Financial institutions today, 2021 November

The s pecific docume nts that co mp ris e the G uidance a re: Examinati on F req uency, Proces s ing, an d Turna ro und Goals Developme nt of Pol icies by F inancial Ins tit utio ns
News and topics of interest to financial institutions regulated by the Department of Banking and Finance

Inside this issue:
REMINDER: Electronic Payment System for the Georgia Residential Mortgage Act Fees
Fourth Quarter 2021 Community Bank Sentiment Index
Speaking Engagements

November 2021
FinCEN Updated Advisory on Ransomware
On November 8, 2021, in connection with a set of actions announced by the Department 2 of the Treasury and focused on disrupting criminal ransomware actors, the Financial
Crimes Enforcement Network (FinCEN) has released an update to its 2020 advisory on ransomware and the use of the financial system to facilitate ransom payments. The updated advisory reflects information released by FinCEN in its recent Financial Trend Analysis discussing ransomware trends, and includes information on current trends and 2 typologies of ransomware and associated payments as well as recent examples of ransomware attacks. The updated advisory also sets out financial red flag indicators of ransomware-related illicit activity to assist financial institutions in identifying and reporting 2 suspicious transactions associated with ransomware payments, consistent with their obligations under the Bank Secrecy Act. The advisory may be accessed here.

Applications

3 Computer Security Incident Notification Final Rule

The Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (Board), and the Office of the Comptroller of the Currency (OCC) (collectively, the agencies) have issued a joint final rule to establish computersecurity incident notification requirements for banking organizations and corresponding bank service providers. The rule will provide the agencies with early awareness of emerging threats to banking organizations and the broader financial system, including potentially systemic cyber events. The final rule takes effect on April 1, 2022, with full compliance extended to May 1, 2022.

Highlights of the final rule include:

Banking organizations will be required to notify their federal regulator as soon as possible and no later than 36 hours after the banking organization determines that a computer-security incident that rises to the level of a notification incident has occurred. The banking organization must provide this notification to the appropriate federal regulatory supervisory office, or designated point of contact, through email, telephone, or other similar methods that may be prescribed.
The rule defines computer-security incident as an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.
A notification incident is defined as a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, a banking organization's: (i) ability to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business; (ii) business line(s), including associated operations, services, functions, and support, that upon failure would result in a material loss of revenue, profit, or franchise value; or (iii) operations, including associated services, functions and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States. For example, a notification incident may include a major computer-system failure; a cyber-related interruption, such as a distributed denial of service or ransomware attack; or another type of significant operational interruption.

Page 2

November 2021

The rule also requires a bank service provider to notify at least one bank-designated point of contact at each affected customer banking organization as soon as possible when the bank service provider determines that it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to disrupt or degrade, covered services provided to the banking organization for four or more hours. If the banking organization has not previously provided a designated point of contact, the notification must be made to the banking organization's chief executive officer and chief information officer or to two individuals of comparable responsibilities.

A copy of the Final Rule can be found here.

As a reminder, Department Rule 80-1-3-.03 requires that banks simultaneously disclose unauthorized access to customer information to the Department and federal regulator if required under federal law. If the banking organization determines that a computer-security incident that rises to the level of a notification incident under this final rule has occurred, the Department should be notified concurrently.
REMINDER: Electronic Payment System for the Georgia Residential Mortgage Act Fees

Department Rule 80-5-1-.01 provides details for remitting fees required by the Georgia Residential Mortgage Act (GRMA). Generally, each borrower who obtains a mortgage loan, as defined in O.C.G.A. 7-1-1000(21), shall pay to the Department a fee of $10.00 per loan. The payment is received by the collecting agent, which is almost always the lender, and is due for certain defined periods on September 1st and March 1st of each year. In the past, the Department's payment system was only open for a limited period of time to pay these fees.

In August 2020, the Department implemented a new electronic payment system. This new system offers flexibility to remit GRMA fees throughout the year, but late fees will be automatically generated by the new system if the due date is missed. Online reporting/payment is mandatory through the Department's website at https:// gadbfpublic-etkr.entellitrak.com. The Department uses PayPoint Corporation as its electronic payment service provider. A user guide is available for reference/download by using this link https://dbf.georgia.gov/how-do-imake-georgia-residential-loan-payment-georgia-state-chartered-bank-or-georgia-state. If you have any questions on the payment system, then please contact your Supervisory Manager.
Fourth Quarter 2021 Community Bank Sentiment Index

The Conference of State Bank Supervisors (CSBS) data collection for the fourth quarter 2021 Community Bank Sentiment Index (CBSI) survey began on November 29, 2021. The CBSI quarterly results provide essential local level perspective of the nation's economic outlook. The third quarter 2021 CBSI results, released in October, showed that community bankers were less optimistic than earlier in 2021. Compared to the previous quarter, the sentiment index dropped 15 points to 100 points, largely due to concerns about future profitability and business conditions.

The CBSI captures on a quarterly basis what community bankers nationwide think about the future. Participant answers are analyzed and compiled into a single number; an index reading of 100 indicates a neutral sentiment. Anything above 100 indicates a positive sentiment, and anything below 100 indicates a negative sentiment. The fourth quarter 2021 data collection will continue through the month of December. The full survey takes less than five minutes. Results will be released on January 5, 2022.

Open the link (https://www.questionpro.com/t/ALKEAZqAUT) and answer your questions about your thoughts on the economy. For more information about the CBSI, visit the website: csbs.org/cbindex. The Department values your perspective on what is happening at the local level. Collectively, the input of community banks helps show the expectations for the future of the economy overall.
Speaking Engagements

Commissioner Kevin Hagler will be speaking at the Georgia Bankers Association's Legislative and Economic Forum on January 12, 2022. Details regarding the event can be found here.

Deputy Commissioner for Supervision Melissa Sneed will be speaking at the Community Bankers Association of Georgia Bank Secrecy Act Update on December 2, 2021. Details regarding the event can be found here.

Page 3
ACTION ON APPLICATIONS FOR THE MONTH

November 2021

The following is a summary of official action taken by the Department on certain applications by Georgia statechartered financial institutions, petitions for certificate of incorporation of financial institutions, and other matters of interest during the month of November 2021:

APPLICATIONS FOR DE NOVO INSTITUTIONS

FINANCIAL INSTITUTION Moultrie Bank & Trust Moultrie, GA

APPROVAL DATE pending

BEGIN BUSINESS DATE

APPLICATIONS TO ESTABLISH A BRANCH OFFICE

FINANCIAL INSTITUION
Atlanta Postal Credit Union Atlanta, GA
Synovus Bank Columbus, GA

BRANCH OFFICE
400 Porsche Ave Atlanta, GA
9844 South Jog Road Boyton Beach, FL

APPROVAL DATE
11/19/2021
11/15/2021

EFFECTIVE DATE

APPLICATIONS TO CHANGE LOCATION

FINANCIAL INSTITUTION

MERGED INSTITUTION

Prime South Bank Waycross, GA

From: 1663 Frederica Road St. Simmons Island, GA

APPROVAL DATE
11/03/2021

To: 1795 Frederica Road St. Simmons Island, GA
APPLICATIONS TO RESERVE A NAME

EFFECTIVE DATE

PROPOSED NAME Apex Banking Company of Georgia

COUNTY Wilkinson

APPLICANT Wilkinson County
Bank

APPLICATIONS FOR FINANCIAL INSTITUION CONVERSIONS

FINANCIAL INSTITUTION
Members United Credit Union Albany, GA

APPROVAL DATE
11/24/2021

EFFECTIVE DATE

Page 4

November 2021

SUBSCRIBE TO RECEIVE THIS PUBLICATION

Subscribe to Receive this Publication: Notice of this publication is delivered to interested parties via e-mail. To subscribe to this publication as well as other items of interest, please visit our website at https://dbf.georgia.gov/.

Department of Banking and Finance 2990 Brandywine Road, Suite 200 Atlanta, Georgia 30341-5565 Phone: (770) 986-1633

The Department is the state agency that regulates and examines Georgia state-chartered banks, state-chartered credit unions, state-chartered trust companies, international banking organizations, and bank holding companies that own Georgia state-chartered financial institutions. The Department also has responsibility for the supervision, regulation, and examination of Merchant Acquirer Limited Purpose Banks chartered in Georgia.
In addition, the Department has regulatory and/or licensing authority over mortgage brokers, lenders and processors, mortgage loan originators, consumer installment loan companies, check cashers, sellersissuers of payment instruments, and money transmitters.
Our Mission is to promote safe, sound, competitive financial services in Georgia through innovative, responsive regulation and supervision.
Our Vision is to support vibrant economic growth and prosperity in Georgia.