InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC announces 2024 examination priorities, excludes ESG
On October 16, the SEC’s Division of Examinations announced that its 2024 examination priorities will focus on key risk factors related to information security and operational resiliency, crypto assets and emerging financial technology, regulation systems compliance and integrity, and anti-money laundering. SEC registrants, including investment advisers, investment companies, broker dealers, self-regulatory organizations, clearing agencies, and other market participants are reminded of their obligations to address, manage, and mitigate these key risks. Notably, ESG was a “significant focus area[]” in 2022 (covered by InfoBytes here) and 2023, but it is not directly mentioned in the 2024 examination priorities.
According to the report, examiners plan to increase their engagement to support the evolving market and new regulatory requirements. Regarding information security and operational resiliency, examiners will focus on registrants’ procedures surrounding “internal controls, oversight of third-party vendors (where applicable), governance practices, and responses to cyber-related incidents, including those related to ransomware attacks.” Additionally, regarding crypto assets and emerging fintech, examiners will focus on registrants’ business practices involving compliance practices, risk disclosures, and operational resiliency practices. The SEC also mentioned in the “Crypto Assets and Emerging Financial Technology” section of the report that it will assess registrant preparations for the recently adopted rule for broker dealer transactions that shortens the standard settlement cycle to one business day (previously two days) after the trade, which has a compliance date of May 28, 2024. Among other things, the SEC will also focus on whether registrants’ regulation systems compliance and integrity are “reasonably designed” to ensure the security of its systems, including physical security of the systems housed in data centers.
SEC chair Gary Gensler said that the Division of Examinations plays an important role in “protecting investors and facilitating capital formation,” adding that the commission will focus on “enhancing trust” in the changing markets.
Fed governor speaks on responsible innovation in money and payments
On October 17, Federal Reserve Board Governor Michelle Bowman provided remarks on innovation in money and payments, including crypto assets, central bank digital currency (CBDC), and the development of instant payments, in which she laid out her vision for “responsible innovation,” which recognizes the important role of private-sector innovation and leverages the U.S. banking system supported by clear prudential supervision and regulation. With respect to CBDC, Bowman said that she has yet to see a compelling argument that CBDC could address frictions within the payment system, promote financial inclusion, or provide the public with access to safe central bank money any more effectively or efficiently than alternatives. She explained that, given that the U.S. has a safe and well-functioning banking system, the potential uses of a U.S. CBDC remain unclear and, at the same time, could introduce significant risks and tradeoffs. Bowman also expressed skepticism over stablecoins, stating that in practice they have been less secure, less stable, and less regulated than traditional forms of money. Finally, Bowman discussed technological innovations in wholesale payments, which are large-value, interbank transactions. Bowman said that the Fed is researching emerging technologies that could enable or be supported by future Fed-operated payment infrastructures, including depository institutions transacting with “tokenized” forms of digital central bank money. Bowman noted that banks and other eligible institutions already hold central bank money as digital balances at the Fed. She also stressed that wholesale payment infrastructures operated by the Fed “underpin domestic and international financial activities” by serving as a “foundation” for payments and the broader financial system. Because these wholesale systems function “safely and efficiently” today, it is necessary to investigate and understand the potential opportunities, risks, and tradeoffs for wholesale payment innovation to support a safe and efficient U.S. payment system.
Find continuing InfoBytes coverage on CBDCs here.
Chopra foreshadows expanding oversight over digital payments
On October 6, CFPB Director Rohit Chopra spoke at a digital payments event where he described the risks posed by private digital currencies and digital payments systems and provided steps that would increase the CFPB oversight so as to help protect consumers from these risks.
Chopra stated that from a consumer regulator’s perspective, it is important to safeguard against the risks of private currencies issued by nonbanks, which include the potential for sudden devaluation of the digital currency, intrusive data surveillance, censorship, private regulations that favor the issuer’s commercial interests, challenges with error resolution, and consumer fraud.
Further, Chopra shared what he believes are warranted steps to ensure that private digital dollars and payments systems do not harm consumers:
- The CFPB will issue supplemental orders to certain large technology platforms to acquire more data and information to better ascertain their business practices, especially with respect to the use of sensitive personal data and any issuance of private currencies.
- To reduce the harms of errors, hacks, and unauthorized transfers, the Bureau will explore providing additional guidance on the applicability of the Electronic Fund Transfer Act with respect to private digital dollars and other virtual currencies for consumer and retail use.
- The CFPB will use appropriate authorities to conduct supervisory examinations of nonbanks operating consumer payment platforms, including the authority over service providers to large depository institutions and the authority over large participants, which would subject nonbanks meeting a particular size threshold to CFPB supervision.
- The Bureau will publish a proposed rule regarding personal financial data rights pursuant to Section 1033 of the Consumer Financial Protection Act, which will seek to accelerate America’s shift to open, competitive, and decentralized banking, while also seeking to safeguard against misuse of personal financial data.
Additionally, Chopra stated the Financial Stability Oversight Council should consider exercising its authority under Title VIII of the Dodd-Frank Act to designate activity as, or as likely to become, a systemically important payment, clearing, or settlement activity so as to provide other agencies with critical oversight and tools to ensure that a stablecoin is actually stable.
OCC releases bank supervision operating plan for FY 2024
On September 28, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2024. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) asset and liability management; (ii) credit; (iii) allowances for credit losses; (iv) cybersecurity; (v) operations; (vi) digital ledger technology activities; (vii) change in management; (viii) payments; (ix) Bank Secrecy Act/AML compliance; (x) consumer compliance; (xi) Community Reinvestment Act; (xii) fair lending; and (xiii) climate-related financial risks.
Two of the top areas of focus are asset and liability management and credit risk. In its operating plan the OCC says that “Examiners should determine whether banks are managing interest rate and liquidity risks through use of effective asset and liability risk management policies and practices, including stress testing across a sufficient range of scenarios, sensitivity analyses of key model assumptions and liquidity sources, and appropriate contingency planning.” With respect to credit risk, the OCC says that “Examiners should evaluate banks’ stress testing of adverse economic scenarios and potential implications to capital” and “focus on concentrations risk management, including for vulnerable commercial real estate and other higher-risk portfolios, risk rating accuracy, portfolios of highest growth, and new products.”
The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
NYDFS updates criteria for virtual currency regulation
Adrienne Harris, Superintendent of the New York State Department of Financial Services (“DFS”) issued an update on the VOLT initiative, an ongoing project to enhance DFS’s role as a virtual currency regulator. Superintendent Harris published proposed guidance adopting enhanced criteria for procedures to list and de-list virtual currencies as well as updated guidance for designating virtual currencies to the DFS “Greenlist.”
The new General Framework for Greenlisted Coins sets (i) heightened risk assessment standards for coin-listing policies and enhances requirements for consumer-facing products; and (ii) new requirements associated with coin-delisting policies. Under the new guidance, a virtual currency entity that seeks to self-certify coins must create a coin-listing policy and may not self-certify any coins until such possibly has a written approval from DFS. A coin-listing policy must contain and be based on a robust governance structure; comprehensive risk assessment; consideration of factors to identify and mitigate risks involved in each coin and its uses; and policies and procedures to conduct continued monitoring of the coin to ensure consistent safety and soundness compliance.
The new framework does not require prior approval from the DFS to list coins included on the Greenlist, but does require virtual currency entities that choose to list such coins to (i) provide advance notification to DFS and (ii) have a DFS-approved coin-delisting policy.
FDIC’s CRA evaluation rates fintech bank “needs to improve” for alleged FTC Act violations
On September 5, the FDIC released the list of nonmember banks examined for compliance with the Community Reinvestment Act (CRA), which is intended to “encourage insured banks and thrifts to meet local credit needs.” Included in the list was a fintech bank that the FDIC rated as “Needs to Improve” for reasons involving its overall record of helping meet the credit needs of underserved communities. According to the FDIC’s CRA performance evaluation of the Utah-based bank, the FDIC adjusted the CRA rating from “Satisfactory” to “Needs to Improve” due to illegal credit practices that resulted in violations of Section 5 of the FTC Act, Unfair or Deceptive Acts or Practices that were present during the time of the evaluation period. The FDIC found that the bank’s actions impacted a significant number of customers across the bank’s fuel card programs, and that the practices were sustained for multiple years. The FDIC also noted that, after the bank was notified of the violations, it implemented corrective measures, including customer restitution.
D.C. Circuit overturns SEC rejection of an investment company’s Bitcoin ETF
On August 29, the D.C. Circuit overturned the SEC’s denial of a company’s application to convert its bitcoin trust into an exchange-traded fund (ETF). In October 2021, the company applied to convert its bitcoin trust to an ETF pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 (Exchange Act) and Rule 19b-4 thereunder, a proposed rule change to list and trade shares. In June 2022, the SEC denied the company’s application on the basis that the burden under the Exchange Act and the SEC’s Rules of Practice, which requires among other things, that the rules of national securities exchange be “designed to prevent fraudulent and manipulative acts and practices” and “to protect investors and the public interest.”
The company promptly appealed, alleging that the SEC “acted arbitrarily and capriciously by denying the listing of [the company]’s proposed bitcoin ET[F] and approving the listing of materially similar bitcoin futures ET[F]s”. The three-judge panel held that the SEC “failed to provide the necessary “reasonable and coherent explanation” for its inconsistent treatment of similar products” and “in the absence of a coherent explanation, this unlike regulatory treatment of like products is unlawful.”
This decision does not mean that the SEC must approve the company’s application. However, the SEC must review the application again.
SEC conducts its first-ever NFT enforcement again
On August 28, the SEC entered an order against a Los Angeles-based media and entertainment company charging them with conducting an unregistered offering of crypto asset securities in the form of non-fungible tokens (NFTs). According to the order, the company offered and sold different tiers of NFTs to hundreds of investors between October and December of 2021, and ultimately raised approximately $30 million from the sales. The SEC alleged that the company encouraged potential investors to purchase the unregistered NFTs in return for an investment in the business, promising “tremendous value” to the purchasers if the company was successful in its attempts to “build the next Disney” and launch other creative projects. The order found that the NFTs were ultimately investment contracts and therefore securities, and that the company subsequently violated federal securities laws by offering and selling crypto assets in an unregistered securities offering that was not otherwise exempt from registration requirements.
The SEC noted that all securities, in whatever form, are required to be registered and that when companies fail to register securities, “investors of all types are deprived of the protections afforded them by the robust disclosures and other safeguards long provided by our securities laws.” The company did not admit or deny the findings set forth in the order but agreed to cease-and-desist from violating registration provisions of the 1933 Act and pay a combined penalty of over $6.1 million in fees. The order also establishes a “Fair Fund” to return money to investors who paid to purchase NFTs.
On the same day, the SEC released a statement from Republican commissioners, Hester M. Peirce and Mark T. Uyeda, underscoring the significance of the commission’s first NFT enforcement action. “People are experimenting with a lot of different uses of NFTs,” said the commissioners in their partial dissents. “Consequently, any attempt to use this enforcement action as precedent is fraught with difficulty.” The commissioners further criticized the SEC’s failure to provide guidance on NFTs when they first started proliferating and raised several questions.
SEC charges fintech investment adviser for misleading advertising
On August 21, the SEC announced charges against a New York-based fintech investment adviser for using hypothetical performance metrics in misleading advertisements, compliance failures that led to misleading disclosures, and failure to adopt policies concerning crypto asset trading by employees, among other things. These charges mark the first violation of the SEC’s amended marketing rule.
According to the order, the fintech investment adviser made misleading statements on its website by failing to include material information, and without having adopted and implemented required policies and procedures under the SEC’s marketing rule. The SEC also found that the company made conflicting disclosures regarding crypto assets custody and failed to adopt policies related to employee personal trading in crypto assets.
The company consented to the order finding that it violated the Advisers Act and without admitting or denying the SEC’s findings, entered into a cease-and-desist order, a censure, and agreed to pay $192,454 in disgorgement, prejudgment interest and an $850,000 civil penalty that will be distributed to affected clients.
District Court splits order against crypto platform
On August 11, a split U.S District Court of the Southern District of New York partially granted and partially denied a crypto platform’s (defendant) motion to dismiss most charges for failure to state a claim upon which relief can be granted. Four months after plaintiff opened an account with defendant, a hacker siphoned approximately $5 million worth of Bitcoin from the account. Between the time the hacker accessed the account and withdrew the Bitcoin, plaintiff contacted the platform about being locked out of the account, to which defendant responded that the password change email could be in plaintiff’s spam folder. The complaint alleged that had the company locked the account, plaintiff would still have access to their Bitcoin, and that the platform has a duty to protect its customers’ assets and accounts. Among other things, the complaint also alleged that the platform violated the Electronic Fund Transfer Act (EFTA), the New York General Business Law, and the Michigan Consumer Protection Act.
In its motion to dismiss, defendant argued that Regulation E does not apply to the platform because the EFTA language does not explicitly cover cryptocurrency and only references denominations of the U.S. dollar. Although a separate case against the same defendant determined EFTA did apply to the platform since the statute’s “funds” reference could reasonably cover cryptocurrency (covered by InfoBytes here), the judge’s order focused on, “electronic fund transfer”. The court more closely considered the purpose of the account, expressing uncertainty as to whether it was for personal, family, or household purposes. The court found that the definition of an “account” under EFTA does not include plaintiff’s electronic fund transfer account which was established for investment purposes. In the previous case against the same defendant, the court held that the defendant deceived the users regarding its security measures, but the judge presiding over this case disagreed. The court cut the claims of misrepresentation finding that plaintiff failed to allege that the statements were false at the time they were made. The order denies two claims: (i) that the defendant misrepresented its security level; and (ii) that the defendant failed to meet EFTA requirements and its implementing Regulation E, because investment purposes accounts are precluded from the statute’s protections. The court granted the other four counts.