InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB invokes dormant authority to examine nonbanks
On April 25, the CFPB announced it was invoking a “dormant authority” under the Dodd-Frank Act to conduct supervisory examinations of fintech firms and other nonbank financial services providers based upon a determination of risk. “This authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads,” CFPB Director Rohit Chopra explained. The Bureau has direct supervisory authority over banks and credit unions with more than $10 billion in assets, certain nonbanks regardless of size that offer or provide consumer financial products or services, and the service providers for such entities. With this announcement, the Bureau now plans to use a provision under Section 1024 of Dodd-Frank that allows it to examine nonbank financial entities, upon notice and an opportunity to respond, if it has “reasonable cause” to determine that consumer harm is possible.
In tandem with the announcement, the Bureau also issued a request for public comment on an updated version of a procedural rule that implements its statutory authority to supervise nonbanks “whose activities the CFPB has reasonable cause to determine pose risks to consumers,” including potentially unfair, deceptive, or abusive acts or practices. The statute requires that the Bureau “base such reasonable cause determinations on complaints collected by the CFPB, or on information from other sources,” which the Bureau stated may include “judicial opinions and administrative decisions, . . . whistleblower complaints, state partners, federal partners, or news reports.” “Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to,” Chopra stated.
Among other things, the new rule establishes a disclosure mechanism intended to increase transparency of the Bureau’s risk-determination process. Specifically, the new rule will exempt final decisions and orders by the CFPB director from being considered confidential supervisory information, allowing the Bureau to publish the decisions on their website. Subject companies will be given an opportunity seven days after a final decision is issued to provide input on what information, if any, should be publicly released. According to the Bureau, there “is a public interest in transparency when it comes to these potentially significant rulings by the Director as head of the agency. Also, if a decision or order is publicly released, it would be available as a precedent in future proceedings.”
The procedural rule is effective upon publication in the Federal Register and has a 30-day comment period.
OCC launches consumer financial health discussion series
On April 22, the OCC announced an upcoming quarterly discussion series focusing on consumer financial wellbeing. The first event in the Financial Health: Vital Signs series will occur on April 28 and focus on minority ownership of cryptocurrency. Future events will feature discussions with acting OCC Comptroller Michael J. Hsu and other academic, community, and industry leaders. The discussion series will be livestreamed and open to the public.
NYDFS to collect assessment fees from licensed virtual currency businesses
On April 9, the New York governor signed S. 8008-C, which enacts the state’s 2023 fiscal year budget and requires, among other things, NYDFS to start charging a new assessment fee to all virtual currency businesses licensed in New York in order to cover the costs associated with their oversight and “defray operating expenses.” Specifically, Section 206 is amended to read: “The expenses of every examination of the affairs of any person regulated pursuant to this chapter that engages in virtual currency business activity shall be borne and paid by the regulated person so examined, but the superintendent, with the approval of the comptroller, may in the superintendent’s discretion for good cause shown remit such charges.” The amendments do not specify a specific assessment amount, however regulated companies engaged in virtual currency business activity “shall be assessed by the superintendent for the operating expenses of the department that are solely attributable to regulating such persons in such proportions as the superintendent shall deem just and reasonable.”
NYDFS Superintendent Adrienne A. Harris issued a press release the same day praising the budget adoption as it now allows the Department to collect supervisory costs from licensed virtual currency businesses as it does for banking and insurance companies. Noting that “New York was the first to start licensing and supervising virtual currency companies,” Harris said that the “new authority will empower the Department to build staff with the capacity and expertise to best regulate and support this rapidly growing industry.”
Virginia allows banks to provide virtual currency custody services
On April 11, the Virginia governor signed HB 263, which permits banks in the Commonwealth to provide customers with virtual currency custody services “so long as the bank has adequate protocols in place to effectively manage risks and comply with applicable laws.” Before offering virtual currency custody services, banks must conduct a self-assessment process to carefully examine the risks involved in offering such services, which includes: (i) “implement[ing] effective risk management systems and controls to measure, monitor, and control relevant risks associated with custody of digital assets such as virtual currency”; (ii) confirming adequate insurance coverage for such services; and (iii) maintaining a service provider oversight program to address risks to service provider relationships as a result of engaging in virtual currency custody services. Banks may provide virtual currency custody services in either a fiduciary or non-fiduciary capacity. If a bank provides such services in a nonfiduciary capacity, the bank will “act as a bailee, taking possession of the customer’s asset for safekeeping while legal title remains with the customer” (i.e. “the customer retains direct control over the keys associated with their virtual currency”). Should a bank provide services in a fiduciary capacity, it must “require customers to transfer their virtual currencies to the control of the bank by creating new private keys to be held by the bank.” The bank will have “authority to manage virtual currency assets as it would any other type of asset held in such capacity.” HB 263 takes effect July 1.
Hsu discusses stablecoins, pushes for crypto banks
On April 8, acting Comptroller of the Currency Michael J. Hsu discussed stablecoin policy considerations in remarks before the Institute of International Economic Law at Georgetown University Law Center. Hsu called for the establishment of an “intentional architecture” for stablecoins developed along the principles of “[s]tability, interoperability and separability,” as well as “core values” of “privacy, security, and preventing illicit finance.” According to Hsu, one way to mitigate blockchain-related risks would be to “require that blockchain-based activities, such as stablecoin issuance, be conducted in a standalone bank-chartered entity, separate from any other insured depository institution [] subsidiary and other regulated affiliates.” Hsu also emphasized the need to evaluate whether stablecoin issuers should be required “to comply with a fixed set of safety and soundness-like requirements (as is the case with banks)” or be allowed to pick from a range of licensing options.
Additionally, Hsu raised the question about how separable stablecoin issuers should be. “Blockchain-based money holds the promise of being ‘always on,’ irreversible, programmable, and settling in real-time,” he explained. “With these benefits, however, come risks, especially if commingled with traditional banking and finance.” Specifically, Hsu cited concerns that a bank’s existing measures for managing liquidity risks associated with traditional payments “may not be effective for blockchain-based payments,” which could conceivably accumulate over a weekend and “outstrip a bank’s available liquidity resources.” Hsu also raised concerns related to the current “lack of interoperability” should stablecoins expand from trading to payments, and stressed that “[i]n the long run, interoperability between stablecoins and with the dollar—including a [central bank digital currency]—would help ensure openness and inclusion.” He added that this “would also help facilitate broader use of the U.S. dollar—not a particular corporate-backed stablecoin—as the base currency for trade and finance in a blockchain-based digital future.”
FDIC instructs banks to provide notification when engaging with crypto assets
On April 7, the FDIC released FIL-16-2022, titled “Notification of Engaging in Crypto-Related Activities,” instructing banks that intend to engage in, or that are currently engaged in, any activities involving or related to crypto assets (also referred to as “digital assets”), to notify the FDIC of their intent and to provide “all necessary information that would allow the FDIC to engage with the institution regarding related risks.” The FDIC noted that, though it “supports innovations that are safe and sound,” the agency is “concerned that crypto assets and crypto-related activities are rapidly evolving, and risks of this area are not well understood given the limited experience with these new activities.” According to the FDIC, crypto-related activities “may pose significant safety and soundness risks as well as financial stability concerns,” digital asset activities “present risks to consumers,” and insured depository institutions “face risks in effectively managing the application of consumer protection laws and regulations” related to these “new and changing crypto-related activities.” The letter also specified that a bank should promptly "notify the appropriate FDIC Regional Director” of “information necessary to allow the agency to assess the safety and soundness, consumer protection, and financial stability implications” of digital asset activities. The FDIC will review the information and provide relevant supervisory feedback.
Yellen sets out principles for regulating digital assets
On April 7, Treasury Secretary Janet Yellen outlined a broad set of principles for regulating digital assets during remarks delivered at American University’s Kogod School of Business Center for Innovation. Yellen said that the approach she described largely reflects priorities outlined in an Executive Order issued by President Biden last month, which presented a “whole-of-government” strategy to coordinate a comprehensive approach for ensuring responsible innovation in digital assets policy (covered by InfoBytes here). Emphasizing that “regulatory frameworks should be designed to support responsible innovation while managing risks—especially those that could disrupt the financial system and economy,” Yellen cautioned that regulatory frameworks must appropriately reflect these risks as banks and other traditional financial firms enter this space. Moreover, she added that “new types of intermediaries, such as digital asset exchanges and other digital native intermediaries, should be subject to appropriate forms of oversight.”
During her remarks, Yellen discussed the risks and benefits to consumer protection and financial stability associated with the growth in digital assets. While Yellen did not provide specific instructions, she outlined general principles that she believes should guide the creation of a new framework for regulating digital assets. Stressing that regulations should be “tech neutral” and “based on risks and activities, not specific technologies,” Yellen explained that consumers and businesses should be protected from fraud regardless of whether assets are stored on a balance sheet or a distributed ledger. She also stressed the importance of ensuring that the growth of digital assets does not disproportionately impact vulnerable communities or exacerbate social, racial, or economic inequities. Yellen stated that, over the next six months, Treasury will collaborate with the White House and other agencies to produce reports and recommendations addressing opportunities and challenges posed by these emerging technologies.
DFPI concludes MTA licensure not required for digital asset trading platform
On March 23, the California Department of Financial Protection and Innovation (DFPI) released a new opinion letter covering aspects of the California Money Transmission Act (MTA) related to a digital asset trading platform. The redacted opinion letter examines whether the inquiring Company (a registered money services business) requires licensure under the MTA. The Company requesting an interpretive opinion operates a software platform that allows retail and institutional investors to buy and sell digital assets, including cryptocurrency, and access related services, within the platform. The letter explains that U.S. customers must fund an account on the Company’s platform prior to purchasing cryptocurrency with either fiat currency (U.S. dollars) or cryptocurrency. The letter also describes, among other things, how customers can buy from and sell to the Company cryptocurrencies on one or more cryptocurrency exchanges using the platform. In these transactions, the Company would sell or buy cryptocurrency from the customer at the selected price and settle the trade using fiat or cryptocurrency held in its own accounts. Simultaneously, the Company would execute a trade for its own benefit on the exchange offering the price selected by the customer. Customer funds would not be used to buy or sell cryptocurrency from or to the exchange. After executing a transaction, a customer may choose to withdraw all or part of the customer’s fiat or cryptocurrency from the platform, or may choose to maintain a balance to execute future transactions.
The DFPI stated that it “has not concluded whether a wallet storing cryptocurrency constitutes a form of monetary value representing a claim against the issuer and accepted for use as a means of redemption for money or monetary value or payment for goods or services.” As such, the DFPI will not require the Company to be licensed under the MTA to provide customers with an account via a proprietary software platform to transfer and store cryptocurrency in order to execute trades directly with the Company.
SEC 2022 examination priorities include information security, emerging technologies, and crypto-assets
On March 30, the SEC’s Division of Examinations announced that its 2022 examination priorities will focus on key risk factors related to private funds, environmental, social and governance investing, retail investor protections, information security and operational resiliency, emerging technologies, and crypto-assets. SEC registrants, including investment advisers, broker-dealers, self-regulatory organizations, clearing firms, and other registrants, are reminded of their obligations to address, manage, and mitigate these key risk areas. The SEC stated that examiners will continue to review whether firms are taking appropriate measures to safeguard customer accounts to prevent intrusions. Firms are expected to implement procedures to respond to incidents, identify and detect red flags for identity theft, and manage operational risk, including oversight of vendors and service providers. With respect to emerging technologies and crypto-assets, the SEC announced it will review whether firms are considering emerging financial technologies when designing their regulatory compliance programs. The SEC will also focus on firms that offer new products and services or employ new practices “to assess whether operations and controls in place are consistent with disclosures made and the standard of conduct owed to investors and other regulatory obligations.” Additionally, examinations of market participants engaged in crypto-assets will continue to focus on custody arrangements for such assets, as well as “the offer, sale, recommendation, advice, and trading of crypto-assets” offered by these participants. The SEC also warned that it will be investigating whether registered investment advisors are “overstating or misrepresenting” environmental, social, and governance factors in their portfolios or disclosures.
Upcoming Treasury reports will highlight CBDC issues
On March 22, Treasury Under Secretary for Domestic Finance Nellie Liang spoke before the National Association for Business Economics on topics related to stablecoins and a possible central bank digital currency (CBDC). As instructed by President Biden’s Executive Order on digital assets (covered by InfoBytes here), Liang announced that Treasury will partner with other agencies in the coming months to produce a series of reports and recommendations focusing on (i) the future of money and payment systems, with a discussion of CBDCs; (ii) financial stability risks and regulatory gaps posed by digital assets; (iii) the use of digital assets for illicit finance and associated national security risks; and (iv) international engagement supporting global principles and standards for digital assets and CBDCs. “Regulatory policy for new financial products may need to evolve, but should follow ‘same risk, same regulation,’ in the sense that regulations should be based on risks of the activity rather than the technology itself,” Liang stressed, adding that Treasury’s work will “complement” other agency efforts such as the Federal Reserve Board’s recent discussion paper which emphasized that any CBDC should ensure users’ privacy, have an intermediated model, be transferable, and prevent illicit finance (covered by InfoBytes here).