Enforcement

• • Ripple’s CEO criticized the SEC’s planned $2B securities violation lawsuit, highlighting a series of contested SEC actions against Ripple, including claims of selling unregistered securities. Ripple now focuses on payments in the US. The SEC has not issued clear rules on when crypto activities constitute securities needing registration.

Regulatory Change

• • The SEC has adopted long-anticipated climate change disclosure rules for public companies, effective 60 days after publication in the Federal Register. These rules, reflected in amendments to various SEC regulations, aim to standardize climate-related disclosures for companies of all sizes and industries.

Artificial Intelligence

• • McKinzie recently published an article about the differences between artificial intelligence (AI) and artificial general intelligence (AGI). The article details the eight capabilities AI needs to master before achieving AGI.

Crypto

• • Members of Congress are trying to delete the controversial SEC’s accounting bulletin that implies restrictions on companies that want to hold their customer’s crypto assets.

Enforcement

• • The SEC has fined 16 firms more than $81 million combined to settle charges for widespread recordkeeping failures.
  • Last year, CFPB filed 29 enforcement actions, with key areas of scrutiny surrounding lending discrimination and unfair fee practices. In 2024, the agency plans to increase its capacity to enforce the law when emerging technologies harm consumers.

Regulatory Change

• • FincEN proposes to extend anti-money laundering and countering-the-financing-of-terrorism obligations to investment advisers. The proposed rule is part of a broader overhaul to the U.S. AML regime that includes the now-effective Corporate Transparency Act and upcoming rulemaking to enhance the Customer Due Diligence Rule.
  • The FCC has amended Telephone Consumer Protection (TCPA) Regulations  to clarify and strengthen consumers’ rights to grant and revoke consent to receive robocalls and robotexts.

• Technology
  • Thomson Reuters announces a series of GenAI initiatives to change the practice of law including AI-Assisted Westlaw Research and an AI Legal Assistant that will interface across their products; United Healthcare faces class action over use of Predictive AI decision tool to analyze claims.
  • Biden executive orders on AI safety and security require Commerce and NIST to develop guidance and standards.
• Consumer Protection
  • State and Federal Community Reinvestment laws get updated; bank regulators issue new guidance on TCPA compliance.
•  Crypto
  • New York DFS updates its guidance for Bitcoin Licensees; IOSCO Finalizes Recommendations for Regulating Crypto Asset Service Providers.
  • UK announces it plans to introduce legislation next year putting into force proposed framework for regulating crypto positioning it to be one of the leading jurisdictions for crypto businesses (along with Singapore and Hong Kong).
• Enforcement
  • SEC Releases FY 2023 enforcement results bringing 784 actions and  obtaining $4.949B in remedies.
• Rulemaking
  • Congress and Regulators butt heads on new DOL fiduciary rule and stricter capital requirements for banks; OCC issues report on its  2024 regulatory priorities.
• Data, privacy and cybersecurity
  • A quarterly report on global legal/regulatory developments references the recently-finalized EU-US Data Privacy Framework  that US firms can rely on as an alternative to the GDPR and a movement by regulators across the globe (CFPB in the US has proposed rulemaking) to regulate data scraping of personal data. It also lists CO and CT among jurisdictions that have enacted laws on these topics during the quarter.
  • NYDFS amends Financial Services Cybersecurity Requirements; White House National Cybersecurity Initiative gains momentum.
• Fintech
  • Already authorized to supervise nonbank offerings of consumer financial products, the CFPB has now proposed a new rule to regulate consumer payment firms (apps). 
• Banking
  • The Federal Reserve has published its semiannual Supervision and Regulation Report.
• IA/BD
  • DOL issues new proposed fiduciary rule that will impose new obligations on BDs over and above obligations under SEC Reg BI; Massachusetts regulates fiduciary duty obligations at state level; Federal regulators put large nonbank financial institutions back  under SIFI regulation; SEC Adopts new registration/regulation regime for Security Based Swap Execution Facilities.
  • The FCA (UK) has sent a letter to CEOs of wealth management firm and brokerage firms outlining their concerns, priorities and expectations in two focus areas: AML/CFT and consumer protection.
• Consumer Banking
  • The Fed publishes consumer banking newsletter featuring enforcement cases and exam issues along with regulatory challenges.
• AML/CFT
  • The AML/CFT Global Standard Setter (FATF) announces plans to issue guidance bringing trust arrangements  under its beneficial ownership framework; US  rules imposing beneficial ownership reporting obligations on companies go into force January 1st.
• Climate Change Regulation
  • SEC still expected to finalize public company climate disclosure rules by year end; in meantime, they adopted climate related rules applicable to investment companies and their advisers and Federal Bank regulators issue climate related risk guidance applicable to large banks.  In the EU, banking regulators propose a series of actions for managing climate related prudential risks.

• Enforcements
  • SEC fines 10 prominent broker-dealers and investment advisers $79M for record keeping violations.
  • Brokerage firms are fined a total of $19M in the same week the WSJ reports that Wall Street is starting to push back at the amount and frequency of fines by choosing to fight back in federal courts. (Source 1, Source 2)
  • SEC Fines Credit Rating Agencies $12M for long standing record keeping failures.

• Exam Priorities
  • In contrast with past practice of announcing annual exam priorities in January, this year, the SEC accelerated their announcement to October. The purpose of this practice is to provide regulated entities advance notice of key risk areas and topics the SEC exam division plans to incorporate into their compliance exams.  The report is organized by following entity types and also discusses a series of common risk areas  
    • Investment advisers
    • Private fund investment advisers
    • Broker-dealers
    • SROs (including exchanges)
    • Clearing Agencies
    • Other Market Participants (municipal advisors, swap dealers, transfer agents)
  • The OCC Issues Exam Priorities for FY 2024. The Key areas of focus in the OCC Operating Plan include following that are hot regulatory topics for the banking industry:
    • Cybersecurity
    • Digital Ledger Technology (DLT) Activities (crypto and digital asset custody; use of blockchain)
    • Payments (systems, products, services)
    • Change Management
    • BSA/AML/OFAC
    • Consumer Compliance
    • Fair Lending

• Cyber Security
  • October is National Cybersecurity Awareness Month. Although national (and international) cybersecurity standards have been developed and there are some regulations at the state- and federal-level, there is no national cybersecurity regulatory framework in the US. Here’s a summary of cyber rulemaking developments in 2023:
    • March 2023 –  The White House issued its 2023 National Cybersecurity Strategy building on efforts by earlier administrations and replacing the 2018 National Cyber Strategy (NCS). Intended to be implemented alongside other strategies important to a digital economy including the National AI Initiative, the NCS identifies 5 pillars the Office of the National Cyber Director (ONCD) is directed to work on with various federal agencies. 
    • July 2023 – The ONCD released a NCS Implementation Plan (NCSIP) that lays out a roadmap of federal initiatives  to build out the 5 pillars, including new regulations providing guidance to critical infrastructure providers during incident response and recovery
    • July 2023 – the SEC adopted new regulations amending 17 CFR Parts 229, 232, 239, 240, and 249 (eff September 5, 2023) requiring public companies (and foreign private issuers) to make public disclosures about their cybersecurity risk management practices and material incidents.
    • August 2023 – Making regulation for critical infrastructure a priority, the ONCD issued a Request for Information asking for public feedback on ways to harmonize existing  regulations with new regulations being considered applicable to  emerging technologies critical to the nation’s infrastructure. Comments are due October 31, 2023.
      

• Regulation Around Junk Fees
  • Foreshadowing rulemaking at the federal level, California passed a new law that, beginning July 1, 2024, with certain exceptions, makes unlawful advertising, displaying, or offering a price for a good or service that does not include all mandatory fees or charges other than taxes or fees imposed by a government on the transaction. The White House issued a statement summarizing actions being taken by federal agencies to crack down on junk fees, including:
    • FTC proposing new rule mandating fee transparency  (16 CFR Part 464). Comments are due 60 days after proposal is published in Federal Register (pending)
    • CFTC issuing an Advisory Opinion (Guidance) interpreting Section 1034(c) of the 2010 Consumer Financial Protection Act (see 12 U.S.C. 5534(c))  prohibiting large banks and credit unions from imposing unreasonable obstacles on customers, to mean prohibiting them from charging  consumers fees for basic information about their own accounts.

• Suing the SEC
  • Six trade groups sue the SEC to vacate the new private fund regulator framework  that goes into force November 13th.
    • The Managed Fund Association (MFA), the largest global trade group for private funds, joined 5 other trade groups in suing the SEC arguing that it exceeded its regulatory authorities under the Investment Advisers Act and other relevant laws and did not satisfy administrative rulemaking obligations, including failure to demonstrate a need for the rule. The relief requested is for the court to hold that the new rule is illegal and for the court to vacate and set aside the rule. 

• Regulating AI
  • Governments around the world are racing to regulate AI and its groundbreaking innovations but the speed by which the technology is advancing is complicating their efforts. In the absence of a framework for regulating AI at the federal level, states are rapidly stepping into the breach with rulemaking.

• Open Banking
  • Payments and financial services technology provider Fiserv and data network Plaid launched a data-sharing partnership connecting customers at Fiserv hosted banks and credit connections to  Plaid network apps and services enabling consumer access to,  and control over sharing , their financial data  with third parties in another step towards “open banking” in the U.S. 
  • Fast following regulation of consumer data privacy, is emerging regulation to protect the rights of consumers to personal data generated in digital interactions that are prevalent in the financial sector (open banking). Referred to as Consumer Data Right (CDR) regulation, the goal is to provide consumers with more control over their personal data by enabling them to share that data with the businesses they select for uses they choose.