In our latest podcast of Compliance Insights, risk and compliance experts Steven Stachowicz and Christine Bucy discuss NYDFS’s action on cryptocurrencies, proposed legislation related to anti-money laundering and its potentially seismic implications for financial institutions, and the marked change in strategy for the Consumer Financial Protection Bureau encased in its 5-year strategic plan. Podcast and transcript available below.
Compliance Insights March 30, 2018 [transcript]
Kevin Donahue: Hello, this is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new edition of Powerful Insights. I’m pleased to be joined today once again by Steven Stachowicz and Christine Bucy with Protiviti. Steven is a Managing Director and a Leader with Protiviti’s Risk and Compliance group, and Christine is an Associate Director with the Risk and Compliance Practice. This time, we’re talking again about the latest issue of Compliance Insights. Christine, thanks for joining me today.
Christine Bucy: Yes, thanks for having me.
Kevin Donahue: And Steve, great to speak with you as well, as always. Let me toss the first question to you. In the first article in the newsletter this month, we talk about the New York State Department of Financial Services guidance on cryptocurrencies. Steve, why have they issued that guidance now and how effective is it likely to be?
Steven Stachowicz: To think about why this is being issued is to really think about what the regulatory framework looks like today for cryptocurrencies. And for those listening who’ve been following the development of cryptocurrency – Bitcoin being the most obvious example of a virtual currency but there’s a multitude of these virtual currencies that exist today and are coming into existence – to understand the framework is to understand that there isn’t much of one, yet. These virtual currencies are operating in a framework that doesn’t exactly contemplate them, and there is a good deal of ambiguity in terms of who has oversight of these currencies, what the most appropriate oversight for these currencies is, what consumer protections, if any, should be afforded to holders or consumers of virtual currencies, how the existing regulatory requirements exactly fit in there … there’s a lot of ambiguity.
And so in the moment, in the absence of very specific federal guidance in terms of who oversees cryptocurrencies, with what framework or authorities and for what real requirements, you’re seeing at least an action now by a state regulator regarding oversight of virtual currencies, virtual currency exchanges, virtual currency providers. So that’s the why.
You asked how effective it will be. That’s relatively tough to exactly say at this point because this is still a very evolving space. I think New York is attempting to create a framework by which virtual currency providers and exchanges are either licensed or chartered under their banking authorities, which at least gives them the regulatory authority and insights into how the market for virtual currencies works. It provides a framework for which the virtual currency providers or exchanges can report suspicious activities, suspected fraud, suspected market manipulation.
So it’s hard to tell exactly yet, but it’s clear indication that in the absence – at least at the moment – of specific federal guidance in this space, we’re likely to see increased state action to try to get the proverbial arms around the problem.
Kevin Donahue: Steve, do you see this guidance as a sign that more regulators are intending to bring cryptocurrencies like Bitcoin into the fold?
Steven Stachowicz: Or alternatively, a sign that they might be regulated out of existence? I think it’s really, yes. The answer to your question is yes, they’re looking to bring cryptocurrencies into the regulatory fold, and I don’t think that regulation and oversight in this space is a bad thing. In fact, your stronger, larger players in this field themselves advocate for a reasonable, sensible regulatory framework.
I think that what we’re seeing is the state agencies – and really even at a federal level and globally as well because regulators internationally are sort of struggling with some of the same concepts – is how do we bring a sensible regulatory framework into being for this emerging topic? So I think there’s a lot more to come, and not necessarily a bad thing really, for the virtual currency market.
Kevin Donahue: Great. Thanks, Steve. Christine, let’s bring you into the conversation here. I want to talk to you a bit about some of the recent legislative actions by the Senate Banking Committee that are directed at strengthening money laundering and counterterrorism financing. Those are still in their early draft form, but we’re calling them potentially seismic. Why is that and how should banks be involved in shaping this early draft legislation?
Christine Bucy: Yes, thanks Kevin. Yes, seismic is a good way, I think, to describe the collection of the proposals being discussed in the Senate Banking Committee. So what we’re hearing being discussed currently is probably the most significant overhaul to the Bank Secrecy Act (BSA) since the PATRIOT Act was instituted, and so just the magnitude and the scope of that alone is part of why it’s grabbing the attention of so many stakeholders.
The discussions held so far are really geared towards fixing what many believe to be an outdated AML framework. So as it stands now, the way I see it is that the current AML framework is very process-focused, more so than outcome-focused, and so to your question, many of the changes that are being proposed would have significant impacts on the day-to-day operations, both in the long-term and short-term, of the financial services industry.
If you read through the proposals, there’s a barrage of different things being discussed. One of the most significant ones that I’m seeing is the creation of a centralized database to house and maintain beneficial ownership information. Of course, this is a hot topic and we’ve talked about it and written about it in other issues of the newsletter.
So this type of database would not only help financial institutions comply with the new rule that’s effective in just a few short weeks, but depending upon how this would be implemented, this could greatly shift the burden of responsibilities from resources within various financial institutions who are currently tasked with seeking out this type of information and shifting that burden to other governmental bodies who would then potentially be tasked with incorporating these types of legal entities.
This is just one example of one of the proposals being discussed, but this proposal really could cause potential impacts to resource management within the industry by really refocusing the compliance efforts and allowing resources within these institutions to spend more time on analyzing and detecting potentially suspicious activity rather than spending their time on collecting it and maintaining it.
As you read the draft legislation, there are other more important changes being discussed. I think one of the more paramount ones is around making reporting practices more efficient and more valuable, and this is significant not only to financial institutions but to law enforcement. So the proposal could ultimately result in providing law enforcement more valuable information by reducing the number of filings and increasing the value and the productivity of each filing.
Again, this is potentially seismic because it’s not only helping law enforcement perform their job better, but also eases the burdens on financial operations as well.
To answer the second part of your question, how should financial institutions be involved in shaping this early draft. I think it’s really just that, really just getting involved by providing feedback to your legislators, and internally also, I think that there’s a lot to be done as well. So as these discussions begin to unfold and the legislation matures, financial institutions should really be engaging in a dialog with their senior management and industry peers in roundtable discussions, for example, on what’s being discussed and which functions could potentially be impacted and how.
Kevin Donahue: Thanks, Christine. One of the key messages that really stood out to me here was that financial institutions should be proactive, as you said, and be communicative as you noted as well. So thanks for that rundown.
Steve, let’s wrap up our podcast today by talking a little bit about the Consumer Financial Protection Bureau and the five-year strategic plan that they recently released. That plan marks a significant change from the Bureau’s prior mission. What are the most significant changed priorities you see and how are they likely to affect consumers of financial products and services?
Steven Stachowicz: It does mark a significant departure in direction and focus for the agency, that is true. We’ve been talking a bit about this since there has been a change in leadership at the end of 2017, and the strategic plan that was released in February is different from what the Bureau’s focus had been in the past and consistent with the tone of the interim leadership of the agency.
What you see in terms of significant difference is that there’s a little bit less of the aggressive push for regulation and enforcement. There’s been a concern with the interim leadership that the agency historically has pushed the envelope and has prided itself, to some degree, in pushing the envelope in regulation and supervision of the markets for consumer financial products and services, particularly related to unfair, deceptive and abusive acts or practices, or UDAAP.
So in the Compliance Insights, we provided a summary of the notable points in the plan that are different. There is a pullback in terms of the focus on writing new [rules] or making existing rules more effective. A great deal of effort has been put in by the agency over the past five-six years in terms of writing new rules that were required by Dodd-Frank, and writing some new rules that were not necessarily required by Dodd-Frank, but were within the purview of the agency given their authorities under Dodd-Frank.
The mission, at least as it stands now, is to pull back a bit from that, and that’s consistent with, again, the agency leadership’s thought that they want to reassess the rules that had been written, the effectiveness of those rules, and solicit feedback from the public through the request for information or RFI process that we addressed in the previous version of Compliance Insights and that is ongoing right now.
The agency’s vision is being reframed to focus more on transparency and protection of the rights of all parties, and that’s a significant concept because the agency interim leadership has expressed concerns with how transparent the Bureau has been in the past with respect to its rulemaking or its supervisory or enforcement activities. And there’s some concern that particularly the enforcement activities have put consumers a little too far ahead of the financial institutions that are servicing them, and that some of the actions by the Bureau may also be harmful to the financial services industry itself that’s providing these products and services.
So the interim leadership wants to try to bring more balance to that equation, if you will. And again, there’s been some rewriting and refocusing of the goals of the agency as well and making sure again, fairness, transparency, enabling competition, competitive markets as well, and also focusing on the operational excellence of the agency to be more effective and efficient as well.
So, there are changes. It’s clear that the agency is shifting some of its focus and purpose on a go-forward basis. The agency leadership has expressed that that is not inconsistent still with its mission and its charge under the Dodd-Frank Act but that the leadership is trying to dial back a bit of what it saw as being an overly aggressive approach to, in particular, enforcement, but possibly even rulemaking, and that the agency’s leadership wants to bring additional transparency and balance to its activities.
So I think this continues to be interesting to monitor from a financial institution perspective in terms of what this translates to practically on a day-to-day basis. It doesn’t mean that compliance risk is still not a significant risk that needs to be managed. It doesn’t mean that any of the existing laws and regulations are going away, and it doesn’t mean that this is an opportunity to dial back on compliance management efforts by any means. It does mean though, at least it seems to me at the moment, that the agency’s short-term focus is going to be a little bit less aggressive, which may give financial institutions a little bit of breathing room to catch up, catch their breath, if you will, from all of the change that has occurred, really, since the financial crisis.
That, honestly, is a very positive development in terms of making programs more effective, more efficient, in rationalizing efforts across the board. I think that’s a topic that we are going to continue to follow over the course of the next year, that a lot of financial institutions have or should be considering as well, and that we’ll address in future versions of the Compliance Insights.
Kevin Donahue: Christine, Steven, I want to thank you again for joining me today to discuss the latest issue of your Compliance Insights newsletter. I invite our audience to visit Protiviti.com/Compliance-Insights where you can download a free copy of this issue as well as prior issues of the newsletter.
– End of Recording –