Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 27, the Federal Reserve Board announced the final timeline and implementation details for the adoption of the International Organization for Standardization’s (ISO) 20022 message format for its Fedwire Funds Service—a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds. (See notice here.) The final details are “broadly similar” to the Fed’s proposal issued last October (covered by InfoBytes here). The Fed confirmed that ISO 20022 will be adopted on a single day as previously proposed instead of in three separate phases. Additionally, the Fed extended the implementation timeframe from a target date of November 2023 to March 10, 2025, based on comments received in response to the initial proposal. The Fed also provided information concerning its revised testing strategy and backout strategy, as well as other details concerning the implementation of the new message format.
On October 21, the OCC issued Bulletin 2021-49 announcing the revision of the Payment Systems booklet of the Comptroller’s Handbook. The booklet rescinds the Payment Systems and Funds Transfer Activities booklet of the Comptroller’s Handbook (March 1990); the Office of Thrift Supervision Examination Handbook section 580, the Payments Systems Risk (January 1994); banking Circular 235, International Payments Systems Risks (May 10, 1989); and OCC Bulletin 1996-48, Stored Value Card Systems: Information for Bankers and Examiners (September 3, 1996). Among other things, the revised booklet: (i) provides information on payment systems, types of payments, risks associated with payment systems, and associated risk management practices; (ii) highlights the requirements of 12 CFR 7.1026 on payment systems memberships; and (iii) includes expanded examination procedures and “supplemental procedures for deeper review of certain payment activities.”
On October 21, the CFPB issued orders to six large U.S. technology companies seeking information and data on their payment system business practices. The Bureau stated that the information is intended to help the Bureau understand how these companies use personal payments data and manage data access to users. The Bureau issued the orders citing its authority under the CFPA, Section 1022(c)(4), which grants the agency “statutory authority to order participants in the payments market to turn over information to help the Bureau monitor for risks to consumers and to publish aggregated findings that are in the public interest.” The Bureau’s press release also noted it intends to study the payment system practices of two major Chinese tech companies.
The Bureau made available an example order that contains 55 requests seeking various information and data on several topics, including: (i) “[d]ata harvesting and monetization”; (ii) “[a]ccess restrictions and user choice”; and (iii) documents and information related to payment platforms and compliance with federal consumer protection laws, such as the EFTA and the Gramm-Leach-Bliley Act. Citing consumer data and privacy expectations, the Bureau explained that “[c]onsumers expect certain assurances when dealing with companies that move their money. They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law.”
Director Rohit Chopra issued a statement commenting on the purpose of the orders. He noted that the Bureau’s inquiry “is one of many efforts within the Federal Reserve System to plan for the future of real-time payments” and that it “will help to inform regulators and policymakers about the future of our payments system.”
On October 4, the Federal Reserve Board announced that it will adopt the International Organization for Standardization’s (ISO) 20022 message format for its Fedwire Funds Service—a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds. This change will enable “enhanced efficiency of both domestic and cross-border payments, and a richer set of payment data that may help banks and other entities comply with sanctions and anti-money laundering requirements,” the Fed stated. Additionally, the Fed requested public comments on a revised plan (targeted for no earlier than November 2023) to implement the ISO 20022 message format on a single day rather than in three separate phases, as originally proposed. According to the Fed, the adoption of ISO 20022 is part of the agency’s initiative to enhance its payment services. Comments must be received 90 days after publication in the Federal Register.
On June 2, the Federal Reserve Board announced the approval of a final rule amending Regulation D, which eliminates “references to an interest on required reserves” rate and “to an interest on excess reserves” rate and replaces them with a reference to “a single interest on reserve balances” rate. The final rule also simplifies “the formula used to calculate the amount of interest paid on balances maintained by or on behalf of eligible institutions in master accounts at Federal Reserve Banks.” The final rule is effective July 29.
Earlier, on June 1, the Fed also issued a proposed rule, which would create a new, comprehensive set of rules for governing funds transfers over the FedNow Service. Specifically, the proposed rule would amend Regulation J by establishing a new subpart C to specify terms and conditions for the processing of funds transfers by Reserve Banks. It would also grant Reserve Banks the authority to issue operating circulars for the FedNow Service, and would include, among other things, a requirement that a beneficiary’s bank agree to “make funds available to the beneficiary immediately after it has accepted the payment order.” The Fed is also proposing changes and clarifications to subpart B, which governs the Fedwire Funds Services, “to reflect the fact that the Reserve Banks will be operating a second funds transfer service in addition to the Fedwire Funds Service.” As previously covered by InfoBytes, the Fed intends to implement the FedNow Service—a “round-the-clock real-time payment and settlement service”—through a phased approach with a target launch date sometime in 2023 or 2024. Comments on the proposed rule are due 60 days after publication in the Federal Register.
On May 28, the Federal Reserve Board issued a notice and request for comments on proposed changes to its Policy on Payments System Risk (PSR Policy) to expand access to collateralized intraday credit from Federal Reserve Banks (Reserve Banks) and clarify eligibility standards for accessing uncollateralized intraday credit from the Reserve Banks. Specifically, the Fed is proposing changes to part II of its PSR Policy, which was previously revised and implemented in 2011 to “improve intraday liquidity management and payment flows for the banking system while helping to mitigate the credit exposures of the Reserve Banks from daylight overdrafts.” The proposed changes would also align the Fed’s payments system risk and overnight overdraft policies with the deployment of the FedNow Service (covered by InfoBytes here) and the Fed’s 24x7x365 payment environment. Relatedly, the Fed noted it is also proposing to incorporate its policy on overnight overdrafts into the PSR Policy. Comments on the proposed changes are due 60 days after publication in the Federal Register.
On August 6, the Federal Reserve Board (Board) announced details of its new payment clearing system, the FedNow Service, which the Board plans to implement through a phased approach with a target launch date sometime in 2023 or 2024. As previously covered by InfoBytes, in August 2019, the Board issued a request for information on a “round-the-clock real-time payment and settlement service,” seeking feedback on how the service might be designed in order to support payment system stakeholders and the general functioning of the U.S. payment system. The Board notes that the newly released details are based on the input received from stakeholders. The Federal Register notice discusses the phased released approach, noting that the “approach will ensure the core features and functionality are delivered as quickly as possible,” even if “certain desirable features” are not available in the initial release. Highlights of the core features of the “24x7x365” FedNow Service include, among other things, (i) a payment flow where the receiver’s bank has an opportunity to confirm that it holds a valid account for the receiver and intends to accept the payment message, before interbank settlement occurs; (ii) the use of the “widely accepted ISO 20022 standard and adopt other industry best practices” for payment message format; (iii) a transaction limit that will be “consistent with market practices and needs at the time” of the launch of service; and (iv) a liquidity-management tool that will allow participants to transfer funds to each other to support the liquidity needs of instant payments. After the initial launch, the Board intends to offer additional features related to fraud prevention, error resolution and case management.
On February 5, Federal Reserve Governor Lael Brainard spoke at the “Symposium on the Future of Payments” to discuss benefits and risks associated with the digitalization of payments and currency. Noting that some of the new players in this space are outside financial regulatory guardrails and offer new currencies that “could pose challenges in areas such as illicit finance, privacy, financial stability, and monetary policy transmission,” Brainard stressed the importance of assessing new approaches and redrawing existing parameters. Emphasizing, however, that no federal agency has broad authority over the payments systems, Brainard stated that Congress should review how retail payments are regulated in the U.S., given the growth in ways that money is able to move around without the need for a financial intermediary. Banking agencies may oversee nonbank payments “to the extent there is a bank nexus” or bank affiliation, Brainard noted, however, she cautioned that “this oversight will be quite limited to the extent that nonbank players reduce or eliminate the nexus to banks, such as when technology firms develop payments services connected to digital wallets rather than bank accounts and rely on digital currencies rather than sovereign currencies as the means of exchange.” According to Brainard, “a review of the nation’s oversight framework for retail payment systems could be helpful to identify important gaps.”
Among other topics, Brainard stated that the Fed is currently reviewing nearly 200 comment letters concerning the proposed FedNow Service announced last summer, which would “facilitate end-to-end faster payment services, increase competition, and ensure equitable and ubiquitous access to banks of all sizes nationwide.” (Covered by InfoBytes here.) Brainard also discussed the possibility of creating a central bank digital currency (CBDC). While noting that the “prospect for rapid adoption of global stablecoin payment systems has intensified calls for central banks to issue digital currencies in order to maintain the sovereign currency as the anchor of the nation’s payment systems,” Brainard stressed the importance of taking into account private sector innovations and considering whether adding a new form of central bank liability would improve the payment system and reduce operational vulnerabilities from a safety and resilience perspective. She noted that the Fed is “conducting research and experimentation related to distributed ledger technologies and their potential use case for digital currencies, including the potential for a CBDC.”
In January, the Federal Reserve Bank of New York (New York Fed) released a staff report that analyzes how a cyber attack transmitted through a payment network could be amplified throughout the U.S. financial system. According to the report, Cyber Risk and the U.S. Financial System: a Pre-Mortem Analysis, cyber attacks that impair the most active U.S. banks’ ability to send payments “would likely be amplified to affect the liquidity of many other banks in the system,” including smaller or mid-sized banks that are connected through a shared service provider. The New York Fed notes, however, that the report’s primary focus is on a cyber attack’s impact within a single day, and cautions that should a cyber attack compromise the integrity of the banking system, “the reconciliation and repercussion process would be an unprecedented task.” Among other things, the report (i) establishes a framework for estimating “cyber vulnerability” and understanding the impairments of a cyber attack on a bank’s payment activities; (ii) creates a baseline scenario to study the five largest institutions within the wholesale payment network and the high concentration of payments between large institutions, as well as the resulting imbalance in liquidity that occurs if even a single large institution is unable to remit payments to its counterparties; and (iii) conducts a reverse stress test exercise, in which it analyzes “how many smaller institutions it would take to impair any of the most active ones,” in order to highlight “how the impairment of many smaller institutions also presents a systemic risk.”
Federal Reserve Board Member Recognizes Blockchain Technology's Potential; Warns of Associated Risks
On October 7, at the Institute of International Finance Annual Meeting Panel on Blockchain, Federal Reserve Board member Lael Brainard delivered a speech titled “Distributed Ledger Technology: Implications for Payments, Clearing, and Settlement.” Brainard acknowledged blockchain technology as possibly the “most significant development in many years in payments, clearing, and settlement” and outlined its potential “to transform the way financial market participants transfer, store, and maintain ownership records of digitized assets.” Brainard highlighted payment technology changes as a particular regulatory focus and emphasized the Federal Reserve’s “responsibilities for promoting the safety and efficiency of the payments and settlements systems; supervising financial institutions engaged in payments, clearing and settlement; and safeguarding financial stability.” The following potential benefits of blockchain technology are among those discussed in Brainard’s speech: (i) faster processing and reduced costs in cross-border payments and trade finance; (ii) transparency, reduced costs, and faster settlements within securities markets; and (iii) cryptography as a secure way of transmitting and storing data. Brainard cautioned that, notwithstanding the technology’s promise, certain risks associated with financial technological developments and innovation remain, particularly in the areas of settlement, operations, cybersecurity, money laundering, and terrorist financing. Brainard concluded by highlighting the Federal Reserve’s commitment to industry engagement as blockchain technology evolves, noting that stakeholders “will work together to foster socially beneficial innovation, while insisting that risks are thoroughly understood, managed, and controlled.”
- Kathryn L. Ryan and Jedd R. Bellman to discuss “Risk and compliance management: Are you covered?” at a Mortgage Bankers Association webinar
- Melissa Klimkiewicz and Daniel A. Bellovin to discuss “Things to know about flood insurance” at a NAFCU webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Max Bonici will moderate a panel on “Enforcement risk and other regulatory and compliance issues related to crypto and digital assets” at the American Bar Association’s 2022 Annual Meeting
- John R. Coleman to provide a “CFPB Update” at MBA’s 2022 Regulatory Compliance Conference
- Amanda R. Lawrence to discuss “The shifting data privacy and data protection landscape” at MBA’s 2022 Regulatory Compliance Conference
- Jeffrey P. Naimon to provide “An update on key fair lending cases and the CRA and UDAAP rules” at MBA’s 2022 Regulatory Compliance Conference
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar
- James C. Chou to discuss ransomware at NAFCU’s Regulatory Compliance & BSA seminar
- Elizabeth E. McGinn, Benjamin W. Hutten, and James C. Chou to discuss “The Evolving Regulatory Landscape: Third-party and cyber risk management” at the 2022 mWISE Conference
- James T. Parkinson to present a “Global anti-corruption update” at IBA’s annual conference