Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 11, President Biden outlined actions for strengthening and safeguarding the nation’s cybersecurity. In addition to stressing the importance of improving cybersecurity and resilience measures for critical infrastructure owners and operators, the Biden administration outlined additional priorities that focus on (i) strengthening the federal government’s cybersecurity requirements; (ii) countering ransomware attacks, including by making it more difficult for criminals to move illicit money; (iii) collaborating with allies and partners to build collective cybersecurity, develop coordinated responses, and develop cyber deterrence; (iv) imposing costs on and sanctioning malicious cyber actors; (v) implementing internationally-accepted cyber “rules of the road”; (vi) strengthening cyber-education efforts; (vii) developing quantum-resistant encryption algorithms to protect privacy in digital systems such as online banking; and (viii) establishing research centers and workforce development programs under the National Quantum Initiative to protect investments, companies, and intellectual property and prevent harm as technology in this space continues to develop.
On October 7, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (E.O.) to address the facilitation of transatlantic data flows between the EU and the U.S. The E.O. outlines commitments the U.S. will take under the EU-U.S. Data Privacy Framework, which was announced in March as a replacement for the invalidated EU-U.S. Privacy Shield. As previously covered by InfoBytes, the Court of Justice of the EU (CJEU) issued an opinion in the Schrems II case (Case C-311/18) in July 2020, holding that the EU-U.S. Privacy Shield did not satisfy EU legal requirements. In annulling the EU-U.S. Privacy Shield, the CJEU determined that because the requirements of U.S. national security, public interest, and law enforcement have “primacy” over the data protection principles of the EU-U.S. Privacy Shield, the data transferred under the EU-U.S. Privacy Shield would not be subject to the same level of protections prescribed by the GDPR.
Among other things, the E.O. bolsters privacy and civil liberty safeguards for U.S. signals intelligence-gathering activities, and establishes an “independent and binding mechanism” to enable “qualifying states and regional economic integration organizations, as designated under the E.O., to seek redress if they believe their personal data was collected through U.S. signals intelligence in a manner that violated applicable U.S. law.” Specifically, the E.O. (i) creates further safeguards for how the U.S. signals intelligence community conducts data transfers; (ii) establishes requirements for handling personal information collected through signals intelligence activities and “extends the responsibilities of legal, oversight, and compliance officials to ensure that appropriate actions are taken to remediate incidents of non-compliance”; (iii) requires the U.S. signals intelligence community to make sure policies and procedures reflect the E.O.’s new privacy and civil liberty safeguards; (iv) establishes a multi-layer review and redress mechanism, under which the Civil Liberties Protection Officer in the Office of the Director of National Intelligence (CLPO) is granted the authority to investigate complaints of improper collection and handling of personal data and may issue binding decisions on whether improper conduct occurred and what the appropriate remediation should be; (v) directs the U.S. attorney general to establish a Data Protection Review Court (DPRC) to independently review CLPO decisions, thereby serving as the second level of the E.O.’s redress mechanism (see DOJ announcement here); and (vi) calls on the Privacy and Civil Liberties Oversight Board to review U.S. signals intelligence community policies and procedures to ensure they are consistent with the E.O.
Recently, the Biden administration’s Office of Science and Technology Policy released a Blueprint for an AI Bill of Rights. The blueprint’s proposed framework identifies five principles for guiding the design, use, and deployment of automated systems to protect the public as the use of artificial intelligence grows. The principles center around topics related to stronger safety measures, such as (i) ensuring systems are safe and effective; (ii) implementing proactive protections against algorithmic discrimination; (iii) incorporating built-in privacy protections, including providing the public control over how data is used and ensuring that the data collection meets reasonable expectations and is necessary for the specific context in which it is being collected; (iv) providing notice and explanation as to how an automated system is being used, as well as the resulting outcomes; and (v) ensuring the public is able to opt out from automated systems in favor of a human alternative and has access to a person who can quickly help remedy problems. According to the announcement, the proposed framework’s principles should be incorporated into policies governing systems with “the potential to meaningfully impact” an individual or community’s rights or access to resources and services related to education, housing, credit, employment, health care, government benefits, and financial services, among others.
On September 20, President Biden announced his intention to nominate two members of the FDIC Board of Directors. The nominees, if confirmed, would fill the two vacant seats on the five-member Board. Travis Hill was nominated as a Board member and as vice chair. During his tenure at the FDIC, Hill previously served as senior advisor to the chairman and deputy to the chairman for policy. Prior to that, Hill served as senior counsel at the Senate Committee on Banking, Housing, and Urban Affairs. Biden also nominated Jonathan McKernan as a Board member. McKernan is a senior counsel at the FHFA and currently is on detail from the agency to the Senate Committee on Banking, Housing, and Urban Affairs where he is counsel on the minority staff. Previously, McKernan served as a senior policy advisor at the U.S. Treasury Department.
On September 16, the White House published a comprehensive framework for the responsible development of digital assets, calling on federal regulators to “provide innovative U.S. firms developing new financial technologies with regulatory guidance, best-practices sharing, and technical assistance.” The framework follows an executive order (E.O.) issued by the Biden administration in March (covered by InfoBytes here), which outlined the first “whole-of-government” strategy for coordinating a comprehensive approach to ensuring responsible innovation in digital assets policy. Consistent with the E.O.’s deadline, nine reports have been submitted to President Biden to date that “call on agencies to promote innovation by kickstarting private-sector research and development and helping cutting-edge U.S. firms find footholds in global markets.” The reports also “call for measures to mitigate the downside risks, like increased enforcement of existing laws and the creation of commonsense efficiency standards for cryptocurrency mining.”
Among other things, the reports (i) direct the Federal Reserve Board to continue its research and experimentation on issuing a central bank digital currency, and request the creation of a U.S. Treasury Department-led interagency working group to support Fed efforts; (ii) encourage the SEC and CFTC to “aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space”; (iii) urge the CFPB and FTC to address consumer complaints related to unfair, deceptive, or abusive practices in the crypto space; (iv) encourage agencies to issue guidance and rules for addressing current and emergent risks in the digital asset ecosystem; (v) urge agencies and law enforcement to take joint measures to address digital asset risks impacting consumers, investors, and businesses; and (vi) encourage agencies to share data on consumers’ digital asset complaints. To promote access to safe and affordable financial services, the administration said it plans to explore how crypto-related technologies can bolster financial inclusion, and will encourage the adoption of instant payment systems, weigh recommendations for creating a federal framework for non-bank payment service oversight, and prioritize efforts to improve cross-border payment efficiency. Additionally, the administration said it is exploring the possibility of amending the Bank Secrecy Act and other related statutes to “explicitly” apply to digital asset exchanges and non-fungible token platforms, and is considering a legislative request to toughen penalties for unlicensed money transmitters and give the DOJ more jurisdictional digital asset prosecution authority.
The Treasury released three reports addressing the future of money and payment systems, consumer and investor protection, and illicit finance risks in response to the E.O. The reports, The Future of Money and Payments, Crypto-Assets: Implications for Consumers, Investors, and Businesses, and Action Plan to Address Illicit Financing Risks of Digital Assets call on regulators to mitigate crypto-related risks to consumers, investors, and businesses. “Innovation is one of the hallmarks of a vibrant financial system and economy,” Treasury Secretary Janet Yellen said. “But as we have learned painfully from the past, innovation without appropriately addressing the impact of these developments can result in significant disruptions and harm to the financial system and individuals, especially our more vulnerable populations.” The reports examine the future of digital assets and offer recommendations to address consumer and investor protection concerns, combat illicit finance risks, and improve the payments system to support a more competitive, efficient, and inclusive landscape.
The same day, the DOJ also released a report in response to the E.O. The Role Of Law Enforcement In Detecting, Investigating, And Prosecuting Criminal Activity Related To Digital Assets examines ways illicit actors exploit digital asset technologies and addresses challenges posed by digital assets to criminal investigations. The report provides recommendations to further enhance law enforcement’s ability to address digital asset crimes, such as strengthening criminal penalties and extending the statutes of limitations for crimes involving digital assets from five to ten years, and identifies three priorities: (i) “expanding to virtual asset service providers the laws preventing employees of financial institutions from tipping off suspects to ongoing investigations”; (ii) “strengthening the law criminalizing the operation of unlicensed money transmitting businesses”; and (iii) “extending the statute of limitations of certain statutes to account for the complexities of digital assets investigations.” The DOJ also launched the Digital Asset Coordinator Network, which will serve as the agency’s primary source for obtaining and disseminating information related to digital assets crimes.
On September 12, eight Senate Democrats sent a letter to President Biden, urging him to extend student-loan debt relief to roughly 3.6 million borrowers under the Parent Loan for Undergraduate Student (PLUS) loan program. Biden’s debt relief plan instructed the Department of Education (DOE) to, among other things: (i) provide up to $20,000 in debt cancellation to Pell Grant recipients with loans held by the DOE; (ii) provide up to $10,000 in debt cancellation to non-Pell Grant recipients for borrowers making less than $125,000 a year or less than $250,000 for married couples; and (iii) propose a new income-driven repayment (IDR) plan and cap monthly payments for undergraduate loans at 5 percent of a borrower’s discretionary income. Additionally, for IDR plans, Biden’s August announcement instructed the DOE to propose a rule to, among other things, reduce the amount that borrowers have to pay each month for undergraduate loans from 10 percent to 5 percent. The Senators expressed their concern that Biden’s recent actions do not appropriately cover Parent PLUS borrowers and urged his administration and the DOE to “to incorporate Parent PLUS borrowers in any administrative improvements to federal student loan programs, including the Public Service Loan Forgiveness and Income-Driven Repayment programs, extensions or creation of waivers, and in the implementation of executive actions to provide student debt relief.”
On August 24, President Biden announced a three-part plan for student loan relief. According to the Fact Sheet, the cumulative federal student loan debt is around $1.6 trillion and rising for more than 45 million borrowers. The President announced that the Department of Education (DOE) will, among other things: (i) provide up to $20,000 in debt cancellation to Pell Grant recipients with loans held by the DOE; (ii) provide up to $10,000 in debt cancellation to non-Pell Grant recipients for borrowers making less than $125,000 a year or less than $250,000 for married couples; (iii) propose a new income-driven repayment plan and cap monthly payments for undergraduate loans at 5 percent of a borrower’s discretionary income; and (iv) “propos[e] a rule that borrowers who have worked at a nonprofit, in the military, or in federal, state, tribal, or local government, receive appropriate credit toward loan forgiveness.” For income-driven repayment, Biden announced that the DOE is proposing a rule to, among other things: (i) reduce to 5 percent from 10 percent the amount that borrowers have to pay each month for undergraduate loans; (ii) guarantee that borrowers making less than 225 percent of the federal minimum wage are not required to make payments on their federal undergraduate loans; (iii) forgive loan balances after 10 years of payments, instead of 20 years, for borrowers with original loan balances of $12,000 or less; and (iv) cover the borrower’s unpaid monthly interest so that no borrower’s loan balance will grow when making monthly payments, “even when that monthly payment is $0 because their income is low.” The Fact Sheet also noted that if all borrowers claim the relief to which they are entitled under this plan, these actions “will [p]rovide relief to up to 43 million borrowers, including cancelling the full remaining balance for roughly 20 million borrowers,” will benefit primarily low- and -middle income borrowers, assist borrowers of all ages, and help narrow the racial wealth gap and promote equity by targeting those with the highest economic need.
The same day, the DOE announced a final extension of the pause on student loan repayment, interest, and collections through December 31. As previously covered by InfoBytes, in April, Biden extended the moratorium on collecting student loans through August 31, about which the DOE stated will allow “all borrowers with the paused loans to receive a ‘fresh start’ on repayment by eliminating the impact of delinquency and default and allowing them to reenter repayment in good standing.”
Earlier this week, the DOE announced that it will provide over $10 billion in debt relief for over 175,000 borrowers in 10 months through the Public Service Loan Forgiveness (PSLF) program. The recent announcement follows changes the DOE announced in October 2021 (covered by InfoBytes here) that, among other things, gave qualifying borrowers a time-limited PSLF waiver that allowed all payments to count towards PSLF regardless of loan program or payment plan. These include payments made on loans under the Federal Family Education Loan (FFEL) Program or Perkins Loan Program. The recently announced changes provide that student borrowers receive credit for payments made on loans from FFEL, Perkins Loan Program, and other federal student loans. To qualify for the program under the temporary changes, such borrowers must apply to consolidate their loans into a Direct Consolidation Loan by October 31. Additionally, the DOE announced that “under the temporary changes, past periods of repayment count whether or not borrowers were on a qualifying repayment plan or whether or not borrowers made payments.” To date, $32 billion in student loan relief has been approved for over 1.6 million borrowers.
On August 5, President Biden signed the Paycheck Protection Program and Bank Fraud Enforcement Harmonization Act (see H.R. 7352) and the COVID-19 Economic Injury Disaster Loan Fraud Statute of Limitations Act (see H.R. 7334). H.R. 7352 provides a 10-year statute of limitations for fraud by borrowers under the SBA’s Paycheck Protection Program, while H.R. 7334 establishes a 10-year statute of limitations for fraud by borrowers under the SBA’s Covid-19 Economic Injury Disaster Loan programs.
On July 12, the U.S. Treasury Department released a notice seeking public comment regarding potential opportunities and risks presented by digital assets. According to the announcement, Treasury is requesting input that will inform its work in carrying out its mandate under Executive Order 14067, Ensuring Responsible Development of Digital Assets, which directs Treasury, in consultation with the Secretary of Labor and other relevant agencies, to report to President Biden on the implications of development and adoption of digital assets and changes in financial market and payment infrastructures. The notice also seeks feedback from the public on potential risks associated with digital asset markets and how digital assets may benefit or pose risk to vulnerable populations. Comments must be received by August 8.
On June 13, the White House announced that the U.S. and UK governments are developing privacy-enhancing technology prize challenges to help address cross-border money laundering. The White House highlighted that the estimated $2 trillion of cross-border money laundering which happens annually could be better detected if improvements were made to information sharing and collaborative analytic efforts. However, research shows that this process “is hindered by the legal, technical and ethical challenges involved in jointly analyzing sensitive information,” the White House said. Privacy-enhancing technologies (PETs) could play a transformative role in addressing the global challenges of financial crime, the White House explained, noting that PETs can allow “machine learning models to be trained on high quality datasets collaboratively among organizations, without the data leaving safe environments.” Moreover, “[s]uch technologies have the potential to help facilitate privacy-preserving financial information sharing and analytics,” thus “allowing suspicious types of behavior to be identified without compromising the privacy of individuals, or requiring the transfer of data between institutions or across borders.”
Opening this summer, the challenges (developed between the White House Office of Science and Technology Policy, the U.S. National Institute of Standards and Technology, the U.S. National Science Foundation, the UK’s Center for Data Ethics and Innovation, and Innovate UK) will allow innovators to develop state-of-the-art privacy-preserving federated learning solutions to help combat barriers to the wider use of these technologies without the uncertainty of potential regulatory implications. Innovators will engage with the U.K.’s Financial Conduct Authority and Information Commissioner’s Office and the Financial Crimes Enforcement Network. Acting FinCEN Director Himamauli Das announced that the agency “is pleased to support this important initiative to advance the development of a building block for protecting the U.S. financial system from illicit finance.”