InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
White House presses regulators on framework for digital assets
On September 16, the White House published a comprehensive framework for the responsible development of digital assets, calling on federal regulators to “provide innovative U.S. firms developing new financial technologies with regulatory guidance, best-practices sharing, and technical assistance.” The framework follows an executive order (E.O.) issued by the Biden administration in March (covered by InfoBytes here), which outlined the first “whole-of-government” strategy for coordinating a comprehensive approach to ensuring responsible innovation in digital assets policy. Consistent with the E.O.’s deadline, nine reports have been submitted to President Biden to date that “call on agencies to promote innovation by kickstarting private-sector research and development and helping cutting-edge U.S. firms find footholds in global markets.” The reports also “call for measures to mitigate the downside risks, like increased enforcement of existing laws and the creation of commonsense efficiency standards for cryptocurrency mining.”
Among other things, the reports (i) direct the Federal Reserve Board to continue its research and experimentation on issuing a central bank digital currency, and request the creation of a U.S. Treasury Department-led interagency working group to support Fed efforts; (ii) encourage the SEC and CFTC to “aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space”; (iii) urge the CFPB and FTC to address consumer complaints related to unfair, deceptive, or abusive practices in the crypto space; (iv) encourage agencies to issue guidance and rules for addressing current and emergent risks in the digital asset ecosystem; (v) urge agencies and law enforcement to take joint measures to address digital asset risks impacting consumers, investors, and businesses; and (vi) encourage agencies to share data on consumers’ digital asset complaints. To promote access to safe and affordable financial services, the administration said it plans to explore how crypto-related technologies can bolster financial inclusion, and will encourage the adoption of instant payment systems, weigh recommendations for creating a federal framework for non-bank payment service oversight, and prioritize efforts to improve cross-border payment efficiency. Additionally, the administration said it is exploring the possibility of amending the Bank Secrecy Act and other related statutes to “explicitly” apply to digital asset exchanges and non-fungible token platforms, and is considering a legislative request to toughen penalties for unlicensed money transmitters and give the DOJ more jurisdictional digital asset prosecution authority.
The Treasury released three reports addressing the future of money and payment systems, consumer and investor protection, and illicit finance risks in response to the E.O. The reports, The Future of Money and Payments, Crypto-Assets: Implications for Consumers, Investors, and Businesses, and Action Plan to Address Illicit Financing Risks of Digital Assets call on regulators to mitigate crypto-related risks to consumers, investors, and businesses. “Innovation is one of the hallmarks of a vibrant financial system and economy,” Treasury Secretary Janet Yellen said. “But as we have learned painfully from the past, innovation without appropriately addressing the impact of these developments can result in significant disruptions and harm to the financial system and individuals, especially our more vulnerable populations.” The reports examine the future of digital assets and offer recommendations to address consumer and investor protection concerns, combat illicit finance risks, and improve the payments system to support a more competitive, efficient, and inclusive landscape.
The same day, the DOJ also released a report in response to the E.O. The Role Of Law Enforcement In Detecting, Investigating, And Prosecuting Criminal Activity Related To Digital Assets examines ways illicit actors exploit digital asset technologies and addresses challenges posed by digital assets to criminal investigations. The report provides recommendations to further enhance law enforcement’s ability to address digital asset crimes, such as strengthening criminal penalties and extending the statutes of limitations for crimes involving digital assets from five to ten years, and identifies three priorities: (i) “expanding to virtual asset service providers the laws preventing employees of financial institutions from tipping off suspects to ongoing investigations”; (ii) “strengthening the law criminalizing the operation of unlicensed money transmitting businesses”; and (iii) “extending the statute of limitations of certain statutes to account for the complexities of digital assets investigations.” The DOJ also launched the Digital Asset Coordinator Network, which will serve as the agency’s primary source for obtaining and disseminating information related to digital assets crimes.
SEC opens crypto assets office
On September 8, SEC Chair Gary Gensler issued remarks before the Practising Law Institute to discuss cryptocurrency tokens and corresponding SEC regulation. During his remarks, Gensler stated his view that the “vast majority” of cryptocurrency tokens on the market are securities that are subject to SEC regulation. As a result, investors in cryptocurrencies “deserve disclosure to help them sort between the investments that they think will flourish and those that they think will flounder,” and that the law requires such protections. Gensler, also addressed stablecoins, which he also concluded raised significant policy issues. Gensler pointed out that depending on their attributes, stablecoins “may be shares of a money market fund or another kind of security,” and therefore require registration and deserve investor protections. Finally, addressing crypto intermediaries, Gensler noted that they are either engaging “in the business of effecting transactions in crypto security tokens for the account of others, which makes them brokers, or engage in the business of buying and selling crypto security tokens for their own account, which makes them dealers.” He warned that because crypto intermediaries often commingle other functions with a market, investors are inherently exposed to conflicts of interest and risks. To address this, Gensler noted that he encouraged SEC staff to collaborate “with intermediaries to ensure they register each of their functions—exchange, broker-dealer, custodial functions, and the like—which could result in disaggregating their functions into separate legal entities to mitigate conflicts of interest and enhance investor protection.” Gensler noted that legislation should be crafted in a way that maintains the SEC’s oversight of crypto security tokens, and added that these kind of assets make up most of the digital assets that are currently traded.
The same week, the SEC announced it is establishing an Office of Crypto Assets and an Office of Industrial Applications and Services to the Division of Corporation Finance’s Disclosure Review Program (DRP), which “has long had offices to review company filings by issuers.” According to the SEC, the offices will join the seven existing offices that provide focused review of issuer filings to continue the SEC’s efforts in promoting capital formation and protecting investors. The Office of Crypto Assets will permit “the DRP to better focus its resources and expertise to address the unique and evolving filing review issues related to crypto assets.”
FDIC, FinCEN release results of digital identity tech sprint
On September 9, the FDIC and FinCEN announced key takeaways and solution summaries from a recent “Tech Sprint” to develop solutions for banks and regulators to help measure the effectiveness of digital identity proofing. As previously covered in InfoBytes, in January, the FDIC’s technology lab, FDiTech, and FinCEN announced the launch of a Tech Sprint challenging participants “to develop solutions for financial institutions and regulators to help measure the effectiveness of digital identity proofing—the process used to collect, validate, and verify information about a person.” The FDIC and FinCEN sought solutions that included, among other things: (i) increasing efficiency and account security; (ii) reducing fraud and other forms of identity-related crime; (iii) reducing the risk of money laundering and terrorist financing; and (iv) fostering customer confidence in the digital banking environment.
The Tech Sprint resulted in proposed solutions that followed one of three distinct approaches: (i) tools that would measure the effectiveness of identity proofing systems; (ii) development of a scoring methodology for remote identity proofing; and (iii) envisioning an identity provider consortium or platform. The release also noted that multiple participating teams referenced the use of source verification, interoperability, and emerging technologies such as zero knowledge proofs and multi-party computation for secure, privacy-protecting data sharing.
FinCEN stresses importance of reliable digital interactions
On September 7, speaking before the 2022 Federal Identity Forum & Exposition in Atlanta, Georgia, acting Deputy Director of FinCEN Jimmy Kirby addressed the importance digital identity plays in FinCEN’s mission as it relates to privacy and cybersecurity, particularly with respect to protecting the U.S. financial system from illicit finance. This includes helping financial institutions comply with various reporting requirements, such as filing suspicious activity reports and currency transaction reports and ensuring that recordkeeping requirements under the Customer Identification Program and Customer Due Diligence rules are met. While Kirby recognized that digital identity frameworks have the potential to “spur innovation in financial products and services across the legacy financial system, as well as digital assets and emerging central bank digital currencies,” he stressed it is vital that digital identity is handled correctly through the implementation of “identity solutions that preserve privacy and security, promote financial inclusion, and protect the integrity of the financial system.” Focusing on topics related to emerging threats and responsible innovation, Kirby emphasized the need for financial institutions to implement measures for knowing who their customers are, both on the front end and throughout the customer relationship, and to take steps to prevent identity theft and fraud. Kirby also discussed the importance of fostering responsible innovation and developing infrastructure, information sharing, and standards that mitigate the risks associated with digital identities.
Fed vice chair for supervision outlines future priorities
On September 7, Federal Reserve Board Vice Chair for Supervision Michael Barr laid out his goals for making the financial system safer and fairer during a speech at the Brookings Institution, highlighting priorities related to risk-focused capital frameworks and bank resiliency, mergers and acquisitions, digital assets and stablecoins, climate-related financial risks, innovation, and Community Reinvestment Act modernization plans. Addressing issues related to resolvability, Barr signaled that the Fed would begin “looking at the resolvability of some of the other largest banks [in addition to globally systemically important banks] as they grow and as their significance in the financial system increases.” With respect to bank mergers, Barr commented that “the advantages that firms seek to gain through mergers must be weighed against the risks that mergers can pose to competition, consumers and financial stability.” He said he plans to work with Fed staff to assess how the agency performs merger analysis and whether there are areas for improvement. Barr also discussed financial stability risks posed by new forms of private money created through stablecoins and stressed that Congress should work quickly to enact legislation for bringing stablecoins (especially those intended to serve as a means of payment) within the prudential regulatory perimeter. He added that the Fed plans to make sure that the crypto activity of supervised banks “is subject to the necessary safeguards that protect the safety of the banking system as well as bank customers,” and said “[b]anks engaged in crypto-related activities need to have appropriate measures in place to manage novel risks associated with those activities and to ensure compliance with all relevant laws, including those related to money laundering.”
Hsu focusing on fintech partnerships, crypto activities
On September 7, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the TCH + BPI Annual Conference in New York where he provided an update on agency priorities related to “guarding against complacency, addressing inequality, adapting to digitalization, and managing climate-related risk.” Among other things, Hsu’s prepared remarks highlighted the fact that while the banking industry needs to adapt to digitalization, it is important to maintain a “careful and cautious” approach to cryptocurrency activities. He referred to OCC Interpretive Letter 1179 (covered by InfoBytes here), which clarifies that national banks and federal savings associations should not engage in certain crypto activities unless they are able to “demonstrate, to the satisfaction of its supervisory office, that [they have] controls in place to conduct the activity in a safe and sound manner.” Hsu further noted in his remarks that the regulators’ careful and cautious approach helps explain, at least in part, why the federally-regulated banking system has been largely unaffected by the recent failure of several crypto platforms.
Hsu also stressed the need to develop a better understanding of bank-fintech arrangements, stressing that these partnerships are growing at an exponential rate and are becoming more complicated. While “[t]echnological advances can offer greater efficiencies to banks and their customers[,] [t]he benefit of those efficiencies… are lost if a bank does not have an effective risk management framework, and the effect of substantial deficiencies can be devastating,” Hsu said. He added that the OCC is “currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes” to “enable a clearer focus on risks and risk management expectations,” and stated that the agency is coordinating with other regulators to make sure there is “a shared understanding of how the financial system is evolving and that regulatory arbitrage and races to the bottom are minimized.” During his speech, Hsu also touched upon topics related to climate-related risks, economic inequality and structural barriers to financial inclusion, and the importance of maintaining strong risk management discipline.
OCC orders bank to improve oversight of fintech partnerships
Recently, a national bank disclosed an agreement reached with the OCC that requires the bank to improve its oversight and management of third-party fintech partnerships. According to an SEC filing, the OCC found unsafe or unsound practices related to the bank’s third-party risk management, Bank Secrecy Act (BSA)/anti-money laundering risk management, suspicious activity reporting, and information technology control and risk governance. Under the terms of the agreement, the bank must, within 10 days of the agreement, appoint a compliance committee comprised mostly of members from outside the bank to meet at least quarterly and provide progress reports outlining the results and status of the mandated corrective actions. Within 60 days of the agreement, the bank must also adopt and implement guidelines for assessing risks posed by third-party fintech partnerships and address how the bank “identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable.” Additionally, the bank must establish criteria for their board of directors' review and approval of third-party fintech relationship partners, as well as how it will assess “BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations.” The agreement also requires due diligence, monitoring, and contingency plan measures.
The agreement further stipulates that the bank’s board and management shall, within 90 days, (i) set up written BSA risk assessment guidelines; (ii) adopt an independent audit program; (iii) implement expanded risk-based policies, procedures, and processes to obtain and analyze appropriate customer due diligence, enhanced due diligence, and beneficial ownership information, including for fintech businesses; (iv) develop and adhere to a set of standards to ensure timely suspicious activity monitoring and reporting; and (v) establish a program to assess and manage the bank’s information technology activities, including those conducted by third-party partners. The bank must also conduct a suspicious activity review lookback within 30 days.
House Oversight seeks info from digital asset exchanges, financial regulators
On August 30, the Subcommittee on Economic and Consumer Policy of the House Committee on Oversight and Reform announced that Representative Raja Krishnamoorthi (D-IL), Chair of the Subcommittee, sent letters to the U.S. Treasury Department, SEC, CFTC, and FTC, in addition to five digital asset exchanges, requesting information on how they are combating cryptocurrency-related fraud and scams. According to his letters, Chairman Krishnamoorthi is “concerned about the growth of fraud and consumer abuse linked to cryptocurrencies.” He further added that “[t]he lack of a central authority to flag suspicious transactions in many situations, the irreversibility of transactions, and the limited understanding many consumers and investors have of the underlying technology make cryptocurrency a preferred transaction method for scammers.” In the letters to the federal agencies, he stated that “the federal government has been slow to curb cryptocurrency scams and fraud,” and that “[e]xisting federal regulations do not comprehensively or clearly cover cryptocurrencies under all circumstances.” In one of the letters to the digital asset exchanges, Krishnamoorthi noted that “cryptocurrency exchanges must themselves act to protect consumers conducting transactions through their platforms.” The letters requested that all recipients provide information to the subcommittee outling “steps they are taking to combat cryptocurrency-related fraud and scams and additional actions that are needed to protect Americans” in order to “help Congress understand what they are doing to protect consumers and inform legislative solutions to bring stability to the digital asset industry.”
Fed discusses technology, innovation, and financial services
On August 17, Federal Reserve Governor Michelle W. Bowman spoke before the VenCent Fintech Conference in Arkansas regarding technology, innovation, and financial services. In her remarks, Bowman discussed the importance of technology and how it is leading to new bank business models, including application programming interfaces and other technologies that allow nonbank technology firms to provide financial services. Bowman also discussed why customers engage more in crypto assets, such as that there has been “significant consumer demand for engagement in these types of services,” and that “banks have observed their deposits flowing to nonbank crypto-asset firms and, understandably, would like to stem that outflow by offering the services themselves.” Bowman also noted that the Fed is “working to articulate supervisory expectations for banks on a variety of digital asset-related activities,” such as custody of crypto-assets and loans collateralized by crypto-assets, among other things. She addressed supervisory guidance recently released by the Fed (covered by InfoBytes here), which “provide[s] banks with additional information about the risks of crypto activities and remind[s] them to ensure that the activities are legal and [that] they should have adequate systems, risk management, and controls in place to conduct the activities in a safe and sound manner consistent with applicable law.” Bowman also discussed the Fed’s involvement in artificial intelligence (AI), noting that last year, the Fed joined with other financial agencies to issue a Request for Information (RFI) on input on financial institutions’ use of AI (covered by InfoBytes here) and has received over 100 responses. As noted in the RFI, banks are using AI in a variety of ways, including fraud monitoring, personalization of customer services, credit decisions, risk management, and textual analysis. As covered by a Buckley Special Alert, in May, the Fed issued a final rule for its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. Bowman contended that FedNow “will enable financial institutions of every size, and in every community across America, to provide safe and efficient instant payment services,” and that it is “a flexible, neutral platform that will support a broad variety of instant payments.” In regard to novel charters and access to federal reserve account services, Bowman closed by highlighting the Fed’s final guidelines governing how Reserve Banks will evaluate requests for account access. Bowman explained that “[t]he guidelines take into account the Board's goals to (1) ensure the safety and soundness of the banking system; (2) effectively implement monetary policy; (3) promote financial stability; (4) protect consumers; and (5) promote a safe, efficient, inclusive, and innovative payment system.”
CFPB fines fintech for algorithm-induced overdraft charges
On August 10, the CFPB announced a consent order against a California-based fintech company for allegedly using an algorithm that caused consumers to be charged overdrafts on their checking accounts when using the company’s personal finance-management app. According to the Bureau, the app promotes automated savings with a proprietary algorithm, which analyzes consumers’ checking-account data to determine when and how much to save for each consumer. The app then automatically transfers funds from consumers’ checking accounts to accounts held in the company’s name. The Bureau asserted, however, that the company engaged in deceptive acts or practices in violation of the CFPA by (i) causing consumers’ checking accounts to incur overdraft charges from their banks even though it guaranteed no overdrafts and represented that its app never transferred more than a consumer could afford; (ii) representing that it would reimburse overdraft charges (the Bureau claims the company has received nearly 70,000 overdraft-reimbursement requests since 2017); and (iii) keeping interest that should have gone to consumers even though it told consumers it would not keep any interest earned on consumer funds. Under the terms of the consent order, the company is required to provide consumer redress for overdraft charges that it previously denied and must pay a $2.7 million civil penalty.