other board members” regardless of political difference. 

But that collegiality ended in late October, according to McWilliams, when the three Democratic-appointed members teamed in an effort to begin a FDIC review of the standards used for bank mergers without McWilliams’ assent. 

Those other members are Michael Hsu, acting Comptroller of the Currency;  Michael Hsu. Rohit Chopra, director of the Consumer Financial Protection Bureau; and Martin Gruenberg, former FDIC chairman who is serving on a temporary basis because the Biden Administration has not moved to fill two vacant board positions.

The FDIC may not have more than three directors of the same political affiliation. President Joe Biden, by keeping one of the five seats open throughout his first year in office, has been able to impede McWilliams’ inherent powers as chair.

McWilliams, who previously served as chief counsel on the U.S. Senate Banking, Housing and Urban Affairs Committee, initiated a program at the FDIC called Trust through Transparency in an effort to make the FDIC more accessible, understandable, and responsive. As part of that initiative, she visited in person with stakeholders in 30 states prior to COVID-19 then continued the visits on a virtual basis, including a meeting with the Arizona Bankers Association.

The Republicans on the U.S. House Committee on Financial Services tweeted Monday about concerns with McWilliams’ resignation.

“The attempted power grab by CFPB Director Chopra and Interim Chair Gruenberg raises serious concerns about @FDICgov‘s independence. Dems’ support for this unprecedented action exposes their ongoing effort to politicize our regulators for their own gain.”

McWilliams also continues to have the public support of industry groups due to her efforts to ensure all stakeholders were heard. One such supporter is Richard Hunt, the CEO of the Consumer Bankers Association.

“A total class act who always sought balance—much to my chagrin at times,” Hunt said after learning of McWilliams’ resignation. “The FDIC cannot operate where the minority is not represented.”

New Banking Cyber Security Rule Won’t Stop Attacks But Could Help Identify Vulnerabilities

New Banking Cyber Security Rule Won’t Stop Attacks But Could Help Identify Vulnerabilities

By Terri Jo Neff |

Federally regulated banks across the United States have about 100 days to get familiar with a new rule that requires the reporting of cyberattacks and other computer security incidents to regulators within 36 hours and “as soon as possible” to customers if the incident might materially affect operations for at least four hours.

The rule announced by the Federal Reserve Board of Governors (Fed), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) last month takes effect April 1. It applies to banking organizations such as national banks, federal savings associations, state member banks, U.S. operations of foreign banking organizations, federal branches and agencies of foreign banks, and U.S. bank holding companies and savings and loan holding companies.

Under the new rule, reportable cyber incidents are those causing “actual harm” with respect to the availability, confidentiality, or integrity of a banking organization’s information system or the information that the system processes, stores or transmits. As a result, notification will not be required if an incident only threatens to cause a harm.

A banking organization’s service providers are also subject to the rule, which will now require notification by a service provider to the banking organization of incidents which has caused “or is reasonably likely to cause” a service interruption of four or more hours.

Federal banking officials concede the new reporting requirement won’t stop cyberattacks on the nation’s banks. It won’t even serve as a speed bump in such criminal activity.

What it will do, according to industry newsletter Banking Exchange, is give regulators and federal law enforcement officials a better chance of tracking attacks, identifying patterns, and ensuring local bank executives are doing their part to protect customer data and assets.

Some types of computer incidents involve new account or wire fraud, account penetration or takeovers, and malicious attacks such as ransomware. The disruption or degradation of a banking organization’s operations which would pose a threat to the country’s financial stability will also trigger the new reporting regulation.

OneSpan, a cybersecurity company specializing in banking, recently released its Global Financial Regulations Report which notes the main challenges for banking organization are reducing or preventing cyberattacks, safeguarding sensitive internal and customer data, and keeping up with changes in consumer privacy laws and industry rules.

The new banking regulation emphasizes material disruptions such as denial-of-service (DOS) attacks or data hacking incursions which limit or shutdown a banking organization’s operations regardless of whether customer information is compromised. However, some cyberattacks may also be subject to supplementary reporting under other federal or state laws.

Instructions will be sent to all regulated banks in early 2022 on when and how to process a notification.