Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Fed issues final rule for FMUs to update risk management requirements, noting cyber and climate risks

    Agency Rule-Making & Guidance

    On March 8, the Federal Reserve Board announced a final rule that will update risk management requirements for financial market utilities (FMUs) supervised by the Fed. FMUs provide the financial infrastructure to clear and settle payments and transactions. The rule will go into effect 30 days after publication in the Federal Register, and FMUs are expected to comply with certain updates by 90 days and all updates by 180 days after publication. The Fed reported the final rule is “substantially similar” to the proposed rule and provided additional details to the exiting requirements for the following: (i) review and testing; (ii) incident management; (iii) business continuity management; and (iv) third-party risk management.

    Agency Rule-Making & Guidance Federal Issues Federal Reserve Cyber Risk & Data Security Risk Management

  • NIST releases cybersecurity framework 2.0 with tailored guidance

    Privacy, Cyber Risk & Data Security

    On February 26, the National Institute of Standards and Technology (NIST) finalized its Cybersecurity Framework (CSF), a document on guidance for reducing cybersecurity risk. After releasing the draft proposal last August for Cybersecurity Framework Version 2.0 which was updated to help organizations understand and reduce cybersecurity risks (covered by InfoBytes here), and considering public comments, NIST “expanded the CSF’s core guidance and developed related resources to provide different audiences with tailored pathways into the CSF and make the framework easier to put into action.” 

    According to NIST’s press release, the revised framework acknowledges that organizations will approach the CSF with different requirements and levels of proficiency in cybersecurity tool implementation. Novice users would benefit from the experiences of others and choose relevant implementation examples and quick-start guides tailored for specific user categories, including small businesses, enterprise risk managers, and organizations focused on securing supply chains. “NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users… and feedback from the community will be crucial.”

    Privacy, Cyber Risk & Data Security Federal Issues NIST Risk Management

  • FDIC orders bank to plan termination of relationships with “significant” fintech partners

    Recently, the FDIC released a consent order against a Tennessee bank as part of its release of January Enforcement Decisions and Orders. The FDIC stated that within sixty days of the effective date of the consent order, the bank must “submit a general contingency plan to the Regional Director… [on] how the [b]ank will administer an effective and orderly termination with significant third-party FinTech partners,” as part of its Third-Party Risk Management program for the bank. The Program must assess and manage the risks posed by all fintech firms associated with the bank. It will include policies related to due diligence and risk assessment criteria that are appropriate to the products and services provided by the fintech partner. The bank must also engage an independent firm for completion of a comprehensive Banking-as-a-Service Risk Assessment Report.

    The bank further consented, without admitting or denying any charges of unsafe or unsound banking practices, to board supervision of the bank’s management and approval of the bank’s policies and objectives, qualified management, the Regional Director’s prior consent for new or expanded lines of business that would result in an annual 10 percent growth in total assets or liabilities, and a comprehensive strategic plan.

     

    Bank Regulatory FDIC Consent Order Fintech Risk Management Enforcement

  • Hsu notes a “trip wire approach” for FSOC review of payments, private equity systemic risk

    On February 21, Acting Comptroller of the Currency Michael Hsu delivered remarks at Vanderbilt University, discussing banking and commerce, regulatory effectiveness, and financial stability. Hsu further discussed the “blurring of the line” between banking and private credit/equity, its relevance to different market crashes, and how it can create risk. Hsu mentioned the potential to fill a regulatory gap regarding payments.

    Hsu highlighted that the FSOC’s recent analytic framework indicated vulnerable points that can commonly contribute to financial stability risks and discussed how FSOC may address the risks. The framework also established how the council determines whether a given nonbank should be under the Fed’s supervision and prudential standards (covered by InfoBytes here). In his speech, Hsu defines banking as “institutions that take deposits, make loans, and facilitate payments” and commerce as “everything else” including nonbank finance. 

    He added that the FSOC should use its macro-prudential tools to address risk and develop metrics and thresholds to identify when a payments or private equity firm may need an assessment of systemic risk. This “trip wire approach” would leverage the FSOC’s framework, moving a firm from the identification phase to the assessment phase of the FSOC’s analytic framework, and the assessment would inform if there was a need for FSOC response. Because of the rise in cash managed by nonbanks on behalf of consumers, Hsu said that could serve as a metric for the trip wire for payments-focused fintechs and other nonbank companies. “The standardization, scalars, and level at which an FSOC assessment would be triggered would be informed by public comment,” he added. Finally, Hsu highlighted how the trip wire approach offered a transparent and proactive method for identifying and addressing systemic risks before they escalate. 

    Bank Regulatory Federal Issues FSOC OCC Payments Nonbank Risk Management

  • Acting Comptroller discusses bank liquidity risk

    On January 18, OCC Acting Comptroller of the Currency, Michael J. Hsu, delivered remarks at an event held by Columbia University Law School on bank liquidity risk. Hsu highlighted the evolving nature of bank runs and urged banks and regulators to adapt. While individual bank supervision has seen some adjustments, Hsu stressed the need for targeted regulatory enhancements to ensure the systematic implementation of updated liquidity risk management practices, particularly among midsize and large banks. Hsu’s remarks emphasized three themes:

    Recognizing the speed and severity of certain outflows. The liquidity risk for banks with uninsured deposits significantly increased. Hsu said that anticipating potential herding scenarios in liquidity risk management is crucial;

    Ensuring the ability to monetize. Hsu said banks and regulators need to adapt to the faster pace of bank runs, where large outflows happen more quickly than in the past. Having enough liquid assets is not sufficient; banks must quickly convert assets into cash, Hsu said. Utilizing the Fed’s discount window is an option, but it faces stigma. Hsu also mentioned that there is a proposal for a targeted regulatory requirement for banks to have enough liquidity to cover short-term outflows, up to five days, using pre-positioned collateral to de-stigmatize discount window usage while preventing over-reliance; and

    Limiting guilt by association. To combat the fear that uninsured depositors across banks could be at risk upon bank failures, Hsu said a long-term solution involves distinguishing between operational and non-operational deposits, requiring standardized classification systems and ongoing research efforts to effectively mitigate contagion risks.

    Bank Regulatory OCC Liquidity Risk Management

  • NYDFS releases guidance on risk management

    State Issues

    On December 21, 2023, NYDFS released guidance for managing significant financial and operational risks associated with climate change for New York State-regulated banking and mortgage institutions. The guidance emphasized the importance of ensuring operational resiliency which is “the ability to deliver operations, including critical operations and core business lines, through a disruption from any hazard.” Regulated organizations are encouraged to consider three key areas: 1) understanding climate-related financial risks; 2) prioritizing operational resilience; 3) and complying with consumer protection laws when adjusting risk frameworks for climate-related risks. The NYDFS categorizes climate-related financial risks as either physical risks, like hurricanes, floods, and wildfires, or transition risks from policy, regulations, adoption of new technologies, consumer, and investor preferences, and changing liability risks which can directly and indirectly affect financial institutions.

    Regulated organizations are urged to consider potential impacts on at-risk communities while adapting their risk management approaches. NYDFS suggests they maintain reasonable, risk-based business strategies to prevent unnecessary market disruptions and comply with consumer protection laws and fair lending considerations at all times. The guidance suggests institutions also maintain fair lending practices while managing climate-related financial risks, and further suggests not divesting from low-income communities to manage risk.

    The NYDFS has not set a timeline for implementation of the Guidance expectations as it would like “to provide regulated organizations with sufficient opportunity to integrate consideration of climate-related financial and operational risks into their governance frameworks, organizational structures, business strategies and risk management processes in a proportionate manner.” To offer an overview of these documents and highlight key feedback themes, NYDFS has scheduled a webinar for January 11, 2024, at 11:30 am ET. Interested parties can register for the webinar via the provided link. The Department also made additional resources available to aid organizations in implementing measures to tackle climate-related risks.

    State Issues Agency Rule-Making & Guidance NYDFS Risk Management New York

  • Basel Committee publishes report on recalibration of shocks for interest rate risk

    On December 12, the Basel Committee released a report on the “Recalibration of shocks for interest rate risk in the banking book,” as an adjustment to the Committee’s 2016 commitment to recalibrate the interest rate shock parameters.

    The Committee began its calibration of interest rate shocks before the March 2023 banking issues transpired and is now following up on fundamental shortcomings in traditional risk management of banks, including interest rate risks. The report is brief and focuses on specified topics: for the first topic, the current calibration and methodology outlining current interest rate shocks (measured in basis points), the calculation of average interest rates from 2000 to 2015, the application of three tiers for shock parameters, and problems with the methodology; for the second topic, a proposal of a new methodology and calibration using a formula with outlined steps for countries to adopt, a comparison between the existing and new methodology, and a recalibration table; and, the third and final topic emphasizes additional issues and next steps, including caps, non-parallel shocks, and impact assessment.

    The Committee noted in its press release that these changes “are needed to address problems with how the current methodology captures interest rate changes during periods when interest rates are close to zero.” Comments can be submitted to the Committee until March 28, 2024.

    Bank Regulatory Basel Committee Interest Rate Risk Management

  • IOSCO releases report advising country regulators on crypto asset regulation

    Securities

    On November 16, the International Organization of Securities Commissions (IOSCO) released a report titled “Policy Recommendations for Crypto and Digital Asset Markets” for centralized financial bodies to put forth parallel, global policies on crypto assets, including a country’s stablecoin.

    IOSCO’s report aims to protect retail investors from illegal crypto-asset market activities, including regulatory non-compliance, financial crime, fraud, market manipulation, and money laundering that have led to investor losses. The report puts forth 18 policy recommendations summarized within six key themes: conflicts from firms doing too much at once; market manipulation, insider trading, and fraud; cross-border risks and regulatory cooperation; operational and technological risks; and retail access, suitability, and distribution. ISOCO maintains its principles on global regulation are within the “same activities, same risks, same regulation/regulatory outcomes.” IOSCO also mentioned it plans on releasing a second report on decentralized finance before the year’s end.

    Securities International Of Interest to Non-US Persons Cryptocurrency Digital Assets Risk Management

  • Fed Governor Cook on financial stability

    On November 8, Federal Reserve Governor Lisa D. Cook delivered a speech regarding financial stability at the Central Bank of Ireland. Governor Cook underscored the link between financial stability and the Fed’s stable process and maximum employment and focused on four key vulnerability categories: (i) asset valuations; (ii) business and household borrowing; (iii) financial-sector leverage; and (iv) funding risks. Governor Cook noted rising asset valuations in various markets, especially in the real estate sector, and the potential risks associated with high levels of borrowing by businesses and households. Additionally, she discussed the importance of monitoring financial sector leverage and funding risks, both in bank and nonbank financial institutions.

    Governor Cook also outlined near-term risks that could impact the resilience of the financial system. These risks included inflationary pressures, potential losses in the real estate market, banking-sector stress, and market liquidity strains. She emphasized the need for robust oversight and prudential requirements for nonbank financial institutions, as they are becoming increasingly interconnected with the banking sector.

    Finally, Governor Cook stressed the importance of remaining vigilant in identifying and addressing vulnerabilities within the global financial system to ensure its stability and, in turn, support the well-being of households, businesses, and the broader economy.

    Bank Regulatory Risk Management Federal Reserve

  • SEC charges crypto company with fraud and anti-registration violations

    Securities

    On November 1, the SEC charged a crypto company and its executive team with fraud through the unregistered sale of crypto asset securities. According to the complaint, the defendants represented in marketing materials, website, social media posts, and other communications with the public that a certain percentage of funds for each transaction would be retained and inaccessible by any party for a period of four years as a safety mechanism against asset misappropriation. Instead, the complaint alleges, the defendants accessed the funds and misappropriated tens of millions of dollars for various purposes, including manipulation of the market for the crypto asset, business expenses, investments in unrelated companies, and personal use. The complaint charges defendants with violating the registration and anti-fraud provisions of the Securities Act of 1933 and the anti-fraud provisions of the Securities Exchange Act of 1934.

    Securities Federal Issues Venture Capital Risk Management Digital Assets

Pages

Upcoming Events