InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Hsu is self-described “crypto skeptic”
On May 24, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the 2022 DC Blockchain Summit focusing on the vulnerabilities in the cryptocurrency framework and recent volatility with stablecoins. In his remarks, Hsu described that he has “been a crypto skeptic,” and that it has become clear to him that the crypto economy depends on “hype” to “generate the interest and investment that are key to creating the ‘flywheel’ of growth that crypto projects seem to need to get off the ground.” In his speech, he discussed his three high level observations surrounding recent events from the perspective of a bank regulator. First, Hsu described “deep vulnerabilities in the crypto system,” noting that “[c]rypto is highly fragmented and prone to hacks,” and that “[c]ontagion risks are real.” He also argued that ownership rights are underdeveloped for the size, scope, and ambitions of the industry, explaining that “[f]or a technology and industry so focused on promoting an ‘ownership society,’ the lack of clarity on ownership rights, modes of ownership, and custody of digital assets seems like a fundamental problem that needs to be solved.” Second, Hsu observed that “recent events have shown the value of the OCC’s ‘careful and cautious’ approach to banks seeking to engage in crypto activities.” Hsu explained that there has been no contagion from cryptocurrencies to traditional banking and finance, stating that “[n]o banks are under stress or even rumored to be under stress due to crypto exposure.” Lastly, he warned “that hype is not harmless.” Hsu noted that a hype-driven economy has challenges for individuals interested in truly productive innovation and in protecting consumers. He recognized the possibility “for positive and transformative change with digital assets,” but warned that “the hype and the associated vulnerabilities noted above make the crypto space very dangerous for investors of modest means.” Hsu stated that while he remains a “a crypto skeptic,” he sees “its potential and understand[s] why there is excitement around it.” He also stated that the agency “will continue to take a careful and cautious approach to crypto in order to ensure that the national banking system is safe, sound, and fair.”
FDIC highlights operational risks in 2022 Risk Review
On May 20, the FDIC released its 2022 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2021 in four broad categories: credit risk, market risk, operational risk, and climate-related financial risk. According to the FDIC, the current risk review expands upon coverage in prior reports by examining operational risks to banks resulting from cyber threats, illicit finance, and climate-related financial risks. Monitoring these risks is among the agency’s top priorities, the FDIC said, explaining that the number of ransomware attacks in the banking industry increased in 2021, and that the “number and sophistication of cyber attacks also increased with remote work and greater use of digital banking tools.” Additionally, “threats from illicit activities continue to pose risk management challenges to banks.” The FDIC noted that the banking environment improved in 2021 as the economy recovered but stated that recovery was uneven across industries and regions. While “[f]inancial market conditions were generally supportive of the economy and banking industry in 2021,” they began to deteriorate in early 2022 with the onset of the Russian invasion of Ukraine, the FDIC said.
OCC releases enforcement actions
On May 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Alaska-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” The order requires the bank to, among other things, establish a compliance committee, submit a BSA/AML action plan, and develop a written suspicious activity monitoring and reporting program.
FDIC reinstates SARC as final review in supervisory appeals
On May 17, the FDIC adopted revised Guidelines for Appeals of Material Supervisory Determinations to reinstate the Supervision Appeals Review Committee (SARC) as the final level of review in the agency’s supervisory appeals process. The SARC’s restoration appears to eliminate the independent Office of Supervisory Appeals, which was created and staffed in 2021. The Office of Supervisory Appeals was designed to have final authority to resolve appeals by a panel of reviewing officials and be independent from other divisions within the FDIC that have authority to issue material supervisory determinations (covered by InfoBytes here).
According to the revised guidelines, the SARC will include one inside member of the FDIC’s Board of Directors (serving as chairperson); a deputy or special assistant to each of the other inside board members; and the general counsel as a non-voting member. The guidelines provide a list of material supervisory determinations, including CAMELS, IT, trust, and CRA ratings; consumer compliance ratings; loan loss reserve provision determinations; TILA restitutions; and decisions to initiate informal enforcement actions (such as memoranda of understanding).
The guidelines apply to all FDIC-supervised financial institutions, including state nonmember banks, industrial banks, and insured U.S. branches of non-U.S. banks.
While public comments from industry had supported an independent supervisory appeals process, the revised guidelines are posted in final (not draft) form on the FDIC’s website, with the FIL asserting that the guidelines take effect May 17 (before the comment period concludes on June 21). The notice and request for comments was published in the Federal Register on May 20.
FDIC releases process for MDI designation requests
On May 19, the FDIC released a process for insured institutions or applicants for deposit insurance to submit requests for recognition as a minority depository institution (MDI). As previously covered by InfoBytes, last June the FDIC approved and released an updated Statement of Policy Regarding Minority Depository Institutions to enhance the agency’s efforts to preserve and promote MDIs.
The updated statement of policy details the framework by which the FDIC implements objectives set forth in Section 308 of FIRREA and describes agency initiatives for fulfilling its MDI statutory goals. According to the FDIC, “supervised institutions or applicants for deposit insurance that seek to be recognized as an MDI may submit a written request, signed by a duly authorized officer or representative of the institution or applicant, at any time to the appropriate regional office.” Supervised institutions are also able to submit requests in connection with a merger application or a change in control notice. Requests should contain sufficient information in support of the designation, and the FDIC will send a letter acknowledging recognition of the institution as an MDI if an institution has met the eligibility requirements.
FDIC approves final rule for trust, mortgage servicing account insurance
On May 18, the FDIC published a final rule that amends the deposit insurance regulations for trust accounts and mortgage servicing accounts. According to the FDIC, the final rule is “intended to make the deposit insurance rules easier to understand for depositors and bankers, facilitate more timely insurance determinations for trust accounts in the event of a bank failure, and enhance consistency of insurance coverage for mortgage servicing account deposits.”
The final rule, among other things: (i) establishes updates to the Banker Resources Guide Deposit Insurance Page with the Small Entity Compliance Guide (Community Bank Information) to promote understanding of the regulations; (ii) amends the deposit insurance regulations by merging the revocable and irrevocable trusts categories; (iii) “amends the regulation to expand the current per-borrower coverage of up to $250,000 to include any funds paid into the account to satisfy the principal and interest obligation of the mortgagors to the lender”; and (iv) establishes that certain “depositors within excess of $1.25 million in trusts deposits at a particular IDI may want to make changes given the new coverage limits” effective April 1, 2024.
Hsu urges banks to evaluate risk management exposures
On May 17, acting Comptroller of the Currency Michael J. Hsu stressed “[n]ow is the time for banks to take a fresh look at their exposures and take actions to adjust their risk positions—to ‘trim their sails,’ so to speak—ahead of potential uncertainty and volatility.” Hsu said banks should take action now to examine exposure and adjust risk profiles ahead of potential uncertainty and volatility in interest rates and loan performance. “Empowering risk managers and enforcing discipline in risk-taking will enable banks to better navigate the rate environment and will lower the chances of nasty surprises as quantitative tightening occurs,” Hsu stressed. Banks should also re-review their risk identification capabilities and assess the comprehensiveness of their counterparty credit risk management practices, paying close attention to areas where risk limits or other practices have been relaxed for “high-priority, high-growth clients, especially where increasing wallet share has been a goal.” He also cautioned banks against taking on too much risk associated with a single economic concentration, flagging commercial real estate and loans to non-depository financial institutions (including broker-dealers, asset managers, and investment funds) as specific areas where banks may suffer considerable losses when markets turn. Banks should also be careful not to relax underwriting standards, Hsu warned, pointing to some banks that have lowered their retail credit underwriting to obtain new customers and volume growth. “Actions today to defease high-impact tail risks can temper the need to go full ‘risk-off’ tomorrow, ensuring that the banking industry can remain a source of strength to the economy, as it has throughout the pandemic and recent market turbulence,” Hsu stated.
FDIC rule seeks to thwart misrepresentations about deposit insurance
On May 17, the FDIC approved a final rule implementing its authority to prohibit any person or organization from making misrepresentations about FDIC deposit insurance or misusing the FDIC’s name or logo. According to the FDIC, the final rule responds to the “increasing number of instances where individuals or entities have misused the FDIC’s name or logo, or have made false or misleading representations about deposit insurance.” To promote transparency on the FDIC’s processes for investigating and enforcing potential breaches of prohibitions under Section 18(a)(4) of the Federal Deposit Insurance Act, the final rule clarifies the agency’s procedures for identifying, investigating, and where necessary, taking formal and informal action to address potential violations, and establishes a primary point-of-contact for receiving complaints and inquiries about potential misrepresentations regarding deposit insurance. The final rule takes effect 30 days after publication in the Federal Register.
In response, the CFPB released Consumer Financial Protection Circular 2022-02 to provide that covered firms are likely in violation of the CFPA’s prohibition on deceptive acts or practices “if they misuse the name or logo of the FDIC or engage in false advertising or make material misrepresentations to the public about deposit insurance, regardless of whether such conduct (including the misrepresentation of insured status) is engaged in knowingly.” As previously covered by InfoBytes, the newly introduced circulars serve as policy statements for other agencies with consumer financial protection responsibilities. Specifically, the Bureau warned that (i) “[m]isrepresenting the FDIC logo or name will typically be a material misrepresentation”; (ii) claiming “financial products or services are ‘regulated’ by the FDIC or ‘insured’ or ‘eligible for’ FDIC insurance are likely deceptive if those claims expressly or implicitly indicate that the product or service is FDIC-insured when that is not in fact the case” (e.g. emerging financial products and services including digital assets and crypto-assets); and (iii) misusing the FDIC’s name or logo creates harm for firms that engage in honest advertising and marketing. CFPB Director Rohit Chopra, as an FDIC board member, announced the Bureau’s support for the final rule. “Misrepresentation claims about deposit insurance are particularly relevant today,” Chopra noted. “FDIC staff has noted an uptick in potential violations in recent years. We are especially concerned about potential misconduct involving novel technologies, including so-called stablecoins and other crypto-assets. While new technologies may yield significant benefits for households, workers, and small businesses, they nonetheless pose risks to consumers who may be baited by misrepresentations or false advertisements about deposit insurance.”
Acting Comptroller of the Currency Michael J. Hsu specifically called out the timeliness of the final rule in light of changes in the marketplace, technological developments, and rapidly evolving consumer behaviors. The final rule “is especially important in light of the growth of nonbank crypto firms and fintechs and their relationships with banks,” Hsu stated. “The potential for consumer confusion about the status of cash held at these firms is high and this final rule will help provide clarity.”
OCC discusses use of AI
On May 13, OCC Deputy Comptroller for Operational Risk Policy Kevin Greenfield testified before the House Financial Services Committee Task Force on Artificial Intelligence (AI) discussing banks' use of AI and innovation in technology services. Among other things, Greenfield addressed the OCC’s approach to innovation and supervisory expectations, as well as the agency’s ongoing efforts to update its technological framework to support its bank supervision mandate. According to Greenfield’s written testimony, the OCC “recognizes the paramount importance of protecting sensitive data and consumer privacy, particularly given the use of consumer data and expanded data sets in some AI applications.” He noted that many banks use AI technologies and are investing in AI research and applications to automate, augment, or replicate human analysis and decision-making tasks. Therefore, the agency “is continuing to update supervisory guidance, examination programs and examiner skills to respond to AI’s growing use.” Greenfield also pointed out that the agency follows a risk-based supervision model focused on safe, sound, and fair banking practices, as well as compliance with laws and regulations, including fair lending and other consumer protection requirements. This risk-based approach includes developing supervisory strategies based upon an individual bank’s risk profile and examiners’ review of new, modified, or expanded products and services. Greenfield further noted that “the OCC is focused on educating examiners on a wide range of AI uses and risks including risks associates with third parties, information security and resilience, compliance, BSA, credit underwriting, and fair lending and data governance, as part of training courses and other educational resources.” According to Greenfield’s oral statement, “banks need effective risk management and controls for model validation and explainability, data management, privacy, and security regardless of whether a bank develops AI tools internally or purchases through a third party.”
Hsu discusses expanding diversity and inclusion
On May 12, acting Comptroller of the Currency Michael J. Hsu spoke before the Asian Real Estate Association of America Diversity and Fair Housing Summit focusing on the agency’s efforts to decrease barriers to homeownership and promote financial inclusion. In his remarks, Hsu described the agency’s commitment to expanding diversity and inclusion by “encouraging banks to expand their financing of affordable housing and other community needs, especially in low- and moderate-income (LMI) areas.” He further discussed the interagency Community Reinvestment Act (CRA) notice of proposed rulemaking (NPR) on new regulations updating how CRA activities qualify for consideration, where CRA activities are considered, and how CRA activities are evaluated. (Covered by InfoBytes here.) Hsu noted that the provisions of the NPR “are intended to expand access to credit, investment, and basic banking services in LMI areas where they are most needed,” and that it “significantly update[s] regulations intended to encourage banks to meet the credit needs of the entire communities they serve.” Hsu also stated that the agency will “continue to diversify its staff, and train and promote a diverse leadership team.” Hsu explained that through Project REACh (Roundtable for Economic Access and Change), the agency “is harnessing the energy and ideas of concerned civil rights, community, banking, business, and other industry leaders across the nation” and that progress has been made through its various workstreams. As previously covered by InfoBytes, Project REACh brings together leaders from the banking industry, national civil rights organizations, and various businesses and technology organizations to identify and reduce barriers to accessing capital and credit. Finally, Hsu mentioned that he is “concerned by the hype and the risk consumers face” regarding the growing interest in cryptocurrency investments and other digital assets. He believes that “better financial education and information will benefit all consumers and help reduce our nation’s broad racial wealth gap.”