Eva Dauberton
News Editor
UK ICO calls for all organisations to boost their cyber security
The UK Information Commissioner’s Office (ICO) has released a report addressing the increasing threat of cyber attacks. This report offers practical advice to help organisations understand common security vulnerabilities and take simple measures to enhance their own security, thereby preventing future data breaches.
According to ICO trends data, there were over 3,000 reported cyber breaches in 2023, with 22% of them occurring in the finance sector. The report focuses on five leading causes of cyber security breaches: phishing, brute force attacks, denial of service, errors, and supply chain attacks. It provides:
- An explanation of how these attacks occur.
- Important considerations to mitigate risks.
- Potential future developments.
Additionally, the report includes case studies from the ICO’s regulatory activities.
Click here to read the full RegInsight on CUBE’s RegPlatform
FRC publishes final settlement decision notices in respect of KPMG and two former partners
Following the announcement on 12 October 2023 regarding the enforcement action taken regarding KPMG’s audits of Carillion plc, the Financial Reporting Council (FRC) has now published the two complete final settlement decision notices. This marks the final stage of the publication process.
The first decision pertains to shortcomings in relation to the statutory audit of Carillion’s financial statements for the years ending on 31 December 2014, 2015, and 2016. The second decision addresses failures in relation to the statutory audit of specific transactions linked to Carillion’s financial statements for the year ending 31 December 2013.
Click here to read the full RegInsight on CUBE’s RegPlatform
Federal Reserve issues 2023 pilot climate scenario analysis results
The US Federal Reserve has released the results of the pilot climate scenario analysis (CSA) exercise conducted in 2023. The exercise aimed to explore large banking organisations’ climate risk-management practices and challenges and to improve the ability of these organisations and supervisors to recognise, estimate, monitor, and manage climate-related financial risks.
Some context
Six large bank holding companies participated in the 2023 pilot CSA exercise: Bank of America Corporation, Citigroup Inc, The Goldman Sachs Group, Inc, JPMorgan Chase & Co, Morgan Stanley, and Wells Fargo & Company.
The exercise had two primary objectives:
- Learn about large banking organisations’ climate risk-management practices and challenges.
- Enhance the ability of large banking organisations and supervisors to identify, estimate, monitor, and manage climate-related financial risks.
Key takeaways
The pilot CSA exercise provided the following insights:
- Participants took different approaches to construct the scenarios. Differences in approach were driven largely by participants’ business models, views on risk, access to data, and prior participation in climate scenario analysis exercises in foreign jurisdictions.
- Most participants relied on existing credit risk models to estimate the impact of physical and transition risks on their portfolios and assumed that historical relationships between model inputs and outputs continue to hold as the climate and the structure of the economy evolve.
- Participants reported significant data and modelling challenges in estimating climate-related financial risks.
- Participants reported that better understanding and monitoring of indirect impacts and chronic risks are important for managing climate-related financial risks.
- Participants highlighted the important role that insurance plays in mitigating the risks of climate change for consumers, businesses, and banks.
- Participants identified key design choices that meaningfully impacted the insights drawn from the exercise.
- Participants suggested that climate-related risks are highly uncertain and challenging to measure.
Click here to read the full RegInsight on CUBE’s RegPlatform
OFAC requests comments on interim final rule on reporting
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an interim final rule and request for comments regarding the Reporting, Procedures and Penalties Regulations (the Regulations).
Some context
The Regulations outline the standard requirements for reporting and recordkeeping, license application procedures, and other relevant procedures for the economic sanctions programs administered by OFAC.
Key takeaways
The interim rule focuses on updates to nine sections of the Regulations to require electronic filing of certain submissions to OFAC and to modify reporting requirements related to blocked property and rejected transactions.
Specifically, the interim final rule:
- Mandates the use of the electronic OFAC Reporting System (ORS) for submitting initial reports of blocked property, annual reports of blocked property, and reports of rejected transactions. It will also eliminate the option for mail submission.
- Describes reports OFAC may require from financial institutions for transactions that meet specified criteria and adds a reporting requirement for any blocked property that is unblocked or transferred.
- Clarifies the scope of the reporting requirement for rejected transactions.
- Modifies the procedures for requests relating to property that is blocked in error.
- Updates the Regulations with respect to the availability of information under the Freedom of Information Act (FOIA) for certain categories of records.
Next steps
This interim final rule will become effective on 8 August 2024, and written comments can be submitted on or before 10 June 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform
CFPB highlights issues with credit card rewards program
The Consumer Financial Protection Bureau (CFPB) has released a report highlighting the numerous challenges that customers often face with credit card rewards programs.
In light of this, the CFPB reminds firms that rewards programs offered alongside consumer financial products or services are subject to Federal consumer protection laws. Some examples of issues encountered by consumers include credit card issuers imposing unclear or undisclosed conditions that prevent consumers from receiving rewards, as well as difficulties redeeming earned benefits.
Moving forward, the CFPB will continue to closely monitor credit card rewards programs and will take appropriate actions to address these issues.
Click here to read the full RegInsight on CUBE’s RegPlatform
FINRA final T+1 settlement test
The US Financial Industry Regulatory Authority (FINRA) has released a technical notice regarding the final production User Acceptance Test (UAT) scheduled for 18 May 2024. It will allow clients to test the changes made for T+1 Settlement for Over-The-Counter Reporting Facility (ORF) and Alternative Display Facility (ADF). This announcement follows the completion of the previous test conducted on 4 May 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform
Michelle Bowman’s speech on resiliency and the role of regulators
In a speech at the Texas Bankers Association 2024 Annual Meeting, Michelle Bowman, member of the Board of Governors of the Federal Reserve System, delivered a speech on financial stability and the crucial role of banking regulators in ensuring resiliency within the financial system. In her address, she noted the complexities of this task, acknowledging the ever-evolving nature of financial risks in an interconnected world.
The role of regulators in promoting financial stability
Bowman began by highlighting the Federal Reserve's pivotal role in maintaining financial stability through various mechanisms such as monetary policy, robust bank supervision, and vigilant risk monitoring. A stable financial system, she emphasised, forms the bedrock for a healthy banking sector and a thriving economy, aligning with the Federal Reserve's objectives of maximum employment and stable prices.
Understanding financial stability risks
Bowman acknowledged the challenge of providing an exhaustive list of financial stability risks, but did elaborate on the concept of shocks and vulnerabilities within the financial system. Shocks, as adverse events, can severely affect the financial system. Vulnerabilities might be a specific characteristic or activity that exacerbates the stress severity when a shock happens. By focusing on vulnerabilities and risk accumulation regulators aim to bolster the system's resilience against unforeseen shocks.
Insights from the Financial Stability Report
Bowman recommended the Federal Reserve's Financial Stability Report as a valuable resource for understanding current vulnerabilities and risks. While the report primarily focuses on identifiable vulnerabilities rather than unpredictable shocks like cyberattacks or geopolitical events, it provides insights into the financial stability outlook.
Principles for promoting financial stability
Bowman outlined three principles to encourage debate regarding the regulators’ role in promoting financial stability: effective bank supervision, regulatory approaches to promote financial stability and consideration of unintended consequences.
Effective bank supervision
Supervision should focus on core banking risks, effectively mitigating vulnerabilities such as credit risk in areas like commercial real estate lending. Bowman noted that supervision can sometimes fail to address the build-up of traditional risk and can be diverted from core risks, citing the example of SVB where the supervision of risk management and the operation of liquidity support and payment tools could have been much more effective. Hence, she calls for supervision to continue to focus on traditional risks and not to dilute this key role.
Regulatory approaches to promote financial stability
Bowman said regulations should be carefully scrutinised to ensure they don't inadvertently exacerbate financial stability risks. She gave an example of measures to enhance liquidity in Treasury markets needing to be balanced against potential regulatory burdens on banks.
Consideration of unintended consequences
Regulators must evaluate the broader implications of regulatory actions, said Bowman. This would include the cost of banking regulation and structural shifts whereby nonbank entities operate outside the regulatory perimeter, with Bowman noting: “Imposing the same level and type of regulation and oversight on activity that occurs outside of the banking system is beyond the scope of bank regulatory authority. However, we must be careful not to facilitate the transfer of activity and risk out of the banking system simply by imposing standards that are disproportionate to risk for the same activities that are conducted by banks... [s]ame activity, same risk, same regulation.”
At the same time, Bowman, returning to a personal theme, noted that excessively disproportionate regulation can have adverse effects, including higher costs for banks and customers, restricted choice and less availability but whilst “not opposed to appropriate reforms to bank regulation and supervision—both must adapt to changing conditions and risks.”
Challenges and considerations
Bowman ended her speech by highlighting additional challenges to the sector such as the impact of monetary policy on banking system stress and the influence of COVID-related stimuli on deposit activity. Recognising that there are pockets of financial stability risk where the Federal Reserve lacks authority, she nevertheless urged a cautious approach to regulatory reforms, emphasising the need for transparency, fairness, and efficiency in regulatory and supervisory practices.
Click here to read the full RegInsight on CUBE’s RegPlatform
HKMA issues revised version of the Supervisory Policy Manual
The Hong Kong Monetary Authority (HKMA) has released an updated version of the Supervisory Policy Manual (SPM) SB-1. This revised module: “Supervision of Regulated Activities of SFC-Registered Authorised Institutions,” has been issued as a statutory guideline under section 7(3) of the Banking Ordinance.
Some context
The SPM module outlines the HKMA’s approach to supervising the regulated activities of Authorised Institutions (AIs) that are registered with the Securities and Futures Commission (SFC) under the Securities and Futures Ordinance Classification.
Key takeaways
This revised guideline replaces the previous version of SB-1 dated 27 May 2016. The updated module provides a comprehensive overview of the regulatory and supervisory framework, supervisory approach, as well as the major legal and regulatory requirements for various common business activities related to the regulated activities of registered institutions (RIs).
To note: as cross-boundary business activities of RIs continue to increase and the SFC grants licenses for itinerant professionals, the HKMA has established an arrangement that allows RIs to engage individuals who will repeatedly visit Hong Kong for short periods each time to perform regulated activities as itinerant professionals. Detailed information regarding this arrangement can be found in paragraphs 4.3.24 to 4.3.27 of the module.
Next steps
The module applies from 10 May 2024.
Click here to read the full RegInsight on CUBE’s RegPlatform