InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC charges crypto company with fraud and anti-registration violations
On November 1, the SEC charged a crypto company and its executive team with fraud through the unregistered sale of crypto asset securities. According to the complaint, the defendants represented in marketing materials, website, social media posts, and other communications with the public that a certain percentage of funds for each transaction would be retained and inaccessible by any party for a period of four years as a safety mechanism against asset misappropriation. Instead, the complaint alleges, the defendants accessed the funds and misappropriated tens of millions of dollars for various purposes, including manipulation of the market for the crypto asset, business expenses, investments in unrelated companies, and personal use. The complaint charges defendants with violating the registration and anti-fraud provisions of the Securities Act of 1933 and the anti-fraud provisions of the Securities Exchange Act of 1934.
OCC releases commercial lending bulletin on venture loans
On November 1, the OCC issued a bulletin on “commercial loans to early-, expansion-, and late-stage companies,” which it referred to as “venture loans.” The OCC explained that although “venture lending supports new business formation and can improve access to capital for growth companies… new business ventures have a high probability of failure.” Accordingly, the bulletin, which “applies to all OCC-regulated banks, including community banks, that engage in or are considering engaging in venture lending,” provides guidance on the agency’s expectations for risk management and risk-rating of venture loans.
The bulletin expressly exempts “[f]ully monitored and controlled asset-based loans (ABL) to early-, expansion-, and late-stage companies,” from the guidance. In addition, the OCC does not categorize the following types of credit as venture loans:
- Loans to businesses that primarily rely on internal cash flow, rather than equity investments, for their growth;
- Loans made under government-backed lending support programs where federal, state, or local guarantees sufficiently reduce credit risk (e.g., SBA guarantees); and
- Loans made under special purpose credit programs (SPCP).
Regulators release final principles for climate-related financial risk management
On October 25, the Fed, OCC, and FDIC issued final interagency guidance titled Principles for Climate-Related Financial Risk Management for Large Financial Institutions. The principles are intended to help the largest institutions supervised by the Federal banking agencies, i.e., those with over $100 billion in assets, manage climate-related risk.
These climate-related risks include both physical and transition risks. Physical risks include “hurricanes, wildfires, floods, and heatwaves, and chronic shifts in climate, etc.,” while transition risks “refer to stresses to institutions or sectors arising from the shifts in policy, consumer and business sentiment, or technologies associated with the changes… [towards] a lower carbon economy.”
These climate-related risks affect the values of assets of liabilities and damage property, leading to a loss of income, defaults, and liquidity risks. The agencies created these principles to direct board of directors and managers make sound business practices with making progress toward mitigating climate-related financial risks.
CFPB Director Rohit Chopra, a member of the FDIC Board of Directors, shared remarks on the final principles, noting that climate change poses a dual challenge to protect infrastructure and fortify the financial system. He also stressed the need for regulatory guidance to convey clear and practical rules. FDIC Chairman Gruenberg also shared a statement on the final principles, highlighting the FDIC’s focus on the financial aspects of climate change, clarifying its role in managing risks rather than setting climate policy and encouraging cooperation among federal banking agencies to ensure consistency in addressing climate-related financial risks.
FDIC’s crypto risk oversight criticized in OIG report
On October 18, the FDIC Office of Inspector General released a report on the FDIC’s strategies addressing the risks posed by crypto assets. According to the report, the FDIC has started to develop and implement strategies that address crypto risks but has not assessed the significance and potential impact of the risks. Additionally, although the FDIC requested that financial institutions provide information pertaining to their crypto‑related activities, its process for providing supervisory feedback is unclear. Between March 2022 and May 2023, the FDIC sent pause letters to several institutions related to their crypto activities, but it had not provided supervisory feedback to all of those institutions, it did not have an expected timeline for reviewing information and responding to institutions, and its procedures did not describe what constitutes the end of the review process for supervised institutions that received a pause letter.
The OIG report recommends that the FDIC set a timeframe for assessing risks pertaining to related activities and update and clarify the supervisory feedback process related to its review of supervised institutions’ crypto-related activities. The FDIC agreed with both recommendations and plans to complete corrective actions by January 30, 2024.
FDIC proposes additions to its safety and soundness standards
On October 5, the FDIC issued a notice of proposed rulemaking that would add a new appendix to the agency’s safety and soundness standards. The new appendix, which would be Appendix C, “is intended to promote strong corporate governance and risk management at FDIC-supervised institutions that have total consolidated assets of $10 billion or more by proposing corporate governance and risk management guidelines.” The proposed guidelines would describe the general obligations of the board of directors, requiring the board to be active and involved in protecting the interests of the institution, adopt a code of ethics for the institution’s operations, and form a Risk Committee within the institution’s committee structure. The proposed guidelines would also require institutions to establish a risk management program that includes a “three-line-of-defense model” for risk monitoring and reporting, as well as require institutions to create and maintain a risk profile and risk appetite statements that are communicated to all employees to encourage compliance.
Treasury issues statement on U.S.-UK Financial Regulatory Working Group biannual meeting
On September 29, the Department of Treasury issued a statement on the U.S.-UK Financial Regulatory Working Group, comprised of officials from both countries, and its meeting to discuss key themes including: (i) economic stability; (ii) banking issues; (iii) non-bank sector developments; (iv) climate-related financial risks; (v) international engagement; and (vi) digital finance.
In their meeting, participants discussed international banking regulations, specifically Basel III, emphasizing the importance of consistent global implementation. They also acknowledged ongoing work by the Financial Stability Board (FSB) and Basel Committee on Banking Supervision regarding lessons learned from events in March 2023, with a focus on bank resolution. In addition, the group deliberated on the urgency of strengthening resilience within the non-bank financial intermediation (NBFI) sector. Topics included national reforms related to money-market funds, forthcoming work by the FSB to address vulnerabilities linked to leverage in the NBFI sector, and the value of globally implementing reforms in this sector to maintain financial stability. Among other topics, the group also noted progress in climate-related financial risks and sustainable finance mandates.
The group emphasized the importance of international cooperation and agreed to meet again in 2024 to continue their dialogue. Established in 2018, this biannual dialogue aims to enhance financial stability, investor protection, market efficiency, and capital formation in both countries.
OCC releases bank supervision operating plan for FY 2024
On September 28, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2024. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) asset and liability management; (ii) credit; (iii) allowances for credit losses; (iv) cybersecurity; (v) operations; (vi) digital ledger technology activities; (vii) change in management; (viii) payments; (ix) Bank Secrecy Act/AML compliance; (x) consumer compliance; (xi) Community Reinvestment Act; (xii) fair lending; and (xiii) climate-related financial risks.
Two of the top areas of focus are asset and liability management and credit risk. In its operating plan the OCC says that “Examiners should determine whether banks are managing interest rate and liquidity risks through use of effective asset and liability risk management policies and practices, including stress testing across a sufficient range of scenarios, sensitivity analyses of key model assumptions and liquidity sources, and appropriate contingency planning.” With respect to credit risk, the OCC says that “Examiners should evaluate banks’ stress testing of adverse economic scenarios and potential implications to capital” and “focus on concentrations risk management, including for vulnerable commercial real estate and other higher-risk portfolios, risk rating accuracy, portfolios of highest growth, and new products.”
The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
NYDFS updates criteria for virtual currency regulation
Adrienne Harris, Superintendent of the New York State Department of Financial Services (“DFS”) issued an update on the VOLT initiative, an ongoing project to enhance DFS’s role as a virtual currency regulator. Superintendent Harris published proposed guidance adopting enhanced criteria for procedures to list and de-list virtual currencies as well as updated guidance for designating virtual currencies to the DFS “Greenlist.”
The new General Framework for Greenlisted Coins sets (i) heightened risk assessment standards for coin-listing policies and enhances requirements for consumer-facing products; and (ii) new requirements associated with coin-delisting policies. Under the new guidance, a virtual currency entity that seeks to self-certify coins must create a coin-listing policy and may not self-certify any coins until such possibly has a written approval from DFS. A coin-listing policy must contain and be based on a robust governance structure; comprehensive risk assessment; consideration of factors to identify and mitigate risks involved in each coin and its uses; and policies and procedures to conduct continued monitoring of the coin to ensure consistent safety and soundness compliance.
The new framework does not require prior approval from the DFS to list coins included on the Greenlist, but does require virtual currency entities that choose to list such coins to (i) provide advance notification to DFS and (ii) have a DFS-approved coin-delisting policy.
NIST updates its Cybersecurity Framework
The National Institute of Standards and Technology (NIST) recently unveiled a proposed update to its Cybersecurity Framework, which was originally developed to provide information security guidelines for “critical infrastructure” like banking and energy industries. (Covered by InfoBytes here). The update includes a new, sixth pillar called “govern” that provides categories to facilitate executive oversight; manage enterprise risk (including supply chain risk); and effective alignment of enterprise resources, strategies, and risk, emphasizing that “cybersecurity is a major source of enterprise risk and a consideration for senior leadership.” This pillar will also guide organizations’ leadership in making internal decisions to support its cybersecurity strategy. The framework draft also updated its implementation guidance, especially for creating profiles that tailor guidance for certain situations. Additionally, NIST included implementation examples that are particularly beneficial for smaller firms. The framework’s lead developer, Cherilyn Pascoe, mentioned the framework has proven useful across many different sectors like small businesses and foreign governments, therefore it was updated to be a useful tool to sectors, regardless of type or size, outside of those designated as critical. A major goal of the updated version of the framework is to show organizations how to leverage existing technology frameworks, standards, and guidelines to implement NIST’s framework. Furthermore, the framework title changed from “Framework for Improving Critical Infrastructure Cybersecurity” to “The Cybersecurity Framework” to reflect its expanded inclusivity and wide adoption.
Public comments must be received by November 4.
FDIC releases operational risks in 2023 Risk Review
On August 14, the FDIC released its 2023 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2022 and early 2023 in five broad categories: (i) credit risk; (ii) market risk; (iii) operational risk; (iv) crypto-asset risk; and (v) climate-related financial risk. According to the FDIC, the current risk review adds a new section relating to the FDIC’s approach to understanding and evaluating crypto-asset-related markets and activities. Monitoring these risks is among the agency’s top priorities, the FDIC said, and the “failure of three large banking institutions in March and May highlighted certain risks to the banking sector.” The FDIC stated that weaker economic conditions and higher interest rates in 2022 continued through early 2023, and “financial market conditions tightened considerably starting in 2022 on rising interest rates, high inflations, and concerns over a potential recession.” Overall, the FDIC said that “despite these challenges and the market stress in early 2023, the banking industry demonstrated resilience, but industry performance moderated from 2022.”