The federal banking regulators (The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation) issued on July 25 a lengthy joint statement outlining the potential risks that financial institutions face in arrangements with third parties to deliver bank deposit products and services. 
John Culhane
Supreme Court Opens Door to More APA Challenges by Ruling that Right of Action Accrues When Regulation First Causes Injury
Opinion Can Invite New Challenges to Long-Standing BSA/AML Regulations
On July 1, 2024, the Supreme Court issued its opinion in Corner Post, Inc. v Board of Governors of the Federal Reserve System in which the Court determined when a Section 702 claim under the Administrative Procedure Act (APA) to challenge a final agency action first accrues. In a 6-3 Opinion, the Supreme Court sided with Corner Post in holding that a right of action first accrues when the plaintiff has the right to assert it in court—and in the case of the APA, that is when the plaintiff is injured by final agency action.
This ruling could open the litigation floodgates for industry newcomers to challenge longstanding agency rules. These APA challenges will be further aided by the Supreme Court’s recent overruling of Chevron deference, giving the courts the power to interpret statutes without deferring to the agency’s interpretation.
This development is relevant to potential challenges to anti-money laundering (“AML”) regulations promulgated under the Bank Secrecy Act (“BSA”) or other statutory schemes by the Financial Crimes Enforcement Network, the federal functional regulators, the Securities Exchange Commission, and FINRA. Many BSA/AML regulations were promulgated many years ago. Historically, litigation challenges to BSA/AML regulations have been rare. Given the combined effect of recent rulings by the Supreme Court, that could change.
CFPB Issues Proposal to Supervise Nonbank Providers of Digital Wallets and Payment Apps
The CFPB has issued a proposed rule to supervise nonbank companies that qualify as larger participants in a market for “general-use digital consumer payment applications.” Comments on the proposal are due by January 8, 2024 or by the date that is 30 days after the proposal’s publication in the Federal Register, whichever is later.
The proposal is based on the CFPB’s authority to supervise nonbank entities considered to be “a larger participant of a market for other consumer financial products or services.” It would cover providers of consumer financial products and services that are commonly referred to as “digital wallets,” “payment apps,” “funds transfer apps,” and “person-to-person or P2P payment apps.”
Federal Banking Agencies Issue Final Interagency Guidance on Risk Management in Third-Party Relationships
The Federal Reserve, FDIC, and OCC have released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements. The guidance is intended to provide principles for effective third-party risk management for all types of third-party relationships, regardless of how they may be structured. At the same time, the agencies state that banking organizations have flexibility in their approach to assessing the risks posed by each third- party relationship and deciding the relevance of the considerations discussed in the final guidance
The final guidance rescinds and replaces each agency’s previously-issued guidance on risk management practices for third-party relationships. In their July 2021 proposal, the agencies had included as an appendix FAQs issued by the OCC to supplement the OCC’s existing 2013 third-party risk management guidance. The proposed guidance included the revised FAQs as an exhibit and the agencies sought comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance. In their discussion of the final guidance, the agencies identify which concepts from the FAQs have been incorporated into the final guidance.
Democratic Senators Send Letter to Federal Banking Agencies Raising Concerns About Fraudulent Transactions
A group of five Democratic Senators have sent a letter to the Federal Reserve, OCC, FDIC, and NCUA asking them to take several steps to protect consumers from scams when using Zelle to transfer money.
The Senators ask the four agencies “to closely review and examine the customer reimbursement and anti-money laundering (AML) practices of depository institutions that participate in the Zelle network.” They also ask the Federal Reserve and OCC “to examine Early Warning Services, Inc. (EWS), which operates the Zelle network, on an ongoing basis and for the four agencies “to coordinate their supervisory approach with the Consumer Financial Protection Bureau.” The Senators note that the agencies have authority to supervise the banks that own and operate Zelle and the participating depository institutions for compliance “with key consumer protection and AML laws, including the Electronic Fund Transfer Act (EFTA) and the Bank Secrecy Act (BSA).”