Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Brainard addresses financial institutions’ role in tackling climate change

    Federal Issues

    On February 18, Federal Reserve Governor Lael Brainard spoke before the 2021 Institute of International Finance U.S. Climate Finance Summit to discuss the role financial institutions play in addressing the challenges of climate change. Noting that both physical risks from climate shifts and transition risks resulting from a shift to a low-carbon economy “create both risks and opportunities for the financial sector,” Brainard stressed that “[f]inancial institutions that do not put in place frameworks to measure, monitor, and manage climate-related risks could face outsized losses on climate-sensitive assets caused by environmental shifts, by a disorderly transition to a low-carbon economy, or by a combination of both.” She emphasized that financial institutions should engage in robust risk management, scenario analyses, and forward planning to ensure they can withstand such climate-related risks and support the transition to a low-carbon economy.  

    Brainard also emphasized that given the uncertainty in estimating climate risks, a scenario analysis that takes into account climate-related physical and transition risks and their potential effects on individual firms and the financial system as a whole “may be a helpful tool to assess the microprudential and macroprudential implications of climate-related risks under a wide range of assumptions.” However, Brainard clarified that a scenario analysis is distinct from a regulatory stress test, adding that “[i]t will be important to. . .consider how stress testing and scenario analysis may complement one another.” While acknowledging that a highly prescriptive approach to model development and scenario analysis may not be the most effective way to ensure financial institutions are prepared for the possible impacts of climate change and that “leverag[ing] a range of complementary approaches being developed in both the private and the public sectors” may produce more robust outcomes, Brainard noted that “we should strive for an appropriate balance that allows for innovation and learning across the public and private sectors, iterating in the most effective way possible.”

    Federal Issues Federal Reserve Climate-Related Financial Risks Bank Regulatory

    Share page with AddThis
  • FDIC announces first-ever chief innovation officer


    On February 16, the FDIC announced the appointment of Sultan Meghji as the agency’s first Chief Innovation Officer. Prior to the FDIC, Meghji was the co-founder of a financial technology firm that provides, “secure, cloud-native, artificial intelligence-based software for community banks and credit unions.” Additionally, Mr. Meghji served as an advisor to the U.S. Treasury, the Group of Seven (G7), the OCC, and the FBI in the areas of cybersecurity, quantum computing, and artificial intelligence. In accepting the position, Meghji stated that his mission “is to engage both public and private sector partners to ensure the financial system of the future is innovative, resilient, and equitable.”

    Fintech FDIC Bank Regulatory

    Share page with AddThis
  • NYDFS announces cybersecurity fraud alert

    State Issues

    On February 16, NYDFS issued a cybersecurity fraud alert to regulated entities describing a “widespread cybercrime campaign” designed to steal nonpublic private consumer information (NPI) from public-facing websites and use the stolen NPI to fraudulently apply for pandemic and unemployment benefits. NYDFS states that it has received reports from several regulated entities of “successful or attempted data theft” from websites providing instant rate quotes such as auto insurance rates, noting that even if NPI is redacted, “hackers have shown that they are adept at stealing the full unredacted NPI.” NYDFS advises regulated entities to review security controls for public-facing websites that display or transmit NPI (even redacted NPI), and reminds entities of their obligations under the state’s cybersecurity regulation to promptly report the theft of consumers’ NPI. (See InfoBytes coverage on NYDFS’ cybersecurity regulation here.) The cybersecurity fraud alert furthers NYDFS’ commitment to improving cybersecurity protections for both consumers and the industry, and follows an enforcement action taken last year alleging cybersecurity regulation violations (see InfoBytes coverage of NYDYS’ complaint against a title insurer for allegedly failing to safeguard mortgage documents here), as well as the regulator’s recently issued cybersecurity insurance framework (covered by InfoBytes here).

    State Issues NYDFS Privacy/Cyber Risk & Data Security State Regulators Data Breach 23 NYCRR Part 500 Bank Regulatory

    Share page with AddThis
  • OCC says storm-affected banks may close

    Federal Issues

    On February 16, the OCC issued a proclamation permitting OCC-regulated institutions, at their discretion, to close offices affected by Winter Storm Uri “for as long as deemed necessary for bank operation or public safety.” The proclamation directs institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions. According to the 2012 Bulletin, only bank offices directly affected by potentially unsafe conditions should close and institutions should make every effort to reopen as quickly as possible to address customers’ banking needs.

    Find continuing InfoBytes coverage on disaster relief here.

    Federal Issues OCC Disaster Relief Bank Regulatory

    Share page with AddThis
  • OCC issues LIBOR self-assessment tool

    Federal Issues

    On February 10, the OCC issued Bulletin 2021-7, which provides a self-assessment tool for banks to evaluate their preparedness for the LIBOR cessation. The Bulletin reminds banks that they should “develop and implement risk management plans to identify and control risks related to expected [LIBOR] cessation,” and that banks are expected to cease entering into new contracts using LIBOR as a reference rate by December 31, 2021. The self-assessment tool may be used by banks to identify and mitigate the bank’s transition risks, and management should use the tool to “consider all applicable risks (e.g., operational, compliance, strategic, and reputation) when scoping and completing [LIBOR] cessation preparedness assessments.” Not all sections of the tool will apply to all banks, based on the size and complexity of the bank’s LIBOR exposure.

    Continuing InfoBytes coverage on the LIBOR transition available here.

    Federal Issues OCC LIBOR Bank Regulatory

    Share page with AddThis
  • NYDFS says climate-based activities may qualify for state CRA credit

    State Issues

    On February 9, NYDFS issued new guidance stating that financing activities that support the climate resiliency of low- and moderate-income (LMI) and underserved communities may receive credit under the New York Community Reinvestment Act (the “New York CRA”). The industry letter notes that LMI and underserved communities are “disproportionally affect[ed]” by climate change because they “tend to be more susceptible to flooding and heat waves” and have “fewer resources to recover from natural disasters.” NYDFS reminds institutions that one way banking institutions subject to the New York CRA are evaluated is the extent to which their activity revitalizes or stabilizes both LMI geographies and underserved geographies, and that financing climate resiliency actions “may help mitigate climate change risks and at the same time revitalize or stabilize those geographic areas.” Accordingly, NYDFS outlines a non-exhaustive list of specific examples that may qualify for credit under the New York CRA, including (i) “renewable energy, energy-efficiency and water conservation equipment or projects for affordable housing…”; (ii) “microgrid or battery storage projects in LMI areas with high flood and/or wind risk…”; and (iii) “installation of air conditioning in multifamily buildings offering affordable housing….” Moreover, NYDFS states that banking institutions may also receive credit for climate resiliency promoting investments or loans to Community Development Financial institutions, among others.

    State Issues NYDFS CRA State Regulators Bank Regulatory

    Share page with AddThis
  • Fed further extends temporary exception to allow bank insiders access to PPP

    Federal Issues

    On February 9, the Federal Reserve Board announced the second extension of a temporary exception from the requirements of section 22(h) of the Federal Reserve Act and corresponding provisions of Regulation O to allow bank directors and shareholders to apply for Small Business Administration (SBA) Paycheck Protection Program (PPP) loans from their affiliated banks. The extension is effective immediately and goes through March 31. The Fed reiterated that any PPP loans extended to bank directors and shareholders must be consistent with SBA’s PPP lending restrictions and done without favoritism from the bank. The original extension was announced on April 17 and already extended once (covered by InfoBytes here).

    Federal Issues Federal Reserve SBA Covid-19 Agency Rule-Making & Guidance CARES Act Regulation O Bank Regulatory

    Share page with AddThis
  • NYDFS details redlining issues from nonbank lenders

    State Issues

    On February 4, NYDFS released a report on redlining in the Buffalo metropolitan area, concluding that there is a “distinct lack of lending by mortgage lenders, particularly non-depository lenders” to majority-minority populations and to minority homebuyers in general. Among other things, the report concluded that (i) while minorities in the Buffalo region comprise about 20 percent of the population, they receive less than 10 percent of total loans made in the region; (ii) nonbank lenders lent at a lower rate in majority-minority neighborhoods than depository institutions did; and (iii) several of the nonbank mortgage lenders did not have adequate fair lending compliance programs and do not make an effort to serve majority-minority neighborhoods. The report made numerous recommendations, including a recommendation to amend the New York Community Reinvestment Act (CRA) to cover nonbank mortgage lenders and a request that the OCC and the CFPB investigate federally regulated institutions serving the Buffalo area for violations of fair lending laws.

    Additionally, NYDFS announced a settlement with a nonbank lender in connection with its lending to minorities and in majority-minority neighborhoods in Buffalo and Syracuse, New York. The settlement agreement found no evidence of intentional discrimination or fair lending law violations but rather weaknesses in the lender’s compliance program. The agreement outlines efforts the lender will take to “provide more meaningful access to residential loans and financing for minorities and individuals living in majority-minority neighborhoods” in Western and Central New York. Among other things, the lender will (i) develop a compliance management plan; (ii) increase marketing to majority-minority census tracts; (iii) create a $150,000 special financing program to increase loan originations for residents of majority-minority neighborhoods; and (iv) increase annual training.

    State Issues NYDFS Mortgages Settlement Enforcement CRA Fair Lending Bank Regulatory

    Share page with AddThis
  • OCC conditionally approves conversion of cryptocurrency trust company

    Federal Issues

    On February 5, the OCC announced that it conditionally approved a Washington state-chartered trust company’s application to convert to a national trust bank. According to the OCC, the trust company—which will provide cryptocurrency custody services for clients in a fiduciary capacity—“is currently in the organizational phase of development and will have up to 18 months to meet the terms of its conditional approval before it converts to a national trust bank and begins to operate.” By receiving a national trust bank charter, the trust company will be allowed to provide nationwide services to customers through offices in Seattle, Boston, and New York, and over the internet. The trust company also intends to expand its custody services to support additional types of digital assets beyond cryptocurrencies, including certain tokens and stable coins, and plans to eventually offer, among other things, client-to-client trading and lending platforms. The OCC notes that approval of the conversion is subject to several conditions, including that the trust company “not engage in activities that would cause it to be a ‘bank’ as defined in section 2(c) of the Bank Holding Company Act.”

    Federal Issues OCC Fintech Cryptocurrency Bank Charter Bank Holding Company Act Bank Regulatory

    Share page with AddThis
  • NYDFS issues Cybersecurity Insurance Risk Framework

    State Issues

    On February 4, NYDFS issued a framework outlining industry best practices for state-regulated property/casualty insurers writing cyber insurance. The new Cyber Insurance Risk Framework provides guidance for effectively managing cyber insurance risk and is the first guidance released by a U.S. regulator on this topic. In recognizing the growing risk and the challenges insurers face when trying to manage that risk, NYDFS advised insurers to “establish a formal strategy for measuring cyber insurance risk that is directed and approved by its board or other governing entity[.]” According to the guidance, the insurer’s strategy should be proportionate to the insurer’s risk and take into account “the insurer’s size, resources, geographic distribution, and other factors.” NYDFS also advised insurers to:

    • Eliminate exposure to “silent” cyber insurance risk resulting from a cyber incident that an insurer is obligated to cover even though its policy “does not explicitly mention cyber incidents.”
    • Evaluate systemic risk, including how catastrophic cyber events impact third-party vendors.
    • Measure and assess potential cybersecurity gaps and vulnerabilities through a data-driven approach.
    • Educate insureds and insurance producers on the value of cybersecurity measures, as well as the uses and limitations of cyber insurance.
    • Recruit and hire employees with cybersecurity experience.
    • Include a requirement in cyber insurance policies that victim-insureds notify law enforcement when a cyber attack occurs.

    State Issues NYDFS Privacy/Cyber Risk & Data Security State Regulators Bank Regulatory

    Share page with AddThis