InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Fed governor says transparency is key for promoting innovation in the banking system
On March 14, Federal Reserve Governor Michelle W. Bowman presented thoughts on innovation trends within the U.S. financial system during a conference held by the Independent Community Bankers of America. Bowman commented that innovation has always been a priority for banks of all sizes and business models, and that regulators—often accused of “being hostile to innovation” within the regulated financial system—are continually trying to learn and adapt to new technologies, which often introduce new risks and vulnerabilities. In order to address these challenges, which are often amplified for community banks, Bowman said banks must be prepared to make improvements to risk management, cybersecurity, and consumer compliance measures, and regulators—playing a complementary role—must ensure rules are clear and transparent. She further stressed that “[i]t is absolutely critical that innovation not distract banks and regulators from the traditional risks that are omnipresent in the business of banking, particularly credit, liquidity, concentration, and interest rate risk.” Noting that these types of risks are present in all bank business models, Bowman said they “can be especially acute for banks engaging in novel activities or exposed to new markets, including crypto-assets.”
Explaining that transparency is important for promoting a safe, sound, and fair banking system, particularly when it comes to innovation, Bowman stated that insufficient clarity or transparency or disproportionately burdensome regulations may “cause new products and services to migrate to the shadow banking system.” Bowman went on to discuss ways bank regulation and supervision can support responsible innovation, and highlighted unique challenges facing smaller banks, as well as key actions taken by regulators to date relating to crypto assets, third-party risk management, cybersecurity, Community Reinvestment Act reform, bank mergers, and overdraft fees, among others.
District Court says EFTA applies to cryptocurrency
On February 22, the U.S. District Court for the Southern District of New York partially granted a cryptocurrency exchange’s motion to dismiss allegations that its inadequate security practices allowed unauthorized users to drain customers’ cryptocurrency savings. Plaintiffs claimed the exchange and its former CEO (collectively, “defendants”) failed to correctly implement a two-factor authentication system for their accounts and misrepresented the scope of the exchange’s security protocols and responsiveness. Plaintiffs filed a putative class action alleging violations of the EFTA and New York General Business Law, along with claims of negligence, negligent misrepresentation, breach of contract, breach of warranty, and unjust enrichment. The defendants moved to dismiss, in part, by arguing that the EFTA claim failed because cryptocurrency does not constitute “funds” under the statute. The court denied the motion as to the plaintiffs’ EFTA claim, stating that the EFTA does not define the term “funds.” According to the court, the ordinary meaning of “cryptocurrency” is “a digital form of liquid, monetary assets” that can be used to pay for things or “used as a medium of exchange that is subsequently converted to currency to pay for things.” In allowing the claim to proceed, the court referred to a final rule issued by the CFPB in 2016, in which the agency, according to the court’s opinion, “expressly stated that it was taking no position with respect to the application of existing statutes, like the EFTA, to virtual currencies and services.” In the final rule, the Bureau stated that it “continues to analyze the nature of products or services tied to virtual currencies.” The court dismissed all of the remaining claims, citing various pleading deficiencies, and finding, among other things, that the “deceptive acts or practices” claim under New York law failed because plaintiffs did not identify specific deceptive statements the defendants made or deceptive omissions for which the defendants were responsible.
Republican lawmakers ask about risks of customers’ digital assets on balance sheets
On March 2, Senator Cynthia M. Lummis (R-WY) and Representative Patrick McHenry (R-NC) sent a letter to the Federal Reserve Board, FDIC, OCC, and NCUA requesting input on SEC guidance issued last year that directs cryptocurrency firms to account for customers’ digital assets on their balance sheets. Last April, the SEC issued Staff Accounting Bulletin No. 121 (SAB 121), covering obligations for safeguarding crypto-assets held by entities for platform users. Among other things, SAB 121 clarified that entities should track customer assets as a liability on their balance sheets. “[A]s long as Entity A is responsible for safeguarding the crypto-assets held for its platform users, including maintaining the cryptographic key information necessary to access the crypto-assets, the staff believes that Entity A should present a liability on its balance sheet to reflect its obligation to safeguard the crypto-assets held for its platform users,” SAB 121 explained.
Claiming that SAB 121 “purports to require banks, credit unions and other financial institutions to effectively place digital assets on their balance sheets,” the lawmakers argued that this “would trigger a massive capital charge,” and in turn would likely prevent regulated entities from engaging in digital asset custody. Rather, regulators should encourage regulated financial institutions to offer digital asset services, since they are subject to the highest level of oversight, the letter said. Among other things, the letter asked the regulators whether the SEC contacted them prior to issuing the guidance, and if they have directed regulated financial institutions to comply with SAB 121. The lawmakers also inquired whether the regulators “agree that SAB 121 potentially weakens consumer protection by preventing well-regulated banks, credit unions, and other financial institutions from providing custodial services for digital assets[.]” The letter pointed to the bankruptcy case of a now-defunct crypto lender, which classified all customers as unsecured creditors, as an example of the legal risk of requiring customer custodial assets be placed on an entity’s balance sheet. “SAB 121 places customer assets at greater risk of loss if a custodian becomes insolvent or enters receivership, violating the SEC’s fundamental mission to protect customers,” the lawmakers wrote.
Treasury seeks to advance CBDCs
On March 1, Treasury Undersecretary for Domestic Finance Nellie Liang announced that the Treasury Department will lead a new senior-level working group to advance work on a U.S. central bank digital currency (CBDC). As previously discussed in a Treasury report released last September on the future of money and payments (covered by InfoBytes here), Treasury was called to lead an interagency working group to complement work undertaken by the Federal Reserve Board to consider the implications of a U.S. CBDC. The working group will consist of leaders from Treasury, the Fed, and White House offices, including the Council of Economic Advisors, National Economic Council, National Security Council, and Office of Science and Technology Policy. In the coming months the working group “will begin to meet regularly to discuss a possible CBDC and other payments innovations,” Liang said during a workshop titled “Next Steps to the Future of Money and Payments.” The working group will focus on three main policy objectives: (i) how a U.S. CBDC would affect U.S. global financial leadership; (ii) potential national security risks posed by a CBDC; and (iii) the implications for privacy, illicit finance, and financial inclusion if a CBDC is created.
To support discussions on a possible CBDC and other payment innovations, Liang said the working group will develop an initial set of findings and recommendations. Those findings and recommendations may relate to whether a U.S. CBDC would help advance certain policy objectives, what features would be required for a U.S. CBDC to advance these objectives, choices for resolving CBDC design trade-offs, and areas where additional technological research and development might be useful.
Liang commented that the working group will also “engage with allies and partners to promote shared learning and responsible development of CBDCs.” She pointed out that CBDC efforts are already underway in jurisdictions around the world, with 11 countries already having fully launched CBDCs, “while central banks in other major jurisdictions are researching and experimenting with CBDCs, with some at a fairly advanced stage.” Liang stressed that regardless of whether a CBDC is adopted in the U.S., the country “has an interest in ensuring that CBDCs interact safely and efficiently with the existing financial infrastructure; that they support financial stability and the integrity of the international financial system; that global payment systems are efficient, innovative, competitive, secure, and resilient; and that global payments systems continue to reflect broader shared democratic values, like openness, privacy, accessibility, and accountability to the communities that rely upon them.”
Biden administration releases National Cybersecurity Strategy
On March 2, the Biden administration announced the release of its National Cybersecurity Strategy (Strategy) in a continued effort to provide a safe and secure digital ecosystem for Americans. The Strategy, which expands on other steps taken by the administration in this space (covered by InfoBytes here), focuses on several key pillars for building and enhancing collaboration, including:
- Defending critical infrastructure. The Strategy will expand the use of minimum cybersecurity requirements in critical sectors, harmonize regulations to reduce compliance burdens, ensure public-private collaboration is able to defend critical infrastructure and essential services, and defend and modernize federal networks and incident response policies.
- Disrupting and dismantling threat actors. Under the Strategy, tools will be strategically employed to disrupt adversaries, and the private sector will be used to disrupt activities. Ransomware threats will also be addressed through a comprehensive federal approach “in lockstep” with international partners.
- Shaping market forces to drive security and resilience. In an effort “to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable,” the Strategy proposes to (i) promote privacy and security of personal data; (ii) “[shift] liability for software products and services to promote secure development practices”; and (iii) ensure investments in new infrastructure are supported by federal grant programs.
- Investing in a resilient future. The Strategy promotes coordinated, collaborative actions for reducing systemic technical vulnerabilities across the digital ecosystem and improving resiliency against transnational digital repression. The Strategy also prioritizes cybersecurity research and development for emerging technologies, including postquantum encryption, digital identity solutions, and clean energy infrastructure, and stresses the importance of developing a diverse, robust national cyber workforce.
- Forging international partnerships to pursue shared goals. The Strategy intends to leverage international coalitions and partnerships to counter threats to the digital ecosystem through the use of joint preparedness, response, and cost imposition, which will enable partners to better defend themselves against cyber threats. The U.S. will also work with international partners to create secure, reliable global information and communications technology supply chains and operational technology products and services.
While “next-generation technologies are reaching maturity at an accelerating pace, creating new pathways for innovation while increasing digital interdependencies,” the announcement warned that state and non-state actors are developing and executing campaigns that threaten the digital ecosystem. The Biden administration’s Strategy aims to address those threats.
Agencies warn banks of crypto-asset liquidity risks
On February 23, the FDIC, Federal Reserve Board, and OCC released a joint statement addressing bank liquidity risks tied to crypto-assets. The agencies warned that using sources of funding from crypto-asset-related entities may expose banks to elevated liquidity risks “due to the unpredictability of the scale and timing of deposit inflows and outflows.” The agencies addressed concerns related to deposits placed by crypto-asset-related entities for the benefit of end customers where the deposits may be influenced by the customer’s behavior or crypto-asset sector vulnerabilities, rather than the crypto-asset-related entity itself, which is the bank’s direct counterparty. The agencies warned that the “uncertainty and resulting deposit volatility can be exacerbated by end customer confusion related to inaccurate or misleading representations of deposit insurance by a crypto-asset-related entity.” The agencies also addressed issues concerning deposits that constitute stablecoin-related reserves, explaining that the stability of these types of deposits may be dependent on several factors, including the “demand for stablecoins, the confidence of stablecoin holders in the stablecoin arrangement, and the stablecoin issuer’s reserve management practices,” and as such, may “be susceptible to large and rapid outflows stemming from, for example, unanticipated stablecoin redemptions or dislocations in crypto-asset markets.”
The agencies’ statement reminded banking organizations to apply effective risk management controls when handling crypto-related deposits, commensurate with the associated liquidity risk of those deposits. The statement suggested certain effective risk management practices, which include: (i) understanding the direct and indirect drivers of potential deposit behavior to ascertain which deposits are susceptible to volatility; (ii) assessing concentrations or interconnectedness across crypto deposits, as well as the associated liquidity risks; (iii) incorporating liquidity risks or funding volatility into contingency funding planning; and (iv) performing robust due diligence and ongoing monitoring of crypto-asset-related entities that establish deposit accounts to ensure representations about these types of deposit accounts are accurate. The agencies further emphasized that banks are required to comply with applicable laws and regulations, including brokered deposit rules, as applicable, and Call Report filing requirements. The joint statement also reminded banks that they “are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.”
As previously covered by InfoBytes, the agencies issued a statement in January highlighting key risks banks should consider when choosing to engage in cryptocurrency-related services.
Illinois announces new consumer protections for digital assets, proposes new money transmitter licensing provisions
On February 21, the Illinois Department of Financial and Professional Regulation (IDFPR) announced several legislative initiatives to establish consumer protections for cryptocurrencies and other digital assets and provide regulatory oversight of the broader digital asset marketplace. The Fintech-Digital Asset Bill (see HB 3479) would create the Uniform Money Transmission Modernization Act and provide for the regulation of digital asset businesses and modernize regulations for money transmission in the state. Among other things, the Fintech-Digital Asset Bill would require digital asset exchanges and other digital asset businesses to obtain a license from IDFPR to operate in the state. The bill also establishes various requirements for businesses, including investment disclosures, customer asset safeguards, and customer service standards. Companies would also be required to implement cybersecurity measures, as well as procedures for addressing business continuity, fraud, and money laundering. Notably, the Fintech-Digital Asset Bill replaces and supersedes the Transmitters of Money Act (see 205 ILCS 657) with the Money Transmission Modernization Act, in order to harmonize the licensing, regulation, and supervision of money transmitters operating across state lines. Provisions also amend the Corporate Fiduciary Act to allow for the creation of trust companies for the special purpose of acting as a fiduciary to safeguard customers’ digital assets, the announcement noted.
The Consumer Financial Protection Bill (see HB 3483) would grant the IDFPR authority to enforce the Fintech-Digital Asset Bill and strengthen the department’s authority and resources for enforcing existing consumer financial protections. Modeled after the Dodd-Frank Act, the Consumer Financial Protection Bill empowers the IDFPR with the ability to target unfair, deceptive, and abusive acts and practices by unlicensed financial services providers. The bill creates the Consumer Financial Protection Law and the Financial Protection Fund, and establishes provisions related to supervision, registration requirements, consumer protection, cybersecurity, anti-fraud and anti-money laundering, enforcement, procedures, and rulemaking. The Consumer Financial Protection Bill also includes provisions concerning court orders, penalty of perjury, character and fitness of licensees, and consent orders and settlement agreements, and makes amendments to various application, license, and examination fees. The bill does so by amending the Collection Agency Act, Currency Exchange Act, Sales Finance Agency Act, Debt Management Service Act, Consumer Installment Loan Act, and Debt Settlement Consumer Protection Act.
DFPI launches crypto scam tracker
On February 16, the California Department of Financial Protection and Innovation (DFPI) launched a database to help consumers in the state spot and avoid crypto scams. The Crypto Scam Tracker compiles details about apparent crypto scams identified through a review of public complaints submitted to the DFPI, and is searchable by company name, scam type, or keywords. “Through the new Crypto Scam Tracker, combined with rigorous enforcement efforts, the DFPI is committed to shining a light on these ruthless predators and protecting consumers and investors,” DFPI Commissioner Clothilde Hewlett said in the announcement.
Treasury official highlights fintech, crypto assets, and cloud services challenges
On February 15, Treasury Assistant Secretary for Financial Institutions Graham Steele delivered remarks before the Exchequer Club of Washington, D.C., during which he discussed the U.S. Treasury Department’s financial institutions agenda on fintech, cryptocurrency, and cloud service providers. Stating that “significant potential exists to harness the underlying technology in fintech, digital assets, and cloud services adoption,” Steele cautioned that there exist common risks across these spaces related to inadequate oversight, excessive concentration, and consumer harms.
With respect to nonbanks and fintech, Steele noted that participation by nonbanks in financial services is a key priority for Treasury. He commented that while nonbanks add diversity and competition pressure to consumer finance markets, they “have largely not been subject to the kind of comprehensive regulation and supervision to which banks are subject,” which has created numerous “risks related to regulatory arbitrage, data privacy and security, bias and discrimination, and consumer protection, among others.” Steele highlighted recent Treasury recommendations primarily focused on using existing authorities held by the federal banking regulators and the CFPB as a way to coordinate supervision of bank-fintech partnerships and credit underwriting models. Another area of concern, Steele noted, are big technology firms—those that generally seek to enter the consumer finance market via relationships with banks and third-party fintech firms, and who avoid prudential regulation, supervision, and risk-management requirements that would apply if they offered banking services. “Big Tech firms may have incentives to leverage their existing commercial relationships, consumer data, and other resources to enter new markets, expand their networks and offerings, and scale rapidly to achieve capabilities that others—including depository institutions—do not have and cannot replicate,” Steele said.
Steele also touched on Treasury’s objectives for crypto assets, in which he referred to several studies examining “the potential financial stability implications of crypto-asset activities” and the risks and opportunities they might present to consumers, investors, and businesses. He also addressed concerns about misleading claims and representations in this space (for example, with respect to the availability of deposit insurance) and noted that there exist several gaps in existing authorities over crypto assets. Finally, Steele discussed a recent Treasury report, which examined potential benefits and challenges associated with the adoption of cloud services technology by financial services firms (covered by InfoBytes here).
Fed cautions banks regarding crypto risks
On February 10, Federal Reserve Board Governor Christopher J. Waller gave a speech on the cryptocurrency ecosystem and digital assets before attendees at the Global Interdependence Center Conference: Digital Money, Decentralized Finance, and the Puzzle of Crypto. Waller provided a broad overview of digital assets and digital ledger technologies and briefly discussed the use of smart contracts in peer-to-peer trading, as well as their potential to automate the execution of certain transactions in non-crypto-assets such as securities transactions. He also highlighted risks associated with another emerging technology—tokenization—which, he explained, “when combined with data vaults to securely store personal information, can be used to trade objects in a way that protects one’s identity from being exploited for profit.” Waller commented that these potential applications could also “lead to substantial productivity enhancements in other industries” beyond the crypto ecosystem.
Waller went on to express support for prudent innovation but expressed concerns about banks engaging in activities that expose them to a heightened risk of fraud, scams, and legal uncertainties. “As with any customer in any industry, a bank engaging with crypto customers would have to be very clear about the customers’ business models, risk-management systems, and corporate governance structures to ensure that the bank is not left holding the bag if there is a crypto meltdown,” Waller stated. “And banks considering engaging in crypto-asset-related activities face a critical task to meet the ‘know your customer’ and ‘anti-money laundering’ requirements, which they in no way are allowed to ignore.”