InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC highlights operational risks in 2022 Risk Review
On May 20, the FDIC released its 2022 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2021 in four broad categories: credit risk, market risk, operational risk, and climate-related financial risk. According to the FDIC, the current risk review expands upon coverage in prior reports by examining operational risks to banks resulting from cyber threats, illicit finance, and climate-related financial risks. Monitoring these risks is among the agency’s top priorities, the FDIC said, explaining that the number of ransomware attacks in the banking industry increased in 2021, and that the “number and sophistication of cyber attacks also increased with remote work and greater use of digital banking tools.” Additionally, “threats from illicit activities continue to pose risk management challenges to banks.” The FDIC noted that the banking environment improved in 2021 as the economy recovered but stated that recovery was uneven across industries and regions. While “[f]inancial market conditions were generally supportive of the economy and banking industry in 2021,” they began to deteriorate in early 2022 with the onset of the Russian invasion of Ukraine, the FDIC said.
Treasury issues 2022 national illicit finance strategy
On May 13, the U.S. Treasury Department issued the 2022 National Strategy for Combatting Terrorist and Other Illicit Financing (2022 Strategy). As required by federal law, the 2022 Strategy describes current U.S. government efforts to combat domestic and international illicit finance threats from terrorist financing, proliferation financing, and money laundering, and discusses potential risks, priorities and objectives, as well as areas for improvement. Among other things, the 2022 Strategy reflects challenges posed by the Covid-19 pandemic, the increasing digitization of financial services, and rising levels of corruption and fraud. Specifically, Treasury noted that 2022 risk assessments highlights threats “posed by the abuse of legal entities, the complicity of professionals that misuse their positions or businesses, small-sum funding of domestic violent extremism networks, the effective use of front and shell companies in proliferation finance, and the exploitation of the digital economy.”
According to Treasury, the 2022 Strategy, along with the agency’s 2022 National Money Laundering Risk Assessment (covered by InfoBytes here), “will assist financial institutions in assessing the illicit finance risk exposure of their businesses and support the construction and maintenance of a risk-based approach to countering illicit finance for government agencies and policymakers.”
Specifically, to protect the U.S. financial system from corruption and other illicit finance threats, the 2022 Strategy outlined four priorities and 14 supporting actions to address these threats. These include:
- closing legal and regulatory gaps in the U.S. anti-money laundering/counter the financing of terrorism (AML/CFT) framework that are used to anonymously access the U.S. financial system through shell companies and all-cash real estate purchases;
- increasing the efficiency of the U.S. AML/CFT regulatory framework “by providing clear compliance guidance, sharing information appropriately, and fully funding supervision and enforcement”;
- enhancing the operational effectiveness of law enforcement, other U.S. government agencies, and international partnerships to prevent illicit actors from accessing safe havens; and
- enabling technological innovation while mitigating risk to stay ahead of new avenues for abuse through virtual assets and other new financial products, services, and activities.
The same day the U.S. and Mexico announced their commitment to establish a working group on anti-corruption, which will primarily focus on high-level strategic responses to public corruption. The announcement follows a recent agreement between delegates from the two countries to continue expanding information-sharing efforts to improve bilateral efforts for countering illicit finance.
Hsu urges banks to evaluate risk management exposures
On May 17, acting Comptroller of the Currency Michael J. Hsu stressed “[n]ow is the time for banks to take a fresh look at their exposures and take actions to adjust their risk positions—to ‘trim their sails,’ so to speak—ahead of potential uncertainty and volatility.” Hsu said banks should take action now to examine exposure and adjust risk profiles ahead of potential uncertainty and volatility in interest rates and loan performance. “Empowering risk managers and enforcing discipline in risk-taking will enable banks to better navigate the rate environment and will lower the chances of nasty surprises as quantitative tightening occurs,” Hsu stressed. Banks should also re-review their risk identification capabilities and assess the comprehensiveness of their counterparty credit risk management practices, paying close attention to areas where risk limits or other practices have been relaxed for “high-priority, high-growth clients, especially where increasing wallet share has been a goal.” He also cautioned banks against taking on too much risk associated with a single economic concentration, flagging commercial real estate and loans to non-depository financial institutions (including broker-dealers, asset managers, and investment funds) as specific areas where banks may suffer considerable losses when markets turn. Banks should also be careful not to relax underwriting standards, Hsu warned, pointing to some banks that have lowered their retail credit underwriting to obtain new customers and volume growth. “Actions today to defease high-impact tail risks can temper the need to go full ‘risk-off’ tomorrow, ensuring that the banking industry can remain a source of strength to the economy, as it has throughout the pandemic and recent market turbulence,” Hsu stated.
FHFA joins global green initiative
On May 11, FHFA announced its membership in the Network of Central Banks and Supervisors for Greening the Financial System, affirming its “commitment to making tangible progress toward addressing the impact of climate change on the nation's housing finance system.” Recognizing the increased risks to property presented from climate change, FHFA acting Director Sandra L. Thompson advised FHFA-regulated entities last year to designate climate change as a priority concern and actively consider its effects in decision-making processes. NGFS is an international group comprised of central banks and financial supervisors working to enhance the role of the financial system in managing risks and mobilizing capital for green and low-carbon investments in the context of environmentally sustainable development. The Federal Reserve Board, OCC, and FDIC, and the U.S. Treasury Department’s Federal Insurance Office have already joined NGFS.
Agencies issue revised interagency flood insurance Q&As
On May 11, the FDIC, OCC, Federal Reserve Board, NCUA, and the Farm Credit Administration (the agencies) jointly issued revised, reorganized, and expanded interagency questions and answers (Q&As) regarding federal flood insurance laws. The revised Q&As supersede versions published in 2009 and 2011, and consolidate Q&As proposed by the agencies in 2020 and 2021 (covered by InfoBytes here). Reflecting significant changes to flood insurance requirements made by the Biggert-Waters Flood Insurance Reform Act and the Homeowner Flood Insurance Affordability Act, as well as regulations issued by the agencies to implement these laws, the revised Q&As consist of 144 Q&As (including 24 private flood insurance Q&As) covering a range of topics, including the escrow of flood insurance premiums, the detached structure exemption to the mandatory flood insurance purchase requirement, force placement procedures, and the acceptance of flood insurance policies issued by private insurers. The agencies also made non-substantive revisions to certain Q&As to provide more direct responses to questions asked, additional clarity, or make technical corrections. In response to concerns raised by several commenters, the agencies confirmed that they are providing the interagency Q&As “as guidance only,” and clarified that “all the Q&As apply to all policies, whether [National Flood Insurance Program] or a flood insurance policy issued by a private insurance company, unless otherwise noted in the Q&A.” Additionally, the agencies noted “that they are working individually and on an interagency basis to address financial risks associated with climate change consistent with the [a]gencies’ regulatory and supervisory authorities,” and therefore “decline to make changes to any of the Q&As in response to climate risk change.
The same day, the agencies issued Loans in Areas Having Special Flood Hazards; Interagency Questions and Answers Regarding Flood Insurance. The interagency questions and answers replace the 2009 and 2011 publications and consolidate Q&As proposed by the agencies in July 2020 and in March 2021. This bulletin rescinds: (i) OCC Bulletin 2009-26, Flood Disaster Protection Act: Revised Interagency Questions and Answers Regarding Flood Insurance; (ii) OCC Bulletin 2011-42, Flood Disaster Protection Act: Interagency Questions and Answers Regarding Flood Insurance’ (iii) OCC Bulletin 2020-69, Flood Disaster Protection Act: Proposed Revisions to Interagency Questions and Answers Regarding Flood Insurance; (iv) OCC Bulletin 2020-78, Flood Disaster Protection Act: Agencies Extend Comment Period on Proposed Revisions to Interagency Questions and Answers Regarding Flood Insurance; and (v) OCC Bulletin 2021-13, Flood Disaster Protection Act: Proposed Interagency Questions and Answers Regarding Private Flood Insurance.
Fed updates synthetic identity fraud mitigation toolkit
Recently, the Federal Reserve updated a synthetic identity fraud mitigation toolkit offering new information regarding fraud detection technology and data sharing and discussing the value of fraud information sharing within the industry to help fight synthetic identity fraud. As previously covered by InfoBytes, in February, the Fed released the synthetic identity fraud mitigation toolkit intended to help financial institutions, businesses, and consumers improve awareness, detection, measurement, and mitigation of identity fraud. The recent updates in the toolkit provide guidance on enhancing organizations' ability to prevent and mitigate synthetic identity fraud using a variety of detection and prevention technologies and approaches. Topics contained in the toolkit include insights and downloadable resources covering, among other things: (i) the basics of synthetic identity fraud; (ii) how synthetic identities are used; (iii) when synthetics become a reality; (iv) detecting a synthetic identity; (v) validating identities; and (vi) identifying synthetics.
Hsu discusses stablecoin standards
On April 27, acting Comptroller of the Currency Michael J. Hsu issued a statement regarding stablecoin standards after appearing before the Artificial Intelligence and the Economy: Charting a Path for Responsible and Inclusive AI symposium hosted by the U.S. Department of Commerce, National Institute of Standards and Technology, FinRegLab, and the Stanford Institute for Human-Centered Artificial Intelligence. According to Hsu, the internet has “technical foundations” that “provide for an open, royalty-free network.” He further noted that “[t]hose foundations did not emerge on their own. They were developed by standard setting bodies like IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium), which had representatives with differing perspectives, a shared public interest ethos, and a strong leader committed to the vision of an open and inclusive internet.” Hsu further stated that stablecoins do not have “shared standards and are not interoperable.” However, to make stablecoins “open and inclusive,” Hsu said that he believed that “a standard setting initiative similar to that undertaken by IETF and W3C needs to be established, with representatives not just from crypto/Web3 firms, but also from academia and government.” As previously covered by InfoBytes, Hsu discussed stablecoin policy considerations earlier this month in remarks before the Institute of International Economic Law at Georgetown University Law Center, calling for the establishment of an “intentional architecture” for stablecoins developed through principles of “[s]tability, interoperability and separability,” as well as “core values” of “privacy, security, and preventing illicit finance.”
OCC releases lineup of risk management workshops
On April 27, the OCC released its lineup of virtual workshops for board directors of national community banks and federal savings associations for the second half of 2022. Included as part of the workshops to be held later this year is a risk management series focusing on risk governance, credit risk, operational risk, and compliance risk. Another workshop will present guidance for directors and senior managers on building blocks for success. A schedule of the upcoming workshops and registration information is available here.
Hsu discusses stablecoins, pushes for crypto banks
On April 8, acting Comptroller of the Currency Michael J. Hsu discussed stablecoin policy considerations in remarks before the Institute of International Economic Law at Georgetown University Law Center. Hsu called for the establishment of an “intentional architecture” for stablecoins developed along the principles of “[s]tability, interoperability and separability,” as well as “core values” of “privacy, security, and preventing illicit finance.” According to Hsu, one way to mitigate blockchain-related risks would be to “require that blockchain-based activities, such as stablecoin issuance, be conducted in a standalone bank-chartered entity, separate from any other insured depository institution [] subsidiary and other regulated affiliates.” Hsu also emphasized the need to evaluate whether stablecoin issuers should be required “to comply with a fixed set of safety and soundness-like requirements (as is the case with banks)” or be allowed to pick from a range of licensing options.
Additionally, Hsu raised the question about how separable stablecoin issuers should be. “Blockchain-based money holds the promise of being ‘always on,’ irreversible, programmable, and settling in real-time,” he explained. “With these benefits, however, come risks, especially if commingled with traditional banking and finance.” Specifically, Hsu cited concerns that a bank’s existing measures for managing liquidity risks associated with traditional payments “may not be effective for blockchain-based payments,” which could conceivably accumulate over a weekend and “outstrip a bank’s available liquidity resources.” Hsu also raised concerns related to the current “lack of interoperability” should stablecoins expand from trading to payments, and stressed that “[i]n the long run, interoperability between stablecoins and with the dollar—including a [central bank digital currency]—would help ensure openness and inclusion.” He added that this “would also help facilitate broader use of the U.S. dollar—not a particular corporate-backed stablecoin—as the base currency for trade and finance in a blockchain-based digital future.”
FDIC instructs banks to provide notification when engaging with crypto assets
On April 7, the FDIC released FIL-16-2022, titled “Notification of Engaging in Crypto-Related Activities,” instructing banks that intend to engage in, or that are currently engaged in, any activities involving or related to crypto assets (also referred to as “digital assets”), to notify the FDIC of their intent and to provide “all necessary information that would allow the FDIC to engage with the institution regarding related risks.” The FDIC noted that, though it “supports innovations that are safe and sound,” the agency is “concerned that crypto assets and crypto-related activities are rapidly evolving, and risks of this area are not well understood given the limited experience with these new activities.” According to the FDIC, crypto-related activities “may pose significant safety and soundness risks as well as financial stability concerns,” digital asset activities “present risks to consumers,” and insured depository institutions “face risks in effectively managing the application of consumer protection laws and regulations” related to these “new and changing crypto-related activities.” The letter also specified that a bank should promptly "notify the appropriate FDIC Regional Director” of “information necessary to allow the agency to assess the safety and soundness, consumer protection, and financial stability implications” of digital asset activities. The FDIC will review the information and provide relevant supervisory feedback.