Stories Driving the Week
Why Criminals Prefer Crypto, and Other Things to Know About Ransomware
The cyberattack on Colonial Pipeline is just the most recent example of ransomware – perpetrated by both criminal groups and nation-state actors – and the potentially massive impact such activity can have on its victims, including individuals, private entities, small businesses, publicly traded companies, non-profits, government agencies, legislative bodies and others. One of BPI’s member banks has reported a 334 percent rise in attacks on its clients so far this year. The one constant in all these ransomware attacks appears to be the demand that the ransom be paid in cryptocurrency.
Here are seven things you need to know about ransomware and why cryptocurrency is the preferred method for criminals to receive ransomware payments.
FinTech Access to Fed Accounts and the Nation’s Payments Systems: A Primer
A lot of FinTechs are trying to act like banks while avoiding the supervisory and regulatory framework that applies to actual banks. For these FinTechs, the duties and responsibilities – and costs – that come along with a real bank license are simply too great. So, FinTechs have been lobbying federal and state banking authorities to give them special “novel” bank charters that authorize them to do certain banking activities, while subjecting them to just a fraction of the regulatory and supervisory framework that would apply to an ordinary bank. Their lobbying efforts have paid off, and a number of these novel charters are now available.
The FinTechs’ next goal is to get access to an account at a Federal Reserve Bank. Among other things, a Fed account will give them unfettered access to the nation’s payments rails and potentially parts of the federal safety net.
Smelling a foul fish and a lot of unchecked risks, the Federal Reserve recently issued a set of proposed guidelines setting forth detailed considerations for evaluating account applications from FinTechs with novel charters. The proposed guidelines are a good first step, but they are just guidelines that may be considered rather than requirements that must be. Thus, and at a minimum, they would need to be strengthened to ensure enforceability and accountability before being finalized.
To help explain some of the background and core considerations, BPI compiled a short primer here.
BPI Blog: Climate Risk and Bank Capital Requirements
Global central banks and supervisors are weighing climate-related risk in bank stress tests, and others suggest going further by requiring banks to hold more capital against those risks. But climate capital requirements would tie up banks’ productive lending capacity just as it is needed to support companies’ investment in cleaner ways of doing business, a new BPI blog says. Instead of supporting the path to a lower-carbon economy, climate capital requirements would make it more costly. It would also likely shift lending activity to the shadow banking sector, narrowing the Federal Reserve’s view of climate risks as they relate to financial stability. Parsing climate-related risks in the capital framework would rely on decades-long time horizons that warp banks’ ability to plan realistically for risks ahead. Additionally, aside from concerns about scenario design, long time horizons and data gaps, climate-related risks have a negligible effect on the probability of bank failure over the standard horizon used in capital analysis. The blog was covered by The Wall Street Journal.
BPI’s Francisco Covas and Lauren Anderson, the blog’s authors, discussed the challenges of climate stress testing on an American Banker podcast this week.
New Acting OCC Head Hsu Announces Regulatory Review
New Acting Comptroller of the Currency Michael Hsu, a former Federal Reserve official, announced this week that he will review key regulatory standards, in addition to “various matters that are pending before the agency.” Hsu added that he will take into account pandemic circumstances and ensure “all alternatives are evaluated.” Under Brian Brooks, the agency’s former acting head, the OCC took an unprecedented approach to offering novel charters to FinTech firms, including for crypto firms, payments companies, and uninsured online banks. Brooks and his predecessor Joseph Otting also pushed a “go it alone” approach on a Community Reinvestment Act regulatory rewrite, leaving the OCC’s CRA rules for national banks materially different from the Fed and FDIC’s CRA rules for state banks. Finally, Brooks advanced a midnight and highly politicized rulemaking setting “fair access” standards for national banks that remains an open question, even though his rule was put on ice shortly after he left. It’s unclear what approach Hsu will take as the agency’s new leader, but we expect relatively quick attention will be paid to areas where the OCC has recently been an outlier.
Cybersecurity Executive Order Strengthens Nation’s Defenses and Will Help Support Banks’ Third-Party Risk Management Efforts
The President’s Executive Order will require federal agencies, their contractors and vendors to use many of the robust cybersecurity practices already in use by large banks to defend against cyber intrusions and protect their customers’ data, BPI Executive Vice President and President of BITS Chris Feeney said in a statement this week. “The Order will strengthen our nation’s cyber defenses, support stronger standards across industries and support third-party risk management efforts underway by financial institutions and other critical infrastructure sectors. Banks and financial institutions are pioneers in protecting their customers with advanced detection and prevention measures, and we are encouraged by the Order’s steps toward embedding those best practices across all government agencies and in the government contract sector.”
BPI’s Bill Nelson Speaks at Money Marketeers Event
BPI Chief Economist Bill Nelson gave remarks this week, entitled “Big Genie, Small Bottle: Normalizing Abnormal Monetary Policy,” at a New York University Money Marketeers event. “Chair Powell said last month that the FOMC was not yet ‘talking about talking about’ when to start tapering its asset purchases, but you can be certain that the Committee is talking about how it will go about normalizing policy when the time comes,” Nelson said. “Expanding your balance sheet by $3½ trillion without a plan for how you will return to normal would be central banking malpractice. Indeed, as the Fed expanded its balance sheet between 2009 and 2014, the Committee discussed its normalization plans at least four times and issued two different sets of exit principles.”
In Case You Missed It
WSJ: Next Hurdle in Treasury’s Corporate Transparency Push? Verification
The next big step in the Treasury Department’s AML overhaul is determining who is responsible for verifying information in FinCEN’s new beneficial ownership database, The Wall Street Journal reported this week. Banks and banking trades, including BPI, have argued that the registry, which catalogs the names and other details of business owners in an effort to combat anonymous shell companies, must contain reliable, current and verified information to make it useful to financial institutions and law enforcement authorities fighting money laundering.
JPMorgan, US Bank, Wells Fargo to Issue Credit Cards to People With No Credit Scores
JPMorgan Chase, Wells Fargo, U.S. Bancorp and others will participate in a pilot program to offer credit cards to customers without credit scores, using deposit account data to evaluate their creditworthiness, according to The Wall Street Journal. The initiative stems from an OCC project, Project REACh, launched after the George Floyd killing protests last summer prompted the agency to brainstorm how to broaden financial access to underserved consumers. The banks will share data with each other and may use the Early Warning Services platform and the main credit reporting bureaus as data-sharing conduits, the article said. The pilot program, expected to launch this year, echoes efforts by banks like JPMorgan and Bank of America in recent years to develop risk models based on their customers’ bank account activity to approve financing for those with limited credit histories.
JPMorgan Wins Action to Recover Penalties Paid to Visa, Mastercard from Merchant Whose Breach Led to Losses
Landry’s, the owner of Bubba Gump Shrimp and McCormick & Schmick’s restaurants, must repay $20 million in penalties levied against JPMorgan Chase after the hospitality firm’s data breach, a federal judge ruled, according to Law360 this week. The judge said Landry’s broke its merchant agreement.
BPI, Joint Trades: New IRS Reporting Requirements Would Bring Unnecessary Complexity, Limited Benefits
Requiring banks to give the IRS data on account inflows and outflows would complicate tax enforcement and provide only limited benefits, BPI, ABA and other financial trades wrote in a letter to the Senate Finance Committee’s Subcommittee on Taxation and IRS Oversight this week. The additional reporting requirements, proposed by the White House to target tax evasion and fund a broad childcare spending plan, would have privacy and fairness implications and could put financial institutions in an untenable position with their account holders, the letter states. A more effective approach would be to boost IRS funding to facilitate targeted audits of questionable tax returns, it says.
LIBOR Replacement Race Heats Up
What can replace LIBOR, the benchmark rate that has underpinned trillions of dollars in financial contracts around the world for years? The answer may be more than one successor, as early transactions show, according to a Wall Street Journal article this week. Earlier this month, Bank of America and JPMorgan traded the first complex derivative using a Bloomberg index meant to replace LIBOR. SOFR, the Secured Overnight Financing Rate, is the replacement preferred by the Alternative Reference Rates Committee, a Fed-backed panel. Some banks and investors are seeking out rates with features that SOFR lacks, like longer tenors (such as three or six months) and a component sensitive to credit risk. For example, some regional banks are using Ameribor, another replacement contender, which fluctuates as bank borrowing costs change.
Boston Fed Chief: Technical Research on CBDC Can Proceed as Policy Issues Untangled
The head of the Federal Reserve Bank of Boston, which is leading a central bank digital currency research project with MIT, said this week that technical hurdles to a digital dollar can be explored even as major policy issues are under discussion. “[A] variety of very difficult policy issues would need to be resolved to appropriately design key features of a central bank digital currency,” Eric Rosengren said in a speech May 12 at a Harvard Law School panel discussion on the topic. The Boston Fed and MIT will release a white paper in the early third quarter of this year that “will document the ability to meet reasonable goals with core processing, and create an open source license for the code,” Rosengren said.
BPI President and CEO Greg Baer recently published a working paper on CBDC’s implications for the U.S. economy that explores the challenges and trade-offs of a digital dollar proposal.
Banking Panel Leaders Eye Intensified China Sanctions in Bipartisan Bill
The Senate Banking Committee’s top two lawmakers announced an agreement on bipartisan China sanctions legislation this week. The bill as amended by Chairman Sherrod Brown (D-OH) and Ranking Member Pat Toomey (R-PA) would require mandatory sanctions on Chinese cyber attackers and intensify existing sanctions authorities targeting China human rights violations, economic espionage, Hong Kong, fentanyl production and illicit trade with North Korea, among other issues. The language, which is likely to be included in the Endless Frontier Act, would require sanctions on Chinese IP theft and target recently enacted AML reforms at Chinese shell companies. Majority Leader Chuck Schumer (D-NY) recently announced his intention to bring the bill to the floor next week.
BankThink: End Racial Disparity in Awarding New Markets Tax Credit Funds
The New Markets Tax Credit program offers a targeted tax incentive that delivers billions of dollars in capital each year to economically disadvantaged communities, providing meaningful support with a strong rate of return. But it suffers from a key shortfall: it relies on community development entities as to shepherd private capital to businesses in low-income communities, and CDEs owned by people of color have struggled to access the tax credits, U.S. Bank Chief Diversity Officer Greg Cunningham and Zack Boyers, U.S. Bancorp Community Development Corp. Chairman and CEO, wrote in a BankThink op-ed this week. U.S. Bank, the most active NMTC investor in the U.S., called on Treasury and Congress to pave the way for equitable access for organizations owned or led by people of color. The op-ed proposes adjusted eligibility requirements and a dedicated funding pool for CDEs owned or led by people of color.
Nebraska Lawmakers Advance Crypto Bank Bill
Nebraska is on track to become the second U.S. state to introduce a crypto banking charter, after Wyoming. State lawmakers advanced legislation that would allow firms to register as digital asset depository institutions and allow customers to buy and sell cryptocurrencies, according to Decrypt this week. The move follows the enactment of a similar law in Wyoming, which chartered two crypto banks, Kraken and Avanti, last year. The article quotes BPI’s description of Kraken’s business model as “an accident waiting to happen.”
FDIC Wants to Know More About Bank Crypto Plans
FDIC Chair Jelena McWilliams said the agency is keeping an eye on banks expanding into digital assets. “[W]e have been watching such developments closely, and we plan to issue a request for information to learn more about what banks are doing, what banks are considering doing, and what (if anything) the FDIC should be doing in this space,” McWilliams said in a speech this week at a Federalist Society event.
BPI, Joint Trades Urge Lawmakers to Support CDFI Fund
BPI, ABA, the Community Development Bankers Association and other trades urged appropriations committee members in both chambers of Congress to support $1 billion for the CDFI Fund, which includes $100 million for the Bank Enterprise Award program. The CDFI Fund needs a boost in funding in light of significant demand and the nation’s pandemic recovery, the trades wrote in a May 14 letter. The BEA program, which is highly effective at channeling investment into the most underserved communities, complements the Community Reinvestment Act by providing incentives to serve more highly distressed communities.
