InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC, FinCEN release results of digital identity tech sprint
On September 9, the FDIC and FinCEN announced key takeaways and solution summaries from a recent “Tech Sprint” to develop solutions for banks and regulators to help measure the effectiveness of digital identity proofing. As previously covered in InfoBytes, in January, the FDIC’s technology lab, FDiTech, and FinCEN announced the launch of a Tech Sprint challenging participants “to develop solutions for financial institutions and regulators to help measure the effectiveness of digital identity proofing—the process used to collect, validate, and verify information about a person.” The FDIC and FinCEN sought solutions that included, among other things: (i) increasing efficiency and account security; (ii) reducing fraud and other forms of identity-related crime; (iii) reducing the risk of money laundering and terrorist financing; and (iv) fostering customer confidence in the digital banking environment.
The Tech Sprint resulted in proposed solutions that followed one of three distinct approaches: (i) tools that would measure the effectiveness of identity proofing systems; (ii) development of a scoring methodology for remote identity proofing; and (iii) envisioning an identity provider consortium or platform. The release also noted that multiple participating teams referenced the use of source verification, interoperability, and emerging technologies such as zero knowledge proofs and multi-party computation for secure, privacy-protecting data sharing.
FinCEN stresses importance of reliable digital interactions
On September 7, speaking before the 2022 Federal Identity Forum & Exposition in Atlanta, Georgia, acting Deputy Director of FinCEN Jimmy Kirby addressed the importance digital identity plays in FinCEN’s mission as it relates to privacy and cybersecurity, particularly with respect to protecting the U.S. financial system from illicit finance. This includes helping financial institutions comply with various reporting requirements, such as filing suspicious activity reports and currency transaction reports and ensuring that recordkeeping requirements under the Customer Identification Program and Customer Due Diligence rules are met. While Kirby recognized that digital identity frameworks have the potential to “spur innovation in financial products and services across the legacy financial system, as well as digital assets and emerging central bank digital currencies,” he stressed it is vital that digital identity is handled correctly through the implementation of “identity solutions that preserve privacy and security, promote financial inclusion, and protect the integrity of the financial system.” Focusing on topics related to emerging threats and responsible innovation, Kirby emphasized the need for financial institutions to implement measures for knowing who their customers are, both on the front end and throughout the customer relationship, and to take steps to prevent identity theft and fraud. Kirby also discussed the importance of fostering responsible innovation and developing infrastructure, information sharing, and standards that mitigate the risks associated with digital identities.
Fed vice chair for supervision outlines future priorities
On September 7, Federal Reserve Board Vice Chair for Supervision Michael Barr laid out his goals for making the financial system safer and fairer during a speech at the Brookings Institution, highlighting priorities related to risk-focused capital frameworks and bank resiliency, mergers and acquisitions, digital assets and stablecoins, climate-related financial risks, innovation, and Community Reinvestment Act modernization plans. Addressing issues related to resolvability, Barr signaled that the Fed would begin “looking at the resolvability of some of the other largest banks [in addition to globally systemically important banks] as they grow and as their significance in the financial system increases.” With respect to bank mergers, Barr commented that “the advantages that firms seek to gain through mergers must be weighed against the risks that mergers can pose to competition, consumers and financial stability.” He said he plans to work with Fed staff to assess how the agency performs merger analysis and whether there are areas for improvement. Barr also discussed financial stability risks posed by new forms of private money created through stablecoins and stressed that Congress should work quickly to enact legislation for bringing stablecoins (especially those intended to serve as a means of payment) within the prudential regulatory perimeter. He added that the Fed plans to make sure that the crypto activity of supervised banks “is subject to the necessary safeguards that protect the safety of the banking system as well as bank customers,” and said “[b]anks engaged in crypto-related activities need to have appropriate measures in place to manage novel risks associated with those activities and to ensure compliance with all relevant laws, including those related to money laundering.”
Hsu focusing on fintech partnerships, crypto activities
On September 7, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the TCH + BPI Annual Conference in New York where he provided an update on agency priorities related to “guarding against complacency, addressing inequality, adapting to digitalization, and managing climate-related risk.” Among other things, Hsu’s prepared remarks highlighted the fact that while the banking industry needs to adapt to digitalization, it is important to maintain a “careful and cautious” approach to cryptocurrency activities. He referred to OCC Interpretive Letter 1179 (covered by InfoBytes here), which clarifies that national banks and federal savings associations should not engage in certain crypto activities unless they are able to “demonstrate, to the satisfaction of its supervisory office, that [they have] controls in place to conduct the activity in a safe and sound manner.” Hsu further noted in his remarks that the regulators’ careful and cautious approach helps explain, at least in part, why the federally-regulated banking system has been largely unaffected by the recent failure of several crypto platforms.
Hsu also stressed the need to develop a better understanding of bank-fintech arrangements, stressing that these partnerships are growing at an exponential rate and are becoming more complicated. While “[t]echnological advances can offer greater efficiencies to banks and their customers[,] [t]he benefit of those efficiencies… are lost if a bank does not have an effective risk management framework, and the effect of substantial deficiencies can be devastating,” Hsu said. He added that the OCC is “currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes” to “enable a clearer focus on risks and risk management expectations,” and stated that the agency is coordinating with other regulators to make sure there is “a shared understanding of how the financial system is evolving and that regulatory arbitrage and races to the bottom are minimized.” During his speech, Hsu also touched upon topics related to climate-related risks, economic inequality and structural barriers to financial inclusion, and the importance of maintaining strong risk management discipline.
OCC orders bank to improve oversight of fintech partnerships
Recently, a national bank disclosed an agreement reached with the OCC that requires the bank to improve its oversight and management of third-party fintech partnerships. According to an SEC filing, the OCC found unsafe or unsound practices related to the bank’s third-party risk management, Bank Secrecy Act (BSA)/anti-money laundering risk management, suspicious activity reporting, and information technology control and risk governance. Under the terms of the agreement, the bank must, within 10 days of the agreement, appoint a compliance committee comprised mostly of members from outside the bank to meet at least quarterly and provide progress reports outlining the results and status of the mandated corrective actions. Within 60 days of the agreement, the bank must also adopt and implement guidelines for assessing risks posed by third-party fintech partnerships and address how the bank “identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable.” Additionally, the bank must establish criteria for their board of directors' review and approval of third-party fintech relationship partners, as well as how it will assess “BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations.” The agreement also requires due diligence, monitoring, and contingency plan measures.
The agreement further stipulates that the bank’s board and management shall, within 90 days, (i) set up written BSA risk assessment guidelines; (ii) adopt an independent audit program; (iii) implement expanded risk-based policies, procedures, and processes to obtain and analyze appropriate customer due diligence, enhanced due diligence, and beneficial ownership information, including for fintech businesses; (iv) develop and adhere to a set of standards to ensure timely suspicious activity monitoring and reporting; and (v) establish a program to assess and manage the bank’s information technology activities, including those conducted by third-party partners. The bank must also conduct a suspicious activity review lookback within 30 days.
Hsu discusses challenges facing community banks
On September 1, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the Texas Bankers Association in Dallas focusing on the importance of community banks and the challenges and opportunities of digitalization. In his remarks, Hsu emphasized the OCC’s commitment to community banks, noting that more than 85 percent of the charters that the OCC supervises are community banks, which total nearly 900 individual institutions. He said that the OCC seeks to support community banks in five areas: (i) assessments; (ii) de novo licensing; (iii) risk-based supervision; (iv) local presence and national perspective; and (v) regulation. In particular, Hsu said the OCC is working to provide increased support for community banks by streamlining the licensing process for de novo banks and updating its approach to risk-based supervision. Hsu noted that the recent reduction in assessments is part of an effort by regulators to encourage community banks to invest in digital technologies. He stated that his “experiences in the 2008 financial crisis taught [him] about the disastrous consequences that can result from an unlevel playing field where regulatory arbitrage and races to the bottom are allowed to fester.” He added that while he has been at the OCC, the agency has been “requiring fintechs seeking a bank charter to be subject to the same requirements as all national banks and we are engaging with our peer agencies to limit regulatory arbitrage.” Hsu also noted that in order to “level the playing field,” the OCC will make a 40 percent reduction in assessment fees on a bank's first $200 million in assets and a 20 percent reduction on bank assets between $200 million and $20 billion. Hsu said that the cuts will result in a $41.3 million reduction in assessments for community banks in 2023. Hsu explained that “[t]he purpose of this adjustment is to level the playing field with the cost of supervision compared to state community bank charters, and that “[t]he recalibration will not reduce the quality of OCC supervision or the resources available to community banks.” Hsu mentioned that he is “hopeful” that the reduction gives community banks “extra breathing space and capacity to invest and seize opportunities related to digitalization, compliance, cybersecurity, and personnel.”
House Oversight seeks info from digital asset exchanges, financial regulators
On August 30, the Subcommittee on Economic and Consumer Policy of the House Committee on Oversight and Reform announced that Representative Raja Krishnamoorthi (D-IL), Chair of the Subcommittee, sent letters to the U.S. Treasury Department, SEC, CFTC, and FTC, in addition to five digital asset exchanges, requesting information on how they are combating cryptocurrency-related fraud and scams. According to his letters, Chairman Krishnamoorthi is “concerned about the growth of fraud and consumer abuse linked to cryptocurrencies.” He further added that “[t]he lack of a central authority to flag suspicious transactions in many situations, the irreversibility of transactions, and the limited understanding many consumers and investors have of the underlying technology make cryptocurrency a preferred transaction method for scammers.” In the letters to the federal agencies, he stated that “the federal government has been slow to curb cryptocurrency scams and fraud,” and that “[e]xisting federal regulations do not comprehensively or clearly cover cryptocurrencies under all circumstances.” In one of the letters to the digital asset exchanges, Krishnamoorthi noted that “cryptocurrency exchanges must themselves act to protect consumers conducting transactions through their platforms.” The letters requested that all recipients provide information to the subcommittee outling “steps they are taking to combat cryptocurrency-related fraud and scams and additional actions that are needed to protect Americans” in order to “help Congress understand what they are doing to protect consumers and inform legislative solutions to bring stability to the digital asset industry.”
SEC releases draft regulatory strategic plan
Recently, the SEC released its draft FY 2022-2026 strategic plan, which focuses on goals related to protecting families against fraud and misconduct, supporting a diverse and inclusive workforce, and developing a regulatory framework that keeps pace with ever-evolving markets, business models, and technologies. The SEC noted that it plans to continue to update its disclosure framework to meet investors’ demands for information related to issuers’ climate risks and cybersecurity hygiene policies to ensure informed investment decisions are made. The draft strategic plan also discussed market risks associated with cybersecurity threats and cross-border challenges, and called on the SEC to coordinate with foreign financial regulators. The SEC also stated it plans to update existing rules and approaches to better “reflect evolving technologies, business models, and capital markets,” and intends to examine strategies for addressing systemic and infrastructure risks faced by capital markets and market participants.
CFTC commissioner seeks increased digital assets oversight
On August 19, CFTC Commissioner Kristin N. Johnson delivered remarks discussing digital asset policy, innovation, legislation, and regulation before a roundtable at the CFTC. In her prepared remarks, Johnson highlighted the “increasingly diverse crypto-investing community,” including historically underserved groups who are drawn to digital asset markets by “promises of financial inclusion” and opportunities to “increase income, wealth, and resources – a promise that, if realized, may enable them to transition from fragile financial circumstances to achieving the American dream.” Johnson noted, however, that instability in these markets have led the CFTC to examine closely “the specific implications of crypto-investing for diverse communities and the potential benefits of well-tailored, carefully crafted regulation.” Johnson referenced Treasury Secretary Janet Yellen’s April 7, 2022 remarks at American University’s Kogod School of Business Center for Innovation, which said that while regulations should be “tech-neutral,” they should also ensure that innovation does not cause disparate harm or exacerbate inequities.
Johnson also discussed President Biden’s March 9 Executive Order (covered by InfoBytes here), Ensuring Responsible Development of Digital Assets, which stressed the need for “steps to reduce the risks that digital assets could pose to consumers, investors, and business protections” and mitigate “illicit finance and national security risks posed by misuse of digital assets,” including money laundering, cybercrime and ransomware, terrorism and proliferation financing, and sanctions evasion. While the E.O. “marked an important step towards greater cooperation and coordination among cabinet-level agencies, market regulators and prudential regulators,” Johnson called for an “increase [in] investor education and outreach to empower consumers and contemporaneously combat illicit activity and safeguard the integrity and stability of our financial markets.”
Johnson also discussed pending legislation intended “to better protect consumers and enhance market structure and market integrity in digital assets and cryptocurrency markets,” such as the Digital Commodities Consumer Protection Act of 2022 (DCCPA), which “seeks to give the CFTC jurisdiction over digital asset spot market transactions by expanding the definition of ‘commodity’ in the CEA to include ‘digital commodities.’” She further explained that the DCCPA, among other things, “would require the CFTC to conduct a study on the impact of digital assets on diverse communities.” Johnson also mentioned the Responsible Financial Innovation Act, calling it “a comprehensive reform measure that introduces the concept of ‘ancillary assets’ as a pathway for clearly defining oversight of digital assets and cryptocurrencies as securities or commodities.” Johnson emphasized that market participants have expressed heightened cybersecurity concerns regarding attacks on cryptocurrency exchanges or trading platforms, and stressed that “[i]t is vital for the U.S. to bolster its role as a leader in the global financial system by developing a strong regulatory framework for digital assets[.]”
Special Alert: New Fed guidelines clarify, but do not transform, master account and payment services access
The Federal Reserve Board recently issued final guidelines for the Reserve Banks to use in reviewing requests from a range of financial services providers for access to Federal Reserve master accounts and payment services. Master account and Federal Reserve services allow institutions to transfer money to other master accountholders directly and hold funds in the Federal Reserve System, while others must go through third parties — which can add cost, delay, and further complication to transactions.
The final guidelines are substantially similar to those proposed in 2021 and a supplement issued earlier this year. They make the application process more transparent by describing the risk factors that a Reserve Bank should take into consideration and by applying a three-tier approach regarding the intensity of a Reserve Bank’s review. However, the guidelines do not broaden the categories of entities that are eligible to apply in the first place, do not establish application processing timelines, and do not provide a clear path forward for entities that lack federal bank supervision, including novel charter types.