InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Biden outlines actions to mitigate climate-related financial risks
On October 15, the Biden administration issued a Fact Sheet outlining actions for building economic resilience to the impact of climate change. Among other things, the Fact Sheet is a “comprehensive, government-wide strategy to measure, disclose, manage and mitigate the systemic risks climate change poses to American families, businesses, and the economy,” and expands upon recent actions taken by the administration. The administration’s “whole-of-government strategy” discusses six pillars to achieve the goals outlined in Biden’s May 2021 Executive Order on Climate-Related Financial Risks (covered by InfoBytes here). One of the pillars—promoting the resilience of the U.S. financial system to climate-related financial risks—refers to recently issued SEC guidance stating that companies may be required to include information concerning climate-change risks and opportunities in “disclosures related to a company’s description of business, legal proceedings, risk factors, and management’s discussion and analysis of financial condition and results of operations.” (Covered by InfoBytes here.) The other five pillars are: (i) protecting life savings and pensions from climate-related financial risk; (ii) using federal procurement to address climate-related financial risk; (iii) incorporating climate-related financial risk into federal financial management and budgeting; (iv) incorporating climate-related financial risk into federal lending and underwriting; and (v) building resilient infrastructure and communities.
SEC chair discusses digital analytics in finance
On October 12, SEC Chair Gary Gensler stated that the agency is reviewing conflicts of interest and other risk concerns that may be associated with digital engagement practices (DEPs) employed by online brokerages and advisers. Speaking before the Practising Law Institute’s SEC Speaks conference, Gensler discussed the use of digital analytics in finance and warned attendees that DEPs used by finance platforms to tailor products to individual investors could be “transformative” and may increase access and choice, but may also introduce conflicts of interest, bias, and systemic risks if they are not closely monitored. “These modern features go beyond game-like elements, or what is sometimes called ‘gamification,’” Gensler stated. “They encompass the underlying predictive data analytics, as well as a variety of differential marketing practices, pricing, and behavioral prompts.” Use of predictive data analytics by finance platforms could raise issues with those platforms’ legal duties, he added, noting that finance platforms have an obligation “to comply with investor protections through specific duties—things like fiduciary duty, duty of care, duty of loyalty, best execution and best interest.” Using DEPs in a way that optimizes a platform’s own revenue may present a potential conflict of interest, Gensler emphasized. Gensler’s remarks follow a recent SEC request for information and public comments on the use of DEPs. As previously covered by InfoBytes, the SEC is seeking comments to better understand “what conflicts of interest may arise from optimization practices and whether those optimization practices affect the determination of whether DEPs are making a recommendation or providing investment advice.”
FINRA advises firms to incorporate FinCEN’s AML/CFT priorities
On October 8, the Financial Industry Regulatory Authority (FINRA) encouraged member firms to consider ways to incorporate recently issued anti-money laundering and countering the financing of terrorism priorities (AML/CFT Priorities) into their risk-based compliance programs. As previously covered by InfoBytes, the Financial Crimes Enforcement Network’s (FinCEN) AML/CFT Priorities—issued pursuant to the Anti-Money Laundering Act of 2020—highlighted key threat trends and provided informational resources to help covered institutions manage their risks and meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing.
FINRA reminded member firms that FINRA Rule 3310 requires the development and implementation of a written AML program to achieve compliance with the Bank Secrecy Act (BSA). While FinCEN’s issuance of the AML/CFT Priorities “does not trigger an immediate change in the BSA requirements or supervisory expectations for member firms,” FINRA advised member firms to evaluate how they plan to incorporate these priorities into their risk-based AML programs. Among other things, FINRA advised member firms to: (i) review red flags based on potential risks presented by their business activities, size, geographic location, and types of accounts and transactions; and (ii) consider potential technical changes, including those used to monitor and investigate suspicious activity.
OCC to host risk management workshops
On September 23, the OCC released its lineup of free, virtual workshops for boards of directors of community national banks and federal savings associations. Included as part of the workshops to be held this fall and winter is a risk management series focusing on risk governance, credit risk, operational risk, and compliance risk. Another workshop will present guidance for directors and senior managers on building blocks for success. A schedule of the upcoming workshops is available here.
OCC issues cease and desist order against bank
On September 20, the OCC announced a cease and desist order issued against a bank for alleged “unsafe or unsound practices” related to “technology and operational risk management,” in addition to the bank’s noncompliance with the OCC’s Interagency Guidelines Establishing Information Security Standards contained in Appendix B to 12 CFR Part 30. Without admitting to or denying the claims, the bank is required by the order to improve information technology and operational risk governance, technology risk assessments, internal controls, and staffing deficiencies. Specifically, the bank must develop an acceptable, written action plan outlining the remedial actions necessary to achieve compliance with the order by addressing the alleged unsafe or unsound practices and noncompliance, which must specify, among other things, a description of the corrective actions, reasonable and well-supported timelines, and those responsible for completing the actions. The order provides that the bank must also establish a Compliance Committee to quarterly submit: (i) “a description of the corrective actions needed to achieve compliance with each Article of the order”; (ii) the specific corrective actions undertaken to comply with each Article of the Order”; and (iii) “the results and status of the corrective actions.”
Agencies extend comment period on proposed third-party relationship risk management guidance
On September 10, the OCC, Federal Reserve Board, and FDIC extended the comment period on the regulators’ proposed interagency guidance designed to aid banking organizations in managing risks related to third-party relationships, including relationships with fintech-focused entities. The deadline has been extended to October 18 and interested parties may submit comments until the deadline.
As previously covered by InfoBytes, the proposed guidance addresses key components of risk management, such as (i) planning, due diligence and third-party selection; (ii) contract negotiation; (iii) oversight and accountability; (iv) ongoing monitoring; and (v) termination. Coupled with the release of a Federal Reserve Board paper describing community bank and fintech partnerships, as well as interagency guidance to help community banks evaluate fintech relationships (covered by InfoBytes here), the federal bank regulators are demonstrating continued and increased focus on third-party risk management issues.
Fed describes landscape of community banks and fintech partnerships
On September 9, the Federal Reserve Board published a paper describing the landscape of community banks and fintech partnerships. The paper, Community Bank Access to Innovation through Partnerships, is not guidance but is intended to promote and support “responsible innovation” through access and understanding to financial technology, as well as appropriate third-party risk management and compliance guardrails. The paper follows interagency guidance released last month by the Fed, OCC, and FDIC, which addressed several key due diligence topics for community banks considering relationships with prospective fintech companies, as well as interagency proposed guidance on third party risk management—signals of the regulators’ continued and increased focus on third-party relationships. (Covered by InfoBytes here and here.) The paper provides anecdotal observations shared with the Fed by outreach participants and discusses the benefits and risks of different broad partnership types (operational technology partnerships, customer-oriented partnerships, and front-end fintech partnerships), and key considerations for engaging in such partnerships. According to the report, outreach participants presented a general belief that “fintech partnerships were most effective when three elements were present: a commitment to innovation across the community bank; alignment of priorities and objectives of the community bank and its fintech partner; and a thoughtful approach to establishing technical connections between key parties, including the bank, fintech, and the bank’s core services provider.”
Treasury seeks info on climate-related financial risks in the insurance sector
On August 31, the U.S. Treasury Department announced a request for information (RFI) seeking public comments on the Federal Insurance Office’s (FIO) future work related to the insurance sector and climate-related financial risks. The RFI is in response to an executive order issued by President Biden in May, which instructed financial regulators to take steps to mitigate, among other things, climate-related risk related to the financial system (covered by InfoBytes here). Among other things, the FIO will focus on the following initial climate-related priorities: (i) “assessing climate-related issues or gaps in the supervision and regulation of insurers, including their potential impacts on U.S. financial stability”; (ii) “assessing the potential for major disruptions of private insurance coverage in U.S. markets that are particularly vulnerable to climate change impacts, as well as facilitating mitigation and resilience for disasters”; and (iii) “increasing FIO’s engagement on climate-related issues and leveraging the insurance sector’s ability to help achieve climate-related goals.” Responses will help FIO monitor and assess the implications of climate-related financial risks for the insurance sector, and help FIO better understand how to collect “high-quality, reliable, and consistent data” required to accomplish FIO’s objectives.
Agencies issue fintech guidance for community banks
On August 27, the FDIC, OCC, and Federal Reserve Board released a guide as part of its efforts to promote and support the adoption of new technologies by financial institutions. (See also FIL-59-2021 and OCC Bulletin 2021-40.) The Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks is intended to help community banks conduct due diligence when considering relationships with prospective fintech companies. Among other things, the guide addresses six key due diligence topics for community banks to consider, including (i) business experience, strategic goals, and qualifications; (ii) financial conditions and market information; (iii) legal and regulatory compliance; (iv) risk management policies, processes, and controls; (v) information security programs; and (vi) operational resilience, such as business continuity planning, incident response, service level agreements, and reliance on subcontractors. The guide also provides practical sources of information that may be useful when evaluating fintech companies. The agencies note that use of the guide, which is consistent with the FDIC’s Guidance for Managing Third-Party Risk, is voluntary and that the guide does not anticipate all types of fintech relationships and risks. Consistent with risk-based programs, a community bank may tailor how it uses the information “based on specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activity. . . offered by the fintech company.”
OCC releases new Model Risk Management booklet
On August 18, the OCC issued a new Model Risk Management booklet as part of the Comptroller’s Handbook’s safety and soundness series. The booklet is used by OCC examiners when examining and supervising national banks, federal savings associations, and federal branches and agencies of foreign banking organizations. Among other things, the new booklet (i) outlines model risk management concepts and general principles; (ii) “informs and educates examiners about sound model risk management practices that should be assessed during an examination”; and (iii) “provides information needed to plan and coordinate examinations on model risk management, identify deficient practices, and conduct appropriate follow-up.” The booklet aligns with principals laid out in OCC Bulletin 2011-12 “Sound Practices for Model Risk Management: Supervisory Guidance on Model Risk Management.”