InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases call for academic papers on AI and finance
Recently, the OCC released a notice soliciting academic research papers on the use of AI in banking and finance for submission by December 15. The OCC is interested in topics such as addressing potential bias and disparate impacts from AI and machine learning in lending, the regulatory landscape of AI, the impacts of algorithmic underwriting and appraising, and the AI risks in perpetrating fraud, algorithmic bias and misinformation. Selected authors will present their papers to OCC staff and other researchers at the OCC’s headquarters in Washington, D.C., on June 6, 2025. Researchers interested in acting as discussants can submit their papers and those selected will be notified by April 1, 2025. The initiative aims to gather original, unpublished research to address critical issues in the application and use of AI in the financial sector.
FDIC issues NPRM requiring banks to provide accurate record-keeping in connection with third-party arrangements
On September 17, the FDIC released an NPRM aimed at strengthening record-keeping requirements for banks’ holding deposits from third-party non-bank companies (i.e., fintechs). The proposed rule seeks to mitigate risks among third-party arrangements, protect depositors and bolster public confidence in insured deposits. FDIC Chairman Martin J. Gruenberg emphasized that the rule would ensure banks are aware of the actual owners of deposits placed by third parties and can provide depositors with their funds even if a third party fails.
The FDIC’s proposed rule targets custodial deposit accounts with transactional features, where deposits from multiple beneficial owners are commingled. The proposed rule would require banks to maintain records identifying the beneficial owners, their balances and the ownership category of the deposited funds. While these records must be reconciled daily, banks will have the option to maintain these records themselves or request a third party to handle them. The proposed rule also included several exemptions such as accounts holding only trust deposits, government deposit accounts, and accounts established by brokers or dealers. The proposed rule would mandate that banks establish written policies and procedures to ensure compliance and conduct annual testing and validation of records.
U.S.-U.K. treasuries convene to discuss financial stability goals
On September 3, the Department of the Treasury hosted the tenth official meeting of the U.S.-U.K. Financial Regulatory Working Group in Washington, D.C. Officials from both countries discussed economic and financial stability, banking issues, digital finance, sustainable finance, capital markets and non-bank financial involvement. They reviewed the economic and financial stability outlooks of both nations. The working group exchanged views on sustainable finance, including climate-related disclosures and transition plans. They discussed international initiatives and the U.K.’s efforts to align its supervision on climate risk management with global guidelines. Discussions also covered digital finance, such as using AI in financial services and tokenization. The group highlighted the importance of effective regulation and international cooperation to address risks and promote innovation.
New York Fed analyzes economic impacts of bank and nonbank private credit expansions
On August 20, the New York Fed released an economic analysis titled “The Disparate Outcomes of Bank- and Nonbank-Finance Private Credit Expansions.” The analysis revealed that while long-term trends in increased access to credit are generally thought to improve real activity, rapid credit expansions can predict adverse outcomes such as lower GDP growth and increased likelihood of crises. The study focused on how bank and nonbank credit growth have generally developed asynchronously in the U.S. since 1950 with some outlier periods like after the 2008 global financial crisis.
The New York Fed’s analysis showed that the composition of lending during a credit expansion significantly affects real outcomes. Specifically, growth in nonbank credit predicted negative GDP growth in the short to medium term but had no significant impact in the long term. Conversely, growth in bank credit was associated with persistently negative GDP growth over the medium to long term. Further, the New York Fed report found that nonbank credit growth also lowered the likelihood of extreme negative outcomes on GDP growth, while bank credit expansion increased the probability of such extreme outcomes. These insights suggested that the type of lender not only influences the magnitude of credit booms but also the associated risks to economic stability, providing valuable information for policymakers and financial industry stakeholders.
Banking regulators issue RFI/comment on bank-fintech relationships
On July 23, the OCC, Fed, and FDIC (the banking regulators) released a request for information and comment (RFI) and a joint statement to better understand the relationship between banks and fintechs. The federal banking regulators will seek input on the nature of bank-fintech arrangements, effective risk management practices, and whether there should be enhancements to existing supervision to address these risks in a manner consistent with consumer protection requirements and thwart financial crimes.
The federal banking regulators described bank-fintech relationships regarding depository activities, payment activities, and consumer and small business lending. The regulators also described the risk implications of these relationships, which could lead to possible risks with accountability, end-user confusion, rapid growth, or use and ownership of data and customer information. In the RFI, the banking regulators will be interested in hearing from the public on the descriptions of bank-fintech arrangements and risks summarized in the document.
On bank-fintech arrangements, the RFI posited seven items:
- Do the descriptions of bank-fintech arrangements in this RFI match the types of bank-fintech arrangements in the industry?
- What other benefits are there within bank-fintech arrangements?
- Describe banks’ use of data to monitor risk and ensure compliance with regulatory responsibilities.
- How do the parties to bank-fintech arrangements determine the end-user’s status as a bank customer or the fintech company customer?
- Describe the range of practices regarding using a core bank service provider.
- Describe the range of practices where bank-fintech arrangements involved bank affiliates.
- What are the up-front costs associated with bank-fintech arrangements?
On risk management, the RFI posited 16 items, including practices for maintaining safety and soundness, managing risks related to UDAP or discrimination, required disclosures, connecting to multiple technology platforms, facing a dilemma like a cyber-attack, negotiating contracts, and processing transactions. The banking regulators finally asked for items on trends and financial stability, such as which data would be helpful for the agencies to monitor developments best, supporting increased access to financial products and services, tolerating financial shocks, and supporting responsible innovation. Comments must be received within 60 days of publication in the Federal Register.
Acting Comptroller Hsu discusses new trends in banking
On July 17, Acting Comptroller of the Currency Michael J. Hsu spoke at the Exchequer Club, highlighting three significant long-term trends that he believes will reshape the banking landscape. First, Hsu highlighted the notable expansion of large banks. Second, he emphasized the increasing complexity of relationships between banks and nonbank institutions, which introduces new risks and complicates current models of regulatory oversight. Finally, Hsu discussed the growing polarization trends within the banking sector, which can potentially weaken trust and stability.
Hsu warned that these trends might appear gradual and manageable but could lead to serious consequences if ignored, drawing parallels to the banking issues that contributed to the 2008 financial crisis after years of unnoticed development.
To address the expansion of large banks, the OCC will work on regulatory reforms to bolster the resilience of large banks by reinforcing capital and liquidity requirements, enhancing operational resilience, and ensuring comprehensive recovery planning. Hsu stressed that large banks need measures that enable them to fail in an orderly manner if necessary. Such measures include maintaining sufficient long-term debt to absorb outsized losses and strong resolution capabilities. The OCC will focus on ensuring that large banks are not “too-big-to-manage,” meaning they must be capable of managing their risks and adhering to regulations. Regulators can support this notion by taking enforcement actions, imposing civil penalties, restricting business activities, and other regulatory oversight actions to reinforce the importance of sound risk management practices.
To address the increasing interdependency between banks and nonbanks (particularly fintechs) and the subsequent potential for confusion amongst responsibilities among consumers, regulators, and market participants, Hsu proposed the need for more granular approaches to regulation and more engagement between the federal banking agencies and fintechs, such as federal oversight of state-licensed money transmitter entities.
Finally, to address polarization and a trend of fragmentation amongst banking law developments at the state level, Hsu emphasized the need for a renewed focus of the OCC to “vigorously defend preemption, as it is central to the dual banking system and cuts to the core of why we exist and who we are.”
CFTC Chairman outlines regulatory gaps with digital commodities
On July 10, the Chairman of the CFTC, Rostin Behnam, testified before a U.S. Senate Committee and urged Congress to enact legislation to create a federal regulatory framework for digital assets. Courts have affirmed that digital asset commodities included Bitcoin and Ether. The Chairman expressed concerns about a lack of legislative responses that could have protected consumers from digital asset scams. Behnam also highlighted a report by the Financial Stability Oversight Council that identified a gap in regulation for commodity tokens. In sum, the Chairman stressed how Congress should act quickly to empower commodity regulators to provide essential customer protections.
Benham noted the CFTC was actively enforcing digital commodities by bringing over 135 cases. However, the escalating rate of enforcement cases reflected the accelerated adoption of digital assets by U.S. investors. The Chairman emphasized that the CFTC, primarily responsible for overseeing derivatives markets, was allocating significant resources towards a market that it lacked the authority to regulate robustly. The Chairman also noted the progress made by other countries in establishing regulatory frameworks for digital assets. He warned that regulatory gaps left U.S. consumers vulnerable to exploitation by bad actors and hindered coordination efforts. The Chairman concluded with his legislative priorities for a comprehensive regulatory framework, including a principles-based oversight model, adequate funding, disclosure requirements, anti-money laundering measures, and a clear distinction between commodities and securities. A link to the recording of the testimony can be found here.
FSB’s Liang speaks on AI in finance
On June 4, the U.S. Under Secretary for Domestic Finance, Nellie Liang, delivered a speech at the OECD-FSB Roundtable on Artificial Intelligence (AI) in Paris. Liang noted that while AI has been around for many years, the recent advances of generative AI will be evolving and will have the potential to transform the financial sector even more. The latest advancements in AI models can process vast amounts of data, generate content, and automate decision-making, welcoming new opportunities and challenges for financial institutions and regulators. The biggest takeaway was that AI holds transformative potential for the financial sector by enhancing efficiency and innovation, yet it also posed challenges such as model risk and privacy issues, necessitating vigilant evolution of regulatory frameworks to ensure safety and fairness.
On AI uses, Liang highlighted that financial institutions have explored AI applications to reduce costs, increase productivity, and develop new products. For instance, AI can be used to automate back-office functions, enhance customer service through chatbots, and inform trading strategies. AI’s expertise will be its abilities to process large volumes and types of information that would be otherwise impractical or impossible to analyze. Concerning risks, Liang pinpointed model risk as a prime issue, contending that robust data governance and careful design can counteract potential pitfalls. AI may also introduce or amplify interconnections among financial firms, leading to potential financial stability risks. Furthermore, Liang focused on the increased use of AI in financial services and the concerns it raised about data privacy, surveillance, and potential biases in AI-driven decision-making.
Liang noted how addressing these AI risks through existing regulatory frameworks, such as principles of model risk management, third-party risk management, and consumer protection laws would be possible. However, she noted, regulators need to assess whether AI will introduce new risks that require adjustments to the regulatory framework. Additionally, policymakers will be exploring the use of AI for identifying data anomalies, countering illicit finance and fraud, and improving fraud detection through comprehensive databases.
CFTC subcommittee issues report on responsible AI use
On May 2, a CFTC subcommittee on Emerging and Evolving Technologies issued a report on the responsible use of artificial intelligence (AI) by exchanges, clearinghouses, futures commission merchants, brokers, and data repositories, among others, interested in using AI in financial markets. The report examined AI use cases in financial services, reviewed the risks of AI for CFTC-registered entities, and set out five recommendations for the CFTC: (1) the CFTC should host a public roundtable discussion with industry leaders; (2) the CFTC should define and adopt an AI risk management framework to assess consumer harms and benefits of AI use by CFTC-registered entities; (3) the CFTC should create an inventory of existing AI regulations and identify gaps where staff guidance or rulemaking would be needed; (4) the CFTC should establish a process to align its policies with other federal agencies; and (5) the CFTC should increase staff participation in domestic and international dialogues around AI.
Nacha’s new rules intends to reduce business fraud that uses credit-push payments
On March 18, Nacha announced rule amendments intended to reduce the incidence of frauds that leverage credit-push payments, such as vendor impersonation and business email compromise (BEC). While, importantly, the rules will not shift liability for ACH payments as between the parties, they will establish obligations on originating financial institutions (ODFIs) and receiving depository financial institutions (RDFIs) to monitor the sending and receipt of payments for potential fraud, and they will empower the same to flag potentially fraudulent payments for action. Specifically, the rule amendments will allow “the originating financial institution (ODFI) to request the return of the payment for any reason, the RDFI to delay funds availability (within the limits of Regulation CC) to examine the payment more closely, and the RDFI to return a suspicious transaction on its own initiative without waiting for a request or a customer claim.”
As part of the amendment announcement, NACHA cited the FBI’s Internet Crime Complaint Center’s 2023 annual report, noting that BEC, vendor impersonation, and payroll impersonation are examples of fraudulent activities “that result in payments being ‘pushed’ from a payer’s account to the account of a fraudster,” and that there were 21,489 BEC complaints totaling $2.9 billion in reported losses in 2023, making BEC the second-costliest cybercrime category.
The first set of rule amendments are effective October 1, which, among other things, allow an RDFI to use return code R17 for potential fraud, including for “false pretenses,” and an ODFI to request a return from an RDFI for any reason, including fraud. The first set of amendments also provided RDFIs “with an additional exemption from the funds availability requirements to include credit entries that the RDFI suspects are originated under false pretenses,” subject to Regulation CC. Finally, the RDFI will be required to promptly return any unauthorized consumer debit by the 6th banking day after it reviewed a consumer’s signed Written Statement of Unauthorized Debit.
The first set of rule amendments will be followed by subsequent (phase 1 and phase 2) amendments. The phase 1 amendments, effective March 20, 2026, will, among other things, require ODFIs, and non-consumer originators, third party providers, and third party senders with an annual ACH origination volume of six million or more to implement or enhance appropriate risk-based process and procedures to identify fraudulent transfers. Under phase 1, NACHA will also require RDFIs with ACH receipt volumes of 10 million or more to establish risk-based processes and procedures to identify fraudulent activity. The second phase, effective June 19, 2026, will require fraud risk monitoring for the remaining non-consumer originators, third party providers, and third-party senders.