Several important developments in recent days caught our attention. 

To no one's surprise, crypto was in the news. My white collar and defense colleague Christian Larson, one of our firm leaders on AML, provides an important update on what U.S. regulators are doing with regard to AML compliance within the crypto industry. 

In other important news, my fellow Washington, DC partner Mercedes Tunstall writes that the CFPB continues to look very closely at arbitration clauses in consumer financial services, and now the battle with Congress has intensified with a new CFPB-proposed rule. My UK partner Alix Prentice examines the Prudential Regulation Authority's plans for implementing Basel 3.1 standards for calculating risk-weighted assets. And I write about Acting Comptroller of the Currency Michael Hsu's views on "too-big-to-manage" (TBTM). 

Any comments or questions? Just drop me a note here.

Daniel Meade 
Editor, Cabinet News and Views

By Daniel Meade

Partner | Financial Regulation

Acting Comptroller of the Currency Michael Hsu delivered remarks, titled “Detecting, Preventing, and Addressing Too Big To Manage,” at the Brookings Institution yesterday in which he addressed and offered a possible solution to the too-big-to-manage (“TBTM”) problem. 

While noting that “[l]arge banks provide invaluable support to our economy,” Acting Comptroller Hsu went on to proffer that large banks are “bigger and more complex than ever.” However, he noted, “effective management is not infinitely scalable.” He stated that “[t]he most effective and efficient way to successfully fix issues at a TBTM bank is to simplify it – by divesting businesses, curtailing operations, and reducing complexity.”

Acting Comptroller Hsu discussed five signs that a bank may becoming TBTM (although he noted that there are many more):

1. The (im)materiality illusion: when materiality is measured in percentages at a big bank, it can deceive management into thinking a problem is not material;
2. The isolated incident/bad apple illusion: assumption that the problem is isolated rather than that similar problems may be elsewhere in the organization;
3. External vs. internal risk identification: when examiners uncover a bank’s problems more than internal risk does;  
4. Hubris, contempt and indifference: senior management indifference “can lead to blind spots and should be a flag”; and 
5. Rushed integration and diseconomies of scale: “Integrating systems, processes, and people is easier said than done.”

Acting Comptroller Hsu continued with how he thought TBTM risks should be addressed – ultimately, through divestitures. He stated that having a clear escalation framework would address due process issues as well as separating out “just poorly managed” institutions from TBTM ones. He noted that the OCC is currently using a four-level escalation framework to address supervisory concerns and deficiencies at large banks. Those four levels generally are:

1. MRAs or Matters Requiring Attention issued by examiners as non-public supervisory findings in their examination reports;
2. Public enforcement actions, such as consent orders, and civil money penalties;
3. Restrictions on growth, business activities, capital actions or some combination of restrictions; and 
4. Divestiture or breaking up the bank.

Acting Comptroller Hsu stated that, at the point of the fourth level of escalation, the bank “would have had multiple opportunities to address the problem and been publicly motivated to do so, yet fallen short, again” and “evidence of the bank’s inability to manage itself would become overwhelming.”

He concluded his remarks by noting: “’The better a car’s brakes, the faster it can drive safely.’ I believe this is useful to bear in mind as we consider the devilish details and focus large banks on the risks that can cause them to become TBTM.”

Acting Comptroller Hsu did not discuss whether he thinks his four-tier approach is something for which the OCC will issue guidance or proceed with a rulemaking, or whether, as his remarks suggest, this is the current approach at the OCC. Acting Comptroller Hsu’s remarks did not paint all large banks above a certain asset threshold as problematic, but did discuss ultimately harsh results for banks that progress all the way to his fourth tier of action. To possibly inaptly borrow his analogy to a car with better brakes, his ultimate result might not be to build better airbags, but, rather, ejector seats.     

By Christian Larson

Special Counsel | White Collar Defense and Investigations

U.S. regulators are signaling heightened expectations for anti-money laundering compliance within the crypto industry. Although FinCEN issued guidance in 2013 interpreting virtual currency “administrators” and “exchanges” as money services businesses (“MSBs”) subject to Bank Secrecy Act (“BSA”) requirements, both the crypto industry and U.S. regulators have evolved significantly in the past 10 years. While some crypto industry players have implemented bank-style anti-money laundering programs requiring customers to disclose their identity and source of wealth, other players have created projects specifically designed to bolster anonymity. In recent weeks, U.S. regulators and legislators have taken several actions to push the crypto industry toward a broader and more fulsome adoption of anti-money laundering controls.

On December 14, 2022, Senators Elizabeth Warren (D-MA) and Roger Marshall (R-KS) introduced the Digital Asset Anti-Money Laundering Act, which, if enacted, would do four key things. First, the Act would require FinCEN to issue a rule classifying digital asset wallet providers, miners, validators and other network participants as MSBs subject to the BSA. Second, the Act would require FinCEN to finalize a 2020 proposed rule imposing additional recordkeeping requirements for transactions involving unhosted digital asset wallets. Third, the Act would require Treasury to prohibit financial institutions from dealing with digital asset mixers, privacy coins, and other anonymity-enhancing technologies. And fourth, the Act would require the federal functional regulators, including the SEC and the CFTC, to assess “the adequacy” of the anti-money laundering program and reporting obligations under the BSA.

On January 3, 2023, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency issued a Joint Statement on Crypto-Asset Risks to Banking Organizations. Citing “the significant risks highlighted by recent failures of several large crypto-asset companies,” the joint statement states, “it is important that risks related to the crypto-asset sector that cannot be mitigated or controlled do not migrate to the banking system.” The joint statement shows that regulators are questioning whether and how crypto-asset-related activities by banks, including interactions with decentralized networks lacking governance mechanisms, can comply with applicable law, including anti-money laundering statutes and rules.

On January 4, the New York Department of Financial Services (“NYDFS”) announced a $100 million settlement with Coinbase, Inc. over alleged shortcomings in the company’s anti-money laundering program. In its consent order with Coinbase, NYDFS states that the company’s anti-money laundering compliance system “failed to keep up with the dramatic and unexpected growth of Coinbase’s business.” Indeed, Coinbase has held a New York BitLicense since 2017 and expanded in the years since to provide services to more than 100 million cryptocurrency users worldwide. A compliance program’s failure to scale to a swiftly growing business is a common refrain in anti-money laundering enforcement actions against banks; one way to read NYDFS’s enforcement action is as a signal that anti-money laundering expectations are equally stringent for the crypto industry as for the banking industry.

On January 18, FinCEN issued a notice identifying virtual currency exchange Bitzlato Limited as a financial institution of “primary money laundering concern.” Issued under the Combating Russian Money Laundering Act, the notice describes Bitzlato as an overseas “money transmitter” that has “minimal Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) protocols.” The notice also states: “Bitzlato has significant ties to Russia and facilitates a significant number of money laundering transactions involving Russia-related ransomware and Russia-related darknet market proceeds.” Exercising powerful and rarely used authority under Section 311 of the USA PATRIOT Act, FinCEN has prohibited U.S. financial institutions from transmitting funds to Bitzlato or any account or wallet that Bitzlato administers.

By Mercedes Kelley Tunstall

Partner | Financial Regulation

The Consumer Financial Protection Bureau (“CFPB”) issued a proposed rule last week addressing the “Registry of Supervised Nonbanks that Use Form Contracts to Impose Terms and Conditions that Seek to Waive or Limit Consumer Legal Protections.” Comments on the proposed rule must be received by the CFPB by March 13, 2023 or thirty (30) days following publication of the proposed rule in the Federal Register, whichever date is later.

The CFPB has a long history battling against the use of arbitration clauses in consumer financial services, and issued a final rule regarding their use in 2017 (“arbitration rule”). However, Congress intervened and issued a joint resolution disapproving of the arbitration agreement rule, pursuant to the Congressional Review Act, rendering the final rule null and void, with no force or effect. This new proposed rule has a more limited applicability but a broader scope, in terms of substance, than the arbitration rule and does not seek to directly forbid or prohibit arbitration clauses and other types of limitations on the ways consumers can contest agreements with financial institutions. With respect to its limited applicability, the rule would apply only to nonbank financial institutions that are subject to supervision by the CFPB, unless their total annual receipts are less than $1 million. However, with respect to its more expansive scope, the rule would require such supervised financial institutions to register and provide copies of so-called “form agreements” that include any provision deemed by the CFPB to “pose risks to consumers.” Such provisions definitely include arbitration clauses, but also include such pedantic provisions as choice of forum or venue and caps limiting liability.

Implicit in the way the rule is written is that the CFPB would use the registration information to effectively cast a negative light on the companies that have such clauses, and “[m]ost immediately, the information collected by the registry would facilitate the [CFPB]’s prioritization and implementation of examination work in its statutorily-mandated risk-based nonbank supervision program.”

Cadwalader will be providing a more in-depth memo on the proposed rule shortly.

The Consumer Financial Bureau issued new guidance opining that two common bank deposit fees − “authorize positive, settle negative” overdraft fees and return deposited items fees − constitute unfair practices, even if disclosed to the consumer. The CFPB’s guidance, described in this article, is significant for all depository institutions but especially those that rely on deposit fee revenue.

Read the article in New Jersey Bankers Association Magazine here.