Bank Regulatory News and Trends

In this edition:

• Judge puts a hold on CRA overhaul.
• FDIC proposes stricter scrutiny of bank mergers over $100 billion.
• New CFPB report finds risks to consumers in video gaming marketplaces.
• FDIC details how it would conduct resolution of GSIBs.
• Treasury highlights AI cybersecurity risks for financial sector.
• Powell suggests agencies will revisit proposed bank capital rule.
• Texas judge sends banks’ case over CFPB credit card late fee limit to DC court.

Judge puts a hold on CRA overhaul. A federal judge has blocked implementation of federal banking regulators’ recently adopted final rule to modify the Community Reinvestment Act (CRA). In a March 29, 2024 decision, US District Judge Matthew Kacsmaryk of the Northern District of Texas sided with banking industry trade organizations, which had challenged the new regulations, by issuing a preliminary injunction halting enforcement. Judge Kacsmaryk determined that the banking groups were likely to prevail on their claims that regulators exceeded their statutory authority and that the new rule was not expressly authorized by Congress. In a rulemaking announced last October, and ultimately published in the Federal Register on February 1, 2024, the federal banking regulators – the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) – jointly issued a final rule intended to modernize regulations implementing the CRA, a 1977 law aimed at addressing redlining by setting standards for banks to meet the credit needs of the communities, including low- and moderate-income communities, in which they do business. (For more information on the CRA modernization, please see the January 8, 2024 edition of Bank Regulatory News and Trends.) The final rule, which was modified from an earlier proposal to try to address industry concerns, was an effort to adopt new metrics for evaluating bank retail lending and community development financing while adapting to changes in the banking industry such as online and mobile banking.

A lawsuit was filed on February 5, 2024 against the three banking regulators by a coalition of organizations – including the American Bankers Association, the US Chamber of Commerce, the Independent Community Bankers of America, and others – charging that the new rule violates the Administrative Procedure Act by revising the CRA beyond, or contrary to, Congress’s intent in enacting the law. On April 18, 2024, the banking agencies filed a brief appealing the ruling to the Fifth Circuit. Michael Barr, the Fed Reserve’s vice-chair for supervision, defended the legality of the new rules in an April 3, 2024 interview with a financial journalist, stating that Congress wrote the law in a “broad way” and “left it to the banking agencies to make sure that CRA kept working over time” through periodic regulatory updates.

FDIC proposes stricter scrutiny of bank mergers over $100 billion. The Federal Deposit Insurance Corporation (FDIC) has proposed revisions to its current Statement of Policy (SOP) on Bank Merger Transactions that would subject mergers resulting in banks with more than $100 billion in combined assets to a heightened level of evaluation. Under the proposal, which was posted on the FDIC’s website on March 21, 2024, mergers subject to FDIC approval under the Bank Merger Act would have to undergo a more rigorous assessment regarding effects on competition and consolidation within the industry, how the needs of the community would be served, and consequences for the stability of the financial system. The revised SOP is intended to reflect statutory and other developments that have occurred since it was last amended in 2008. The FDIC’s draft proposal, which offers a statement of principles rather than set procedures, applies to non-banks, banks that are not traditional community banks, and mergers between insured financial institutions and non-insured entities. It reflects input the agency received in response to the FDIC's March 2022 Request for Information and Comment on Rules, Regulations, Guidance, and Statements of Policy Regarding Bank Merger Transactions.

The FDIC will open a 60-day comment period following publication of the SOP in the Federal Register.

New CFPB report finds risks to consumers in video gaming marketplaces. The Consumer Financial Protection Bureau (CFPB) has published a report highlighting financial and privacy risks associated with financial transactions within online video games and virtual environments. Released on April 4, 2024, the report, Banking in video games and virtual worlds, examines the growth of financial transactions in online video games and virtual worlds. While these platforms can resemble traditional banking and payment systems that facilitate the storage and exchange of billions of dollars in assets, including potentially virtual currencies, the CFPB said consumers report not receiving the protections they expect under federal law and, as a result, are being harmed by scams or theft on gaming platforms. As the report explains, in order to leverage the immense value of assets flowing into and out of gaming marketplaces, financial products and services have entered gaming platforms in the form of payment processing, money transmission, and loans. But operators of gaming and virtual worlds are not providing the kinds of customer protections that apply to traditional banking and payment systems, even amid “increased reports of users losing access to gaming assets through hacking attempts, account theft, scams, and unauthorized transactions.” The report also notes that gaming publishers can collect surveillance data about their users, including location, social media use, and “behavioral interactions,” and, for example, how a player responds to personalized incentives. “There is risk that gamers may be harmed when their data is sold, bought, and traded between companies, including for purposes outside of game play,” the report states. The CFPB “is working to understand how these [gaming and virtual] worlds can become a haven for scams, fraud, financial losses, and unanticipated purchases that can deplete a family’s real-world financial assets,” Director Rohit Chopra said, pledging that the agency “will continue to monitor emerging business practices in the virtual world to ensure consumers’ finances and data are safeguarded from harm.”

It is advisable for online and virtual platforms to review their terms of service and other consumer-facing materials with an understanding of consumer financial regulatory regimes that are either applicable or potentially applicable to their products given the features and functionality afforded.

FDIC details how it would conduct resolution of GSIBs. The Federal Deposit Insurance Corporation has published a report on how it expects to resolve US-headquartered Global Systemically Important Banking Organizations (GSIBs). The report, released April 10, 2024 and titled Overview of Resolution Under Title II of the Dodd-Frank Act, describes the FDIC’s approach to managing the orderly resolution of a large, complex financial company. The FDIC has long had responsibility for managing bank failures, but the Dodd-Frank Wall Street Reform and Consumer Protection Act expanded the agency's role to allow for more expedited resolutions of entire financial conglomerates facing collapse to prevent systemic disruption. The report explains the interagency decision-making process and operational steps. Under a scenario where a GSIB is facing collapse, a holding company would be put into receivership while the subsidiaries would be kept open and transferred to a new “Bridge Financial Company” for restructuring. An Orderly Liquidation Fund would be accessible as a temporary backstop source of liquidity.

The report:

• Provides background information on resolution-related authorities the FDIC could use under the Dodd-Frank Act
• Highlights the measures that are taken to prepare for, and implement, GSIB resolution under Title II of the Dodd-Frank Act
• Reviews the strategic decision-making for use of resolution authority, and
• Explains the FDIC’s expected use of a “Single Point of Entry” resolution strategy.

“The ability of the FDIC and other regulatory authorities to manage the orderly resolution of large, complex financial institutions remains foundational to U.S. financial stability,” said FDIC chair Martin Gruenberg. Since the authority was afforded to the FDIC, there has been no resolution of a GSIB.

Treasury highlights AI cybersecurity risks for financial sector. The US Treasury Department issued a report warning financial institutions of the unique fraud and cybersecurity risks posed by artificial intelligence (AI) technology and offering a series of still-emerging best practices to manage and combat them. The report, Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector, released March 27, 2024, was prepared pursuant to President Joe Biden’s October 2023 executive order on the safe, secure, and trustworthy development and use of AI by federal government agencies. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection, which carries out the Department’s risk management responsibilities for the financial sector, led the development of the report. The report outlines a series of next steps to address immediate AI-related operational risk, cybersecurity, and fraud challenges, such as:

• Addressing the growing capability gap between large and small financial institutions when it comes to in-house AI systems
• Along the same lines, narrowing the fraud data divide for AI training models
• Improving regulatory coordination at the state, federal, and international levels
• Developing best practices for data supply chain mapping
• Addressing the AI workforce talent gap
• Developing a common AI-specific lexicon for industry players and regulators, and
• Adopting an emerging set of international, industry, and national digital identity technical standards.

In researching the report, Treasury conducted in-depth interviews with 42 financial services sector and technology-related companies. The report does not impose any requirements and does not endorse or discourage the use of AI within the financial sector.

Acting Comptroller of the Currency Michael Hsu expressed similar concerns about the “intersection of AI and fraud” in an April 4, 2024 speech before the National Community Reinvestment Coalition. The head of OCC echoed some of the report’s findings, saying, “The gap between large and community banks when it comes to fraud data and AI capabilities must be addressed. Large banks can develop and train anti-fraud models using their own internal data. Community banks cannot. Large banks can also invest in AI talent and IT systems in ways that are impractical for community banks."

Powell suggests agencies will revisit proposed bank capital rule. Federal Reserve Chair Jerome Powell told a Congressional panel it is a “very plausible option” that regulators could substantially rewrite a proposal to increase capital requirements for large banks. Testifying before the House Financial Services Committee in the semi-annual Fed monetary policy report on March 6, 2024, Powell said, “I do expect that there will be broad and material changes to the proposal.” As noted in the January 8, 2024 edition of Bank Regulatory News and Trends, the Fed has already extended the public comment period on the proposal, known as the “Basel III Endgame.” The proposal – issued by the Fed, along with the FDIC and the OCC last July – was intended to strengthen the banking system by applying a broader set of capital requirements to more large banks. It would generally apply to banks with $100 billion or more in total assets, while community banks would not be impacted by the proposal.

The same week as Powell’s testimony, Acting Comptroller of the Currency Michael Hsu indicated in a March 8th media interview that the agencies would “very seriously consider” making changes to the large bank capital proposal, though he did not address whether that might mean issuing a new draft rule.

Texas judge sends banks’ case over CFPB credit card late fee limit to DC court. A federal judge transferred to the District of Columbia a major banking industry lawsuit against the Consumer Financial Protection Bureau (CFPB) over the bureau’s new limits on credit card late fees. In a March 25, 2024 emergency motion for injunction, the US Chamber of Commerce and bank trade associations asked the 5th Circuit Court of Appeals to immediately halt the CFPB’s final rule that limits credit card late fees to $8, down from the current cap of about $32 now. The CFPB criticized the lawsuit as “forum shopping,” seeking to get the case before the Northern District of Texas, which has a conservative reputation, to get a better outcome and said the plaintiffs did not establish a connection to the Fort Worth area. The agency argued that the case should be transferred to DC. US District Judge Mark Pittman sided with the CFPB on the jurisdictional question. The banking industry plaintiffs have called for an expedited hearing since the rule on the credit card fees is set to go into effect on May 14, 2024.