InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Fed finalizes updates to policy on payment system risk
On December 2, the Federal Reserve Board finalized clarifying and technical updates to its Policy on Payment System Risk (PSR). The changes, which are adopted largely as proposed in May 2021 (covered by InfoBytes here), expand depository institutions’ eligibility to request collateralized intraday credit from the Federal Reserve Banks (FRBs), and ease the process for submitting such requests. The final updates also clarify eligibility standards for accessing uncollateralized intraday credit; modify the PSR policy to support the launch of the FedNow instant-payments platform, which is scheduled for mid-year 2023 (covered by InfoBytes here); and simplify and incorporate the related Overnight Overdrafts policy into the PSR policy. Updates related to FedNow and the Overnight Overdrafts policy will take effect once the FRBs start processing live transactions for FedNow. The remaining updates are effective 60 days following publication in the Federal Register.
Senate Banking grills regulators on crypto
On November 15, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Oversight of Financial Regulators: A Strong Banking and Credit Union System for Main Street” to hear from federal financial regulators about growing risks related to bank mergers, bailouts, climate change, crypto assets, and cyberattacks, among other topics. Committee Chairman Sherrod Brown (D-OH) opened the hearing by emphasizing that Congress “must stay vigilant and empower regulators with the tools to combat these growing risks,” and said that banks and credit unions must be able to partner with third parties in a manner that enables competition but without risking consumer money. He also warned that big tech companies and shadow banks should not be allowed to “play by different rules because of special loopholes.” In his opening statement, Ranking Member Patrick J. Toomey (R-PA) challenged the regulators to “not stray beyond their mandates into politically contentious issues or establish unnecessary new regulatory burdens,” pointing to the participation of the Federal Reserve Board, FDIC, and OCC in the Network for the Greening the Financial System as an example of politicizing financial regulation.
Testifying at the hearing were the Fed’s Vice Chair for Supervision Michael S. Barr, NCUA Chair Todd M. Harper, acting FDIC Chairman Martin J. Gruenberg, and acting Comptroller of the Currency Michael J. Hsu. Cryptocurrency concerns were a primary focus during the hearing, where Toomey asked the regulators why they still have not provided public clarity on banks’ involvement in crypto activities, such as providing custody services or issuing stablecoins.
Pointing to a major cryptocurrency exchange’s recent major collapse, Toomey pressed Hsu on whether the OCC “discourages banks from providing custody services” for crypto assets. Toomey speculated, “it seems to me if people had access to custody services provided by a wide range of institutions, including regulated financial institutions, they might be able to sleep more comfortably knowing that those assets are unlikely to be used for some completely inappropriate purpose.” Answering that the OCC discourages banks from engaging in activities that are not safe, sound, and fair, Hsu acknowledged that there are underlying fundamental issues and questions about what it means to control crypto through a custody “which have not been fully worked out.” Toomey emphasized that part of the obligation rests on the OCC to provide clarity on how banks could provide these services in a safe, sound, and fair manner, and stressed that currently these activities are operating in a space outside the regulatory perimeter. Barr agreed that it would be useful for the Fed to provide guidance to banks on how to safely custody crypto assets and said it is something he plans to work on with his colleagues.
Toomy further noted that Congress’s failure “to pass legislation in this space and the failure of regulators to provide clear guidance has created ambiguity that has driven developers and entrepreneurs overseas where regulations are often lax at best.” Senator Bill Haggerty (R-TN) cautioned that lawmakers should not resort to a “heavy-handed” regulatory response to the cryptocurrency exchange’s collapse. “No amount of poorly considered, knee-jerk over-regulation here in the U.S. would have prevented a foreign-domiciled company like [the collapsed cryptocurrency exchange] from doing what it did,” Haggerty said. “The fact of the matter is that crypto, much like all of finance, isn’t beholden to a specific country or a specific legal system, and by not acting and by failing to provide legal clarity here in the United States, Congress only incentivizes activity to migrate outside of our country’s borders,” Haggerty stated, adding that it is “important to recognize that whatever happened with a bad actor running a centralized exchange and defrauding customers” has “nothing to do with the technology underpinning crypto itself.” When asked by Sen. John Kennedy (R-LA) which regulator was responsible for watching the collapsed cryptocurrency exchange, Gruenberg said “I think in the first instance, you’d probably want to engage with the market regulators, the SEC and the CFTC, to talk about the activities and the authorities in this area.”
The regulators also discussed efforts to mitigate cybersecurity risks and strengthen information security within the banking industry. Hsu stressed during the hearing that “the greatest risk is the risk of complacency,” while noting in his prepared remarks that the OCC is aware of the risks associated with cybersecurity and has “encouraged banks to stay abreast of new technology and threats.” Barr pointed to the importance of operational resilience in his prepared remarks, noting that “technology-based failures, cyber incidents, pandemics, and natural disasters,” combined with the growing reliance on third-party service providers, expose banks to a range of operational risks that are often challenging to anticipate. Harper commented in his prepared remarks that the NCUA continues to provide guidance for credit unions to reinforce their ability to withstand potential cyberattacks, and recommends that credit unions report cyber incidents to the NCUA, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. In his prepared remarks, Gruenberg pointed to recent examination findings revealing that banks that have dedicated resources for implementing appropriate controls are better at defending against cyberattacks, and said the FDIC is “piloting technical examination aids that will help [] examiners focus on the controls [] found to be most effective in defending against these attacks.”
The House Financial Services Committee also held a hearing later in the week that focused on similar topics with the regulators. Chair Maxine Waters (D-CA) and Rep. Patrick McHenry (R-NC) also announced that the committee will hold a hearing in December to investigate the aforementioned cryptocurrency exchange’s collapse and understand the broader consequences the collapse may have on the digital asset ecosystem.
Commissioner says CFTC should take a “same risk, same regulatory outcome” approach for addressing crypto risks
On October 26, CFTC Commissioner Christy Goldsmith Romero spoke before the International Swaps and Derivatives Association’s Crypto Forum 2022, where she presented thoughts on the financial stability risks of cryptocurrency assets. Romero cautioned that the “rapidly developing crypto market” is facing similar financial stability risks as the traditional financial system, including parallel themes from the 2008 financial crisis. She highlighted events such as those that happened earlier in the year where an algorithmic stablecoin and related crypto-asset collapsed and triggered a broad sell off of cryptocurrency that spread losses to several institutions who abruptly cut off lending. These vulnerabilities serve as a warning for growing intra-market risks, Romero said, explaining that “[j]ust as regulators could not see the true exposures or risk in 2008 due to unregulated companies and products, [regulators] cannot see that today with unregulated crypto markets.” Moreover, without additional regulatory authority, the CFTC’s ability to monitor these risks is hampered, she said, adding that “[f]inancial stability risk will increase, and could rise to the level of systemic risk if in the future there are greater interconnections between the crypto industry and traditional finance players performing critical market functions.”
Romero recognized that novel technologies bring novel risks, and said that the CFTC should address these risks by using its existing authority to follow a “same risk, same regulatory outcome” approach and establish customer protections and guardrails that investors and customers are familiar with and have come to expect from other regulated financial products and markets. She emphasized that financial institutions interested in entering the digital asset space “should undertake substantial due diligence to determine vulnerabilities” in areas such as cyber theft, money laundering, and sanctions evasion; fraud, scams, and market manipulation; customer asset segregation; and conflicts of interest.
OCC releases bank supervision operating plan for FY 2023
On October 6, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2023. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) strategic and operational planning; (ii) operational resiliency; (iii) third-party oversight and risk management; (iv) credit risk management with a focus on new products, areas of highest growth, and portfolios representing concentrations; (v) allowances for credit losses (ACL), including instances where ACL processes use third-party modeling techniques; (vi) interest rate risk; (vii) liquidity risk management; (viii) consumer compliance management systems with a focus on how programs are disclosed in relation to UDAP and UDAAP statutes; (ix) Bank Secrecy Act/AML compliance; (x) fair lending risks; (xi) Community Reinvestment Act strategies and the potential for modernization rulemaking; (xii) new products and services in areas such as payments, fintech, and digital assets; and (xiii) climate-change risk management. The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
OFAC issues guidance on instant payment systems sanctions compliance
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published Sanctions Compliance Guidance for Instant Payment Systems, which emphasizes the importance of taking a risk-based approach to managing sanctions risks in the context of new payment technologies, such as instant payment systems, and highlights considerations relevant to managing those risks. According to OFAC, the guidance “encourages developers of instant payment systems to incorporate sanctions compliance considerations and features as they develop these systems.” The guidance, among other things, describes: (i) risk factors and considerations for instant payment systems; (ii) domestic vs. cross-border payment system; (iii) availability of emerging sanctions compliance technologies and solution; (iv) nature and value of payment; and (v) OFAC engagement and resources.
Treasury seeks info on illicit finance, national security risks of digital assets
On September 19, the U.S. Treasury Department issued a request for comment (RFC) seeking feedback on illicit finance and national security risks posed by digital assets. The RFC, issued pursuant to Executive Order 14067 “Ensuring Responsible Development of Digital Assets” (covered by InfoBytes here), requests public input on illicit finance risks, anti-money laundering and combating the financing of terrorism (AML/CFT) regulation and supervision, global implementation of AML/CFT standards, private sector engagement, and central bank digital currencies. The RFC also seeks feedback on actions the U.S. government and Treasury should take to mitigate these risks, in addition to whether public-private collaboration may improve efforts to address risks. Comments on the RFC are due November 3.
“Without appropriate controls and enforcement of existing laws, digital assets can pose a significant risk to national security by facilitating illicit finance, such as money laundering, cybercrime and terrorist actions,” U.S. Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement. “As we work to implement the Illicit Finance Action Plan, hold bad actors accountable and identify potential gaps in existing enforcement, we look forward to receiving the public’s input on this urgent work.”
The RFC follows the September 16 release of Treasury’s Action Plan to Address Illicit Financing Risks of Digital Assets (covered by InfoBytes here).
SEC proposes new rules for clearing agencies
On September 14, the SEC announced a proposed rule regarding risk management practices for central counterparties in the U.S. Treasury Department market. Among other things, the proposed rule would update the membership standards required of covered clearing agencies for the Treasury market with respect to a member’s clearance and settlement of specified secondary market transactions. Specifically, the proposal would require that clearing agencies in the U.S. Treasury market adopt policies and procedures designed to require their members to submit for clearing certain specified secondary market transactions, which would include: “all repurchase and reverse repurchase agreements collateralized by U.S. Treasury securities entered into by a member of the clearing agency; all purchase and sale transactions entered into by a member of the clearing agency that is an interdealer broker; and all purchase and sale transactions entered into between a clearing agency member and either a registered broker-dealer, a government securities broker, a government securities dealer, a hedge fund, or a particular type of leveraged account.” According to a statement by SEC Chair Gary Gensler, the proposed rule would “reduce risk across a vital part of our capital markets in both normal and stress times.” The SEC also released a Fact Sheet providing more information on the proposal. Comments are due 60 days after publication in the Federal Register.
Treasury says financial system is critical in addressing climate change
On September 9, the U.S. Treasury Department’s Under Secretary for Domestic Finance Nellie Liang spoke at the Office of Financial Research’s Climate Implications for Financial Stability Conference discussing the Department’s efforts to assess climate-related risks to the economy, financial institutions, and investors. Pointing to several studies showing the increasing economic and financial costs of climate change, Liang noted that the financial system has a “critical role to play” in addressing climate-related financial risks and that regulators and standard setters have a “responsibility to make the financial system more resilient to climate change.” In particular, Liang identified a Financial Stability Oversight Council (FSOC) report that contained numerous recommendations for its members to consider to address climate change-related threats to financial stability. She also discussed interagency working groups created by FSOC to “bring together the agencies and leverage their efforts to improve data quality and availability, data infrastructure, climate risk metrics, and scenario analysis.” According to Liang, ongoing research—such as that presented at the event regarding how a bank’s climate commitments, the tax code, or borrowers’ scope disclosures “affect the[] cost and availability of credit, and the sensitivity of market-based measures of financial firms’ stress to climate risks”—is “important for regulators and policymakers to better understand private behavior and how incentives can help to manage climate-related financial risks.”
Hsu focusing on fintech partnerships, crypto activities
On September 7, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the TCH + BPI Annual Conference in New York where he provided an update on agency priorities related to “guarding against complacency, addressing inequality, adapting to digitalization, and managing climate-related risk.” Among other things, Hsu’s prepared remarks highlighted the fact that while the banking industry needs to adapt to digitalization, it is important to maintain a “careful and cautious” approach to cryptocurrency activities. He referred to OCC Interpretive Letter 1179 (covered by InfoBytes here), which clarifies that national banks and federal savings associations should not engage in certain crypto activities unless they are able to “demonstrate, to the satisfaction of its supervisory office, that [they have] controls in place to conduct the activity in a safe and sound manner.” Hsu further noted in his remarks that the regulators’ careful and cautious approach helps explain, at least in part, why the federally-regulated banking system has been largely unaffected by the recent failure of several crypto platforms.
Hsu also stressed the need to develop a better understanding of bank-fintech arrangements, stressing that these partnerships are growing at an exponential rate and are becoming more complicated. While “[t]echnological advances can offer greater efficiencies to banks and their customers[,] [t]he benefit of those efficiencies… are lost if a bank does not have an effective risk management framework, and the effect of substantial deficiencies can be devastating,” Hsu said. He added that the OCC is “currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes” to “enable a clearer focus on risks and risk management expectations,” and stated that the agency is coordinating with other regulators to make sure there is “a shared understanding of how the financial system is evolving and that regulatory arbitrage and races to the bottom are minimized.” During his speech, Hsu also touched upon topics related to climate-related risks, economic inequality and structural barriers to financial inclusion, and the importance of maintaining strong risk management discipline.
FDIC updates risk management, consumer compliance examination policies
Recently, the FDIC updated Section 2.1 of its Risk Management Manual of Examination Policies related to capital. The FDIC noted that since capital adequacy assessments are central to the supervisory process, examination staff “evaluate all aspects of a financial institution’s risk profile and activities to determine whether its capital levels are appropriate and in compliance with minimum regulatory requirements.” This includes examining a financial institution’s capital ratios, risk-weighted assets, regulatory capital requirements, community bank leverage ratios, capital adequacy (including liquidity, earnings, and market risk), and adherence to laws and regulations. The FDIC also announced updates to the Privacy—Telephone Consumer Protection Act section within its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for FDIC examination staff evaluating financial institutions’ compliance with federal consumer protection laws and regulations.