On May 12, Treasury Secretary Janet Yellen testified before the House Financial Services Committee on the Financial Stability Oversight Council’s 2021 annual report released last December. The focus from Representatives from both parties quickly turned to digital assets and stablecoins, with Yellen explaining that recent market turmoil highlights the need for a comprehensive regulatory framework. Noting that amid the recent sharp decline in cryptocurrency value (with Bitcoin down 55% from its all-time high) several large stablecoins became untethered from their dollar pegs, she explained that while the sector does not yet represent a systemic risk, its rapid growth means that a future collapse could pose a greater threat to stability. As such, she called upon Congress to enact legislation to require that stablecoin issuers become insured depository institutions (IDIs), which would subject them to a bank regulatory regime that includes capital and liquidity requirements, examination by federal regulators and a suite of risk management and consumer protection requirements. She also explained that the recent turmoil highlights the benefits of a potential US central bank digital currency (CBDC), which “might diminish the proliferation of these stablecoins.” Regarding a potential CBDC, she noted that it is more likely that banks and other third parties would serve as intermediaries rather than the Fed offering direct accounts. Going forward, she highlighted that Treasury is working on cryptocurrency and stablecoin reports as called for by President Biden’s Executive Order (EO) on digital assets, which should be released “soon.”
On the same day, the House Agriculture Committee held a hearing to discuss a proposal to allow for “direct clearing” on cryptocurrency platforms, which would permit platforms to clear crypto derivatives transactions in-house rather than using a third-party clearinghouse. The conversation focused around the differences in cryptocurrency derivatives products with other forms of derivatives, concerns around concentration of risk and potential spillover effects of the proposed model into other derivatives markets.
The ongoing market turmoil demonstrates that concerns around risks stemming from digital assets expressed by regulators such as SEC Chair Gary Gensler and Acting Comptroller Michael Hsu are not just theoretical. With a major stablecoin falling well below the price of the dollar, and others displaying intraday volatility around the dollar peg, the President’s Working Group’s call for Congress to require that issuers become IDIs - amplified by Yellen this week - became more powerful. It has been notoriously difficult to pass legislation in the currently split Congress, especially with midterm elections around the corner, but the bipartisan acknowledgment of the need for additional protections increases the likelihood of action on this issue. We expect regulators will have a fire under them to maximize their existing authority to better protect the markets - for example, the FDIC and other regulators can use existing examination authority to audit fiat reserves held by banks that service stablecoin issuers, and the state authorities and FinCEN, who have jurisdiction over stablecoin issuers organized as money service businesses or state trusts, can do the same. Policymakers and regulators will also likely be considering requirements for financial resources supporting stablecoins’ liabilities, transparency around these resources, and examination protocols to ensure sufficient controls are in place for both stablecoin issuers and those custodying the assets that back them. Despite Yellen’s acknowledgment that this week’s turmoil highlights the benefits of a US CBDC as an alternative to privately-issued digital assets, there remains a long road ahead with an uncertain destination. The Fed’s repeated statements that it will wait for Congress to act before moving forward and that it will take a careful approach to design and development means that we are at the very beginning of a years-long process toward potential CBDC issuance, if it arrives at all.
Meanwhile, the proposal for direct clearing arrived before the House Agriculture Committee during an unfortunate time for its advocates as many Representatives were focused on installing more safeguards as opposed to affording platforms more flexibility. However, the open-minded discussion and careful language around encouraging responsible innovation, echoing themes from President Biden’s EO, shows that policymakers are not interested in bringing digital assets to a halt. Rather, they will continue to focus on limiting risks to consumers and systemic stability while allowing for continued growth in digital asset markets. We expect to see the upcoming Treasury reports take a similar approach when they unveil digital asset policy recommendations later this year.
On May 6th, the Fed issued its latest Supervision and Regulation Report. The report presents an overall positive view of the current conditions of the banking system, noting that the industry added $230b in common equity tier 1 capital since the beginning of the pandemic and the share of total bank assets that are liquid has risen to 28%. However, it notes that Russia’s invasion of Ukraine, and resulting impacts on commodity prices and certain markets, appear to be putting downward pressure on the aggregate market leverage ratio and average credit default swap spreads.
The report states that Fed supervisors will continue to monitor the increased risk environment resulting from the situation in Ukraine, including the potential for cyber attacks targeting financial services. This monitoring is evident from a research note released on May 12th discussing the implications of cyber risk for financial stability. The supervision report describes cybersecurity as “the top risk identified at supervised firms” and says that interagency examinations will focus on 1) controls for managing access to systems and information and 2) processes and tools for handling ransomware attacks. Noting that last year’s exams focused on cybersecurity governance and the management of aging technology assets, the report highlighted leading practices such as integrating cybersecurity into broader technology and business strategies and adopting dedicated programs to manage and replace aging assets. In addition, the report provides an overview of the Fed’s review of gaps in bank risk management following the Archegos default. It points to December 2021 guidance reminding banks that they need to understand and manage the risks of fund clients through strong initial and ongoing due diligence, risk sensitive margining practices, and independent risk management of prime brokerage services.
Notably, the report indicates an expanding supervisory focus on technology-related risks resulting from the growth of innovative technologies like AI and cloud computing as well as increasing reliance on third-party service providers. The report highlights the bank regulators’ authority to examine providers of services such as payment and data processing as if the bank itself was performing the activity. It further notes that third-party examinations cover their data integrity and confidentiality. The report also highlights the transformative nature of fintech advances with a reminder that the Fed expects banks to establish appropriate controls and risk management practices as they adopt fintech products and services. It also announces that the Fed has established a System Fintech Supervisory Program to assess fintech risks and develop a coordinated supervisory strategy that “will be tailored to supervised firms’ size and complexity.”
Although it often arrives with little fanfare, the semiannual supervision report provides useful, up-to-date insight into the Fed’s supervisory priorities. The focus on cybersecurity and technology should come as no surprise to banks, but it should serve as a reminder that scrutiny in these areas will only continue to increase. The report’s highlight of third-party supervision could also indicate that upcoming third-party risk management guidance, which was proposed by the Fed, FDIC and OCC last July largely in line with past OCC guidance, may raise and broaden expectations more than initially expected. While awaiting this final guidance, banks should heed the Fed’s reminder to maintain strong risk management and controls over their third-party providers and devote the most rigorous attention to those that support critical activities. Regarding cybersecurity, banks should already be exercising prudent risk management by testing and shoring up their defenses in response to the increased threat environment. In addition, given the Fed’s focus on access and ransomware responses, they should review the FFIEC’s most recent guidance on authentication and access as well as FinCEN’s ransomware advisory to make sure they are able to meet examiners’ expectations. Finally, the report’s continued discussion of the risks exposed by Archegos shows that the Fed remains concerned about banks’ management of investment fund clients and counterparty credit risk management. It remains to be seen whether the Fed will take further action in this area, but at a minimum banks should be prepared to demonstrate alignment with the expectations outlined in last December’s guidance. While there is currently no confirmed Vice Chair for Supervision, the priorities outlined in this report show that the Fed’s supervision program is not waiting to raise the bar.
These notable developments hit our radar this week: