InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
U.S.-EU release statement on Joint Financial Regulatory Forum
On February 7-8, EU and U.S. participants, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, participated in the U.S.-EU Joint Financial Regulatory Forum to continue their ongoing financial regulatory dialogue. According to a joint statement issued by the participants, the matters discussed focused on six themes: “(1) market developments and financial stability risks; (2) sustainable finance and climate-related financial risks; (3) regulatory developments in banking and insurance; (4) operational resilience and digital finance; (5) regulatory and supervisory cooperation in capital markets; and (6) anti-money laundering and countering the financing of terrorism (AML/CFT).”
The joint statement acknowledged that the Russia/Ukraine conflict, coupled with global economic uncertainty and inflationary pressures, have exposed “the financial system to downside risk both in the EU and in the U.S,” with participants stressing the importance of international coordination in monitoring vulnerabilities and building resilience against stability risks. During the forum, participants discussed recent developments related to sustainability-related financial disclosures, climate-related financial risks, cross-border bank resolution coordination, the transition away from LIBOR, digital finance operational resilience, and progress made in strengthening their respective AML/CFT frameworks.
Fed announces climate scenario exercises
On January 17, the Federal Reserve Board provided additional details regarding its upcoming pilot climate scenario analysis exercise and the information on risk management practices that will be gathered from the program. As previously covered by InfoBytes, the Fed announced in September 2022, that six of the nation’s largest banks will participate in a pilot climate scenario analysis exercise intended to enhance the ability of supervisors and firms to measure and manage climate-related financial risks. According to the Fed, the banks will analyze the impact of scenarios for both physical and transition risks related to climate change on specific assets in their portfolios. The Fed noted that it will collect qualitative and quantitative information during the pilot, including details on governance and risk management practices, among other things. Additionally, the banks will be asked to consider the effect on corporate loans and commercial real estate portfolios using a scenario based on current climate policies and one based on reaching net-zero greenhouse gas emissions by 2050. The Fed noted that though no firm-specific information will be released, it anticipates publishing insights at an aggregate level, reflecting what has been learned about climate risk management practices and how insights can identify possible risks and promote risk management practices.
Fed’s Bowman discusses the economy and bank supervision
On January 10, Federal Reserve Governor Michelle W. Bowman spoke before the Florida Bankers Association Leadership Luncheon regarding the economy and bank supervision. In her remarks, Bowman said that inflation is “much too high” and that her focus is on “bringing it down toward our 2 percent goal.” Bowman stated it is a “hopeful sign” that unemployment has remained low. However, she acknowledged that it is likely that as a part of the process, “labor markets will soften somewhat before we bring inflation back to our 2 percent goal.”
Regarding crypto, Bowman said that crypto activities may “pose significant risks to consumers, businesses, and potentially the larger financial system.” She also said that there is “dysfunction” in cryptomarkets, “with some crypto firms misrepresenting that they have deposit insurance.” She also mentioned “the collapse of certain stablecoins, and, most recently, the bankruptcy of [a cryptocurrency exchange platform].”
Bowman additionally discussed the Fed’s push for a real-time payments system. Since 2019, the Fed has been working to launch FedNow, a new faster payments system that will be available in the first half of 2023. According to Bowman, “FedNow will help transform the way payments are made through new direct services that enable consumers and businesses to make payments conveniently, in real time, on any day, and with immediate availability of funds for receivers.” As previously covered by a Buckley Special Alert, in June, the Fed issued a final rule on its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. She also noted that FedNow will enable depository institutions of every size to provide “safe and efficient” instant payment services.
Regarding climate change, Bowman noted that the Fed views its role on climate “as a narrow focus on supervisory responsibilities and limited to our role in promoting a safe, sound and stable financial system.” She also noted that the Fed’s recent climate guidance only applies to banks with more than $100 billion in assets. Bowman also disclosed while “climate supervision effort is a new area of focus, it has been a longstanding supervisory requirement that banks manage their risks related to extreme weather events and other natural disasters that could disrupt operations or impact business lines.”
Additionally, Bowman provided a Community Reinvestment Act (CRA) update. She said that the CRA, which requires the Fed and other banking agencies to encourage banks to help meet the credit needs of their communities, “was last updated 25 years ago.” As previously covered by InfoBtytes, in May, the Fed, FDIC, and OCC issued a joint notice of proposed rulemaking on new regulations implementing the CRA to update how CRA activities qualify for consideration, where CRA activities are considered, and how CRA activities are evaluated. The CRA proposal, which she is fully supportive of, “reflects these industry changes, including recognizing internet and mobile banking services, it also attempts to provide clarity and consistency, and it could enhance access to credit for these low- and moderate-income communities
NYDFS releases proposed guidance for mitigating climate-related risks
On December 21, NYDFS proposed guidance for regulated banking and mortgage institutions to support efforts for responding to evolving risks stemming from climate change. The proposed guidance—which was developed to align with the climate-related work of federal and international banking regulators—will aid institutions in identifying, measuring, monitoring, and controlling material climate-related financial risks, consistent with existing risk management principles. Institutions should “minimize and affirmatively mitigate adverse impacts on low- and moderate-income communities while managing climate-related financial risks,” NYDFS said, explaining that the proposed guidance focuses on areas of risk management related to corporate governance, internal control frameworks, risk management processes, data aggregation and reporting, and scenario analysis that also accounts for unknown future risks. Among other things, the proposed guidance warned institutions of the importance of ensuring fair lending is provided to all communities, including low- to moderate-income neighborhoods that may face heightened risks, when managing climate-related financial risks. The proposed guidance also outlined tools institutions should use to measure and protect against climate change risks. NYDFS warned institutions that they may have to directly absorb a greater portion of losses and should plan for insurance coverage premiums to either increase or be withdrawn entirely in areas where climate risks are prevalent.
NYDFS commented that the proposed guidance serves as a basis for supervisory dialogue and instructed interested parties to provide input as it undertakes a data-driven approach to formulating the final guidance. Comments are due by March 21, 2023. A webinar will be held on January 11, 2023 to provide an overview of the proposed guidance.
“Regulators must anticipate and respond to new risks to operational resiliency and safety and soundness, jeopardizing an institution’s future,” Superintendent Adrienne A. Harris said. “NYDFS is committed to working with all stakeholders to further refine expectations and finalize guidance appropriate for institutions to address material climate-related financial risks.”
FSOC annual report highlights digital asset, cybersecurity, and climate risks
On December 16, the Financial Stability Oversight Council (FSOC or the Council) released its 2022 annual report. The report reviewed financial market developments, identified emerging risks, and offered recommendations to mitigate threats and enhance financial stability. The report noted that “amid heightened geopolitical and economic shocks and inflation, risks to the U.S. economy and financial stability have increased even as the financial system has exhibited resilience.” The report also noted that significant unaddressed vulnerabilities could potentially disrupt institutions’ ability to provide critical financial services, including payment clearings, liquidity provisions, and credit availability to support economic activity. FSOC identified 14 specific financial vulnerabilities and described mitigation measures. Highlights include:
- Nonbank financial intermediation. FSOC expressed support for initiatives taken by the SEC and other agencies to address investment fund risks. The Council encouraged banking agencies to continue monitoring banks’ exposure to nonbank financial institutions, including reviewing how banks manage their exposure to leverage in the nonbank financial sector.
- Digital assets. FSOC emphasized the importance of enforcing existing rules and regulations applicable to the crypto-asset ecosystem, but commented that there are gaps in the regulation of digital asset activities. The Council recommended that legislation be enacted to grant rulemaking authority to the federal banking agencies over crypto-assets that are not securities. The Council said that regulatory arbitrage needs to be addressed as crypto-asset entities offering services similar to those offered by traditional financial institutions do not have to comply with a consistent or comprehensive regulatory framework. FSOC further recommended that “Council members continue to build capacities related to data and the analysis, monitoring, supervision, and regulation of digital asset activities.”
- Climate-related financial risks. FSOC recommended that state and federal agencies should continue to work to advance appropriately tailored supervisory expectations for regulated entities’ climate-related financial risk management practices. The Council encouraged federal banking agencies “to continue to promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to consider climate-related financial risks in their investment and lending decisions.”
- Treasury market resilience. FSOC recommended that member agencies review Treasury’s market structure and liquidity challenges, and continue to consider policies “for improving data quality and availability, bolstering the resilience of market intermediation, evaluating expanded central clearing, and enhancing trading venue transparency and oversight.”
- Cybersecurity. FSOC stated it supports partnerships between state and federal agencies and private firms to assess cyber vulnerabilities and improve cyber resilience. Acknowledging the significant strides made by member agencies this year to improve data collection for managing cyber risk, the Council encouraged agencies to continue gathering any additional information needed to monitor and assess cyber-related financial stability risks.
- LIBOR transition. FSOC recommended that firms should “take advantage of any existing contractual terms or opportunities for renegotiation to transition their remaining legacy LIBOR contracts before the publication of USD LIBOR ends.” The Council emphasized that derivatives and capital markets should continue transitioning to the Secured Overnight financing Rate.
CFPB Director Rohit Chopra issued a statement following the report’s release, flagging risks posed by the financial sector’s growing reliance on big tech cloud service providers. “Financial institutions are looking to move more data and core services to the cloud in coming years,” Chopra said. “The operational resilience of these large technology companies could soon have financial stability implications. A material disruption could one day freeze parts of the payments infrastructure or grind other critical services to a halt.” Chopra also commented that FSOC should determine next year whether to grant the agency regulatory authority over stablecoin activities under Dodd-Frank. He noted that “[t]hrough the stablecoin inquiry, it has become clear that nonbank peer-to-peer payments firms serving millions of American consumers could pose similar financial stability risks” as these “funds may not be protected by deposit insurance and the failure of such a firm could lead to millions of American consumers becoming unsecured creditors of the bankruptcy estate, similar to the experience with [a now recently collapsed crypto exchange].”
OCC warns of crypto-asset and cybersecurity risks facing the federal banking system
On December 8, the OCC released its Semiannual Risk Perspective for Fall 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that, in the aggregate, banks “remain well capitalized” and have “ample liquidity and sound credit quality, although macroeconomic headwinds are a concern.” The OCC highlighted interest rate, operational, compliance, and credit risks as key risk themes. Observations include: (i) the rising rate environment has adversely impacted bank investment portfolios; (ii) operational risk, including evolving cyber risk, is elevated, with “threat actors continuing to target the financial services industry with ransomware and other attacks”; (iii) compliance risk remains heightened as banks navigate significant regulatory changes; and (iv) credit risk in commercial and retail loan portfolios remains moderate and demonstrates resiliency, “but signs of potential weakening in some segments warrant careful monitoring.”
The report discussed emerging risks related to innovation and the adoption of new products and services, including crypto-assets. Highlighting risks arising from banks’ expansion into digital offerings and the “heightened” threat of fraud risk associated with innovative peer-to-peer payment platforms, the OCC noted that banks should be “clearly communicating risks, educating customers on potential scams, and enhancing internal fraud monitoring capabilities” to mitigate threats and protect consumers. The report noted that “[b]anks may require additional or different controls to safeguard against fraud, financial crimes, violations of Bank Secrecy Act, anti-money laundering, and Office of Foreign Assets Control (BSA/AML/OFAC) requirements, and consumer protection or fair lending laws, or operational errors,” and should “maintain comprehensive operational resilience frameworks commensurate with the size and complexity of products, services, and operations being supported.”
The OCC reiterated the importance of taking a “careful and cautious approach” toward banks’ engagement with the crypto-related firms. Recent events in the crypto market have also “revealed a high degree of interconnectedness between certain crypto participants through a variety of opaque lending and investing arrangements,” which has led to “a high risk of contagion among connected parties.” The report noted that national banks and federal savings associations interested in engaging in crypto-asset activities should discuss the activities with their supervisory office before engaging the activities. Some activities may require a supervisory non-objection under OCC Interpretive Letter #1179.
The report cited risks related to cybersecurity and partnerships with fintech and other third parties. The OCC said it is applying a “heightened supervisory focus” to its scrutiny of banks’ oversight of third-party relationships and flagged an upward trend in ransomware attacks targeting banks’ service providers and other third parties. Partnering with fintechs to support operations or provide opportunities for customers to enter the digital asset market can “increase the risk of unfair or deceptive acts or practices because of the coordination, communication, and disclosure challenges involved in these partnerships,” the report said, adding that “[u]nclear or arbitrary partnership agreements may result in implementation breakdowns, untimely resolution of issues, or failure to deliver products or services as intended, and may result in significant customer remediation.” The OCC cautioned that banks must “conduct appropriate due diligence” before entering a partnership with a third party. “The scope and depth of due diligence, as well as ongoing monitoring and oversight of the third party’s performance, should be commensurate with the nature and criticality of the proposed activity.”
The report also discussed forthcoming climate risk management guidelines applicable to banks with more than $100 billion in total consolidated assets. As previously covered by InfoBytes, the OCC, Federal Reserve Board, and the FDIC announced they intend to issue final interagency guidance to promote consistency.
NY passes crypto mining bill
On November 22, the New York governor signed AB 7389, which establishes a moratorium on cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transaction. Among other things, the bill also establishes a section on the moratorium on air permit issuance and renewal that states that the state cannot approve a new application, or issue a new permit, for an electric generating facility that utilizes carbon-based fuel and that provides behind-the-meter electric energy consumed or utilized by cryptocurrency mining operations that use proof-of-work authentication methods to validate blockchain transactions. The bill is effective immediately.
Fed solicits feedback on proposed climate-related risk principles
On December 2, the Federal Reserve Board issued a notice requesting public comments on proposed Principles for Climate-Related Financial Risk Management for Large Financial Institutions. The proposed principles would provide a high-level framework for the safe and sound management of exposures to climate-related financial risks for the largest financial institutions (those with over $100 billion in total consolidated assets), as well as address the physical and transition risks associated with climate change. Notably the notice acknowledged that all financial institutions, regardless of size, can have material exposures to climate-related financial risks. Intended to support large financial institutions’ efforts in addressing climate-related financial risk management, the proposed principles cover six major areas related to: (i) governance; (ii) policies, procedures, and limits; (iii) strategic planning; (iv) risk management; (v) data, risk measurement, and reporting; and (vi) scenario analysis. The Fed noted that the proposed principles are substantially similar to those issued by the OCC and FDIC (covered by InfoBytes here and here), and said that the agencies intend to issue final interagency guidance to promote consistency. Comments on the proposed principles are due 60 days after publication in the Federal Register.
Governor Bowman stated that while she voted in favor of seeking input on the proposed principles, she reserves the right to vote against its finalization. She also emphasized that excluding financial institution with less than $100 billion in assets from the guidance “is appropriate based not only on the size of such firms, but also in light of the robust risk management expectations already applicable to such firms.”
However, Governor Waller issued a dissenting statement: “Climate change is real, but I disagree with the premise that it poses a serious risk to the safety and soundness of large banks and the financial stability of the United States. The Federal Reserve conducts regular stress tests on large banks that impose extremely severe macroeconomic shocks and they show that the banks are resilient.”
Senate Banking grills regulators on crypto
On November 15, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Oversight of Financial Regulators: A Strong Banking and Credit Union System for Main Street” to hear from federal financial regulators about growing risks related to bank mergers, bailouts, climate change, crypto assets, and cyberattacks, among other topics. Committee Chairman Sherrod Brown (D-OH) opened the hearing by emphasizing that Congress “must stay vigilant and empower regulators with the tools to combat these growing risks,” and said that banks and credit unions must be able to partner with third parties in a manner that enables competition but without risking consumer money. He also warned that big tech companies and shadow banks should not be allowed to “play by different rules because of special loopholes.” In his opening statement, Ranking Member Patrick J. Toomey (R-PA) challenged the regulators to “not stray beyond their mandates into politically contentious issues or establish unnecessary new regulatory burdens,” pointing to the participation of the Federal Reserve Board, FDIC, and OCC in the Network for the Greening the Financial System as an example of politicizing financial regulation.
Testifying at the hearing were the Fed’s Vice Chair for Supervision Michael S. Barr, NCUA Chair Todd M. Harper, acting FDIC Chairman Martin J. Gruenberg, and acting Comptroller of the Currency Michael J. Hsu. Cryptocurrency concerns were a primary focus during the hearing, where Toomey asked the regulators why they still have not provided public clarity on banks’ involvement in crypto activities, such as providing custody services or issuing stablecoins.
Pointing to a major cryptocurrency exchange’s recent major collapse, Toomey pressed Hsu on whether the OCC “discourages banks from providing custody services” for crypto assets. Toomey speculated, “it seems to me if people had access to custody services provided by a wide range of institutions, including regulated financial institutions, they might be able to sleep more comfortably knowing that those assets are unlikely to be used for some completely inappropriate purpose.” Answering that the OCC discourages banks from engaging in activities that are not safe, sound, and fair, Hsu acknowledged that there are underlying fundamental issues and questions about what it means to control crypto through a custody “which have not been fully worked out.” Toomey emphasized that part of the obligation rests on the OCC to provide clarity on how banks could provide these services in a safe, sound, and fair manner, and stressed that currently these activities are operating in a space outside the regulatory perimeter. Barr agreed that it would be useful for the Fed to provide guidance to banks on how to safely custody crypto assets and said it is something he plans to work on with his colleagues.
Toomy further noted that Congress’s failure “to pass legislation in this space and the failure of regulators to provide clear guidance has created ambiguity that has driven developers and entrepreneurs overseas where regulations are often lax at best.” Senator Bill Haggerty (R-TN) cautioned that lawmakers should not resort to a “heavy-handed” regulatory response to the cryptocurrency exchange’s collapse. “No amount of poorly considered, knee-jerk over-regulation here in the U.S. would have prevented a foreign-domiciled company like [the collapsed cryptocurrency exchange] from doing what it did,” Haggerty said. “The fact of the matter is that crypto, much like all of finance, isn’t beholden to a specific country or a specific legal system, and by not acting and by failing to provide legal clarity here in the United States, Congress only incentivizes activity to migrate outside of our country’s borders,” Haggerty stated, adding that it is “important to recognize that whatever happened with a bad actor running a centralized exchange and defrauding customers” has “nothing to do with the technology underpinning crypto itself.” When asked by Sen. John Kennedy (R-LA) which regulator was responsible for watching the collapsed cryptocurrency exchange, Gruenberg said “I think in the first instance, you’d probably want to engage with the market regulators, the SEC and the CFTC, to talk about the activities and the authorities in this area.”
The regulators also discussed efforts to mitigate cybersecurity risks and strengthen information security within the banking industry. Hsu stressed during the hearing that “the greatest risk is the risk of complacency,” while noting in his prepared remarks that the OCC is aware of the risks associated with cybersecurity and has “encouraged banks to stay abreast of new technology and threats.” Barr pointed to the importance of operational resilience in his prepared remarks, noting that “technology-based failures, cyber incidents, pandemics, and natural disasters,” combined with the growing reliance on third-party service providers, expose banks to a range of operational risks that are often challenging to anticipate. Harper commented in his prepared remarks that the NCUA continues to provide guidance for credit unions to reinforce their ability to withstand potential cyberattacks, and recommends that credit unions report cyber incidents to the NCUA, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. In his prepared remarks, Gruenberg pointed to recent examination findings revealing that banks that have dedicated resources for implementing appropriate controls are better at defending against cyberattacks, and said the FDIC is “piloting technical examination aids that will help [] examiners focus on the controls [] found to be most effective in defending against these attacks.”
The House Financial Services Committee also held a hearing later in the week that focused on similar topics with the regulators. Chair Maxine Waters (D-CA) and Rep. Patrick McHenry (R-NC) also announced that the committee will hold a hearing in December to investigate the aforementioned cryptocurrency exchange’s collapse and understand the broader consequences the collapse may have on the digital asset ecosystem.
Fed releases Supervision and Regulation Report
Recently, the Federal Reserve Board released its Supervision and Regulation Report, which summarizes banking system conditions and the Fed’s supervisory and regulatory activities. The current report noted that even though the “vast majority of firms maintained capital above regulatory minimums,” and loan delinquencies were historically low with liquidity levels generally remaining high, increasing economic uncertainty “may create new risks for firms to manage.” In response, firms increased credit loss provisions during the first half of 2022 and started taking measures to prepare for weaker economic conditions. The report also revealed that while the financial condition of large banks generally remains sound, firms should take steps to ensure their stress analyses, liquidity, and capital positions are able to adjust to developing market conditions. The report also highlighted recent regulatory actions, including supervisory guidance issued in August for banks seeking to engage in crypto-asset-related activities (covered by InfoBytes here). The Fed commented that it will continue to work with the OCC and FDIC on crypto-asset-related policy initiatives. The report also discussed operational risks related to the transition from LIBOR to an alternative interest rate benchmark and measures to address climate change implications for banks.