Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • GAO urges Fed to address outstanding recommendations

    Agency Rule-Making & Guidance

    On June 3, GAO released a letter addressed to Fed Chair, Jerome Powell, to provide an update on the Fed's implementation of past GAO recommendations. As of May, GAO noted 13 open recommendations under the Fed. The Fed recently implemented two of the GAO’s four 2023 priority recommendations: one on stress test capital ratio estimates, and the other pertaining to risk tolerance articulation. GAO did not add any new priority recommendations for the Fed, but instead emphasized the importance of addressing the remaining two items: one related to blockchain technology and the other on financial technology.

    Regarding the blockchain recommendation, GAO urged the Fed to work with other regulators to create a formal mechanism for identifying risks associated with this technology. GAO observed that the Fed had stated in April that it would participate in the Digital Asset Working Group to work with other agencies to address blockchain risks, but GAO recommended that the working group must include a “planning process for identifying and addressing” blockchain risks. Regarding the fintech partnerships recommendation, and in coordination with other federal financial regulators, GAO recommended clear communication on the appropriate use of alternative data in the underwriting process since fintech lenders “may analyze large amounts of alternative data on borrower characteristics … when determining borrowers’ creditworthiness.”

    GAO’s letter also emphasized the importance of Congressional oversight to implement recommendations, suggesting strategies such as legislative incorporation and oversight hearings.

    Agency Rule-Making & Guidance Federal Issues Federal Reserve Congress Blockchain Fintech

  • FSB’s Liang speaks on AI in finance


    On June 4, the U.S. Under Secretary for Domestic Finance, Nellie Liang, delivered a speech at the OECD-FSB Roundtable on Artificial Intelligence (AI) in Paris. Liang noted that while AI has been around for many years, the recent advances of generative AI will be evolving and will have the potential to transform the financial sector even more. The latest advancements in AI models can process vast amounts of data, generate content, and automate decision-making, welcoming new opportunities and challenges for financial institutions and regulators. The biggest takeaway was that AI holds transformative potential for the financial sector by enhancing efficiency and innovation, yet it also posed challenges such as model risk and privacy issues, necessitating vigilant evolution of regulatory frameworks to ensure safety and fairness.

    On AI uses, Liang highlighted that financial institutions have explored AI applications to reduce costs, increase productivity, and develop new products. For instance, AI can be used to automate back-office functions, enhance customer service through chatbots, and inform trading strategies. AI’s expertise will be its abilities to process large volumes and types of information that would be otherwise impractical or impossible to analyze. Concerning risks, Liang pinpointed model risk as a prime issue, contending that robust data governance and careful design can counteract potential pitfalls. AI may also introduce or amplify interconnections among financial firms, leading to potential financial stability risks. Furthermore, Liang focused on the increased use of AI in financial services and the concerns it raised about data privacy, surveillance, and potential biases in AI-driven decision-making.

    Liang noted how addressing these AI risks through existing regulatory frameworks, such as principles of model risk management, third-party risk management, and consumer protection laws would be possible. However, she noted, regulators need to assess whether AI will introduce new risks that require adjustments to the regulatory framework. Additionally, policymakers will be exploring the use of AI for identifying data anomalies, countering illicit finance and fraud, and improving fraud detection through comprehensive databases. 

    Fintech Artificial Intelligence Department of Treasury Risk Management Big Data

  • Colorado extends its money transmitter regulations

    State Issues

    On June 3, Colorado enacted HB 1328, (the “Act”), which will extend the state’s regulation of money transmitters until September 2030. The law had previously been scheduled to sunset on September 1. The Act will implement the recommendations of the Department of Regulatory Agencies, as specified in the Department's sunset review of the regulation of money transmitters. Specifically, the Act will (i) authorize the State Banking Board to suspend a money transmitter’s license and issue cease and desist orders; (ii) expand the requirement to furnish surety bond coverage to include all money transmission, rather than any exchange; (iii) increase the maximum penalty for failure to allow an examination from $100 to $1,000 per day the refusal continues and for failure to report up to $750 per day; and (iv) expand the licensing exemption to cover out-of-state banks. The Act will go into effect 90 days following the adjournment of the General Assembly, assuming a referendum petition will not be filed. 

    State Issues State Legislation Colorado Money Service / Money Transmitters Licensing Fintech Enforcement

  • CFTC subcommittee issues report on responsible AI use


    On May 2, a CFTC subcommittee on Emerging and Evolving Technologies issued a report on the responsible use of artificial intelligence (AI) by exchanges, clearinghouses, futures commission merchants, brokers, and data repositories, among others, interested in using AI in financial markets. The report examined AI use cases in financial services, reviewed the risks of AI for CFTC-registered entities, and set out five recommendations for the CFTC: (1) the CFTC should host a public roundtable discussion with industry leaders; (2) the CFTC should define and adopt an AI risk management framework to assess consumer harms and benefits of AI use by CFTC-registered entities; (3) the CFTC should create an inventory of existing AI regulations and identify gaps where staff guidance or rulemaking would be needed; (4) the CFTC should establish a process to align its policies with other federal agencies; and (5) the CFTC should increase staff participation in domestic and international dialogues around AI.

    Fintech Artificial Intelligence Department of Treasury Governance Anti-Money Laundering

  • GAO calls for the FDIC to address outstanding recommendations

    On April 30, GAO sent a letter to the FDIC on its outstanding recommendations, emphasizing the importance of two priority recommendations, which pertained to blockchain technology and fintech. Regarding blockchain technology, the letter stressed the need for the FDIC and other financial regulators to establish a formal mechanism to identify and address blockchain-related risks. Despite the regulator's coordination, the response to crypto-asset risks had been criticized as untimely. With respect to fintech, this recommendation would have the FDIC and relevant agencies clarify the appropriate use of alternative data in loan underwriting for banks that partner with fintech lenders. The letter also called for the FDIC's attention to additional high-risk areas, including IT management, human capital, federal real property, cybersecurity, and the personnel security clearance process.

    Bank Regulatory Federal Issues GAO FDIC Bank Supervision Congress Fintech Blockchain

  • CFPB finalizes rule to change its supervision designation procedures for nonbanks

    Agency Rule-Making & Guidance

    On April 16, the CFPB issued a procedural rule to change how the Bureau will designate nonbanks for supervision. Under the CFPA, the CFPB was authorized to supervise a nonbank covered person if the Bureau had reasonable cause to determine if the nonbank covered person was engaged in financial services-related conduct that posed a risk to consumers. In 2013, the CFPB issued a rule providing procedures to govern supervisory designation proceedings under this authority; in 2022, the CFPB published a final rule amending the procedural rule to allow it to publicize its resolution of any contested designation proceeding (covered by InfoBytes here). In late February 2024, the CFPB transitioned to a new organizational structure for its supervision and enforcement work, and this rule will reflect the technical changes of the new structure in the context of supervisory designation proceedings.

    According to the Bureau, there were small differences between two separate provisions under the 2013 rule that allowed nonbanks to consent to the CFPB’s exercise of supervisory authority. The new procedural rule will combine these provisions and clarify a few points of distinction from the two original provisions, including (i) a consent agreement does not constitute an admission; and (ii) supervision durations following consent agreements can be negotiated on a case-by-case basis, instead of applying a default duration of two years.

    Regarding the Supervision Director’s notice of reasonable cause, the rule will expand the possible methods of delivery to include other methods that are “reasonably calculated to give notice.” Additionally, the rule states that the initiating official may withdraw a notice, and that they may file a written reply to the notice recipient’s response, neither of which was not contemplated under the previous rule. The Bureau said these changes could allow for more transparency in the decision-making process.

    Concerning a supplemental oral response, the Bureau noted under the previous rule, a respondent nonbank entity presented supplemental oral responses to the Associate Director for Supervision, Enforcement, and Lending. In light of the elimination of the Associate Director position pursuant to a recent reorganization that split the Division of Supervision, Enforcement, and Fair Lending into a Division of Enforcement and a Division of Supervision, the rule provided that the Director of the Bureau will assume the Associate Director’s adjudicative roles and supervision-related functions. Therefore, the Director will be responsible for issuing a decision and order subjecting an entity to the Bureau’s supervision or terminating a proceeding.

    The rule further stipulated that (i) an additional time limit for mail and delivery services are no longer warranted, since email would be “generally instantaneous”; (ii) there will be a 13,000-word limit for the proceeding filings; (iii) any changes to time or word limits can be decided between the initiating official and the respondent with a notice to the Director and will be subject to change by the Director.

    Regarding the confidentiality of proceedings, the rule maintained a process for the CFPB to decide whether to publicly release final decisions and orders, including orders entered as a result of respondent failing to file a response and therefore defaulting. The Bureau did note, however, consent agreements entered into between the initiating official and the respondent will not be subject to public release under the rule.

    The rule also established an issue exhaustion requirement, requiring respondents to raise arguments they have in their written response to the Bureau to avoid waiving the argument in future proceedings. The Bureau will invite public comments which must be submitted 30 days after publication in the Federal Register, although the rule will be exempt from the notice-and-comment rulemaking requirements under the APA as a rule of agency organization, procedure, or practice. The rule will be effective upon publication to the Federal Register, and it will apply to proceedings pending on the effective date, unless the Director determined that it will be “not practicable.”

    Agency Rule-Making & Guidance Federal Issues CFPB Consumer Finance Nonbank Fintech Nonbank Supervision

  • Nacha’s new rules intends to reduce business fraud that uses credit-push payments


    On March 18, Nacha announced rule amendments intended to reduce the incidence of frauds that leverage credit-push payments, such as vendor impersonation and business email compromise (BEC). While, importantly, the rules will not shift liability for ACH payments as between the parties, they will establish obligations on originating financial institutions (ODFIs) and receiving depository financial institutions (RDFIs) to monitor the sending and receipt of payments for potential fraud, and they will empower the same to flag potentially fraudulent payments for action. Specifically, the rule amendments will allow “the originating financial institution (ODFI) to request the return of the payment for any reason, the RDFI to delay funds availability (within the limits of Regulation CC) to examine the payment more closely, and the RDFI to return a suspicious transaction on its own initiative without waiting for a request or a customer claim.” 

    As part of the amendment announcement, NACHA cited the FBI’s Internet Crime Complaint Center’s 2023 annual report, noting that BEC, vendor impersonation, and payroll impersonation are examples of fraudulent activities “that result in payments being ‘pushed’ from a payer’s account to the account of a fraudster,” and that there were 21,489 BEC complaints totaling $2.9 billion in reported losses in 2023, making BEC the second-costliest cybercrime category.

    The first set of rule amendments are effective October 1, which, among other things, allow an RDFI to use return code R17 for potential fraud, including for “false pretenses,” and an ODFI to request a return from an RDFI for any reason, including fraud. The first set of amendments also provided RDFIs “with an additional exemption from the funds availability requirements to include credit entries that the RDFI suspects are originated under false pretenses,” subject to Regulation CC. Finally, the RDFI will be required to promptly return any unauthorized consumer debit by the 6th banking day after it reviewed a consumer’s signed Written Statement of Unauthorized Debit. 

    The first set of rule amendments will be followed by subsequent (phase 1 and phase 2) amendments. The phase 1 amendments, effective March 20, 2026, will, among other things, require ODFIs, and non-consumer originators, third party providers, and third party senders with an annual ACH origination volume of six million or more to implement or enhance appropriate risk-based process and procedures to identify fraudulent transfers. Under phase 1, NACHA will also require RDFIs with ACH receipt volumes of 10 million or more to establish risk-based processes and procedures to identify fraudulent activity. The second phase, effective June 19, 2026, will require fraud risk monitoring for the remaining non-consumer originators, third party providers, and third-party senders.

    Fintech NACHA ACH Fraud

  • CFPB, federal and state agencies to enhance tech capabilities

    Federal Issues

    On March 26, the CFPB announced as a part of a coordinated statement with other federal and state agencies, the intent to enhance its technological capabilities. As part of this initiative, the CFPB will be hiring more technologists to help enforce laws and find remedies for consumers, workers, small businesses, etc. These technologists will join interdisciplinary teams within the CFPB to monitor and address potential violations of consumer rights within the evolving tech landscape, particularly considering the growing attention to generative artificial intelligence (AI). The CFPB's technologists will be tasked with identifying new technological developments, recognizing potential risks, enforcing laws, and developing effective remedies. CFPB Director Rohit Chopra emphasized the essential role of technology in the Bureau’s efforts to regulate data misuse, AI issues, and big tech involvement in financial services. Chopra and Chief Technologist Erie Meyer remarked that the CFPB has integrated technologists into its core functions, with these experts now actively involved in supervisory examinations, enforcement actions, and other regulatory proceedings. They also note that the CFPB has researched how emerging technologies, such as generative AI and near-field communication, are used in consumer finance. To foster a competitive and “law-abiding” marketplace, Chopra and Meyer also note that the CFPB will continue to issue policy guidance to assist firms with understanding legal obligations. 

    Federal Issues CFPB FCC FTC Fintech Consumer Protection

  • Department of Energy discontinues crypto mining survey following a settlement agreement


    On March 1, a cryptocurrency company (plaintiff) and the U.S. Department of Energy submitted a settlement agreement to the U.S. District Court for the Western District of Texas to discontinue an emergency crypto mining survey once approved by the Office of Management and Budget.

    According to the settlement agreement, the Department of Energy initiated an emergency three-year collection of a Cryptocurrency Mining Facilities Survey in January, which the plaintiff claimed did not comply with various statutory and regulatory requirements for the emergency collection of information. Following the court’s approval of the plaintiff’s temporary restraining order, which protected plaintiffs from completing the survey issued by the Department of Energy and protected any information they may have already submitted, the Department of Energy discontinued its emergency collection, and said it will proceed through notice-and-comment procedures for approval of any collection of information covering such data. As a result of the discontinuation of the emergency collection request, no entity or person is required to respond to the survey.

    As part of the settlement agreement, the Department of Energy will destroy any information it had already received from survey responses. In addition to a $2,199.45 payment for the plaintiffs’ litigation expenses, the Department of Energy also agreed to publish a new Federal Register notice of a proposed collection of information and withdraw its original notice. 

    Fintech Department of Energy Cryptocurrency Digital Assets Settlement Courts Bitcoin

  • U.S. Attorney General taps professor to lead new technology-focused roles


    On February 22, the U.S. Attorney General, Merrick B. Garland, announced that he tapped Jonathan Mayer to head the DOJ’s first Chief Science and Technology Advisory and Chief Artificial Intelligence (AI) Officer roles. The roles are housed in the DOJ’s Office of Legal Policy which is developing a team of technical and policy experts in technology-related areas important to the Department’s responsibilities. These topics include cybersecurity and AI with the aim to advise leadership and collaborate with other components across the Department and with federal partners on cutting-edge technological issues. As the first Chief Science and Technology Advisor, Mayer will contribute technical expertise on cybersecurity, AI, and emergent technology matters.

    The Chief AI Officer role was created pursuant to a presidential executive order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. In this role, Mayer will work on intra-departmental and cross-agency efforts on AI and adjacent issues, and he will also lead the Justice Department’s newly established Emerging Technology Board, which coordinates and governs AI and other emerging technologies across the Department.

    Mayer has a PhD in computer science from Stanford University and a J.D. from Stanford Law School. Mayer is an assistant professor at Princeton University’s Department of Computer Science and School of Public and International Affairs where his research is focused on the intersection of technology, policy, and law with an emphasis in criminal procedure, national security, and consumer protection.

    Fintech Department of Justice Artificial Intelligence


Upcoming Events