Category Archives: Financial Institutions

Incoming DFS Chief Calls Cyber the “Number One Threat” Facing Industry and Government

by Craig A. Newman and Alejandro H. Cruz

The incoming chief of New York’s top financial services regulator called cybersecurity “the number one threat facing all industries and governments globally” during a speech on Friday, April 12, 2019 at the Association of the Bar of the City of New York.

Linda Lacewell, acting superintendent of the New York State Department of Financial Services (“DFS”), made her remarks at an event focused on insurance regulation and they come at a time when the state’s sweeping cybersecurity regulation — initially implemented more than two years ago — is now in full force. Lacewell, a former federal prosecutor, was nominated in January 2019 by New York Governor Andrew Cuomo to head DFS, which oversees banking and insurance in the state. Lacewell was Cuomo’s chief of staff. Her confirmation has not yet been scheduled. Continue reading

The FTC Moves Toward a Rules-Based Approach to Cybersecurity Regulation for Financial Institutions

by Avi Gesser, Kelsey Clark, Jennifer E. Kerslake, and Eric McLaughlin

In our first Cyber Blog post, we predicted that the rules-based approach adopted by the NYDFS would become the model for cybersecurity regulation.  Two years later, we’re feeling pretty good about that prediction, as the FTC recently proposed incorporating a number of aspects of the NYDFS cybersecurity rules into its Standards for Safeguarding Customer Information rule (the “Safeguards Rule”).  The proposal would also expand the Safeguards Rule’s definition of “financial institution” to include “finders,” or companies that connect potential parties to a transaction.  As a reminder, the Safeguards Rule applies to financial institutions that are not regulated by the federal banking agencies, the SEC, or state insurance authorities, including non-bank mortgage lenders, payday lenders, finance companies, check cashers, money transmitters, collection firms, and tax preparers. Continue reading

The Non-Data-Sharing Data-Sharing Network: One Anti-Money Laundering Innovation Requires a Closer Look

by Allison Caffarone

Financial authorities worldwide are focused on how new technologies can be used to more effectively combat money laundering and financial crime.  The UK’s Financial Conduct Authority (the “FCA”) is one of the leaders in the movement towards using financial technology (FinTech)[1] and regulatory technology (RegTech)[2] to fight money laundering.  In the FCA’s most recent conference on this issue, which was attended by over 100 technology firms, regulators, and law enforcement agencies from the US, Europe, the Middle East, and Asia, participants were tasked with developing proposals to address fifteen problem statements relating to how new technologies can more effectively combat money laundering and financial crime.  This article addresses one of the proposals that received significant attention during and subsequent to the conference.

The proposal, offered by a team from Santander Bank and others, called for financial institutions to use distributed ledger technology to develop a database of “bad actors” without requiring the institutions to share the underlying transactional data that led to the “bad actor” designation.  The goal for the database was to create a money laundering detection network to benefit all financial institutions in the ecosphere without running afoul of data privacy restrictions. This “Catch the Chameleon” proposal won the “Eureka” award at the conference for the “most original idea” and, according to the FCA website, will receive “support to progress” from Level 39, RegTech Associates and The Disruption House.  Following the conference, the proposal continued to receive attention from other major financial institutions.  For example, Credit Suisse highlighted the proposal in its letter (PDF: 338 KB) responding to FINRA’s request for comment on FinTech innovation,[3] deeming the proposal worthy of exploration. 

There is clearly merit behind the “Catch the Chameleon” proposal.  Data and information sharing between the private and public sectors and among and between the different institutions in the private sector is essential to combat money laundering.  Additionally, the use of distributed ledger technology to help facilitate the sharing of such information seems to have significant benefits, such as requiring relatively low implementation costs and allowing enforcement agencies to access a single source of data for all financial institutions in real time.[4]  However, there are at least three significant dangers of the platform or database as described on the FCA website, and in light of the heightened attention this proposal has received, these concerns are worthy of further discussion and exploration. Continue reading

New Technologies to Better Understand the Sanctions Ecosystem and Manage Risk

By Matthew Epstein and Robert Werner

A surge of investor capital into FinTech has created new offerings in data and network analytics that are impacting expectations for financial crime and legal compliance. A number of leading financial institutions and global corporates have embraced the opportunities created by emerging technologies, thereby setting new standards for risk management. The U.S. Department of the Treasury and bank regulators have taken notice, and are encouraging the private sector to explore innovative technologies as a better means of protecting financial integrity, in particular with respect to illicit financial activity conducted by networks targeted by sanctions.

At the Financial Crimes Enforcement conference hosted by the American Bankers Association and the American Bar Association on December 3, Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker said, “Private sector innovation, including new ways of using existing tools or by adopting new technologies, can be an important element in safeguarding the financial system against an array of threats.” That day, five U.S. regulatory agencies released a statement (PDF: 67.4 KB) encouraging banks to use new technologies to help “identify and report money laundering, terrorist financing, and other illicit financial activity.”

This is not the first time the U.S. government has called for deployment of new technologies to manage risk. Continue reading

Strong Whistleblower Protections Reflect a Positive Compliance Culture

By Maria T. Vullo

In a recent submission (PDF: 2.36 MB) to Congress, the U.S. Securities & Exchange Commission (SEC) reported that, for fiscal year 2018, the SEC paid the largest whistleblower awards since the institution of its program in 2012 following the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).  Specifically, in FY 2018, the SEC awarded 13 individuals over $168 million collectively for tips that led to actions by the SEC to protect investors.[1]

Other statutes likewise provide financial incentives to whistleblowing.  Under the False Claims Act (FCA), for example, persons who report fraud in government contracting can receive up to 30 percent of the government’s recovery in an action.  Many states, including New York, have enacted state-level equivalents of the FCA.  For many decades, the FCA has contributed to large recoveries to the U.S. Treasury, with an expansion of recoveries in part due to the reporting of violations by whistleblowers. Continue reading

Cybersecurity Is Not an Area for De-Regulation

by Maria T. Vullo

Recently, the White House chief of staff announced that a major priority of the federal administration is de-regulation.   According to the proponents of de-regulation, companies should be free to determine their own risks without governmental interference.  This view is myopic and, if continued, will lead to increased risk to our financial system. Certainly, cybersecurity is not an area that should be part of any de-regulatory agenda.

The job of the regulator, particularly in the financial services industry, is to ensure the safety and soundness of an industry that serves the public.  Promoting a compliance culture is a key part of the regulator’s job.  For government actors to make political statements about the propriety of regulations as a binary proposition is a very bad idea.  We have been there before and must resist the impulse to think it cannot happen again. Continue reading

Deconstructing “Too Big To Fail:” A New Take on an Old Problem

by Saule Omarova

 “Too big to fail” (or “TBTF”) is one of the most widely used phrases in the present-day vocabulary of finance. In both high-level policy discussions and popular press, it stands for the core dysfunction of the modern financial system: the recurrent pattern of government bailouts of large, systemically important financial institutions. The financial crisis of 2008 made TBTF a household term, while also leading to the creation of even fewer and bigger financial institutions. To this day, TBTF remains at the center of the policy debate on financial markets and regulatory reform. Yet, the analytical content of this term remains remarkably unclear. In many ways, it still functions as the discursive equivalent of the common “you know it when you see it” philosophy.

In a forthcoming article, I attempt to offer a novel framework for understanding the complex of closely related but conceptually distinct regulatory and policy challenges the TBTF label actually denotes. I start by identifying and defining a fundamental paradox at the heart of the TBTF problem: TBTF is an entity-centric, micro-level metaphor for a cluster of interrelated systemic, macro-level problems. I further argue that this largely unacknowledged inherent tension between the micro and the macro, the entity and the system, renders TBTF a uniquely complex phenomenon and explains the seemingly intractable and persistent nature of the TBTF problem. Continue reading

Financial Institutions Alert: Marijuana-Related Businesses Developments in the Marijuana Industry and the Implications for Financial Institutions

By Sharon Cohen Levin, John F. Walsh, Paul M. Architzel, Franca Harris Gutierrez, Matthew T. Martens, Michelle Nicole Diamond, Emma Bennett, and Zachary Goldman

The myriad—and conflicting—state, federal and international laws governing the burgeoning marijuana industry have created a complicated legal landscape for financial institutions. In the United States, most states have legalized some form of marijuana use, but the manufacture, sale and distribution of marijuana nevertheless remains illegal under federal law. As a result, in providing financial products and services to US marijuana-related businesses (MRBs), a financial institution could risk violating the Controlled Substances Act (CSA), 21 U.S.C. § 841. Moreover, engaging in or facilitating transactions that contain proceeds from US marijuana sales could create liability under the money laundering laws.

Further complicating matters, Canada became the first major world economy to legalize recreational marijuana in October 2018. Because the US narcotics laws generally do not apply to activity that is legal abroad, providing financial products and services to Canadian MRBs would not violate the CSA or implicate the US money laundering laws. However, that is not the case in many European countries. The European Union recently passed a law expanding the extraterritorial scope of member countries’ money laundering laws with respect to certain narcotics-related offenses. These laws could now criminalize the transfer of funds from activity that is legal in the foreign country (e.g., marijuana sales in Canada) if that activity would be illegal in the home country.

Below we discuss the fragmented legal and regulatory landscape governing the marijuana industry as well as notable recent developments and their implications for global financial institutions. Continue reading

Removing Implicit Bank Subsidies to Make the Financial System Fairer

by Sebastian Schich 

The views expressed within this post are those of the author alone and do not represent those of the OECD or its member countries.

A decade after the global financial crisis, most of the financial regulatory reform package to make the system stabler and fairer has been completed. The agenda is is now changing to evaluation of reform effects. This post draws on a recent article on implicit bank debt guarantees [1] and asks whether the progress in limiting them has made the financial system fairer.

The financial regulatory reform, designed and subsequently rolled out over the past decade following the global financial crisis, is explicitly described as an attempt to make the international financial system fairer. In defining what is involved in this goal, the Financial Stability Board (FSB),[2] an international body set up in April 2009 to monitor and make recommendations about the global financial system, refers to large banks at the centre of the financial system that did not internalize the social costs that their excessive risk-taking created. Gains of risk-taking activities were privatized and losses socialized. A fairer system involves funding conditions that are more closely aligned with the riskiness of the entities. In other words, there would be no room for implicit bank debt guarantees. Continue reading

Fintech in 2019: Five Trends to Watch

by Steven Gatti, David Adams, Peter Chapman, Laura Nixon, Paul Landless, Jack Hardman, and Brian Harley

Technology continues to have an enormous impact on financial services and the pace of change shows no signs of abating. Following the bold predictions we made last year, we highlight the five stand-out trends for fintech in 2019.

1. CRYPTO CRACKDOWN

There has been massive growth in the market for cryptoassets such as Bitcoin and tokens issued in initial coin offerings (ICOs), but market participants have faced uncertainty as to whether cryptoassets may be regulated financial products (and subject to scrutiny by regulatory authorities). Enforcement investigations globally have largely focused on issues of fraud, but now, there’s a renewed focus on guarding the regulatory perimeter (i.e. ensuring businesses carrying on regulated activities have the appropriate authorisation) .  Disputes and enforcement cases are arriving in courts across the globe.

What’s next?

Continue reading