InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI addresses MTA licensing requirements
Recently, the California Department of Financial Protection and Innovation (DFPI) released new opinion letters covering aspects of the California Money Transmission Act (MTA) related to a digital currency trading platform and the referral of customers to financial institutions. Highlights from the redacted letters include:
- Digital Currency Trading Platform. The redacted opinion letter examines whether the inquiring Company requires licensure under the MTA. The letter describes that the Company’s customers would transfer digital currency into the account they have with the Company, with the balance being reflected in the customer’s wallet issued by the Company. The letter further explains that the Company would provide California residents access to its digital currency trading platform to buy, sell, or hold digital currency and provide liquidity services. The letter also describes, among other things, how customers could use the platform, transfer digital currency into the account, and transfer fiat currency by transferring it from their own bank account or by debit or credit card to the Company. Customers would not be able to send fiat or digital currency to others, except in the context of a sale. DFPI concluded that while the Company’s wallets holding fiat currency meet the definition of stored value, licensure under the MTA was not required because the Company offered fiat currency wallets to customers solely to facilitate the trade of digital currency. DFPI also noted that the Company does not require licensure under the MTA to perform Platform trading services or to issue wallets holding digital currencies.
- Referral of customers to financial institutions. The redacted opinion letter examines whether the inquiring Company’s referral service is subject to the MTA. The letter describes that under this service, the Company would refer customers to banks, trust companies, and other entities which are either licensed as money transmitters in California or exempt from licensure. Under the proposed referral service, customers would be re-directed to a financial institution’s website where they could set up and fund an account. Customers wishing to buy, sell, or exchange cryptocurrency or fiat currency could do so from the Company’s website and use a third party’s software platform to input their order details. The platform would check to make sure that the customer has sufficient assets in the customer’s account with the financial institution to purchase the cryptocurrency. The financial institution would be the only party to hold, receive, or transmit all cryptocurrencies in the customer’s account. DFPI concluded that the referral service does not meet the definition of money transmission because the service entails connecting customers with financial institutions from which customers can buy, sell, or exchange cryptocurrency. Further, DFPI noted that the transactions between customers and financial institutions are also not money transmission because the customer would simply exchange cryptocurrency directly with the financial institution. Accordingly, DFPI held that licensure under the MTA is not required because the Company will not sell or issue payment instruments, sell or issue stored value, or receive money for transmission by offering the referral service.
OCC’s Hsu discusses improving crypto literacy
On March 8, acting Comptroller of the Currency Michael J. Hsu spoke before the Financial Literacy and Education Commission’s (FLEC) Public Meeting to discuss and commend FLEC’s efforts to improve crypto literacy and crypto education. In his remarks, Hsu described that a “younger, more financially vulnerable” population makes up a large portion of crypto owners, and that the risk of scams and hacks are increasing. He also argued that “it is hard to find neutral, trusted sources of information on crypto,” calling it “nearly impossible to find neutral information about something as simple as fees.” Describing “an urgent need for improved crypto literacy and education,” Hsu urged the commission to make available neutral, trusted educational materials to educate the public on crypto. He added that “consumers are left with an information landscape dominated by a lot of hype, jargon, attractive yields, and only boilerplate disclaimers about the risks they could face.”
Biden calls for coordinated approach to digital asset innovation
On March 9, President Biden issued an Executive Order (E.O.) on digital assets outlining the first “whole-of-government” strategy to coordinate a comprehensive approach for ensuring responsible innovation in digital assets policy. (See also White House fact sheet here.) The White House highlighted that “non-state issued digital assets reached a combined market capitalization of $3 trillion” last November (up from $14 billion five years ago) and noted that many countries are currently exploring, or in certain cases introducing, central bank digital currencies (CBDC). The Executive Order on Ensuring Responsible Development of Digital Assets stressed that “we must take strong steps to reduce the risks that digital assets could pose to consumers, investors, and business protections,” and mitigate “illicit finance and national security risks posed by misuse of digital assets,” including money laundering, cybercrime and ransomware, terrorism and proliferation financing, and sanctions evasion. The E.O. cautioned that future digital assets systems must also promote high standards for transparency, privacy, and security.
The E.O. outlined several principal policy objectives, including that:
- Federal agencies are directed to coordinate policy recommendations to address the growth in the digital asset sector.
- Federal agencies are directed to explore the need for a potential U.S. CBDC. Treasury, along with heads of other relevant agencies, are ordered to submit “a report on the future of money and payment systems, including the conditions that drive broad adoption of digital assets; the extent to which technological innovation may influence these outcomes; and the implications for the United States financial system, the modernization of and changes to payment systems, economic growth, financial inclusion, and national security.” The Federal Reserve Board is also encouraged to continue researching, developing, and assessing efforts for a CBDC, including developing a broad government action plan for a potential launch. The E.O. also directed an assessment of whether legislative changes would be necessary in order to issue a CBDC.
- The Secretary of the Treasury will work with relevant agencies to produce a report on the future of money and payment systems, which will include implications for economic growth, financial growth and inclusion, national security, and the extent to which technological innovation may influence these areas. The approach to digital asset innovation must also address the risk of disparate impact, the E.O. stressed, adding that any approach should ensure equitable access to safe and affordable financial services.
- The Attorney General, FTC, and CFPB are “encouraged to consider what, if any, effects the growth of digital assets could have on competition policy.” The agencies are also “encouraged to consider the extent to which privacy or consumer protection measures within their respective jurisdictions may be used to protect users of digital assets and whether additional measures may be needed.” Additional federal agencies are also encouraged to consider the need for investor and market protections.
- The Financial Stability Oversight Council and Treasury are directed to identify and mitigate systemic financial risks posed by digital assets and develop policy recommendations to fill any regulatory gaps.
- Federal agencies are directed to work with allies and partners to ensure international frameworks, capabilities, and partnerships are aligned and responsive to risks posed by the illicit use of digital assets. Agencies should also explore “the extent to which technological innovation may impact such activities,” and explore “opportunities to mitigate these risks through regulation, supervision, public‑private engagement, oversight, and law enforcement.”
- Federal agencies are directed to establish a framework for interagency international engagement with foreign counterparts to adopt global principles and standards for how digital assets are used and transacted, and to promote digital asset and CBDC technology development.
CFPB Director Rohit Chopra and Treasury Secretary Janet Yellen issued statements following Biden’s announcement. “Today’s Executive Order recognizes that the dramatic growth in digital asset markets has created profound implications for financial stability, consumer protection, national security, and energy demand,” Chopra said. “The [CFPB] is committed to working to promote competition and innovation, while also reducing the risks that digital assets could pose to our safety and security. We must make sure Americans in all financial markets are protected against errors, theft, or fraud.” Yellen stated that in addition to partnering with interagency colleagues to produce a report on the future of money and payment systems, Treasury will also work with international partners to promote robust cross-border standards and a level playing field. “As we take on this important work, we’ll be guided by consumer and investor protection groups, market participants, and other leading experts. Treasury will work to promote a fairer, more inclusive, and more efficient financial system, while building on our ongoing work to counter illicit finance, and prevent risks to financial stability and national security,” she said.
Treasury also recently announced that the Financial Literacy and Education Commission (led by Yellen and Chopra and comprised of the heads of 21 federal agencies and entities, including the OCC, Fed, FDIC, SEC, FTC, and HUD, among others) is forming a new subgroup on digital asset financial education to analyze the impact of digital assets on consumer and investor protections. “History has shown that, without adequate safeguards, forms of private money have the potential to pose risks to consumers and the financial system,” U.S. Under Secretary of the Treasury for Domestic Finance Nellie Liang said.
FinCEN warns financial institutions about Russian sanctions evasion
On March 7, FinCEN issued an alert advising financial institutions to be vigilant against potential attempts to evade sanctions levied against Russian individuals, banks, and other entities in response to the situation in Ukraine. FinCEN provided several examples of red flag indicators that could help identify attempted sanctions evasions, including actions by state actors and oligarchs, and reminded financial institutions of their Bank Secrecy Act (BSA) reporting obligations.
The alert stressed that all financial institutions, including those with visibility into convertible virtual currency (CVC) flows identify and promptly report associated suspicious activity, and conduct appropriate, risk-based customer due diligence or enhanced due diligence as required. This includes CVC exchangers and administrators within or outside of Russia (which are generally considered to be money services businesses under the BSA) that retain at least some access to the international financial system. FinCEN noted that “[w]hile large scale sanctions evasion using [CVC] by a government such as the Russian Federation is not necessarily practicable, CVC exchangers and administrators and other financial institutions may observe attempted or completed transactions tied to CVC wallets or other CVC activity associated with sanctioned Russian, Belarusian, and other affiliated persons.”
Financial institutions are instructed to specifically watch for (i) transactions initiated from IP addresses located in Russia, Belarus, FATF-identified jurisdictions with anti-money laundering/countering the financing of terrorism/counter-proliferation deficiencies, or other sanctioned jurisdictions; (ii) transactions connected to CVC addresses listed on OFAC’s Specially Designated Nationals and Blocked Persons List; and (iii) customers’ use of a CVC exchanger or foreign-located money service businesses in high-risk jurisdictions, including those with inadequate “know-your-customer” or customer due diligence measures. FinCEN also warned financial institutions of the dangers posed by Russian-related ransomware campaigns and encouraged financial institutions to refer to FinCEN and OFAC resources to help detect, prevent, and report potential suspicious activity.
Find continuing InfoBytes coverage on the U.S. sanctions response to Russia’s invasion of Ukraine here.
U.S.-EU release statement on Joint Financial Regulatory Forum
On March 1 and 2, EU and U.S. participants, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, participated in the U.S. – EU Joint Financial Regulatory Forum to continue their ongoing financial regulatory dialogue. Matters discussed focused on six themes: “(1) market developments and current assessment of financial stability risks, (2) operational resilience and digital finance, (3) sustainable finance and climate-related financial risks, (4) regulatory and supervisory cooperation in capital markets, (5) multilateral and bilateral engagement in banking and insurance, and (6) anti-money laundering and countering the financing of terrorism (AML/CFT).”
While acknowledging that both the U.S. and EU are “experiencing robust economic recoveries,” participants warned that significant uncertainty and risks are created by the current geopolitical situation, as well as challenges stemming from the ongoing Covid-19 pandemic, high energy prices, and supply-chain bottlenecks. “[C]ooperative international engagement to mitigate financial stability risks remains essential,” participants stressed. During the meeting, participants also discussed recent developments related to crypto-assets, digital finance, and so-called stablecoins, as well as the potential for a central bank digital currency, and “acknowledged the importance of ongoing international work on digital finance and recognized the benefits of greater international supervisory cooperation with a view to promote responsible innovation globally.”
In addition, participants discussed various topics, including those related to third-party providers; climate-related financial risks and challenges, including sustainability reporting standards; the transition from LIBOR; and progress made in strengthening their respective AML/CFT frameworks.
Fed reshaping “novel institutions” guidelines
On March 1, the Federal Reserve Board announced that it is soliciting comments on a supplement to a previous proposal intended to ensure that the Fed’s banks utilize a transparent and consistent set of factors when reviewing requests to access Federal Reserve Bank accounts and payment services. The framework, which builds on a proposal from May 2021 (covered by InfoBytes here), would establish a three tier system. Tier 1 would consist of eligible institutions that are federally-insured, and would be “subject to a less intensive and more streamlined review.” Tier 2 would consist of certain eligible institutions or holding companies that are not federally-insured but subject to prudential supervision, and would generally receive an “intermediate” level of review. Tier 3 would consist of eligible institutions that are “not federally insured and not subject to prudential supervision by a federal banking agency at the institution or holding company level,” and, given their potential higher risk, “would be subject to the strictest level of review.” Comments close 45 days after publication in the Federal Register.
Financial Stability Board informs G20 of 2022 priorities
On February 14, the Financial Stability Board (FSB) sent a letter to the G20 finance ministers and central bank governors outlining several priorities for 2022 and setting the groundwork for promoting global financial resilience during the upcoming year. The FSB stated that the “transition path to a post-pandemic economy remains highly uncertain,” and warned that Covid-19 continues to weigh on the global economy with “[n]ew waves of infections … contribut[ing] to an uneven recovery across regions, higher inflation, and record-high debt levels globally.” The FSB also observed that, while banks and financial market infrastructures were able to absorb the macroeconomic shock of the pandemic, the nonbank financial intermediation sector (NBFI), which currently represents nearly half of global financial assets, experienced acute stress and needs to be strengthened. A resilient NBFI sector would reduce the need for extraordinary central bank intervention, the FSB stated. The FSB’s plans include prioritizing its work in this space in coordination with other standard-setting bodies to address any shortcomings and develop a systemic approach to the NBFI sector. Another priority is addressing potential financial stability risks associated with rapidly developing crypto-assets and digital innovation. The FSB observed that “[c]rypto-asset markets are fast-evolving and could reach a point where they represent a threat to global financial stability due to their scale, structural vulnerabilities and increasing interconnectedness with the traditional financial system.” Financial risks resulting from climate change are another critical area of concern for the FSB. The FSB’s work this year will include ensuring these risks are properly reflected in all financial decisions related to disclosures, data, vulnerabilities analysis, and regulatory and supervisory approaches.
SEC, states reach $100 million settlement over crypto lending product
On February 14, the SEC and state regulators reached a $100 million settlement with a New Jersey-based financial services company in parallel actions to resolve allegations that the company failed to register the offers and sales of its retail credit lending product—marking the SEC’s “first-of-its-kind action” taken with respect to crypto lending platforms. According to the SEC, the company offered a product whereby retail investors lent crypto assets to the company “in exchange for the company’s promise to provide a variable monthly interest payment.” Among other things, the SEC found that because the company’s product are securities under applicable law, the company was required to register its offers and sales of the product or qualify for an exemption—both of which the company failed to do. The company also allegedly violated the Securities Act by making misleading statements on its website concerning its collateral practices and the level of risk in its loan portfolio and lending activity. Additionally, the company allegedly violated the Investment Company Act by engaging in interstate commerce while failing to register as an investment company with the SEC. While the company neither admitted nor denied the findings, it agreed to pay $50 million to the SEC and another $50 million to 32 states to settle similar charges. The company also agreed to cease engaging in unregistered offers and sales of its product, and will stop offering or selling its product in the U.S. Additionally, the company’s parent company stated its intention to register the offer and sale of a new lending product under the Securities Act.
UK accepts multinational tech company’s privacy sandbox proposals
On February 11, the UK Competition and Markets Authority (CMA) issued a decision accepting a multinational technology company’s offer to provide more transparency and oversight to its privacy sandbox proposals. The purpose of these proposals is to remove cross-site tracking of certain users through third-party cookies and alternative tracking method such as fingerprinting, and replace these methods “with tools to provide selected functionalities currently dependent on cross-site tracking.” A replacement technology has not yet been selected. CMA conducted an investigation centered around competition concerns related to the impact the privacy sandbox proposals may have if they are “implemented without sufficient regulatory scrutiny and oversight, in terms of third parties’ unequal access to the functionality associated with user tracking.” CMA’s decision requires the company to work closely with the agency when developing and testing its proposed replacements for third-party cookies. Additionally, the company is barred from making changes that give it an advantage over competitors when third-party cookies are removed and from developing replacements that give the company a competitive advantage over third parties. The company is also required to provide CMA with at least 60 days’ notice before removing support for third-party cookies and may not “combine user data from certain specified sources for targeting or measuring digital advertising on either [company] owned and operated ad inventory or ad inventory on websites not owned and operated by [the company].” CMA stated that it will continue to consult with the UK Information Commissioner’s Office on aspects of the privacy sandbox proposals related to privacy and data protection measures to ensure these concerns are addressed as the proposals are more fully developed.
FHFA releases AI/ML risk management guidance for GSEs
On February 10, FHFA released Advisory Bulletin (AB) 2022-02 to Fannie Mae and Freddie Mac (GSEs) on managing risks related to the use of artificial intelligence and machine learning (AI/ML). Recognizing that while the use of AI/ML has rapidly grown among financial institutions to support a wide range of functions, including customer engagement, risk analysis, credit decision-making, fraud detection, and information security, FHFA warned that AI/ML may also expose a financial institution to heightened compliance, financial, operational, and model risk. In releasing AB 2022-02 (the first publicly released guidance by a U.S. financial regulator that specifically focuses on AI/ML risk management), FHFA advised that the GSEs should adopt a risk-based, flexible approach to AI/ML risk management that should also be able “to accommodate changes in the adoption, development, implementation, and use of AI/ML.” Diversity and inclusion (D&I) should also factor into the GSEs’ AI/ML processes, stated a letter released the same day from FHFA’s Office of Minority and Women Inclusion, which outlined its expectations for the GSEs “to embed D&I considerations throughout all uses of AI/ML” and “address explicit and implicit biases to ensure equity in AI/ML recommendations.” The letter also emphasized the distinction between D&I and fairness and equity, explaining that D&I “requires additional deliberation because it goes beyond the equity considerations of the impact of the use of AI/ML and requires an assessment of the tools, mechanisms, and applications that may be used in the development of the systems and processes that incorporate AI/ML.”
Additionally, AB 2022-02 outlined four areas of heightened risk in the use of AI/ML: (i) model risk related to bias that may lead to discriminatory or unfair outcomes (includes “black box risk” where a “lack of interpretability, explainability, and transparency” may exist); (ii) data risk, including concerns related to the accuracy and quality of datasets, bias in data selection, security of data from manipulation, and unfamiliar data sources; (iii) operational risks related to information security and IT infrastructure, among other things; and (iv) regulatory and compliance risks concerning compliance with consumer protection, fair lending, and privacy laws. FHFA provided several key control considerations and encouraged the GSEs to strengthen their existing risk management frameworks where heightened risks are present due to the use of AI/ML.