Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFTC adopts NIST Privacy Framework

    Privacy, Cyber Risk & Data Security

    On January 28, the CFTC announced that it has adopted the National Institute of Standards and Technology (NIST) Privacy Framework, making it the first federal agency to do so. The September NIST release of a preliminary draft of the framework described it as “[a] Tool for Improving Privacy through Enterprise Risk Management,” covered by InfoBytes here. Among other things, the privacy framework, which advances guidance to mitigate cybersecurity risk, describes processes to mitigate risks associated with data processing and privacy breaches and to assess current privacy risk management measures. According to the announcement, the CFTC will utilize the framework to “better manage and communicate privacy risk throughout the agency,” making them a leader in the data privacy protection arena.

    Privacy/Cyber Risk & Data Security NIST CFTC Risk Management

  • Representatives urge financial regulators to strengthen cyber infrastructures

    Federal Issues

    On January 7, Representatives Emanuel Cleaver II (D-MO) and Gregory Meeks D-NY) sent a letter to nine federal financial regulators urging them to strengthen their financial infrastructures against possible cyber-attacks in the wake of recent threats against the U.S. from Iran and its allies following the killing of Iranian official Qasem Soleimani. The letter also requests that the regulators coordinate with law enforcement and regulated entities to increase information sharing surrounding cyber threats, and “communicate a strategy to further mitigate existing cyber vulnerabilities within [the U.S.] financial infrastructure by March.” The letter was sent to the Federal Reserve Board, Treasury Department, SEC, FDIC, CFPB, Federal Housing Finance Agency, Commodity Futures Trading Commission, National Credit Union Administration, and the OCC.

    As previously covered by InfoBytes, NYDFS separately issued an Industry Letter on January 4 warning regulated entities about the “heightened risk” of cyber-attacks by hackers affiliated with the Iranian government. The letter provides recommendations for ensuring quick responses to any suspected cyber incidents, and reminds entities they must inform NYDFS “as promptly as possible but in no event later than 72 hours’ after a material cybersecurity event.”

    Federal Issues U.S. House Federal Reserve Department of Treasury SEC FDIC CFPB FHFA CFTC NCUA OCC Privacy/Cyber Risk & Data Security

  • CFTC reaches $14 million settlement with bank over swap dealer standards

    Securities

    On November 8, the CFTC announced a $14 million settlement with a national bank to resolve allegations that the bank violated swap dealer business conduct standards in its foreign exchange trading business. Among other things, the bank allegedly failed to properly price a $4 billion foreign exchange forward contract with a counterparty when it selected a rate it “believed would be in the range of the true weighted average and thus acceptable to the counterparty,” instead of calculating a “weighted average rate based on actual spot trades.” According to the CFTC, at the time the bank did not have a system in place to accurately track trades used to fill the counterparty’s order and ensure compliance with policies and procedures regarding communicating with counterparties in a fair and balanced manner. (The bank has since cured these deficiencies.) The bank, which has neither admitted nor denied the findings, agreed to pay a $10 million civil money penalty and $4.47 million in restitution (previously paid to the counterparty) under the terms of the settlement order.

    Securities CFTC Foreign Exchange Trading

  • FDIC, OCC approve final rule revising Volcker Rule

    Agency Rule-Making & Guidance

    On November 14, the OCC, FDIC, Federal Reserve Board, CFTC, and SEC published a final rule, which will amend the Volcker Rule to simplify and tailor compliance with Section 13 of the Bank Holding Company Act’s restrictions on a bank’s ability to engage in proprietary trading and own certain funds. As previously covered by InfoBytes, the five financial regulators released a joint notice of proposed rulemaking in July 2018 designed to reduce compliance costs for banks and tailor Volcker Rule requirements to better align with a bank’s size and level of trading activity and risks. The final rule clarifies prohibited activities and simplifies compliance burdens by tailoring compliance obligations to reflect the size and scope of a bank’s trading activities, with more stringent requirements imposed on entities with greater activity. The final rule also addresses the activities of foreign banking entities outside of the United States.

    Specifically, the final rule focuses on the following areas:

    • Compliance program requirements and thresholds. The final rule includes a three-tiered approach to compliance program requirements, based on the level of a banking entity’s trading assets and liabilities. Banks with total consolidated trading assets and liabilities of at least $20 billion will be considered to have “significant” trading activities and will be subject to a six-pillar compliance program. Banks with “moderate” trading activities (total consolidated trading assets and liabilities between $1 billion and $20 billion) will be subject to a simplified compliance program. Finally, banks with “limited” trading activities (less than $1 billion in total consolidated trading assets and liabilities) will be subject to a rebuttable presumption of compliance with the final rule.
    • Proprietary trading. Among other changes, the final rule (i) retains a modified version of the short-term intent prong; (ii) eliminates the agencies’ rebuttable presumption that financial instruments held for fewer than 60 days are within the short-term intent prong of the trading account; and (iii) adds a rebuttable presumption that financial instruments held for 60 days or longer are not within the short-term intent prong of the trading account. Additionally, banks subject to the market risk capital prong will be exempt from the short-term intent prong.
    • Proprietary trading exclusions. The final rule modifies the liquidity management exclusion to allow banks to use a broader range of financial instruments to manage liquidity. In addition, exclusions have been added for error trades, certain customer-driven swaps, hedges of mortgage servicing rights, and certain purchases or sales of instruments that do not meet the definition of “trading assets and liabilities.”
    • Proprietary trading exemptions. The final rule includes changes from the proposed rule related to the exemptions for underwriting and market making-related activities, risk-mitigating hedging, and trading by foreign entities outside the U.S.
    • Covered funds. Among other things, the final rule incorporates proposed changes to the covered funds provision concerning permitted underwriting and market making and risk-mitigating hedging with respect to such funds, as well as investments in and sponsorships of covered funds by foreign banking entities located solely outside the U.S.
    • Application to foreign banks. The final rule aligns the methodologies for calculating the “limited” and “significant” compliance thresholds for foreign banking organizations by basing both thresholds on the trading assets and liabilities of the firm’s U.S. operations. The final rule includes changes to the exemptions from the prohibitions for underwriting and market making-related activities, risk mitigating hedging, and trading by foreign banking entities solely outside the U.S. Additionally, the final rule also includes changes to the covered funds provisions, including with respect to permitted underwriting and market making and risk-mitigating hedging with respect to a covered fund, as well as investment in or sponsorship of covered funds by foreign banking entities solely outside the U.S. and the exemption for prime brokerage transactions.

    FDIC board member Martin J. Gruenberg voted against the rule, stating the “final rule before the FDIC Board today would effectively undo the Volcker Rule prohibition on proprietary trading by severely narrowing the scope of financial instruments subject to the Volcker Rule. It would thereby allow the largest, most systemically important banks and bank holding companies to engage in speculative proprietary trading funded with FDIC-insured deposits.” Gruenberg emphasized that the final rule “includes within the definition of trading account only one of these categories of fair valued financial instruments—those reported on the bank’s balance sheet as trading assets and liabilities. This significantly narrows the scope of financial instruments subject to the Volcker Rule.”

    The final rule will take effect January 1, 2020, with banks having until January 1, 2021, to comply. Prior to the compliance date, the 2013 rule will remain in effect. Alternatively, banking entities may elect to voluntarily comply, in whole or in part, with the final rule’s amendments prior to January 1, 2021, provided the agencies have implemented necessary technological changes.

    Agency Rule-Making & Guidance FDIC Federal Reserve OCC CFTC SEC Bank Holding Company Act Volcker Rule Of Interest to Non-US Persons

  • CFTC announces LabCFTC independence, releases AI primer

    Fintech

    On October 24, the Commodity Futures Trading Commission (CFTC) announced that LabCFTC will operate as an independent operating office of the agency, reporting directly to the chair of the CFTC. As previously covered by InfoBytes, LabCFTC was established in 2017 as an initiative to engage innovators in the financial technology industry and promote responsible fintech innovation. According to the CFTC, the change reflects the importance the agency places on examining the value of innovation within the financial marketplace and making the agency accessible to fintech innovators. The CFTC also released the Artificial Intelligence in Financial Markets primer to provide an “overview of how AI is applied in financial markets” as well as resources for market participants, consumers, and the public. The primer is part of a LabCFTC series on fintech innovation. (Previous InfoBytes coverage here.)

    Fintech CFTC Artificial Intelligence

  • Federal financial regulators join the Global Financial Innovation Network

    Federal Issues

    On October 24, the CFTC, FDIC, OCC, and SEC announced that they joined the Global Financial Innovation Network (GFIN). GFIN was created by the United Kingdom’s Financial Conduct Authority in 2018 and is an international network of 50 organizations, including the CFPB and other financial regulators. As previously covered by InfoBytes, GFIN members are committed to supporting financial innovation by (i) collaborating on innovation and providing accessible regulatory contact information for firms; (ii) providing a forum for joint regulation technology work; and (iii) providing firms with an environment in which to trial cross-border solutions. According to the FDIC’s announcement, “[p]articipation in the GFIN furthers these objectives and enhances the agencies’ abilities to encourage responsible innovation in the financial services industry in the United States and abroad.”

    Federal Issues FDIC OCC SEC CFTC Regulatory Sandbox Of Interest to Non-US Persons

  • Waters and Brown urge regulators to reconsider Volcker Rule changes

    Federal Issues

    On October 17, House Financial Services Committee Chairwoman Maxine Waters (D-Calif) and Senate Banking Committee Ranking Member Sherrod Brown (D-Ohio) wrote to the heads of the Federal Reserve Board, FDIC, OCC, SEC, and CFTC to oppose the federal financial regulators’ recent approval of changes to the Volcker Rule. (Previous InfoBytes coverage here.) According to Waters and Brown, the final revisions—which are designed to simplify and tailor compliance with Section 13 of the Bank Holding Company Act’s restrictions on a bank’s ability to engage in proprietary trading and own certain funds—“open the door to the very risky, speculative activities that Congress sought to prohibit.” Specifically, the letter addresses rollback concerns such as (i) narrowing the definition of a “trading account,” which would weaken the short-term intent prong; (ii) “eliminating metrics reporting”; (iii) “removing activity restrictions on non-U.S. banks”; and (iv) “expanding permitted activity related to covered funds.” Waters and Brown urged the regulators to reconsider their decision to adopt the revisions, and requested that they be provided with the data and metrics used by the regulators during their analysis, as well as the regulators’ justification for “eliminating or reducing the information and data reported by banking entities.”

    Federal Issues Volcker Rule House Financial Services Committee Senate Banking Committee Federal Reserve FDIC OCC SEC CFTC

  • Agencies issue BSA compliance reminder on digital assets

    Fintech

    On October 11, the SEC, Commodity Futures Trading Commission (CFTC), and Financial Crimes Enforcement Network (FinCEN) issued a joint statement to remind persons who engage in digital asset activities or handle cryptocurrency transactions of their anti-money laundering and countering the financing of terrorism (AML/CFT) obligations under the Bank Secrecy Act (BSA). According to the agencies, AML/CFT obligations apply to entities defined as “financial institutions” under the Bank Secrecy Act, which include “futures commission merchants and introducing brokers obligated to register with the CFTC, money services businesses (MSB) as defined by FinCEN, and broker-dealers and mutual funds obligated to register with the SEC.” The obligations include, among other things, (i) establishing and implementing an effective AML program; and (ii) complying with recordkeeping and reporting requirements such as suspicious activity reporting (SARs).

    The agencies note that persons who engage in digital asset-related activities may have AML/CFT obligations regardless of the “label or terminology used to describe a digital asset or a person engaging in or providing financial activities or services involving a digital asset.” According to the agencies, the facts and circumstances underlying the asset or service, “including its economic reality and use,” is what determines how the asset is categorized, the applicable regulatory treatment, and whether the persons involved are financial institution under the BSA.

    Additionally, FinCEN reminded financial institutions of its supervisory and enforcement authority to “ensure the effectiveness of the AML/CFT regime,” emphasizing that persons who provide money transmission services are MSBs subject to FinCEN regulation. FinCEN also referred to its May 2019 interpretive guidance, which consolidated and clarified current FinCEN regulations, guidance, and administrative rulings related to money transmissions involving virtual currency. (Previous InfoBytes coverage here.)

    Fintech Financial Crimes FinCEN Bank Secrecy Act SEC CFTC Anti-Money Laundering Combating the Financing of Terrorism Of Interest to Non-US Persons Virtual Currency

  • CFTC awards $7 million to whistleblower for CEA action

    Securities

    On September 27, the Commodity Futures Trading Commission (CFTC) announced a whistleblower award of approximately $7 million to an individual who reported information that led to a successful Commodity Exchange Act (CEA) enforcement action. The associated order notes that five claimants submitted whistleblower award applications to the CFTC in response to the covered action, but the CFTC provided the award only to claimant one, as that individual voluntarily provided the original information to the Commission. The order does not provide any other significant details about the information provided or the related enforcement action. The CFTC has awarded over $90 million to whistleblowers since the enactment of the Whistleblower Program under the Dodd-Frank Act, and their information has led to more than $730 million in sanctions to date.

    Securities CFTC Whistleblower Dodd-Frank

  • CFTC orders FCM to pay $1.5 million for poor cybersecurity

    Federal Issues

    On September 12, the CFTC issued an order against an Illinois-based futures commission merchant imposing a $1.5 million fine for allegedly failing to protect its systems from cybersecurity threats and not alerting its customers in a reasonable timeframe after a breach occurred. According to the order, the CFTC claims the merchant failed to adequately implement and comply with cybersecurity policies and procedures as well as a written information systems security program, and “policies and procedures related to customer disbursements by its employees.” The CFTC contends that because of these failures the merchant’s email system was breached, which allowed access to customer information and convinced the merchant’s customer service specialist to mistakenly wire $1 million in customer funds. While the merchant approved reimbursement of the funds shortly after discovery, instituted measures to prevent additional fraudulent transfers, and notified regulators the same day, the CFTC alleges it failed to disclosure the breach or the fraudulent wire in a timely manner to current or prospective customers. Under the terms of the order, the merchant must pay a civil money penalty of $500,000 plus post-judgment interest, as well as restitution of $1 million.  The merchant’s previous reimbursement of customer funds when the fraud was discovered was credited against the restitution amount.

    Federal Issues CFTC Enforcement Privacy/Cyber Risk & Data Security Data Breach Civil Money Penalties

Pages

Upcoming Events