Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FSB’s Liang speaks on AI in finance


    On June 4, the U.S. Under Secretary for Domestic Finance, Nellie Liang, delivered a speech at the OECD-FSB Roundtable on Artificial Intelligence (AI) in Paris. Liang noted that while AI has been around for many years, the recent advances of generative AI will be evolving and will have the potential to transform the financial sector even more. The latest advancements in AI models can process vast amounts of data, generate content, and automate decision-making, welcoming new opportunities and challenges for financial institutions and regulators. The biggest takeaway was that AI holds transformative potential for the financial sector by enhancing efficiency and innovation, yet it also posed challenges such as model risk and privacy issues, necessitating vigilant evolution of regulatory frameworks to ensure safety and fairness.

    On AI uses, Liang highlighted that financial institutions have explored AI applications to reduce costs, increase productivity, and develop new products. For instance, AI can be used to automate back-office functions, enhance customer service through chatbots, and inform trading strategies. AI’s expertise will be its abilities to process large volumes and types of information that would be otherwise impractical or impossible to analyze. Concerning risks, Liang pinpointed model risk as a prime issue, contending that robust data governance and careful design can counteract potential pitfalls. AI may also introduce or amplify interconnections among financial firms, leading to potential financial stability risks. Furthermore, Liang focused on the increased use of AI in financial services and the concerns it raised about data privacy, surveillance, and potential biases in AI-driven decision-making.

    Liang noted how addressing these AI risks through existing regulatory frameworks, such as principles of model risk management, third-party risk management, and consumer protection laws would be possible. However, she noted, regulators need to assess whether AI will introduce new risks that require adjustments to the regulatory framework. Additionally, policymakers will be exploring the use of AI for identifying data anomalies, countering illicit finance and fraud, and improving fraud detection through comprehensive databases. 

    Fintech Artificial Intelligence Department of Treasury Risk Management Big Data

  • CFTC subcommittee issues report on responsible AI use


    On May 2, a CFTC subcommittee on Emerging and Evolving Technologies issued a report on the responsible use of artificial intelligence (AI) by exchanges, clearinghouses, futures commission merchants, brokers, and data repositories, among others, interested in using AI in financial markets. The report examined AI use cases in financial services, reviewed the risks of AI for CFTC-registered entities, and set out five recommendations for the CFTC: (1) the CFTC should host a public roundtable discussion with industry leaders; (2) the CFTC should define and adopt an AI risk management framework to assess consumer harms and benefits of AI use by CFTC-registered entities; (3) the CFTC should create an inventory of existing AI regulations and identify gaps where staff guidance or rulemaking would be needed; (4) the CFTC should establish a process to align its policies with other federal agencies; and (5) the CFTC should increase staff participation in domestic and international dialogues around AI.

    Fintech Artificial Intelligence Department of Treasury Governance Anti-Money Laundering

  • Nacha’s new rules intends to reduce business fraud that uses credit-push payments


    On March 18, Nacha announced rule amendments intended to reduce the incidence of frauds that leverage credit-push payments, such as vendor impersonation and business email compromise (BEC). While, importantly, the rules will not shift liability for ACH payments as between the parties, they will establish obligations on originating financial institutions (ODFIs) and receiving depository financial institutions (RDFIs) to monitor the sending and receipt of payments for potential fraud, and they will empower the same to flag potentially fraudulent payments for action. Specifically, the rule amendments will allow “the originating financial institution (ODFI) to request the return of the payment for any reason, the RDFI to delay funds availability (within the limits of Regulation CC) to examine the payment more closely, and the RDFI to return a suspicious transaction on its own initiative without waiting for a request or a customer claim.” 

    As part of the amendment announcement, NACHA cited the FBI’s Internet Crime Complaint Center’s 2023 annual report, noting that BEC, vendor impersonation, and payroll impersonation are examples of fraudulent activities “that result in payments being ‘pushed’ from a payer’s account to the account of a fraudster,” and that there were 21,489 BEC complaints totaling $2.9 billion in reported losses in 2023, making BEC the second-costliest cybercrime category.

    The first set of rule amendments are effective October 1, which, among other things, allow an RDFI to use return code R17 for potential fraud, including for “false pretenses,” and an ODFI to request a return from an RDFI for any reason, including fraud. The first set of amendments also provided RDFIs “with an additional exemption from the funds availability requirements to include credit entries that the RDFI suspects are originated under false pretenses,” subject to Regulation CC. Finally, the RDFI will be required to promptly return any unauthorized consumer debit by the 6th banking day after it reviewed a consumer’s signed Written Statement of Unauthorized Debit. 

    The first set of rule amendments will be followed by subsequent (phase 1 and phase 2) amendments. The phase 1 amendments, effective March 20, 2026, will, among other things, require ODFIs, and non-consumer originators, third party providers, and third party senders with an annual ACH origination volume of six million or more to implement or enhance appropriate risk-based process and procedures to identify fraudulent transfers. Under phase 1, NACHA will also require RDFIs with ACH receipt volumes of 10 million or more to establish risk-based processes and procedures to identify fraudulent activity. The second phase, effective June 19, 2026, will require fraud risk monitoring for the remaining non-consumer originators, third party providers, and third-party senders.

    Fintech NACHA ACH Fraud

  • Department of Energy discontinues crypto mining survey following a settlement agreement


    On March 1, a cryptocurrency company (plaintiff) and the U.S. Department of Energy submitted a settlement agreement to the U.S. District Court for the Western District of Texas to discontinue an emergency crypto mining survey once approved by the Office of Management and Budget.

    According to the settlement agreement, the Department of Energy initiated an emergency three-year collection of a Cryptocurrency Mining Facilities Survey in January, which the plaintiff claimed did not comply with various statutory and regulatory requirements for the emergency collection of information. Following the court’s approval of the plaintiff’s temporary restraining order, which protected plaintiffs from completing the survey issued by the Department of Energy and protected any information they may have already submitted, the Department of Energy discontinued its emergency collection, and said it will proceed through notice-and-comment procedures for approval of any collection of information covering such data. As a result of the discontinuation of the emergency collection request, no entity or person is required to respond to the survey.

    As part of the settlement agreement, the Department of Energy will destroy any information it had already received from survey responses. In addition to a $2,199.45 payment for the plaintiffs’ litigation expenses, the Department of Energy also agreed to publish a new Federal Register notice of a proposed collection of information and withdraw its original notice. 

    Fintech Department of Energy Cryptocurrency Digital Assets Settlement Courts Bitcoin

  • U.S. Attorney General taps professor to lead new technology-focused roles


    On February 22, the U.S. Attorney General, Merrick B. Garland, announced that he tapped Jonathan Mayer to head the DOJ’s first Chief Science and Technology Advisory and Chief Artificial Intelligence (AI) Officer roles. The roles are housed in the DOJ’s Office of Legal Policy which is developing a team of technical and policy experts in technology-related areas important to the Department’s responsibilities. These topics include cybersecurity and AI with the aim to advise leadership and collaborate with other components across the Department and with federal partners on cutting-edge technological issues. As the first Chief Science and Technology Advisor, Mayer will contribute technical expertise on cybersecurity, AI, and emergent technology matters.

    The Chief AI Officer role was created pursuant to a presidential executive order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. In this role, Mayer will work on intra-departmental and cross-agency efforts on AI and adjacent issues, and he will also lead the Justice Department’s newly established Emerging Technology Board, which coordinates and governs AI and other emerging technologies across the Department.

    Mayer has a PhD in computer science from Stanford University and a J.D. from Stanford Law School. Mayer is an assistant professor at Princeton University’s Department of Computer Science and School of Public and International Affairs where his research is focused on the intersection of technology, policy, and law with an emphasis in criminal procedure, national security, and consumer protection.

    Fintech Department of Justice Artificial Intelligence

  • Financial Stability Board’s letter addresses financial topics for upcoming G20 meeting


    On February 20, the Financial Stability Board (FSB) released a letter from its Chair, Klaas Knot, to the G20 Finance Ministers and Central Bank Governors ahead of the February 28-29 G20 meeting, setting up the agenda for maintaining global financial stability. The FSB is an organization made up of senior financial officials from G20 countries as well as international financial organizations including the International Monetary Fund, the World Bank, and the European Central Bank. The letter addressed financial system vulnerabilities, including the takeaways from the March 2023 banking crisis, nonbank financial intermediation (NBFI), digitalization of finance, climate change effects, and cross-border payment efficiency.

    On the first topic, the letter highlighted lessons wrought by the March 2023 banking crisis; the FSB advocated the need for public-sector backstop funding mechanisms, and more analytical work on interest rate and liquidity risk to explore vulnerabilities. On NBFI, the letter noted a structural vulnerability in asset management as the “potential mismatch between the liquidity of fund investments and daily redemption of fund units in open-ended funds[.]” On digital innovation, the letter urges the G20 to closely monitor any risks to financial stability, including crypto, tokens, and artificial intelligence. On climate change, the FSB plans to further analyze climate-related financial risks to financial stability. Last, on cross-border payments, the G20 Cross-border Payments Roadmap goal is to make cross-border payments “faster, cheaper, and more transparent and inclusive” while keeping their integrity and maintaining the “safety of the system.” The letter noted that FSB has collaborated with AML experts in both the public and private sectors to “increase the efficiency of payments systems and further enhance their integrity and safety.”


    Fintech Financial Stability Board G20 Of Interest to Non-US Persons Cross Border Activities Climate-Related Financial Risks

  • FDIC orders bank to plan termination of relationships with “significant” fintech partners

    Recently, the FDIC released a consent order against a Tennessee bank as part of its release of January Enforcement Decisions and Orders. The FDIC stated that within sixty days of the effective date of the consent order, the bank must “submit a general contingency plan to the Regional Director… [on] how the [b]ank will administer an effective and orderly termination with significant third-party FinTech partners,” as part of its Third-Party Risk Management program for the bank. The Program must assess and manage the risks posed by all fintech firms associated with the bank. It will include policies related to due diligence and risk assessment criteria that are appropriate to the products and services provided by the fintech partner. The bank must also engage an independent firm for completion of a comprehensive Banking-as-a-Service Risk Assessment Report.

    The bank further consented, without admitting or denying any charges of unsafe or unsound banking practices, to board supervision of the bank’s management and approval of the bank’s policies and objectives, qualified management, the Regional Director’s prior consent for new or expanded lines of business that would result in an annual 10 percent growth in total assets or liabilities, and a comprehensive strategic plan.


    Bank Regulatory FDIC Consent Order Fintech Risk Management Enforcement

  • NY Fed highlights an increase in unsecured loans from fintech firms in report, primarily among subprime lenders


    On November 21, the Federal Reserve Bank of New York released a report on the rise and then contraction of unsecured personal loans from 2019 to 2023 for nonbank or fintech companies, and the role of alternative data and underwriting in that growth.

    The report looked at how the economic conditions from 2019 to 2022 “created an ideal environment for FinTech firms to increase their loan originations.” It specifically noted that the U.S. government-issued stimulus payments and student loan repayment moratorium enabled fintech companies to expand their services to low- and moderate-income borrowers, including those with subprime credit. The report also looked at fintech’s role in that growth, what consumer segments are utilizing unsecured personal loans, the overall growth of the products, and the subsequent tightening of credit. Finally, the NY Fed discussed various fintech models and analyzed which models service the needs of low- and moderate-income households. 


    Fintech Federal Reserve Federal Reserve Bank of New York Subprime Consumer Finance New York

  • Fed’s Vice Chair remarks on payments innovation, CBDCs, and financial inclusion

    On October 27, Fed Vice Chair for Supervision, Michael Barr, delivered a speech at the Economics of Payments XII Conference discussing the Fed’s place in the payments system and highlighting its role as a bank supervisor and operator of key payment infrastructure. Emphasizing the Fed’s introduction of its FedNow instant payment service (covered by InfoBytes here), which was designed to enable secure instant payments in response to the increasing demand for secure and convenient payment options, Barr encouraged banks to build upon the new payment infrastructure. He also noted that ongoing experimentation with new payment technologies, such as stablecoins, creates a need for regulation, particularly where an asset is “pegged to government-issued currencies.” 

    Regarding central bank digital currencies (CBDCs), the Fed is engaged in research and in discussions with various stakeholders; however, it has not decided on whether to issue a CBDC. The Vice Chair stressed that any move in this direction would require “clear support” from the Executive Branch and authorization from Congress.

    Barr emphasized the Fed’s commitment to working with the international community to improve cross-border payment systems as well as the need for research into both traditional and emerging payment methods, noting that innovation should “promote broad access and financial inclusion.”  Finally, the remarks touched on the Fed’s proposed revisions to the interchange fee cap for debit card issuers, with a call for public input on the matter (covered by InfoBytes here).

    Bank Regulatory Fintech Federal Reserve Payments CBDC Financial Inclusion Stablecoins

  • CFPB announces civil money penalty against nonbank, alleges EFTA and CFPA violations

    Federal Issues

    On October 17, the CFPB announced an enforcement action against a nonbank international money transfer provider for alleged deceptive practices and illegal consumer waivers. According to the consent order, the company facilitated remittance transfers through its app that required consumers to sign a “remittance services agreement,” which included a clause protecting the company from liability for negligence over $1,000. The Bureau alleged that such waiver violated the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, including Subpart B, known as the Remittance Transfer Rule, by (i) requiring consumers sign an improper limited liability clause to waive their rights; (ii) failing to provide contact and cancellation information in disclosures, and other required terms; (iii) failing to provide a timely receipt when payment is made for a transfer; (iv) failing to develop and maintain required policies and procedures for error resolution; (v) failing to investigate and determine whether an error occurred, possibly preventing consumers from receiving refunds or other remedies they were entitled to; and (vi) failing to accurately disclose exchange rates and the date of fund availability. The CFPB further alleged that the company’s representations regarding the speed (“instantly” or “within seconds”) and cost (“with no fees”) of its remittance transfers to consumers were inaccurate and constituted violations of CFPA. The order requires the company to pay a $1.5 million civil money penalty and provide an additional $1.5 in consumer redress. The company must also take measures to ensure future compliance.

    Federal Issues Fintech CFPB CFPA EFTA Nonbank Unfair Enforcement Consumer Protection


Upcoming Events