Top Story Technology Related

The Treasury Department has released a letter sent by the Department to members of Congress in response to concerns surrounding the ongoing "DOGE" review of operations of the Bureau of the Fiscal Service by Tom Krause, a "special government employee" of the Treasury Department.

This morning, the FDIC released 175 documents related to its supervision of banks that engaged in, or sought to engage in, crypto-related activities.

Acting Chairman Travis Hill issued the following statement in connection with the release:

“I have been critical in the past of the FDIC’s approach to crypto assets and blockchain. As I said last March, the FDIC’s approach ‘has contributed to a general perception that the agency was closed for business if institutions are interested in anything related to blockchain or distributed ledger technology.’

“Upon becoming Acting Chairman, I directed staff to conduct a comprehensive review of all supervisory communications with banks that sought to offer crypto-related products or services. While this review remains underway, we are releasing a large batch of documents today, in advance of a court-ordered deadline of Friday. Our decision to release these documents reflects a commitment to enhance transparency, beyond what is required by the Freedom of Information Act (FOIA), while also attempting to fulfill the spirit of the FOIA request."

Hill said the FDIC is actively reevaluating its supervisory approach to crypto-related assets, including replacing Financial Institution Letter (FIL) 16-2022 and providing a pathway for institutions to engage in crypto- and blockchain-related activities while still adhering to safety and soundness principles.

The crypto-related activities documents are the first three items on the current list of records listed on the FDIC's FOIA Reading Room webpage.

The FDIC, OCC, and Federal Reserve Board have issued a joint press release announcing a virtual public outreach meeting on March 6, 2025, as part of their review of regulations, as required by law. The Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) requires the agencies, with input from the public, to review their regulations at least once every 10 years to identify any outdated or otherwise unnecessary regulatory requirements applicable to their supervised institutions.

The outreach meeting is an opportunity for interested stakeholders to present their views on the six categories of regulations listed in the first two Federal Register notices: Applications and Reporting; Powers and Activities; International Operations; Consumer Protection; Directors, Officers and Employees; and Money Laundering.

The Securities and Exchange Commission has issued Staff Accounting Bulletin 122 to rescind the interpretive guidance in Section FF of Topic 5 of the Staff Accounting Bulletin Series entitled Accounting for Obligations to Safeguard Crypto-Assets an Entity Holds for its Platform Users (Staff Accounting Bulletin 121).

The NCUA has reported that the president has designated NCUA Vice Chairman Kyle S. Hauptman as the thirteenth Chairman of the NCUA Board.

Mr. Hauptman listed his priorities as chairman in the NCUA's press release. Among them were—

• "Codifying our procedures to protect Americans from regulation-by-enforcement. For example, no enforcement action should ever set — even clarify — policy. In America and other free societies, the sequence is: set speed limits, then give speeding tickets (no one has any obligation to be aware of someone else’s ticket)."
• Re-assessing NCUA policies that may, even inadvertently, dissuade credit unions from serving low-income areas. This includes language around overdraft policies, particularly for credit unions located in states with especially punitive government late fees/penalties.
• Right-sizing credit unions’ obligations where possible under the Bank Secrecy Act, including NCUA’s regulations surrounding Suspicious Activity Reports.”

Last week, the CFPB released a Compendium of Recent CFPB Guidance, including CFPB Circulars, Bulletins, Advisory Opinions, and Interpretive Rules issued from November 2021 through December 2024. The Compendium comprises 42 documents issued by the Bureau during that period for a total of 363 pages in a PDF format.

The CFPB has posted a Bureau Blog entry, "Holding Government Contractors Accountable for Wrongdoing," to announce that Argus Information and Advisory Services, a subsidiary of TransUnion, has agreed in writing that it will not seek any government contract with the Consumer Financial Protection Bureau for three years.

In March 2024, the Department of Justice took action against Argus to resolve claims that the company violated the False Claims Act and the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA), in connection with its access to and use of credit card data obtained pursuant to contracts with various federal regulators. The Department of Justice alleged that Argus ingested information in violation of its federal government contracts and improperly monetized it in its commercial business. Argus paid $37 million to resolve these allegations.

The CFPB was one of many federal financial regulators with a contractual arrangement with Argus. The CFPB notified the TransUnion affiliate that it was considering additional actions, and Argus has now committed to the CFPB that it will not seek any contracts for three years.

The CFPB has issued released Issue 38 (Winter 2025) of its Supervisory Highlights series, an "Advanced Technologies Special Edition" that focuses on select examinations of institutions that use credit scoring models, including models built with advanced technology commonly marketed as AI/ML technology, when making credit decisions.

The FDI has issued a public service announcement alert [I-011625-PSA] to warn the public that scammers exploit mass casualty events and disasters, such as the New Year's Day terrorist attack in New Orleans and the ongoing wildfires in Los Angeles, to commit fraud by soliciting fake charitable donations to support victims or their families.

Scammers take advantage of catastrophic incidents — such as mass casualty events, terrorist attacks, war, natural disasters, or pandemics — to pose as charitable entities providing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations. Charitable fraud schemes associated with natural disasters are a common occurrence online as well as through in-person collection drives.

The Federal Trade Commission has announced it has finalized changes to the Children’s Online Privacy Protection Rule to set new requirements around the collection, use and disclosure of children’s personal information and give parents new tools and protections to help them control what data is provided to third parties about their children.

The final rule requires parents to opt in to third-party advertising and includes other changes to address the emerging ways that consumers’ data is collected and used by companies, and particularly how children’s data is being shared and monetized.

The COPPA Rule, which first went into effect in 2000, requires certain websites and other online services to obtain verifiable parental consent before collecting, using or disclosing personal information from children under 13. It also provides other important rights for parents, including the right to require operators to delete personal information collected from their children, and imposes independent obligations on covered operators, for example with respect to data minimization and data retention.

The FTC's final rule makes several changes to the COPPA rule, including:

• Requiring opt-in consent for targeted advertising and other disclosures to third parties
• Limits on data retention
• Increasing Safe Harbor programs' transparency
• Amendments to several definitions, including expanding the definition of personal information to include biometric identifiers as well as government-issued identifiers

The final rule will become effective 60 days of its publication in the Federal Register. Compliance will be mandatory one year after publication.