Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Fed discusses cybersecurity risk management and emerging threats

    Privacy, Cyber Risk & Data Security

    On July 7, the Federal Reserve Board published its 2022 Cybersecurity and Financial System Resilience Report. Issued pursuant to the Consolidated Appropriations Act, the Fed’s report described measures it has taken to strengthen cybersecurity in the financial services sector. The report identified cybersecurity as a high priority for the Federal Reserve System and Board-supervised institutions and recognized the increasing and evolving nature of cybersecurity threats to the financial system. It delivered an overview of the Fed’s supervisory policies and procedures, which, among other things, require supervised institutions to implement internal controls and information systems appropriate to the size of the institution and to the nature, scope, and risk of its activities. The report explained that examiners’ cybersecurity evaluations consider “the business model and activities conducted by supervised institutions as part of a principles-based supervision program.” According to the Fed, an examination’s scope “is set as part of a multiyear supervisory plan that considers key cybersecurity risks, the industry landscape, and other factors such as emerging technologies.” The Fed explained that as part of these evaluations, “examiners consider business-line controls, risk-management practices, assurance functions, and governance activities performed by the firm’s senior management and board of directors.”

    The report also outlined intergovernmental, international, and public and private sector coordination activities, and included a list of recent actions taken by the Fed and other agencies to promote cybersecurity. Additionally, the report discussed current or emerging threats to financial institutions’ ability to operate and protect customer data, including ransomware, sophisticated distributed denial of service threats, increasing geopolitical tensions, and attacks to supply chains or third parties. Other emerging technology-related cybersecurity threats are also discussed including “[p]otential cybersecurity vulnerabilities in fintech applications,” such as cryptocurrency exchanges, banking applications, and other platforms that provide “threat actors an opportunity to steal funds or data by compromising victims’ computer systems or technology infrastructure used to interact with the products or services.”

    Privacy, Cyber Risk & Data Security Federal Issues Bank Regulatory Federal Reserve Risk Management Examination

    Share page with AddThis
  • Brainard stresses need for crypto regulation

    On July 8, Fed Vice Chair Lael Brainard warned that “[r]ecent volatility has exposed serious vulnerabilities in the crypto financial system.” Speaking before a Bank of England conference, Brainard explained that while crypto-assets are presented as a “fundamental break from traditional finance,” they are still susceptible to leverage, settlement, opacity, and maturity and liquidity transformation risks. The recent bankruptcy of a prominent crypto hedge fund and failed projects in the cryptocurrency space demonstrate that the crypto ecosystem faces many of the same challenges that are well known from traditional finance, she said. Brainard acknowledged that a “digital native form of safe central bank money could enhance stability by providing the neutral trusted settlement layer in the future crypto financial system,” but she also stressed that it is important “that the foundations for sound regulation of the crypto financial system be established now before the crypto ecosystem becomes so large or interconnected that it might pose risks to the stability of the broader financial system.” Novel crypto products often come with new risk factors, she said, adding that it may also be difficult “to distinguish between hype and value.” A strong regulatory framework that imposes “guardrails for safety and soundness, market integrity, and investor and consumer protection will help ensure that new digital finance products, platforms and activities are based on genuine economic value and not on regulatory evasion,” Brainard stated. She also noted that strong regulatory guardrails would also help investors and developers build “a resilient digital native financial infrastructure” and help banks, payments providers, and fintech companies “improve the customer experience, make settlement faster, reduce costs, and allow for rapid product improvement and customization.”

    Bank Regulatory Federal Issues Digital Assets Federal Reserve Cryptocurrency Fintech Risk Management

    Share page with AddThis
  • Fed takes action against bank for flood insurance violations

    On July 7, the Federal Reserve Board announced a civil money penalty against a Massachusetts state bank. In the order, the Fed alleged that the bank violated the National Flood Insurance Act (NFIA) and Regulation H. The order assesses a $17,000 penalty against the bank for an alleged pattern or practice of violations of Regulation H but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.

    Bank Regulatory Federal Issues Federal Reserve Flood Insurance National Flood Insurance Act Regulation H Enforcement

    Share page with AddThis
  • CFPB publishes rulemaking agenda

    Federal Issues

    Recently, the Office of Information and Regulatory Affairs released the CFPB’s spring 2022 rulemaking agenda. According to the preamble, the information in the agenda is current as of April 1, 2022 and identifies regulatory matters that the Bureau “reasonably anticipates having under consideration during the period from June 1, 2022 to May 31, 2023.”

    Key rulemaking initiatives include:

    • Consumer Access to Financial Records. The Bureau notes that it is considering rulemaking to implement section 1033 of the Dodd-Frank Act to address the development and use of standardized formats for information made available to consumers. The Bureau will release materials in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA), in conjunction with the Office of Management and Budget and the Small Business Administration’s Chief Counsel for Advocacy.
    • Amendments to FIRREA Concerning Automated Valuation Models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by the Dodd-Frank Act to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline in February 2022 and estimates in the agenda that the agencies will issue an NPRM in December 2022 (covered by InfoBytes here).
    • Property Assessed Clean Energy Financing. The Bureau issued an ANPR in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions (covered by InfoBytes here). The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act section 307 in May 2023.
    • Small Business Lending Data Collection Under the Equal Credit Opportunity Act. Section 1071 of the Dodd-Frank Act amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. The Bureau issued an NPRM in August 2021, and the comment period ended January 6 (covered by InfoBytes here). The agenda indicates that the Bureau estimates issuance of a final rule in March 2023.
    • Adverse Information in Cases of Human Trafficking Under the Debt Bondage Repair Act. The National Defense Authorization Act amended the FCRA to prohibit consumer reporting agencies from providing reports containing any adverse items of information resulting from human trafficking. In June 2022, the CFPB issued a final rule implementing amendments to the FCRA intended to assist victims of human trafficking (covered by InfoBytes here).

    Federal Issues Agency Rule-Making & Guidance CFPB Dodd-Frank Small Business Lending SBREFA PACE Programs AVMs Bank Regulatory Section 1033 Section 1071 ECOA FCRA OCC Federal Reserve FDIC NCUA FHFA

    Share page with AddThis
  • Agencies release customer relationship and due diligence guidance

    On July 6, the FDIC, Federal Reserve Board, FinCEN, NCUA, and OCC issued a joint statement concerning banks’ risk-based approach for assessing customer relationships and conducting customer due diligence (CDD). Specifically, the joint statement reinforces the agencies’ “longstanding position that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering (ML), terrorist financing (TF), or other illicit financial activity.” Banks are reminded that they must apply a risk-based approach to CDD and adopt appropriate risk-based procedures for conducting ongoing CDD when developing risk profiles of their customers. Because customer relationships present varying levels of ML, TF, and other illicit financial activity risks, the agencies advised banks to, among other things, (i) understand the nature and purpose of customer relationships; and (ii) “conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”

    Additionally, banks that comply with applicable Bank Secrecy Act/anti-money laundering (BSA/AML) legal and regulatory requirements and effectively manage and mitigate risks related to the unique characteristics of customer relationships, “are neither prohibited nor discouraged from providing banking services to customers of any specific class or type,” the agencies said, adding that “as a general matter” they will not direct banks to open, close, or maintain specific accounts as they “recognize that banks choose whether to enter into or maintain business relationships based on their business objectives and other relevant factors, such as the products and services sought by the customer, the geographic locations where the customer will conduct or transact business, and banks’ ability to manage risks effectively.” Banks are encouraged “to manage customer relationships and mitigate risks based on customer relationships, rather than decline to provide banking services to entire categories of customers.”

    The joint statement is applicable to all customer types referenced in the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, as well as to those not specifically addressed in the manual. These include “independent automated teller machine owners or operators, nonresident aliens and foreign individuals, charities and nonprofit organizations, professional service providers, cash intensive businesses, nonbank financial institutions, and customers the bank considers politically exposed persons.” The agencies reiterated that the joint statement does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. Moreover, the FFIEC BSA/AML Examination Manual does not establish requirements for banks, nor should the inclusion of sections on specific customer types be interpreted as a signal that certain customer types present uniformly higher risk.

    Bank Regulatory Financial Crimes Federal Issues Agency Rule-Making & Guidance Federal Reserve FDIC OCC NCUA FinCEN Risk Management Customer Due Diligence Terrorist Financing Illicit Finance FFIEC

    Share page with AddThis
  • Agencies list distressed middle-income areas

    On July 1, the FDIC, Federal Reserve Board, and the OCC released the 2022 list of distressed or underserved nonmetropolitan middle-income geographies where revitalization or stabilization activities are eligible to receive Community Reinvestment Act (CRA) consideration. The agencies designated the identified distressed or underserved nonmetropolitan middle-income geographies in accordance with their CRA regulations that continue to “reflect local economic conditions, including unemployment, poverty, and population changes.” As previously covered by InfoBytes, the agencies released a joint Notice of Proposed Rulemaking (NPRM) in May to update how CRA activities qualify for consideration, where CRA activities are considered, and how CRA activities are evaluated. Under the CRA, banks are encouraged to help meet the credit needs of the local communities in which they are chartered, including low- and moderate-income neighborhoods. The agencies will receive comments on the NPRM through August 5.

    Bank Regulatory Federal Issues OCC FDIC Federal Reserve Underserved CRA

    Share page with AddThis
  • Yellen stresses importance of stablecoin regulatory framework

    Federal Issues

    On June 30, U.S. Treasury Secretary Janet Yellen discussed stablecoin risks during a meeting of principals representing the President’s Working Group (PWG) on Financial Markets in addition to the OCC, FDIC, and the CFPB, where she reiterated her call for a regulatory framework for stablecoins. Participants discussed developments since the release of a stablecoin report issued by the PWG, OCC, and FDIC last November (covered by InfoBytes here). The report noted that stablecoins may be more widely used in the future as a means of payment, which Yellen said at the time could increase “risks to users and the broader system.” The report also recommended that Congress promptly enact legislation to address the risks of payment stablecoins and ensure that payment stablecoins and payment stablecoin arrangements are subject to consistent and comprehensive federal oversight.

    According to Treasury’s readout, Yellen “emphasized how recent events have underscored the urgent need to ensure that stablecoin arrangements are subject to a federal framework on a consistent and comprehensive basis” and “highlighted the need to continue to constructively engage in serious legislative efforts to promptly put in place a regulatory framework for stablecoins that would address current and future risks, such as those related to runs, safety and soundness, consumer protection, the payment system, and the concentration of economic power, while complementing existing authorities with respect to market integrity, investor protection, and illicit finance.” She also “commended the steps that individual agencies have taken within the scope of their mandates and authorities.”

    Federal Issues Bank Regulatory Digital Assets Fintech Department of Treasury FDIC OCC CFPB Stablecoins

    Share page with AddThis
  • Agencies release host state loan-to-deposit ratios

    On June 28, the FDIC, Federal Reserve Board, and OCC (collectively, "the agencies") released the current host state loan-to-deposit ratios for each state or territory, which the agencies use to determine compliance with Section 109 of the Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994 (Interstate Act). Under the Interstate Act, banks are prohibited from establishing or acquiring branches outside of their home state for the primary purpose of deposit production. Branches of banks controlled by out-of-state bank holding companies are also subject to the same restriction. Determining compliance with Section 109 requires a comparison of a bank’s estimated statewide loan-to-deposit ratio to the estimated host state loan-to-deposit ratio. If a bank’s statewide ratio is less than one-half of the published host-state ratio, an additional review is required by the appropriate agency, which involves a determination of whether a bank is reasonably helping to meet the credit needs of the communities served by the bank’s interstate branches.

    Bank Regulatory Federal Issues OCC FDIC Bank Compliance Federal Reserve Riegle-Neal Act

    Share page with AddThis
  • Fed to implement new Fedwire message format in March 2025

    On June 27, the Federal Reserve Board announced the final timeline and implementation details for the adoption of the International Organization for Standardization’s (ISO) 20022 message format for its Fedwire Funds Service—a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds. (See notice here.) The final details are “broadly similar” to the Fed’s proposal issued last October (covered by InfoBytes here). The Fed confirmed that ISO 20022 will be adopted on a single day as previously proposed instead of in three separate phases. Additionally, the Fed extended the implementation timeframe from a target date of November 2023 to March 10, 2025, based on comments received in response to the initial proposal. The Fed also provided information concerning its revised testing strategy and backout strategy, as well as other details concerning the implementation of the new message format.

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance Federal Reserve Payments Payment Systems Federal Reserve Banks

    Share page with AddThis
  • OCC releases report on mortgage performance

    On June 27, the OCC released its quarterly mortgage metrics report, which presents performance data for the first quarter of 2022 for loans that reporting banks own or service for others as a fee-based business. The first-lien mortgages included in the OCC’s quarterly report comprise 22 percent of all residential mortgage debt outstanding in the U.S., or approximately 12.2 million loans totaling $2.6 trillion in principal balances. The report, among other things, found that the performance of first-lien mortgages in the federal banking system improved during the first quarter of 2022. According to the report, 96.9 percent of mortgages were current and performing at the end of the quarter. The percentage of seriously delinquent mortgages was 1.8 percent in the first quarter of 2022, compared to 2.3 percent in the prior quarter. However, foreclosures increased compared to the prior quarter and a year earlier as pandemic-related accommodations wound down, with servicers initiating 19,524 new foreclosures in the first quarter of 2022.

    Bank Regulatory Federal Issues OCC Mortgages Foreclosure

    Share page with AddThis