InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC’s Gruenberg discusses the prudential regulation of crypto assets
On October 20, FDIC acting Chairman Martin J. Gruenberg spoke before the Brookings Institution on the prudential regulation of crypto-assets. In his remarks, Gruenberg first discussed banking, innovation, and crypto-assets, which he defined as “private sector digital assets that depend primarily on the use of cryptography and distributed ledger or similar technologies.” He stated that innovation “can be a double-edged sword,” before noting that subprime mortgages, subprime mortgage-backed securities, collateralized debt obligations and credit default swaps were considered financial innovations before they were “at the center of the Global Financial Crisis of 2008.” Gruenberg further discussed that such innovations resulted in catastrophic failure because, among other things, consumers and industry participants did not fully understand their risks, which were downplayed and intentionally ignored. He then provided an overview of the FDIC’s approach to engaging with banks as they consider crypto-asset related activities, and the potential benefits, risks, and policy questions related to the possibility that a stablecoin could be developed that would allow for reliable, real-time consumer and business payments. He stated that “[f]rom the perspective of a banking regulator, before banks engage in crypto-asset related activities, it is important to ensure that: (a) the specific activity is permissible under applicable law and regulation; (b) the activity can be engaged in a safe and sound manner; (c) the bank has put in place appropriate measures and controls to identify and manage the novel risks associated with those activities; and (d) the bank can ensure compliance with all relevant laws, including those related to anti-money laundering/countering the financing of terrorism, and consumer protection.”
Gruenberg pointed to an April financial institution letter from the FDIC (covered by InfoBytes here), which requested banks to notify the agency if they engage in crypto asset-related activities. He added that as the FDIC and other federal banking agencies develop a better understanding of the risks associated with crypto-asset activities, “we expect to provide broader industry guidance on an interagency basis.” Regarding crypto-assets and the current role of stablecoins, Gruenberg noted that payment stablecoins could be significantly safer than available stablecoins if they were subject to prudential regulation, including issuing payment stablecoins through a bank subsidiary. He cautioned that disclosure and consumer protection issues should be “carefully” considered, especially if custodial wallets are allowed outside of the banking system as a means for holding and conducting transactions. Specifically, he said that “payment stablecoin and any associated hosted or custodial wallets should be designed in a manner that eliminates—not creates—barriers for low- and moderate-income households to benefit from a real-time payment system.” Gruenberg added that if a payment stablecoin system is developed, it should complement the Federal Reserve's forthcoming FedNow service—a faster payments network that is on track to launch between May and July of next year—and the potential future development of a U.S. central bank digital currency. In conclusion, Gruenberg stated that although federal banking agencies have significant authority to address the safety, soundness and financial stability risks associated with crypto assets, there are “clear limits to our authority, especially in certain areas of consumer protection as well as the provision of wallets and other related services by non-bank entities.”
Dems ask regulators to address crypto’s “revolving door”
On October 24, Democratic lawmakers sent letters to the leaders of the SEC, CFTC, Treasury Department, Federal Reserve, FDIC, OCC and CFPB regarding concerns about “the revolving door between [] financial regulatory agencies and the cryptocurrency (crypto) industry.” In the letters, the lawmakers argued “that the crypto revolving door risks corrupting the policymaking process and undermining the public’s trust in our financial regulators.” The letters also noted that Treasury saw the most movement from the Treasury Department, with 31 former employees joining the crypto industry. The SEC was second with 28 former employees, according to Tech Transparency Project. The lawmakers argued that “Americans should be able to trust that financial rules are crafted to reduce risk, improve security, and ensure the fair and efficient functioning of the market,” and that “Americans should be confident that regulators are working on behalf of the public, rather than auditioning for a high-paid lobbying job upon leaving government service.” The letters requested that the agencies provide information by November 7, including answers to inquiries about each agency’s ethics guidelines and polices in place to protect the agency from being influenced by current or former employees’ potential conflicts of interest.
Fed releases study on racial bias in mortgage lending
Recently, the Federal Reserve Board published a study titled How Much Does Racial Bias Affect Mortgage Lending? Evidence from Human and Algorithmic Credit Decisions. Using confidential supervisory data collected under HMDA to estimate the extent of racial and ethnic discrimination in mortgage lending, the study found that racial bias has played “a limited role” in recent years in generating disparities seen in mortgage lending denials. The researchers acknowledged that as a self-reporting mechanism, HDMA reports may not reflect reality, “as a lender engaged in illegal discrimination would be unlikely to explicitly admit this.” The study also analyzed denial rates among fintech lenders, finding that by automating more of the application process, fintech firms have the potential to decrease racial discrimination. The study also found that excess denials are higher at fintech lenders, which is “the opposite result we would expect if excess denials reflect racially biased human judgment.” Additionally, the study found that group differences in risk characteristics drive most of the disparities in credit access. The study showed that Black and Hispanic applicants tend to be more leveraged and have much lower credit scores. Both groups of applicants are “less likely to receive algorithmic approval recommendations from government automated underwriting systems (AUS) than white applicants,” the study found. The study also noted caveats, such as that the researchers “only study discrimination in approval decisions conditional on formally applying.”
DOE announces PSLF changes
On October 25, the Department of Education (DOE) announced executive actions intended to bring loans managed by the DOE closer to forgiveness, including credit toward the Public Service Loan Forgiveness (PSLF) Program for borrowers who have qualifying employment. According to the DOE, these actions will provide borrowers with many of the same benefits already going to those who have applied for PSLF under temporary changes (known as the Limited PSLF Waiver), before its October 31, 2022 end date. The announcement further noted that borrowers with Direct Loans or DOE-managed Federal Family Education Loans (FFEL) will receive credit toward forgiveness on income-driven repayment (IDR) for all months spent in repayment, including payments prior to consolidation, regardless of whether they made partial or late payments or are on a repayment plan. Borrowers will also receive credit for specific periods in deferment and forbearance. Even with these actions, the DOE encouraged borrowers to take the necessary steps to apply for the Limited PSLF Waiver by October 31. The DOE also released a Fact Sheet outlining benefits for borrowers who have Direct or DOE-managed FFEL loans as well as Direct Loan borrowers seeking PSLF.
FTC’s proposed breach order would apply personally to CEO
On October 24, the FTC announced an action against a company operating an online alcohol marketplace and its CEO related to a data breach that allegedly exposed the personal information of roughly 2.5 million consumers. The FTC alleged in its complaint that the respondents were alerted to problems with the company’s data security procedures following an earlier security incident in 2018, which involved hackers accessing company servers to mine cryptocurrency until the company changed its cloud computing account login information. According to the FTC, the company failed to take appropriate measures to address its security problems, but publicly claimed it had appropriate security protections in place. Two years later, an employee account was breached, thus allowing a hacker to gain access to login information, hack into the company’s database, and steal customers’ information. Among other things, the respondents allegedly violated the FTC Act by (i) failing to implement basic security measures or put in place reasonable safeguards to secure the personal information it collected and stored; (ii) storing critical database information, including login credentials, on an unsecured platform; (iii) failing to monitor its network for security threats or unauthorized attempts to access or remove personal data; and (iv) exposing customers to hackers, identity thieves, and malicious actors who use personal information to open fraudulent lines of credit or commit other fraud.
Under the terms of the proposed decision and order, the respondents will be required to take several measures to prevent further violations, including destroying unnecessary personal data, limiting future data collection to what is necessary for specifically outlined purposes, and implementing a comprehensive information security program. As part of these requirements, the respondents must establish security safeguards to protect against the identified security incidents, such as providing employees security training, designating a high-level employee to oversee the company’s information security program, implementing controls on who is able to access personal data, and requiring multi-factor authentication in order to access databases and other assets containing consumer data.
Notably, the FTC said in its announcement that the proposed order applies personally to the individual respondent who presided over the company’s insufficient data security practices. The FTC explained that the proposed order will follow the individual respondent even if he leaves the company, and that he “will be required to implement an information security program at future companies if he moves to a business collecting consumer information from more than 25,000 individuals” where the individual respondent “is a majority owner, CEO, or senior officer with information security responsibilities.”
FHFA announces validation of FICO 10T and VantageScore 4.0 for GSE use
On October 24, FHFA announced the validation and approval of both the FICO 10T credit score model and the VantageScore 4.0 credit score model for use by Fannie Mae and Freddie Mac (GSEs). The agency also announced that the GSEs will require two credit reports from the national consumer reporting agencies, rather than three. According to the announcement, FHFA expects implementation of FICO 10T and VantageScore 4.0 to be a multiyear effort, but once in place, lenders will be required to deliver both FICO 10T and VantageScore 4.0 credit scores with each loan sold to the GSEs. FHFA noted that FICO 10T and VantageScore 4.0 are more accurate than the classic FICO model because they include payment history for factors like rent, utilities, and telecommunications. FHFA also released a Fact Sheet on the newly approved models, which “will improve accuracy, strengthen access to credit, and enhance safety and soundness.”
West Virginia AG pings CFPB on "unconstitutionally appropriated" funds
On October 24, the West Virginia attorney general sent a letter to CFPB Director Rohit Chopra, and to the leadership of both the House Financial Services Committee and the Senate Banking Committee, regarding the constitutionality of the Bureau’s continuing operation. As previously covered by a Buckley Special Alert, the U.S. Court of Appeals for the Fifth Circuit held that the CFPB funding structure created by Congress violated the Appropriations Clause of the Constitution, which provides that “no money shall be drawn from the Treasury, but in Consequence of Appropriations made by Law.” The 5th Circuit ruled that, although the CFPB spends money pursuant to a validly enacted statute, the structure violates the Appropriations Clause because the CFPB obtains its funds from the Federal Reserve (not the Treasury), the CFPB maintains funds in a separate account, the Appropriations Committees do not have authority to review the agency’s expenditures, and the Bureau exercises broad authority over the economy. In the letter, the AG argued that the Bureau cannot discharge its duties in a constitutionally permissible way. He further noted that the Bureau “plainly cannot do that with a funding scheme that ‘sever[s] any line of accountability between [Congress] and the CFPB.’” The AG urged the Bureau to reassess its future plans and to reevaluate whether its present regulations have any effect. The letter also requested answers to a series of questions, no later than November 1: (i) “Does the agency believe that any of the regulations that it promulgated under the unconstitutional funding scheme remain in effect? If so, which ones—and why? Similarly, how does the decision affect past enforcement actions?”; and (ii) “What plans does the Bureau plan to undertake to comply with the ruling? How will its ongoing enforcement efforts be effected? How will this change affect any promulgation of regulations? How will bank supervision continue, if at all?”
FRBs to adopt new Fedwire format in 2025
On October 24, the Federal Reserve Board published a notice in the Federal Register announcing that the International Organization for Standardization’s (ISO) 20022 message format for the Fedwire Funds Service will be adopted on a single day, March 10, 2025. The Fedwire Funds Service is a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds using either balances held at the Reserve Banks or intraday credit provided by the Reserve Banks. A single-day implementation strategy is preferable to a three-phased implementation approach, the Fed said, explaining it is both simpler and more efficient and is likely to reduce users’ overall costs related to software development, testing, and training. The Fed also announced a revised testing strategy and backout strategy, as well as other details concerning ISO 20022’s implementation.
OCC releases enforcement actions
On October 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is a cease and desist order against an New York branch of an India-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to establish and maintain a reasonably designed BSA/AML compliance program ('BSA/AML Program') that adequately covers the required BSA/AML Program components. Deficiencies include (i) a weak system of internal controls; (ii) a weak BSA Officer function; and (iii) an insufficient training program.” The order requires the bank to, among other things, submit a BSA/AML action plan and develop a written suspicious activity monitoring and reporting program.
FTC final order fines company $62 million for misleading potential home sellers
On October 21, the FTC announced the approval of a final order against an online home buying firm accused of allegedly making misleading claims to consumers about how much money they could save by selling their home through the company’s services as opposed to selling on the open market. As previously covered by InfoBytes, the FTC claimed the company violated the FTC Act by, among other things, misrepresenting: (i) market value prices when making offers to buy homes by including downward adjustments to such values; (ii) the manner in which it made money on transactions; (iii) that consumers likely would have paid the same amount in repair costs whether they sold their home through the company or in traditional sale; and (iv) that consumers paid less in costs. The final order requires the company to pay $62 million, which is expected to be used for consumer redress, and prohibits the company from making deceptive, false, and unsubstantiated claims about how much money consumers will receive for their homes or the costs required to use the company’s service. Additionally, the company is required to have “competent and reliable evidence to support any representations made about the costs, savings, or financial benefits associated with using its service, and any claims about the costs associated with traditional home sales.”