InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Financial Services Committee Republicans ask Fed for clarification on CBDC
On September 7, Republican members of the House Financial Services Committee submitted a letter to Federal Reserve Vice Chair Lael Brainard in response to a May hearing examining the potential impact of a Central Bank Digital Currency (CBDC). The letter, among other things, requested that Brainard provide her testimony regarding the Fed’s authority under the Federal Reserve Act to issue a CBDC (and without separate specific authorizing federal legislation). Specifically, the members requested that Brainard clarify: (i) the Fed’s motivation for issuing a CBDC; (ii) the need for Congress to support a Fed-issued CBDC; (iii) the Fed’s position on individual retail accounts at the Fed; (iv) the need for Congress to authorize an intermediated CBDC model; and (v) the need for “strong support” from the Executive Branch. The members asked for a response in writing by September 30.
OCC issues expectations for protecting non-public information
On September 7, the OCC issued Bulletin 2022-21, Information Security: Expectations for Protecting Non-public OCC Information on Institution- or Other Non-OCC-Owned or Managed Video Teleconferencing Services, outlining its expectations for protecting non-public OCC information shared on video teleconferencing services that are operated or managed by an institution or any other party. The OCC reiterated that banks and other parties in possession of such information are prohibited from disclosure without the agency’s prior approval, except under certain limited circumstances. Further, the prohibition extends to the disclosure of information displayed, processed, stored, or transmitted by information systems, including video teleconferencing services. The Bulletin states that non-public OCC information is the property of the OCC and includes, among other things: (i) “OCC reports of examination, including ratings such as CAMELS and the Uniform Rating System for Information Technology ratings”; (ii) “supervisory correspondence”; (iii) “institution responses to supervisory correspondence”; (iv) “investigatory files”; and (v) “certain enforcement-related information, including matters requiring attention.” The OCC also listed several security expectations for any videoconference in which non-public OCC information will be communicated, which includes using an encrypted connection, moderating the meetings, making no recordings or transcriptions, and ensuring the videoconference service is securely configured and routinely patched to protect against cyber intrusion and data loss.
Fed vice chair for supervision outlines future priorities
On September 7, Federal Reserve Board Vice Chair for Supervision Michael Barr laid out his goals for making the financial system safer and fairer during a speech at the Brookings Institution, highlighting priorities related to risk-focused capital frameworks and bank resiliency, mergers and acquisitions, digital assets and stablecoins, climate-related financial risks, innovation, and Community Reinvestment Act modernization plans. Addressing issues related to resolvability, Barr signaled that the Fed would begin “looking at the resolvability of some of the other largest banks [in addition to globally systemically important banks] as they grow and as their significance in the financial system increases.” With respect to bank mergers, Barr commented that “the advantages that firms seek to gain through mergers must be weighed against the risks that mergers can pose to competition, consumers and financial stability.” He said he plans to work with Fed staff to assess how the agency performs merger analysis and whether there are areas for improvement. Barr also discussed financial stability risks posed by new forms of private money created through stablecoins and stressed that Congress should work quickly to enact legislation for bringing stablecoins (especially those intended to serve as a means of payment) within the prudential regulatory perimeter. He added that the Fed plans to make sure that the crypto activity of supervised banks “is subject to the necessary safeguards that protect the safety of the banking system as well as bank customers,” and said “[b]anks engaged in crypto-related activities need to have appropriate measures in place to manage novel risks associated with those activities and to ensure compliance with all relevant laws, including those related to money laundering.”
Hsu focusing on fintech partnerships, crypto activities
On September 7, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the TCH + BPI Annual Conference in New York where he provided an update on agency priorities related to “guarding against complacency, addressing inequality, adapting to digitalization, and managing climate-related risk.” Among other things, Hsu’s prepared remarks highlighted the fact that while the banking industry needs to adapt to digitalization, it is important to maintain a “careful and cautious” approach to cryptocurrency activities. He referred to OCC Interpretive Letter 1179 (covered by InfoBytes here), which clarifies that national banks and federal savings associations should not engage in certain crypto activities unless they are able to “demonstrate, to the satisfaction of its supervisory office, that [they have] controls in place to conduct the activity in a safe and sound manner.” Hsu further noted in his remarks that the regulators’ careful and cautious approach helps explain, at least in part, why the federally-regulated banking system has been largely unaffected by the recent failure of several crypto platforms.
Hsu also stressed the need to develop a better understanding of bank-fintech arrangements, stressing that these partnerships are growing at an exponential rate and are becoming more complicated. While “[t]echnological advances can offer greater efficiencies to banks and their customers[,] [t]he benefit of those efficiencies… are lost if a bank does not have an effective risk management framework, and the effect of substantial deficiencies can be devastating,” Hsu said. He added that the OCC is “currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes” to “enable a clearer focus on risks and risk management expectations,” and stated that the agency is coordinating with other regulators to make sure there is “a shared understanding of how the financial system is evolving and that regulatory arbitrage and races to the bottom are minimized.” During his speech, Hsu also touched upon topics related to climate-related risks, economic inequality and structural barriers to financial inclusion, and the importance of maintaining strong risk management discipline.
OCC releases strategic plan
On September 6, the OCC released its draft FY 2023-2027 strategic plan, which focuses on “the agency’s approach to achieve three strategic goals and fulfill its mission to ensure that national banks and federal savings associations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations.” The OCC noted that it will invest in its people, operations, processes, and technology to meet strategic goals for FY 2023-2027 that focus on (i) agility and learning; (ii) credibility and trust; and (iii) leading on supervision in an evolving banking system. Other priorities outlined in the strategic plan include promoting an organizational culture that seeks workforce diversity inclusive of thought, experiences, and knowledge, bringing multiple perspectives on issues, and enhancing an adaptive mindset and culture of continuous learning. The OCC noted that the strategic plan will promote the strengthening and modernizing of community banks, with a focus on small businesses and underserved communities. In particular, the plan directs the agency to develop guidance and outreach to facilitate community banks’ digital transition, minimize the regulatory burden on banks as much as possible, and facilitate de novo community bank activity to reach unbanked and underbanked customers.
OCC orders bank to improve oversight of fintech partnerships
Recently, a national bank disclosed an agreement reached with the OCC that requires the bank to improve its oversight and management of third-party fintech partnerships. According to an SEC filing, the OCC found unsafe or unsound practices related to the bank’s third-party risk management, Bank Secrecy Act (BSA)/anti-money laundering risk management, suspicious activity reporting, and information technology control and risk governance. Under the terms of the agreement, the bank must, within 10 days of the agreement, appoint a compliance committee comprised mostly of members from outside the bank to meet at least quarterly and provide progress reports outlining the results and status of the mandated corrective actions. Within 60 days of the agreement, the bank must also adopt and implement guidelines for assessing risks posed by third-party fintech partnerships and address how the bank “identifies and assesses the inherent risks of the products, services, and activities performed by the third-parties, including but not limited to BSA, compliance, operational, liquidity, counterparty and credit risk as applicable.” Additionally, the bank must establish criteria for their board of directors' review and approval of third-party fintech relationship partners, as well as how it will assess “BSA risk for each third-party fintech relationship partner, including risk associated with money laundering, terrorist financing, and sanctions risk as well as the third-party’s processes for mitigating such risks and complying with applicable laws and regulations.” The agreement also requires due diligence, monitoring, and contingency plan measures.
The agreement further stipulates that the bank’s board and management shall, within 90 days, (i) set up written BSA risk assessment guidelines; (ii) adopt an independent audit program; (iii) implement expanded risk-based policies, procedures, and processes to obtain and analyze appropriate customer due diligence, enhanced due diligence, and beneficial ownership information, including for fintech businesses; (iv) develop and adhere to a set of standards to ensure timely suspicious activity monitoring and reporting; and (v) establish a program to assess and manage the bank’s information technology activities, including those conducted by third-party partners. The bank must also conduct a suspicious activity review lookback within 30 days.
Hsu discusses challenges facing community banks
On September 1, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the Texas Bankers Association in Dallas focusing on the importance of community banks and the challenges and opportunities of digitalization. In his remarks, Hsu emphasized the OCC’s commitment to community banks, noting that more than 85 percent of the charters that the OCC supervises are community banks, which total nearly 900 individual institutions. He said that the OCC seeks to support community banks in five areas: (i) assessments; (ii) de novo licensing; (iii) risk-based supervision; (iv) local presence and national perspective; and (v) regulation. In particular, Hsu said the OCC is working to provide increased support for community banks by streamlining the licensing process for de novo banks and updating its approach to risk-based supervision. Hsu noted that the recent reduction in assessments is part of an effort by regulators to encourage community banks to invest in digital technologies. He stated that his “experiences in the 2008 financial crisis taught [him] about the disastrous consequences that can result from an unlevel playing field where regulatory arbitrage and races to the bottom are allowed to fester.” He added that while he has been at the OCC, the agency has been “requiring fintechs seeking a bank charter to be subject to the same requirements as all national banks and we are engaging with our peer agencies to limit regulatory arbitrage.” Hsu also noted that in order to “level the playing field,” the OCC will make a 40 percent reduction in assessment fees on a bank's first $200 million in assets and a 20 percent reduction on bank assets between $200 million and $20 billion. Hsu said that the cuts will result in a $41.3 million reduction in assessments for community banks in 2023. Hsu explained that “[t]he purpose of this adjustment is to level the playing field with the cost of supervision compared to state community bank charters, and that “[t]he recalibration will not reduce the quality of OCC supervision or the resources available to community banks.” Hsu mentioned that he is “hopeful” that the reduction gives community banks “extra breathing space and capacity to invest and seize opportunities related to digitalization, compliance, cybersecurity, and personnel.”
FDIC updates risk management, consumer compliance examination policies
Recently, the FDIC updated Section 2.1 of its Risk Management Manual of Examination Policies related to capital. The FDIC noted that since capital adequacy assessments are central to the supervisory process, examination staff “evaluate all aspects of a financial institution’s risk profile and activities to determine whether its capital levels are appropriate and in compliance with minimum regulatory requirements.” This includes examining a financial institution’s capital ratios, risk-weighted assets, regulatory capital requirements, community bank leverage ratios, capital adequacy (including liquidity, earnings, and market risk), and adherence to laws and regulations. The FDIC also announced updates to the Privacy—Telephone Consumer Protection Act section within its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for FDIC examination staff evaluating financial institutions’ compliance with federal consumer protection laws and regulations.
DOJ weighs in on FDIC chair’s powers
Recently, the assistant attorney general for the DOJ’s Office of Legal Counsel opined that the chairperson of the FDIC cannot prevent a majority of the agency’s Board of Directors from presenting items for a vote and decision. The DOJ’s opinion follows a December 2021 conflict among members of the FDIC Board of Directors related to a joint request for information seeking public comment on revisions to the FDIC’s framework for vetting proposed bank mergers. Shortly after the announcement was issued, the FDIC released a statement disputing that any action had been approved. FDIC board member, and CFPB Director, Rohit Chopra released a follow-up statement challenging the view that only the FDIC chairperson has the right to raise matters for discussion in Board meetings, and called for “immediate[]” resolution of the conflict, stating that “[a]bsent a return to legal reality and constructive engagement, board members will need to take further steps to exercise independence from management and to ensure sound governance of the [FDIC].” (Covered by InfoBytes here.)
The DOJ wrote in the opinion that “[t]here is no general or specific source of authority in the [Federal Deposit Insurance Act (FDIA)] that can be read as permitting the Chairperson to prevent a majority of the Board from exercising its statutory responsibilities or otherwise making decisions for the FDIC.” The opinion stated that the FDIA gives the Board “broad governance and decision-making authority” and clarified that while the “power to present matters for Board vote and decision is not explicitly addressed by the Act[,] . . . the Board, not the Chairperson, has the authority to determine how the FDIC should exercise its substantive powers.” Furthermore, the opinion emphasized that the FDIA authorizes the Board to “prescribe bylaws ‘regulating the manner in which its general business may be conducted’ and to prescribe ‘such rules and regulations as it may deem necessary.’” According to the opinion, nothing in the FDIA “can be read as authorizing the Chairperson to prevent a majority of the Board from presenting items to the Board for a vote and decision, and, as far as we are aware, no one has ever taken the position that the [FDIA] authorizes the Chairperson to do so.”
While the opinion emphasized that it does not have the authority “to provide more than a general response,” it stated that the FDIC Bylaws mirror the FDIA in providing that “[t]he management of the [FDIC] shall be vested in the Board of Directors, which shall have all powers specifically granted by the provisions of the [FDIA] and other laws of the United States and such incidental powers as shall be necessary to carry out the powers so granted.” The opinion agreed with the current Board majority’s interpretation “that the delegations of authority to the Chairperson in the Bylaws are best understood as preserving the power of a Board majority to present items for Board decision and vote.” The DOJ noted, however, “that the current Board majority’s understanding of its Bylaws may not be the only possible interpretation,” and pointed out that the FDIC Bylaws can be amended “to eliminate any uncertainty about questions such as the one at issue here.”
The DOJ’s opinion prompted a critical response from House Financial Services Committee Ranking Member Patrick McHenry (R-NC), who said that the “newly released opinion from the Office of Legal Counsel does not change the fact that Democrats’ power grab at the FDIC upended an 88-year tradition of considering the Chair’s agenda on a collegial basis” and pledged that “House Republicans will not be deterred from our investigations into the lawless tactics of rogue Democrat regulators.”
Fed’s FedNow instant-payments platform to launch mid-2023
On August 29, the Federal Reserve Board announced that its FedNow service will launch mid-year 2023, targeting May to July as the production rollout window for the anticipated instant-payments platform. The FedNow pilot program is scheduled to enter technical testing in September with more than 120 organizations taking part. As covered by a Buckley Special Alert, in May, the Fed issued a final rule for its FedNow service that offers more clarity on how the platform will work. According to the Fed, the FedNow service will be accessible to financial institutions of any size to help expand the reach of instant payments to communities nationwide. FedNow pilot program participants “will complete a certification process to ensure operational and messaging readiness and then move into production once the service is launched,” the Fed said, noting that as the pilot program moves into the testing phase, it will engage non-pilot financial institutions and service providers interested in being early adopters.
“Just as the Federal Reserve has made a substantial commitment to our new instant payment infrastructure, we are calling on industry stakeholders to do the same,” Fed Vice Chair Lael Brainard said during a speech at the FedNow Early Adopter Workshop. “The shift to real-time payment infrastructure requires a focused effort, but the shift is inevitable. The time is now for all key stakeholders—financial institutions, core service providers, software companies, and application developers—to devote the resources necessary to support instant payments.”