FFIEC Releases Supplemental Guidance on Internet Banking Authentication

The Federal Financial Institutions Examination Council (FFIEC) has issued a Supplement to the 2005 Authentication in an Internet Banking Environment Guidance.  http://www.fdic.gov/news/news/press/2011/pr11111a.pdf  According to the FFIEC, the Supplement was issued to "reinforce the Guidance’s risk management framework and update the Agencies’ expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment."  

The Supplement reiterates the expectations of the 2005 Guidance and establishes "minimum control expectations for certain online banking activities and identifies controls that are less effective in the current environment."  The Supplement also identifies "specific minimum elements that should be part of an institution’s customer awareness and education program."

The Supplement stresses the need for institutions to perform risk assessments, implement effective strategies for mitigating identified risks, such as heightened customer authentication standards for high risk transactions, and implement layered security programs.  The Supplement discusses the effectiveness of certain authentication techniques, such as device identification and challenge questions.  The Supplement also emphasizes the need for institutions to raise customer awareness of potential risks associated with Internet banking.

According to the Supplement, FFIEC member agencies will "work closely with institutions to promote security in electronic banking and have directed examiners to formally assess financial institutions under the enhanced expectations outlined in the supplement beginning in January 2012."

If you have any questions regarding this issue or any other Banking and Finance issues, please contact the author, Mark E. Miller.

FDIC Provides Guidance to Banks for SBA Lending Products

In its Summer 2011 Supervisory Insights publication, the FDIC reiterates its goal of encouraging banks to lend to creditworthy small businesses. The FDIC notes that the "guaranty that accompanies a Small Business Administration (SBA) loan is increasingly attractive to banks looking to expand lending opportunities."  The Summer 2011 Supervisory Insights publication provides specific guidelines to banks that wish to pursue SBA lending, including information that may be helpful for banks in preparation for examiners reviewing a bank's SBA loan portfolios.  Because the requirements for underwriting, servicing, risk grading, and liquidating SBA loans often differ from those for conventional lending programs, the FDIC advises banks to identify and understand these requirements and develop an SBA lending program that includes opportunities for ongoing training. http://www.fdic.gov/regulations/examinations/supervisory/insights/sisum11/si_sum11.pdf

The most common SBA guaranty programs are the 504 and 7(a) loans.  The 504 Loan Program provides small businesses with long-term financing to acquire major fixed assets, such as real estate, machinery, and equipment. Typically, lenders finance 50 percent of the acquisition with a senior lien, the business provides at least 10 percent equity, and the remaining balance is financed by a Certified Development Company (CDC) with a second lien. A CDC is a private, nonprofit corporation that contributes to local economic development. The CDC receives funding from a debenture that is 100 percent guaranteed by the SBA. The advantage of this program is that the CDC portion is a fixed, below market rate loan for 20 years.

The 7(a) Loan Program features a range of loans, including standard, special-purpose, express, export, and rural business loans. These loans are funded by lenders and conditionally guaranteed by the SBA. Banks participate in 7(a) Loan Programs as a regular, certified, preferred, SBAExpress, or Patriot Express lender and must submit applications to the SBA to receive approval for these designations. Each designation provides lenders with varying degrees of authority and responsibility. The preferred, SBAExpress, and Patriot Express designations allow lenders to make loan approval decisions without prior review by the SBA; lenders must be approved for these designations every two years. The SBA makes all loan approval decisions under the regular and certified designations.

The most widely used 7(a) programs are standard and SBAExpress loans.  As of May 2011, Standard 7(a) program loans are for a maximum of $5,000,000 with a guaranty of no more than $3,750,000 or 75 percent of the loan amount. Standard loan terms can be up to 25 years for real estate, up to 10 years for equipment, and up to 7 years for working capital.  Interest rates are based on published indices as well as the size and maturity of the loan.  The SBAExpress program features an accelerated loan approval process. As of May 2011, the SBA Express guaranty is 50 percent of the loan amount, and the maximum loan is $1,000,000. The advantage is that lenders can use their own closing documents – rather than SBA closing documents – which saves time and expense. This program also allows lenders to fund lines of credit up to 7 years, which is not allowed under the standard program.

If you have any questions regarding this issue or any other banking and finance issues, please contact the author, Mark E. Miller, or the Bowers Harrison attorney with whom you usually work.