• On June 11, 2024 the Office of the Comptroller of Currency (the “OCC”) issued version 2.0 of the “Retail Nondeposit Investment Products” booklet (the “RDNIP booklet”) of the Comptroller’s Handbook series. The revised RNDIP booklet is the first update since January 2015, incorporating significant regulatory changes adopted by the U.S. Securities and Exchange Commission’s Regulation Best Interest (“Regulation BI”), along with updates and revisions to OCC and Interagency guidance on Retail Nondeposit Investment Products (“RNDIPs”).
• While banks may recommend or sell RNDIPs directly, they are more commonly provided through “networking” arrangements with broker-dealers. The OCC’s revisions update the RNDIP booklet to discuss supervision of such broker-dealers for compliance with Regulation BI. For bank direct sales of RNDIPs, OCC examiners will look to see that sales and recommendations are suitable for the retail investor and adhere to safe and sound banking practices, although voluntary adoption of Regulation BI is encouraged. OCC examiners will include bank supervision of broker-dealers for compliance with Regulation BI in their examination of banks’ RNDIP sales programs.
• Other notable changes to the RNDIP booklet provide clarity and guidance on banks’ oversight and management in their RNDIP sales program, such as antifraud controls, disclosure and periodic reporting requirements, and delivery channel monitoring.

On June 11, 2024, the Office of the Comptroller of the Currency (the “OCC”) issued a substantial update of its “Retail Nondeposit Investment Products” booklet (the “RNDIP Booklet”), which is part of the Comptroller’s Handbook series. Applicable to national banks, federal savings associations and federal branches and agencies of foreign banking associations (collectively, “banks”), the booklet explains the risks associated with retail nondeposit investment product (“RNDIP”) sales programs and provides a framework for managing those risks. The RNDIP booklet also provides OCC examiners with guidance for evaluating banks’ RNDIP programs.

In addition to clarifying guidance on safe and sound risk management practices generally, the revised RNDIP booklet updates guidance relating to certain direct and indirect RNDIP sales activities in light of the adoption of Regulation Best Interest (“Regulation BI”) by the U.S. Securities and Exchange Commission (the “SEC”). In particular, the updates cover bank supervisory requirements relating to referrals to broker-dealers that sell retail products. The revised RNDIP booklet also incorporates updated interagency guidance concerning RNDIP activities published since the OCC’s prior issuance of the booklet in January 2015. We detail some of these updates below.

What are RNDIPs?

A RNDIP is any product with an investment component that is recommended or sold to a retail customer. Examples of RNDIPs include mutual funds, exchange traded funds, variable and fixed rate annuities, equities, fixed income securities, hedge funds, real estate investment trusts (“REITs”), private equity fund investments and certain derivatives. Though typically not insured by the Federal Deposit Insurance Corporation (the “FDIC”)—a point of focus in disclosure requirements—RNDIPs may include certain insured deposit instruments, such as structured certificates of deposit (“CDs”) and deposit sweep accounts, which may be FDIC insured when the funds are held in deposit. For supervisory purposes, the provision of financial planning services and investment advice by banks and their networking partners is also treated as the sale of RNDIPs if not directly provided under a bank’s fiduciary authority.

Many banks recommend or sell RNDIPs directly, but because bank authority to directly sell such products is limited, they more commonly do so through referral or so-called “networking” arrangements with broker-dealers and other providers. While the use of such networking arrangements allows banks to indirectly offer products they cannot provide themselves, the arrangements are subject to statutory requirements designed to ensure that retail customers understand that the products they receive are provided by the broker-dealer and not the referring bank. Moreover, the OCC expects banks to fully manage the risks around networking referrals, including reputational, compliance and other risks that require banks to understand, and surveil compliance with, the regulatory requirements that apply to those third parties.

Background on Regulation BI

Regulation BI imposes standards of conduct for broker-dealers when recommending particular securities transactions and investment strategies involving securities to retail investors. Overall, Regulation BI was intended to supersede requirements imposed on broker dealers by the Financial Industry Regulatory Authority (“FINRA”) under its pre existing “suitability” rule, both in expanding the scope of behavior covered and raising the bar for the standard of conduct generally. In particular, Regulation BI substantially increased disclosure requirements, prohibited certain sales programs and raised the “standard of care” when making recommendations.

More specifically, Regulation BI requires broker-dealers to act in the best interest of a retail customer at the time a recommendation is made, “without placing the financial or other interest of the broker, dealer, or natural person who is an associated person of a broker or dealer making the recommendation ahead of the interest of the retail customer.” This requirement is designed to maximize consistency with the fiduciary duties of care and loyalty imposed on investment advisers under the Investment Advisers Act of 1940, while accommodating the charging of transaction-based fees and other compensation models that are typical for broker-dealers.

These obligations are satisfied under Regulation BI if a broker-dealer satisfies four specific component obligations, which are described as: (i) the disclosure obligation; (ii) the care obligation; (iii) the conflict of interest obligation; and (iv) the compliance obligation.

• Disclosure Obligation. The disclosure obligation requires broker-dealers and their registered representatives to disclose in writing, prior to or at the time of providing a recommendation, all material facts relating to: (i) the scope and terms of the broker-dealer’s relationship with the retail customer; (ii) the material fees that apply to the relevant transactions, securities and accounts; (iii) the types of services provided, including any material limitations on the types of securities and strategies that a broker-dealer or its representative may recommend; and (iv) all material conflicts of interest relating to the recommendation.

• Care Obligation. Under the care obligation, a broker dealer and its registered representatives must exercise reasonable diligence, care and skill to understand the potential risks, rewards and costs associated with each recommendation and have a reasonable basis to believe that: (i) the recommendation could be in the best interest of at least some retail customers; (ii) the recommendation is in the best interest of the particular retail customer to whom it is provided based on such customer’s investment profile and does not place the financial or other interest of the broker-dealer ahead of the interest of the retail customer; and (iii) in the case of a series of recommended transactions, the transactions are not excessive and are in the retail customer’s best interest when taken together.

The care obligation imposed under Regulation BI raises the standard of conduct relative to FINRA’s suitability obligation in several ways. Regulation BI imposes a somewhat broader definition of “retail customer” relative to the FINRA rule and expands the scope of recommendations covered, while the care obligation requires greater consideration of costs when making a recommendation and explicitly mandates that recommendations be made in the best interests of customers.

• Conflict of Interest Obligation. The conflict of interest obligation requires broker-dealer policies and procedures to be reasonably designed to satisfy three basic requirements: (i) that all conflicts of interest are identified and, at a minimum, disclosed in accordance with the disclosure obligation; (ii) that conflicts of interest, such as compensation arrangements, that create an incentive for an associated person of the broker-dealer to place the interest of the firm or an associated person ahead of the interest of the retail customer are identified and mitigated; and (iii) that certain types of sales contests, quotas, bonuses and non-cash compensation arrangements are eliminated.

• Compliance Obligation. The compliance obligation requires broker-dealers to establish, maintain and enforce policies and procedures reasonably designed to comply with Regulation BI in its entirety.

Key Changes to the RNDIP Booklet

Incorporation of Regulation BI into the RNDIP Booklet

While Regulation BI governs the activities of broker-dealers only, the RNDIP booklet notes that banks may voluntarily adopt certain Regulation BI requirements in designing their direct sales programs to ensure that the RNDIP products they recommend are suitable for retail investors. In addition, the RNDIP booklet makes clear that banks’ responsibilities to manage various risks—including reputational, compliance and operational risks—include managing any such risks that arise indirectly from third party broker dealer violations of Regulation BI when a bank uses broker-dealer networking arrangements to offer RNDIPs. Accordingly, in light of Regulation BI’s new, more granular and prescriptive requirements relative to FINRA’s historical “suitability” rule, the revised RNDIP booklet provides general and specific guidance as to how banks should supervise for compliance, as described in more detail below.

• Incorporation of the Disclosure Obligation. The RNDIP booklet instructs that banks should have processes to (i) assess whether broker-dealers are providing required disclosures; and (ii) ensure such disclosures are timely and are being updated as necessary. Banks are also advised to consider what aspects of the disclosure obligation may be appropriate for their direct sales, suggesting that Regulation BI may serve as guidance to such sales even if not directly applicable.

• Incorporation of the Care Obligation. The RNDIP booklet instructs that banks should have a process to obtain (i) customer information used by broker dealers to develop investment profiles; and (ii) information about the processes employed by broker-dealers to determine whether they have a reasonable basis to believe that a recommendation is in the best interest of a customer. Bank supervisory personnel are expected to review such information to determine whether broker-dealers are making recommendations in a manner consistent with the care obligation.

• Incorporation of the Conflict of Interest Obligation. The RNDIP booklet instructs that banks should review the broker dealer’s policies and procedures for compliance with the conflict of interest obligation at both the firm and registered representative levels and review which conflicts should be disclosed, mitigated or eliminated.

• Compliance Obligation. The RNDIP booklet instructs that banks should review the policies and procedures of networking broker-dealers and have a process to evaluate whether those policies and procedures contain expected elements; including appropriate controls, remediation of noncompliance, training and periodic reviews and testing.

At some points in the revised RNDIP booklet, the OCC also recommends that banks consider Regulation BI requirements in designing their direct sales program. In any case, it also reminds that bank direct sales must be consistent with safe and sound banking practices. Banks that intend to voluntarily adopt aspects of Regulation BI into their direct sales programs should ensure that any such aspects are fully reflected in their policies and procedures.

Form CRS

Additionally, under a separate rulemaking adopted contemporaneously with Regulation BI, the SEC now requires broker-dealers and investment advisers to provide a brief, plain-English summary of their service offerings to retail investors using a prescribed form known as the Relationship Summary (or “Form CRS”). Required information includes: (i) types of customer relationships and services the firm offers; (ii) the fees, costs, conflicts of interest and required standard of conduct associated with those relationships and services; (iii) whether the firm and its financial professionals currently have a reportable legal or disciplinary history; and (iv) how to obtain additional information about the firm. Broker-dealers and investment advisers must initially provide their Relationship Summaries to prospective investors prior to making recommendations, opening accounts or entering into advisory contracts , make follow up deliveries at specified other times and file their forms with the SEC as well as making them available on websites.

Accordingly, the updated RNDIP booklet also advises banks to have a process to evaluate compliance with Relationship Summary requirements and to review relevant documentation. As part of this process, banks are expected to review documentation that provides a view into a networking broker-dealer’s process for drafting and updating its Relationship Summary, filing the Form CRS with the SEC, publishing the form to its public website, and delivering the form to its retail investors in a timely fashion.

Other Noteworthy Changes

The revised RNDIP booklet also clarifies and incorporates revisions to OCC and interagency guidance, including:

• Electronic Premises. The RNDIP booklet now clarifies that a bank’s premises are deemed to include its website or its mobile app. In examinations, OCC examiners will assess whether bank management properly identifies and manages the risks associated with all RNDIP delivery channels, so banks must keep abreast of any particular risks that may be associated with the sale of RNDIPs through these electronic means (e.g., risks associated with the use of any third-party service providers hosting, designing or maintaining the websites or mobile apps).

• Antifraud Provisions. In addition to reminding banks that their RNDIP programs are subject to the antifraud provisions of the federal securities laws both when they sell RNDIPs directly and indirectly through networking arrangements, the revised RNDIP booklet flags that RNDIP programs should also incorporate fundamental fraud risk management controls appropriate to the bank’s products and services, as further discussed in OCC Bulletin 2019-37, “Operational Risk: Fraud Risk Management Principles.”

• Functional Regulation. The OCC simplified the guidance on functional regulation in the revised RNDIP booklet, stating that while the OCC is not the functional regulator for broker-dealer RNDIP programs, the OCC is responsible for evaluating the overall risk profile of the national banks and federal savings associations for which it serves as the primary regulator. The previous guidance was largely moved to the OCC’s “Bank Supervision Process” booklet.

• Program Management. The revised RNDIP booklet updates the discussion of banks’ oversight of and program management for RNDIP sales activities by deleting restatements of guidance in the federal banking regulators’ Interagency Statement on Retail Sales of Nondeposit Investment Products (the “Interagency Statement”) and relying more heavily on cross-references to the original materials. These requirements are not new, but the direct quotes and references now included in the bulletin eliminate potential inconsistencies and emphasize the importance of compliance with the Interagency Statement in assessing a bank’s overall compliance with the requirements of a RNDIP program.

Takeaways

Overall, the revisions to the OCC’s RNDIP booklet reflect an increased regulatory focus on bank safety, soundness and resiliency through strong risk management. The most substantial changes to the RNDIP booklet are those concerning specific guidance about expectations for supervising broker-dealers in connection with compliance with Regulation BI.

Banks relying on broker-dealers in their RNDIP sales programs under the networking exception should review their policies and procedures for effective oversight and monitoring of their networking programs to ensure that sales transactions and recommendations to retail investors comply with Regulation BI. Specifically, banks should review the types of information and documentation they collect from networking broker-dealers for compliance with component elements of Regulation BI in a manner consistent with the revised RNDIP booklet. In addition to monitoring broker-dealer compliance, banks should also be mindful of the need to monitor compliance obligations that apply to the registered representatives of broker-dealers, including with respect to representative specific conflicts of interest and compensation arrangements. Finally, banks should generally review disclosures made by networking broker-dealers for compliance with Regulation BI and Form CRS requirements.

Given the several references made in the revised RNDIP booklet to the voluntary adoption of elements of Regulation BI into direct sales practices, it appears likely that OCC examiners will use guidance from the Regulation BI rulemaking to scrutinize direct marketing and sales activities that raise strong conflicts of interest, the scope of such activities that banks are covering in their internal policies and procedures and the adequacy of conflicts disclosure in bank marketing materials. Banks should review their policies for ensuring that their direct RNDIP sales practices comply with safe and sound banking practices in this light, potentially by incorporating Regulation BI controls where appropriate.

We would like to give a special thanks to Debevoise summer law clerk Tealanie Baldwin for her contributions to this article.

This publication is for general information purposes only. It is not intended to provide, nor is it to be used as, a substitute for legal advice. In some jurisdictions it may be considered attorney advertising.