InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFTC commissioner seeks increased digital assets oversight
On August 19, CFTC Commissioner Kristin N. Johnson delivered remarks discussing digital asset policy, innovation, legislation, and regulation before a roundtable at the CFTC. In her prepared remarks, Johnson highlighted the “increasingly diverse crypto-investing community,” including historically underserved groups who are drawn to digital asset markets by “promises of financial inclusion” and opportunities to “increase income, wealth, and resources – a promise that, if realized, may enable them to transition from fragile financial circumstances to achieving the American dream.” Johnson noted, however, that instability in these markets have led the CFTC to examine closely “the specific implications of crypto-investing for diverse communities and the potential benefits of well-tailored, carefully crafted regulation.” Johnson referenced Treasury Secretary Janet Yellen’s April 7, 2022 remarks at American University’s Kogod School of Business Center for Innovation, which said that while regulations should be “tech-neutral,” they should also ensure that innovation does not cause disparate harm or exacerbate inequities.
Johnson also discussed President Biden’s March 9 Executive Order (covered by InfoBytes here), Ensuring Responsible Development of Digital Assets, which stressed the need for “steps to reduce the risks that digital assets could pose to consumers, investors, and business protections” and mitigate “illicit finance and national security risks posed by misuse of digital assets,” including money laundering, cybercrime and ransomware, terrorism and proliferation financing, and sanctions evasion. While the E.O. “marked an important step towards greater cooperation and coordination among cabinet-level agencies, market regulators and prudential regulators,” Johnson called for an “increase [in] investor education and outreach to empower consumers and contemporaneously combat illicit activity and safeguard the integrity and stability of our financial markets.”
Johnson also discussed pending legislation intended “to better protect consumers and enhance market structure and market integrity in digital assets and cryptocurrency markets,” such as the Digital Commodities Consumer Protection Act of 2022 (DCCPA), which “seeks to give the CFTC jurisdiction over digital asset spot market transactions by expanding the definition of ‘commodity’ in the CEA to include ‘digital commodities.’” She further explained that the DCCPA, among other things, “would require the CFTC to conduct a study on the impact of digital assets on diverse communities.” Johnson also mentioned the Responsible Financial Innovation Act, calling it “a comprehensive reform measure that introduces the concept of ‘ancillary assets’ as a pathway for clearly defining oversight of digital assets and cryptocurrencies as securities or commodities.” Johnson emphasized that market participants have expressed heightened cybersecurity concerns regarding attacks on cryptocurrency exchanges or trading platforms, and stressed that “[i]t is vital for the U.S. to bolster its role as a leader in the global financial system by developing a strong regulatory framework for digital assets[.]”
FDIC warns financial institutions about NSF fees
On August 18, the FDIC issued FIL-40-2022 along with supervisory guidance to warn supervised financial institutions that charging customers multiple non-sufficient funds (NSF) fees on re-presented unpaid transactions may increase regulatory scrutiny and litigation risk. According to the FDIC, some institutions’ disclosures did not fully or clearly describe their re-presentment practices and failed to explain that the same unpaid transaction may result in multiple NSF fees if presented more than once. Failing to disclose “material information to customers about re-presentment and fee practices has the potential to mislead reasonable customers,” the agency said, noting that the material omission of this information is considered to be deceptive pursuant to Section 5 of the FTC Act. Additionally, “there are situations that may also present risk of unfairness if the customer is unable to avoid fees related to re-presented transactions,” the FDIC said.
The supervisory guidance also discussed the agency’s approach for addressing violations of law, noting that it will focus on identifying re-presentment-related issues to ensure correction of deficiencies and remediation to harmed customers. The agency stated that examiners “will generally not cite UDAP violations that have been self-identified and fully corrected prior to the start of a consumer compliance examination,” and noted that it “will consider an institution’s record keeping practices and any challenges an institution may have with retrieving, reviewing, and analyzing re-presentment data, on a case-by-case basis, when evaluating the time period institutions utilized for customer remediation.” However, the FDIC warned that “[f]ailing to provide restitution for harmed customers when data on re-presentments is reasonably available will not be considered full corrective action.” Financial institutions are encouraged to review practices and disclosures related to the charging of NSF fees for re-presented transactions and should consider FDIC risk-mitigation practices to reduce the risk of customer harm and potential violations.
OCC releases enforcement actions data
On August 18, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included in the release is a formal agreement between the OCC and a New York-based bank from July 13 in connection with alleged unsafe or unsound practices relating to information technology security and controls and information technology risk governance. The agreement requires the bank to: (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board on a quarterly basis; and (iii) develop, implement, and adhere to a written risk-based IT assurance and testing program.
FCC signs robocall enforcement MOU with Canada
Recently, the FCC announced that it entered into a memorandum of understanding (MOU) with the Canadian Radio-television and Telecommunications Commission (CRTC) to develop a global and coordinated approach for addressing unlawful automated telephone calls. According to the MOU, the FCC and CRTC understand that it is in their common public interest to, among other things: (i) “cooperate with respect to the enforcement against Covered Violations, including sharing complaints and other relevant information and providing investigative assistance”; (ii) “facilitate research and education related to unlawful robocalls and caller ID spoofing”; (iii) “facilitate mutual exchange of knowledge and expertise through training programs and staff exchanges”: (iv) encourage awareness of economic and legal conditions and theories related to the enforcement of applicable laws as identified in Annex 1 to the MOU; and (v) update each other regarding developments related to the MOU in their respective countries in a timely manner. In a related statement, FCC acting Chairwoman Rosenworcel noted that robocall scamming is an “international problem,” and that it is “critical that we work closely with partners like our colleagues in Canada who share our commitment to fighting robocall scams and unmasking the bad actors behind them.”
CFPB updates list of institutions under its authority
Recently, the CFPB updated its list of depository institutions (DIs) and depository affiliates of DIs under its supervisory authority. The CFPB has supervisory authority over banks, thrifts, and credit unions with assets over $10 billion, as well as their affiliates. The list is based on total assets as of March 31.
Special Alert: New Fed guidelines clarify, but do not transform, master account and payment services access
The Federal Reserve Board recently issued final guidelines for the Reserve Banks to use in reviewing requests from a range of financial services providers for access to Federal Reserve master accounts and payment services. Master account and Federal Reserve services allow institutions to transfer money to other master accountholders directly and hold funds in the Federal Reserve System, while others must go through third parties — which can add cost, delay, and further complication to transactions.
The final guidelines are substantially similar to those proposed in 2021 and a supplement issued earlier this year. They make the application process more transparent by describing the risk factors that a Reserve Bank should take into consideration and by applying a three-tier approach regarding the intensity of a Reserve Bank’s review. However, the guidelines do not broaden the categories of entities that are eligible to apply in the first place, do not establish application processing timelines, and do not provide a clear path forward for entities that lack federal bank supervision, including novel charter types.
Toomey pressures FDIC to respond to alleged anti-crypto actions
On August 16, Senator Pat Toomey (R-PA) informed FDIC acting Chairman Martin Gruenberg that information provided by whistleblower communications suggest that the agency may be asking banks to “refrain from expanding relationships with crypto-related companies, without providing any legal basis.” Toomey’s letter expressed concerns about the ramifications of banks restricting services to legal crypto-related companies, stressing that “[g]iven the FDIC’s involvement under [Gruenberg’s] leadership in the Obama administration’s notorious Operation Choke Point, which sought to coerce banks into denying services to legal yet politically disfavored businesses, it is important to better understand the actions the FDIC is now taking and the legal basis for them.” He commented that regional offices allegedly received draft letters to send to banks requesting that they refrain from expanding relationships with crypto-related companies, and cited an example of a bank that planned to provide customers access to a crypto-related trading platform through the bank’s mobile app. “This arrangement appears similar to the common practice of banks partnering with third-parties so customers can access services like stock-trading platforms,” Toomey said, adding that the bank was going to send customers clear disclosures warning them that neither the trading platform nor their digital assets were insured by the FDIC. He cited another alleged incident where FDIC-headquartered employees purportedly urged regional examination staff to downgrade their classification of a specific loan that a bank made to a crypto-related company. “It is my understanding that it is highly atypical for FDIC headquarters personnel to be involved in reviewing an individual loan,” Toomey said. “FDIC regional office staff reportedly interpreted the involvement of FDIC headquarters in this matter as an effort to change how loans to crypto-related companies are generally classified and to deter banks from extending such loans in the future.” Claiming that the agency “may be abusing its supervisory powers to deter banks from extending credit to crypto-related companies,” Toomey asked the FDIC to respond to several questions pertaining to its alleged behavior by August 30.
Fed discusses technology, innovation, and financial services
On August 17, Federal Reserve Governor Michelle W. Bowman spoke before the VenCent Fintech Conference in Arkansas regarding technology, innovation, and financial services. In her remarks, Bowman discussed the importance of technology and how it is leading to new bank business models, including application programming interfaces and other technologies that allow nonbank technology firms to provide financial services. Bowman also discussed why customers engage more in crypto assets, such as that there has been “significant consumer demand for engagement in these types of services,” and that “banks have observed their deposits flowing to nonbank crypto-asset firms and, understandably, would like to stem that outflow by offering the services themselves.” Bowman also noted that the Fed is “working to articulate supervisory expectations for banks on a variety of digital asset-related activities,” such as custody of crypto-assets and loans collateralized by crypto-assets, among other things. She addressed supervisory guidance recently released by the Fed (covered by InfoBytes here), which “provide[s] banks with additional information about the risks of crypto activities and remind[s] them to ensure that the activities are legal and [that] they should have adequate systems, risk management, and controls in place to conduct the activities in a safe and sound manner consistent with applicable law.” Bowman also discussed the Fed’s involvement in artificial intelligence (AI), noting that last year, the Fed joined with other financial agencies to issue a Request for Information (RFI) on input on financial institutions’ use of AI (covered by InfoBytes here) and has received over 100 responses. As noted in the RFI, banks are using AI in a variety of ways, including fraud monitoring, personalization of customer services, credit decisions, risk management, and textual analysis. As covered by a Buckley Special Alert, in May, the Fed issued a final rule for its FedNow instant-payments platform that offers more clarity on how the new service will work while essentially adopting the proposed rule. Bowman contended that FedNow “will enable financial institutions of every size, and in every community across America, to provide safe and efficient instant payment services,” and that it is “a flexible, neutral platform that will support a broad variety of instant payments.” In regard to novel charters and access to federal reserve account services, Bowman closed by highlighting the Fed’s final guidelines governing how Reserve Banks will evaluate requests for account access. Bowman explained that “[t]he guidelines take into account the Board's goals to (1) ensure the safety and soundness of the banking system; (2) effectively implement monetary policy; (3) promote financial stability; (4) protect consumers; and (5) promote a safe, efficient, inclusive, and innovative payment system.”
FHFA, Ginnie Mae update minimum financial eligibility requirements for enterprise seller/servicers and issuers
On August 17, FHFA and Ginnie Mae released a joint announcement regarding updated minimum financial eligibility requirements for seller/servicers and issuers. Ginnie Mae also updated its requirements for servicers of Ginnie Mae mortgages in coordination with FHFA. According to the standards, sellers and servicers will be required to maintain a base net worth of $2.5 million plus 35 basis points of the unpaid principal balance for Ginnie Mae servicing and 25 basis points of the unpaid principal balance for all other 1-to-4-family loans serviced. Fannie and Freddie sellers and servicers would be required to maintain a capital ratio of tangible net worth to total assets that is greater than or equal to 6 percent. Depository institutions would continue to rely on their prudential regulatory standards to meet the GSEs’ capital and liquidity requirements. According to HUD Secretary Marcia L. Fudge, the standards “ensure that we continue to address the needs of underserved communities through easy, equitable and sustained access to mortgage credit.” FHFA also released FAQs regarding the seller/servicer minimum financial eligibility requirements, and Ginnie Mae released eligibility requirement comparison tables.
California Privacy Protection Agency opposes federal privacy bill
On August 15, the California Privacy Protection Agency (CPPA) sent a letter to House Speaker Nancy Pelosi (D-CA) and House Minority Leader Kevin McCarthy (R-CA) opposing H.R.8152, the American Data Privacy and Protection Act (ADPPA). The CPPA expressed concerns that the proposed legislation “could nearly eliminate” the agency’s ability to fulfill its responsibility to protect Californians’ privacy rights and claimed that the bill’s provisions are “substantively weaker” than the California Privacy Rights Act. “ADPPA represents a false choice, that the strong rights of Californians and others must be taken away to provide privacy rights federally,” the CPPA stressed in its letter. “Americans deserve, and the Agency could support, a framework that offers both: a floor of federal protections that preserves the ability of the states to continue to improve protections in response to future threats to consumer privacy.”
Last month the U.S. House Committee on Energy and Commerce voted 53-2 to send the ADPPA to the House floor with amendments that would enable the California agency to enforce the federal law (covered by InfoBytes here). However, the CPPA noted that “the language in the bill still raises significant uncertainties for the Agency were it to seek to enforce the federal measure.” Additionally, the bill, which has been revised from its initial draft (covered by a Buckley Special Alert), would preempt the current patchwork of five state privacy laws—which “would be an anomaly,” the CPPA said, given that current federal privacy laws such as the Health Information Portability and Accountability Act, the Gramm Leach Bliley Act, and the FCRA all contain language allowing states to adopt stronger protections. Pointing out that the bill’s “preemption language is especially concerning given the rate at which technology continues to advance and evolve,” the CPPA stressed the importance of states being able to build on their existing laws and allowing voters to seek out additional protections.