Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC issues draft principles on climate risk management

    On March 30, the FDIC announced a request for comment on draft principles, which provide a high-level framework for the safe and sound management of exposures to climate-related financial risks. The principles are intended for the largest financial institutions (those with over $100 billion in total consolidated assets), though the announcement notes that all financial institutions, regardless of size, can have material exposures to climate-related financial risks. The topics covered by the principles include: (i) governance; (ii) policies, procedures, and limits; (iii) strategic planning; (iv) risk management; (v) data, risk measurement, and reporting; and (vi) scenario analysis. The draft principles also highlight management of risk areas. Comments close 60 days after publication in the Federal Register. In a statement, acting FDIC Chairman Martin Gruenberg said the key principles are “an initial step toward the promotion of a consistent understanding of the effective management of climate-related financial risks.”

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance FDIC Climate-Related Financial Risks Federal Register

  • SEC proposes climate risk disclosures


    On March 21, the SEC announced a proposed rule to require registrants to disclose certain climate-related information in their registration statements and periodic reports. According to the proposed rule, a registrant must disclose, among other things, information regarding its direct and certain indirect emissions of greenhouse gas (GHG). The GHG emissions disclosure proposals “would provide investors with decision-useful information to assess a registrant’s exposure to, and management of, climate-related risks, and in particular transition risks.”

    The proposed rule also establishes that accelerated filers and large accelerated filers would be required to include an attestation report from an independent attestation service provider covering certain emissions disclosures, with a phase-in over time, to promote the reliability of GHG emissions disclosures for investors. The proposed rule further noted additional disclosure requirements for registrants that have made a so-called net-zero commitment or adopted a plan to reduce their GHG footprint or exposures.

    The same day, the SEC released a Fact Sheet on the proposed rule, which summarized the content of the proposed disclosure and presentation and attestation requirements, among other things. According to a statement released by SEC Chair Gary Gensler, the proposed rule will “provide investors with consistent, comparable, and decision-useful information for making their investment decisions and would provide consistent and clear reporting obligations for issuers.” However, a statement released by SEC Commissioner Hester M. Peirce took a different view, stating that the proposed amendments would “turn[] the disclosure regime on its head” and noting that some elements are “missing,” such as “[a] credible rationale for such a prescriptive framework when our existing disclosure requirements already capture material risks relating to climate change;[a] materiality limitation; [and] [a] compelling explanation of how the proposal will generate comparable, consistent, and reliable disclosures.” Treasury Secretary Janet L. Yellen also released a statement commending the proposal and the SEC, calling the effort “an important step to protect investors and strengthen the overall resilience of the financial system.”

    Comments on the proposal are due 30 days after publication in the Federal Register, or 60 days after the date of issuance and publication on, whichever period is longer.

    Securities Agency Rule-Making & Guidance SEC Climate-Related Financial Risks Department of Treasury Federal Register Risk Management Disclosures

  • OCC issues final rule for granting exemptions to SAR requirements

    On March 16, the OCC issued a final rule amending its suspicious activity report (SAR) regulations. The rule sets out a process for national banks and federal savings associations to request exemptions from the OCC’s SAR requirements. To request exemption under the final rule, national banks or federal savings associations, including federal branches and agencies of foreign banks, must submit a request in writing to the OCC. The agency “will consider whether the exemption is consistent with the purposes of the [Bank Secrecy Act] and with safe and sound banking and may consider any other appropriate factors.” Where required, institutions must separately seek an exemption from FinCEN, and the OCC intends to coordinate with FinCEN on such requests. The final rule will also allow “the OCC to facilitate changes required by the Anti-Money Laundering Act of 2020" and “will make it possible for the OCC to grant relief to national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.”

    Bank Regulatory Federal Issues Financial Crimes Agency Rule-Making & Guidance OCC SARs Federal Register Of Interest to Non-US Persons Bank Secrecy Act Anti-Money Laundering Anti-Money Laundering Act of 2020 FinCEN Bank Compliance

  • Fed reshaping “novel institutions” guidelines

    On March 1, the Federal Reserve Board announced that it is soliciting comments on a supplement to a previous proposal intended to ensure that the Fed’s banks utilize a transparent and consistent set of factors when reviewing requests to access Federal Reserve Bank accounts and payment services. The framework, which builds on a proposal from May 2021 (covered by InfoBytes here), would establish a three tier system. Tier 1 would consist of eligible institutions that are federally-insured, and would be “subject to a less intensive and more streamlined review.” Tier 2 would consist of certain eligible institutions or holding companies that are not federally-insured but subject to prudential supervision, and would generally receive an “intermediate” level of review. Tier 3 would consist of eligible institutions that are “not federally insured and not subject to prudential supervision by a federal banking agency at the institution or holding company level,” and, given their potential higher risk, “would be subject to the strictest level of review.” Comments close 45 days after publication in the Federal Register.

    Bank Regulatory Agency Rule-Making & Guidance Federal Reserve Federal Reserve Banks Federal Register Payments Fintech

  • FCC launches inquiry to reduce cyber risks

    Privacy, Cyber Risk & Data Security

    On February 25, the FCC adopted a Notice of Inquiry proposed by FCC Chairwoman Jessica Rosenworcel that would launch an inquiry into the vulnerabilities of the internet’s global routing system, in response to the increasing risk of cyberattacks stemming from Russia’s invasion of Ukraine. The adopted inquiry solicits public comments on vulnerabilities threatening the security and integrity of the Border Gateway Protocol, which is central to the global routing of internet traffic. The inquiry also intends to evaluate how these security risks could impact the transmission of data through email, e-commerce, and bank transactions to interconnected Voiceover Internet Protocol and 911 calls and how best to address any identified challenges. Comments are due 30 days after publication in the Federal Register, with replies due 30 days later.

    Privacy/Cyber Risk & Data Security FCC Russia Ukraine Ukraine Invasion Federal Register

  • FHFA finalizes enterprise regulatory capital framework

    Agency Rule-Making & Guidance

    On February 25, FHFA announced a final rule, which amends the Enterprise Regulatory Capital Framework (ERCF) by refining the prescribed leverage buffer amount (leverage buffer) and risk-based capital treatment of retained credit risk transfer (CRT) exposures for Fannie Mae and Freddie Mac (collectively, GSEs). Among other things, the final rule: (i) replaces the fixed leverage buffer equal to 1.5 percent of a GSE's adjusted total assets with a dynamic leverage buffer equal to 50 percent of the GSE's stability capital buffer; (ii) replaces the prudential floor of 10 percent on the risk weight assigned to any retained CRT exposure with a prudential floor of 5 percent on the risk weight assigned to any retained CRT exposure; and (iii) removes the requirement that a GSE must apply an overall effectiveness adjustment to its retained CRT exposures in accordance with the ERCF’s securitization framework. Additionally, the final rule implements technical corrections to provisions of the ERCF that were published in December 2020. (Covered by InfoBytes here.) The ERCF amendments and technical corrections will be effective 60 days after publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues GSE FHFA Fannie Mae Freddie Mac Federal Register

  • NIST to update cybersecurity framework with a focus on supply chain risk

    Privacy, Cyber Risk & Data Security

    On February 22, the National Institute of Standards and Technology (NIST) published a notice and request for information (RFI) in the Federal Register seeking information to assist in the evaluation and improvement of the agency’s “Framework for Improving Critical Infrastructure Cybersecurity,” as well as other existing and potentials standards related to supply chain cybersecurity. NIST stated it is considering updating the framework (last updated in 2018) to account for the changing landscape of cybersecurity risks, technologies, and resources, and noted that it recently announced it intends to launch the National Initiative for Improving Cybersecurity in Supply Chains (NIICS) to address cybersecurity risks in this space. Responses to the RFI will help to inform the direction of the NIICS, including how it may be integrated and aligned with the framework. NIST explained that the framework outlines standards and guidance for private and public sector companies on how to prevent and respond to cyber threats. Acknowledging that much has changed in the cybersecurity landscape since the framework was last updated, including an increased awareness and emphasis on supply chain cybersecurity risks, the RFI seeks information that will support the identification and prioritization of supply chain-related cybersecurity needs across sectors. Among other things, NIST is interested in: the usefulness of the framework for managing risks; the relationship of the framework to other NIST risk management resources; and how companies manage security risks to their software supply chains and whether this area of increasing concern should be incorporated into the framework or whether a new, separate framework focusing on cybersecurity supply chain risk management might be more valuable. Comments are due April 25.

    Privacy/Cyber Risk & Data Security NIST Agency Rule-Making & Guidance Federal Register Risk Management Supply Chain

  • OFAC removes Burundi sanctions regulations

    Financial Crimes

    On February 10, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a final rule to remove the Burundi Sanctions Regulations. According to OFAC, the action is being taken “because the national emergency on which part 554 was based was terminated by the President on November 18, 2021.” The final rule took effect on February 11.

    Financial Crimes OFAC Federal Register Burundi Of Interest to Non-US Persons OFAC Sanctions Department of Treasury

  • VA establishes threshold for reporting VA debts to CRAs

    Agency Rule-Making & Guidance

    On February 2, the Department of Veterans Affairs published a final rule in the Federal Register amending its regulations around the conditions by which VA benefits debts or medical debts are reported to consumer reporting agencies (CRAs), and creating a methodology for determining a minimum threshold for debts reported to the CRAs. According to the VA, approximately 5,000 delinquent accounts are reported monthly to credit bureaus, and, in many cases, veterans complained about the loss of security clearance or an inability to obtain credit or rental housing. In amending the rule, the VA acknowledged that certain debts, such as medical debts, “are fundamentally different than consumer debt.” Under the new rule, debts are to be reported to a credit bureau if (i) they are considered to be “currently not collectible,” meaning the VA has exhausted available debt collection efforts; (ii) the debt is not owed by someone who has been determined to be catastrophically disabled or has a gross household income below a certain amount; and (iii) the debt owed is over $25. The rule is effective March 4.

    On February 7, the CFPB published a blog highlighting the changes that the VA made in its final rule. Among other things, the blog discussed changes to VA’s debt collection practices, protections against surprise medical bills, and getting help with medical bills.

    Agency Rule-Making & Guidance Federal Register Department of Veterans Affairs Consumer Reporting Agency Debt Collection CFPB Consumer Finance

  • CFPB releases regulatory agenda

    Federal Issues

    On January 31, the CFPB released its semiannual regulatory agenda in the Federal Register, as part of the Fall 2021 Unified Agenda of Federal Regulatory and Deregulatory Actions. According to the CFPB, it “reasonably anticipates having the regulatory matters identified below under consideration during the period from November 1, 2021 to October 31, 2022.” The next agenda will be published in Spring 2022, which will update the recently released agenda through Spring 2023. Among other things, the agenda noted that the Bureau made “significant progress” on the implementation of Section 1071 of the Dodd-Frank Act, which covers banks’ collection, reporting, and disclosure of information on credit applications made by women-owned, minority-owned, and small businesses. Other highlights of the agenda include the Bureau’s: (i) continued collaboration with other federal agencies on regulations for automated valuation models under the FIRREA amendments to Dodd-Frank; (ii) expectation to issue a final rule on the transition away from the LIBOR index, which aims to ensure that loans tied to LIBOR are transitioned “in an orderly, transparent, and fair manner”; (iii) assessment of a rule implementing HMDA; (iv) work on regulations for PACE financing and its “continu[ed] engagement with stakeholders and collect information” from a Advance Notice of Proposed Rulemaking, issued in March 2019 (covered by InfoBytes here); and (v) continued monitoring of consumer financial product markets and creation of working groups to focus on specific markets for potential future rulemakings.

    Federal Issues Agency Rule-Making & Guidance CFPB Dodd-Frank FIRREA HMDA AVMs Section 1071 Federal Register LIBOR


Upcoming Events