InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FHFA releases AI/ML risk management guidance for GSEs
On February 10, FHFA released Advisory Bulletin (AB) 2022-02 to Fannie Mae and Freddie Mac (GSEs) on managing risks related to the use of artificial intelligence and machine learning (AI/ML). Recognizing that while the use of AI/ML has rapidly grown among financial institutions to support a wide range of functions, including customer engagement, risk analysis, credit decision-making, fraud detection, and information security, FHFA warned that AI/ML may also expose a financial institution to heightened compliance, financial, operational, and model risk. In releasing AB 2022-02 (the first publicly released guidance by a U.S. financial regulator that specifically focuses on AI/ML risk management), FHFA advised that the GSEs should adopt a risk-based, flexible approach to AI/ML risk management that should also be able “to accommodate changes in the adoption, development, implementation, and use of AI/ML.” Diversity and inclusion (D&I) should also factor into the GSEs’ AI/ML processes, stated a letter released the same day from FHFA’s Office of Minority and Women Inclusion, which outlined its expectations for the GSEs “to embed D&I considerations throughout all uses of AI/ML” and “address explicit and implicit biases to ensure equity in AI/ML recommendations.” The letter also emphasized the distinction between D&I and fairness and equity, explaining that D&I “requires additional deliberation because it goes beyond the equity considerations of the impact of the use of AI/ML and requires an assessment of the tools, mechanisms, and applications that may be used in the development of the systems and processes that incorporate AI/ML.”
Additionally, AB 2022-02 outlined four areas of heightened risk in the use of AI/ML: (i) model risk related to bias that may lead to discriminatory or unfair outcomes (includes “black box risk” where a “lack of interpretability, explainability, and transparency” may exist); (ii) data risk, including concerns related to the accuracy and quality of datasets, bias in data selection, security of data from manipulation, and unfamiliar data sources; (iii) operational risks related to information security and IT infrastructure, among other things; and (iv) regulatory and compliance risks concerning compliance with consumer protection, fair lending, and privacy laws. FHFA provided several key control considerations and encouraged the GSEs to strengthen their existing risk management frameworks where heightened risks are present due to the use of AI/ML.
Chopra highlights consumer protection topics
On February 10, CFPB Director Rohit Chopra answered questions during a Washington Post Live session on several consumer protection topics. Citing auto lending as a top concern for the Bureau, Chopra noted that it is important for consumers to be able to shop around, refinance loans, and navigate a competitive market. He also discussed recent Bureau initiatives related to junk fees and overdraft/insufficient funds fees, and said the Bureau intends to sharpen its supervisory scrutiny in these spaces. Chopra stated that, as part of a fair and competitive market consumers want to know when they are being charged these fees, noting that financial institutions have started to transition away from dependency on these types of fees and instead implement programs that will allow a bank to determine what shortfall they will allow on an individual consumer basis. He added that the Bureau may eventually see if rulemaking will increase competition and upfront pricing.
Chopra also discussed the role agencies play in the future regulation of cryptocurrency. He noted that while most of the cryptocurrency market is currently related to speculative trading, this could change if one of the big tech payment platforms decides to expand its services to cryptocurrency. Chopra highlighted several concerns, including how payment data from these systems will be used, how money will be transacted, and how consumers will report fraud. He stated that the Bureau is closely monitoring this space and any regulation will be an interagency effort. While Chopra also discussed the need for transparency with respect to how big tech companies are tracking, monetizing, and harvesting consumer data, he stated it is too early to tell whether there is a need for rulemaking in this area. Chopra also discussed topics related to the buy-now-pay-later industry and student lending, and stated that the Bureau is monitoring both areas carefully.
McWilliams discusses her tenure at FDIC
On February 3, outgoing-FDIC Chairman Jelena McWilliams spoke at the Bipartisan Policy Center on both her tenure and technology’s role in facilitating a more inclusive financial system. In reflecting upon her time as Chairman, McWilliams opined that the “story of how financial regulators, central banks, and the global financial system responded to the pandemic is one of great success. Only three banks failed since the start of the pandemic, and none due to the pandemic itself.” She also pointed out that during the Covid-19 pandemic, the FDIC prioritized “improving supervision and resolution planning” and “the importance of strong capital levels,” particularly for large banks. McWilliams listed some of her accomplishments as Chairman, including “implement[ing] a recordkeeping rule,” “simplify[ng] the deposit insurance rules for trust accounts,” and “enhancing the FDIC’s readiness if it is ever called upon to resolve non-bank firms, such as central counterparties.” Central counterparties, McWilliams explained, play a critical role in the financial system as their clearing services are central to U.S. financial markets. McWilliams discussed the ways in which the FDIC enhanced competition, fostered innovation, and “supported third-party partnerships,” extolling these virtues as “the guiding principles of my chairmanship that helped forge the most vibrant financial market in the world.”
McWilliams also stated that a “key aspect of our pro-competition agenda” was to “moderniz[e] a broad range of our rules while maintaining our core safety and soundness focus.” In connection with “crypto assets,” McWilliams opined that her personal “view is that generally bank-issued stablecoins closely resemble digital representations of deposits.” She urged the FDIC to “to build off the work we have done and provide clarity to the public as soon as practicable, which could include promulgating amendments to the deposit insurance rules.” McWilliams said that she hopes regulators will be more welcoming of the “endless possibilities” that digital assets and blockchain technology have in enhancing the efficiency of payments.
OCC hosts virtual Innovation Hours
On February 3, the OCC announced it will host virtual Innovation Office Hours on March 16 through 17, to promote responsible innovation in the federal banking system. As previously covered by InfoBytes, the OCC established the Office of Innovation in 2016 to implement certain aspects of the OCC’s responsible innovation framework, including, among other things: (i) creating an outreach and technical assistance program; (ii) conducting awareness and training activities for OCC staff, such as implementing an internal web page that provides OCC staff a ‘one-stop-shop’ to access information on industry trends and innovative products, services, and processes; and (iii) encouraging coordination and facilitation among the regulatory community and industry stakeholders. According to the OCC’s recent announcement, office hours are one-on-one meetings with representatives from the OCC Office of Innovation to discuss fintech, new products or services, partnering with a bank or fintech company, or other matters. Each meeting will last no longer than one hour. Interested parties should request a virtual office hours session by February 18.
DFPI addresses several MTA licensing exemptions
Recently, the California Department of Financial Protection and Innovation (DFPI) released two new opinion letters covering aspects of the California Money Transmission Act (MTA) related to the purchase and sale of digital assets and agent of payee rules. Highlights from the redacted letters include:
- Purchase and Sale of Digital Assets; Payment Processing Services. The redacted opinion letter examines whether the inquiring company’s client is required to be licensed under the MTA. The letter describes two types of transactions proposed to be conducted on the client’s online trading platform: (i) transactions in which customers purchase and sell digital assets from the company in exchange for fiat currency (Direct Purchase Transactions); and (ii) transactions in which merchants use the platform as a payment processor to accept digital assets from customers in exchange for non-fungible tokens (Payment Processing Transactions). DFPI concluded that the Direct Purchase Transactions do not require an MTA license because they do not “involve the sale or issuance of a payment instrument, the sale or issuance of stored value, or receiving money for transmission.” DFPI similarly concluded that the Payment Processing Transactions do not require licensure at this time because DFPI has “not yet determined that payment processing transactions involving digital assets constitute receiving money for transmission[.]” Notwithstanding, DFPI added that it has been “studying the cryptocurrency industry closely” and that “[a]t any time, the Department may determine these activities are subject to regulatory supervision. The Department may also adopt regulations or issue interpretive opinions that significantly restrict [the contemplated] business operations.”
- Agent of Payee. The redacted opinion letter addresses whether the inquiring company’s proposed payment processing activities are exempt from the MTA’s licensing requirements. The letter explains that the company proposes to process payments related to purchases of apps through a virtual marketplace that operates on the company’s point of sale terminals. Through the virtual marketplace, customers (generally small businesses or merchants) may purchase apps that are developed and licensed to customers by third-party developers. Pursuant to a developer agreement, the company is appointed by such third-party developers to act as an “agent” of the developers “to collect and hold all Gross Revenue on [the developers’] behalf and to remit the Remittance Amount to [the developers’] Payment Account.” DFPI concluded that receiving funds from a customer for the purposes of transmitting payments to the developer “constitutes ‘receiving money for transmission.’” However, DFPI noted that these activities also satisfy the “agent of payee” exemption requirements because, pursuant to the developer agreement, the company acts as an agent of the developer, and the company’s receipt of payment satisfies “the customer’s (payor’s) obligation to the Developer for goods or services.” Accordingly, DFPI concluded that while the activities described constitute “money transmission” the company is exempt from the MTA’s licensure requirement.
DFPI reminded the companies that its determinations are limited to the presented facts and circumstances and that any change could lead to different conclusions.
Fed examines ramifications of U.S. central bank digital currency
On January 20, the Federal Reserve Board published a discussion paper, Money and Payments: The U.S. Dollar in the Age of Digital Transformation, which calls for public comments on questions related to the possibility of a U.S. central bank digital currency, or CBDC. “The introduction of a CBDC would represent a highly significant innovation in American money,” the Fed said, although the agency noted that it “does not intend to proceed with issuance of a CBDC without clear support from the executive branch and from Congress, ideally in the form of a specific authorizing law.” The paper examines the pros and cons of a potential CBDC and outlines a series of potential benefits, including faster payment options between countries. Among the various CBDC structures the Fed is considering is an intermediated model through which the private sector would facilitate the management of CBDC holdings and payments through accounts or digital wallets. Potential intermediaries could include commercial banks and regulated nonbank financial service providers. Such a model “would facilitate the use of the private sector’s existing privacy and identity-management frameworks; leverage the private sector’s ability to innovate; and reduce the prospects for destabilizing disruptions to the well-functioning U.S. financial system,” the Fed said. Additionally, a potential CBDC would also need to be readily transferable between customers of different intermediaries and must be designed to comply with rules regulating money laundering and the financing of terrorism (including the identification of persons accessing CBDC).
While a CBDC could improve cross-border payments and increase financial inclusion, the Fed warned that a CBDC may also yield potential negative effects, including affecting monetary policy implementation and interest rate control, as well as illicit finance controls and operational resilience. Consumer privacy could also be a concern, the Fed stated, noting that “any CBDC would need to strike an appropriate balance between safeguarding consumer privacy rights and affording the transparency necessary to deter criminal activity,” as the infrastructure of a CBDC could create opportunities for hackers since it would “potentially have more entry points than existing payment services.” The CBDC model under consideration would have intermediaries leverage exiting tools to address privacy concerns.
Feedback on the paper will be received through May 20.
FinCEN explores possibility of creating regulatory sandboxes
On January 13, the acting Director of FinCEN Him Das spoke at the Financial Crimes Enforcement Conference to discuss the transformation of the anti-money laundering/counter-terrorist financing regulatory regime as it relates to new threats, new innovations, and new partnerships. Das highlighted recent FinCEN rulemaking initiatives, including a proposed rule issued last December (covered by InfoBytes here) to implement the beneficial ownership information reporting provisions of the Corporate Transparency Act. In particular, the proposed rule would require many U.S. and foreign companies to report their true beneficial owners to FinCEN and update that information when those beneficial owners change. Das explained that FinCEN is examining how a proposed beneficial ownership database would interplay with the Customer Due Diligence Rule, and stated the agency will share more information in the coming months. Das also discussed an Advance Notice of Proposed Rulemaking (covered by InfoBytes here), which sought comments on potential requirements under the Bank Secrecy Act to address vulnerabilities in the U.S. real estate market to money laundering and other illicit activity.
With respect to new innovation, Das noted that while FinCEN is exploring the idea of creating regulatory sandboxes to test new methods of transaction monitoring using artificial intelligence, the agency needs feedback from institutions on the potential use and risks of the program. Das also discussed other potential innovative ideas, including, among other things, “new approaches to customer risk rating and institutional risk assessment, digital identity tools and utilities, and automating the adjudication and filing of [suspicious activity reports] related to certain types of activity.”
CSBS drops suit against OCC fintech charter after revised application
On January 13, the Conference of State Bank Supervisors (CSBS) announced that it has withdrawn its complaint challenging the OCC’s Special Purpose National Bank (SPNB) Charters and a financial services provider’s application for an OCC nonbank charter. CSBS filed a notice of voluntary dismissal without prejudice in the U.S. District Court for the District of Columbia asking the court to close the case. According to its press release, CSBS voluntarily took this action after the company, which had previously filed an application for an OCC SPNB charter, “amended its application to include seeking FDIC deposit insurance, thus complying with the legal requirement that national banks obtain federal deposit insurance before operating as a bank.”
As previously covered by InfoBytes, CSBS filed a complaint in December 2020, to oppose the OCC’s potential approval of the company’s SPNB charter application. CSBS argued that the company was applying for the OCC’s nonbank charter, which was invalidated by the U.S. District Court for the Southern District of New York in October 2019 (the court concluded that the OCC’s SPNB charter should be “set aside with respect to all fintech applicants seeking a national bank charter that do not accept deposits,” covered by InfoBytes here). At the time, CSBS argued that “by accepting and imminently approving” the company’s application, the “OCC has gone far beyond the limited chartering authority granted to it by Congress under the National Bank Act (NBA) and other federal banking laws,” as the company is not engaged in the “business of banking.” CSBS sought to, among other things, have the court declare the agency’s nonbank charter program unlawful and prohibit the approval of the company’s charter under the NBA without obtaining FDIC insurance.
OCC acting Comptroller of the Currency Michael J. Hsu issued a statement following the withdrawal of the legal challenge. “We must modernize the regulatory perimeter as a prerequisite to conducting business as usual with firms interested in novel activities. Modernizing the bank regulatory perimeter cannot be accomplished by simply defining the activities that constitute ‘doing banking,’ but will also require determining what is acceptable activity to be conducted in a bank. Consolidated supervision will help ensure risks do not build outside of the sight and reach of federal regulators.”
FDIC and FinCEN launch Tech Sprint to help digital identity proofing
On January 11, the FDIC’s technology lab, FDiTech, and FinCEN announced the launch of a Tech Sprint challenging participants “to develop solutions for financial institutions and regulators to help measure the effectiveness of digital identity proofing—the process used to collect, validate, and verify information about a person.” According to the Tech Sprint program, Measuring the Effectiveness of Digital Identity Proofing for Digital Financial Services, solutions developed from this Tech Sprint will inform future FDIC, FinCEN, and industry-led efforts, plans, and programs to: (i) increase efficiency and account security; (ii) decrease fraud and other forms of identity-related crime, money laundering and terrorist financing; and (iii) foster customer confidence in the digital banking environment. According to the agencies, digital identity proofing is “challenged by the proliferation of compromised personally identifiable information, the increasing use of synthetic identities, and the presence of multiple, varied approaches for identity proofing.” The FDIC and FinCEN will open registration in the coming weeks, and stakeholders interested in participating will have approximately two weeks to submit applications.
FSOC highlights potential risks in 2021 annual report
On December 17, the Financial Stability Oversight Council (FSOC) released its annual report highlighting significant financial market and regulatory developments, potential financial risks, and recommendations for promoting U.S. financial stability. The report focused on several recommendations that FSOC member agencies should take to mitigate systemic risk and ensure financial stability.
- Climate-related Financial Risk. FSOC advised financial regulators to “promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to take climate-related financial risks into account in their investment and lending decisions.” Taking these steps, FSOC noted, will enable financial regulators to promote resilience within the financial-sector and help support an orderly, economy-wide transition to net-zero emissions. FSOC also recognized the importance of incorporating climate-related risks into risk management practices and supervisory expectations for regulated entities. The same day, acting Comptroller of the Currency Michael J. Hsu issued a statement supporting FSOC’s new Climate-Related Financial Risk Committee, which was announced in October (covered by InfoBytes here). “The CFRC will play an important role in identifying priority areas for assessing and mitigating climate-related risks to the financial system, coordinating information sharing, aiding in the development of common approaches and standards, and facilitating communication across FSOC members and interested parties. Addressing climate-related risks to the financial system requires the collaboration of multiple parties and partnerships, using many strategies and mechanisms.”
- Digital Assets. FSOC recommended that federal and state regulators continue to examine financial risks posed by emerging uses of digital assets and coordinate efforts to address potential issues arising in this space. FSOC advised member agencies to consider the recommendations in the President’s Working Group on Financial Markets’ “Report on Stablecoins” (covered by InfoBytes here), which was published in coordination with the FDIC and the OCC.
- LIBOR Transition. FSOC commended the Alternative Reference Rates Committee’s efforts to facilitate an orderly transition from LIBOR to alternative reference rates, and advised member agencies to “determine whether regulatory relief is necessary to encourage market participants to address legacy LIBOR portfolios.” Additionally, member agencies should “continue to use their supervisory authority to understand the status of regulated entities’ transition from LIBOR, including their legacy LIBOR exposure and plans to address that exposure.”
- Cybersecurity. FSOC advised federal and state agencies to “continue to monitor cybersecurity risks and conduct cybersecurity examinations of financial institutions and financial infrastructures to ensure, among other things, robust and comprehensive cybersecurity monitoring, especially in light of new risks posed by the pandemic, ransomware incidents, and supply chain attacks.”
While noting that financial conditions have normalized since spring 2020, FSOC noted that “risks to U.S. financial stability today are elevated compared to before the pandemic” and that “the outlook for global growth is characterized by elevated uncertainty, with the potential for continued volatility and unevenness of growth across countries and sectors.”