Top Story Technology Related

The Office of the Comptroller of the Currency has announced virtual Office Hours with its Office of Financial Technology on May 6–8, 2025, to promote responsible innovation in the federal banking system.

Interested parties may request a meeting with OCC staff who will provide feedback on topics discussed and respond to questions. The OCC will provide specific meeting times to selected participants following a review of all requests. Each meeting will be scheduled for 50 minutes.

Information on how to request a meeting is available on the Office Hours event page. To be considered, requests must be made by March 31, 2025.

The OCC has issued Interpretive Letter 1183 to rescind OCC Interpretive Letter 1179 (11/18/2021). [Interpretive Letter 1179 outlined a supervisory nonobjection process for banks that seek to engage in the activities addressed in Interpretive Letters 1170, 1172, or 1174.] In a related Press Release, the OCC said its actions are intended to "reaffirm that a range of cryptocurrency activities are permissible in the federal banking system. "

The OCC also withdrew from two interagency statements as they apply to national banks and federal savings associations—the “Joint Statement on Crypto-Asset Risks to Banking Organizations” (1/3/2023), and the “Joint Statement on Liquidity Risks to Banking Organizations Resulting from Crypto-Asset Market Vulnerabilities” (2/23/2023) (together, the interagency statements).

These actions are intended to reduce burden, encourage responsible innovation, and enhance transparency. The OCC will examine the activities described in IL 1170 (addressing crypto-asset custody services), 1172 (addressing holding deposits that serve as reserves backing stablecoins), and 1174 (addressing the use of stablecoins and distributed ledger technology to facilitate payments) as part of its ongoing supervisory process.

As with all activities, banks must conduct crypto-asset activities in a safe, sound, and fair manner and in compliance with applicable law. New activities should be developed and implemented consistent with sound risk management practices and align with banks’ overall business plans and strategies.

The U.S. Senate has passed S.J.Res. 28, a resolution under the Congressional Review Act disapproving the rule [89 FR 99582, 12/10/2024] submitted by the CFPB relating to “Defining Larger Participants of a Market for General-Use Digital Consumer Payment Applications.”

The House of Representatives has introduced a related bill, H.J.Res. 64, which has been referred to committee. If the House resolution is passed and the president approves the joint resolution, the CFPB rule will be nullified and the Bureau will not be able to issue a substantially similar rule in the future.

The rule in question established the CFPB's supervisory authority over nonbank covered persons that are larger participants in a market for “general-use digital consumer payment applications.” Included are providers of funds transfer and payment wallet functionalities through digital payment applications for consumers' general use in making payments to other persons for personal, family, or household purposes. Examples include consumer financial products and services that are commonly described as “digital wallets,” “payment apps,” “funds transfer apps,” “peer-to-peer payment apps,” “person-to-person payment apps,” “P2P apps,” and the like.

The Securities and Exchange Commission reports it is providing extensive guidance and resources to assist filers with upcoming access and account management enhancements to the security of the agency’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system. On March 24, a new EDGAR Filer Management dashboard will go live on the SEC’s website, and filers can begin enrolling in “EDGAR Next” by submitting an amended Form ID, which is the application that individuals or companies complete to obtain EDGAR access credentials.

More information about enrollment is available on the EDGAR Next webpage.

On December 13, 2024, the Consumer Financial Protection Bureau (CFPB) published at 89 FR 101402 in the Federal Register a notice of proposed rulemaking (NPRM) requesting comment on the CFPB's "Protecting Americans from Harmful Data Broker Practices" proposal to amend Regulation V, which implements the Fair Credit Reporting Act (FCRA). The proposed rule would implement the FCRA's definitions of consumer report and consumer reporting agency as well as certain of the FCRA's provisions governing when consumer reporting agencies may furnish, and users may obtain, consumer reports. The NPRM provided a comment period that was set to close on March 3, 2025.

The CFPB has this morning published a Federal Register notice [90 FR 11236] extending the comment period to end on April 2, 2025.

The OCC has opened registrations for its upcoming virtual and in-person workshops for board directors and senior management of national community banks and federal savings associations.

The OCC examiner-led workshops provide practical training and guidance to directors and senior management of national community banks and federal savings associations to support the safe and sound operation of community-based financial institutions.

Six workshops are listed. Two virtual sessions are scheduled in March. In-person and virtual sessions are scheduled in cities across the country between April 8 and October 16, 2025.

The Securities and Exchange Commission has announced it has filed a joint stipulation with Coinbase Inc. and Coinbase Global Inc. to dismiss the ongoing civil enforcement action against the two entities.

On January 21, 2025, the Commission announced the formation of the Crypto Task Force, which is dedicated to helping develop a comprehensive and clear regulatory framework for crypto assets. Given the pending work of the Crypto Task Force, the Commission is dismissing this matter.

FinCEN has reported that the Financial Action Task Force (FATF), an intergovernmental body that establishes international standards for anti-money laundering, countering the financing of terrorism, and countering the financing of proliferation of weapons of mass destruction (AML/CFT/CPF), updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies at the conclusion of its plenary meeting this month. U.S. financial institutions should consider the FATF’s stance toward these jurisdictions when reviewing their obligations and risk-based policies, procedures, and practices.

On February 21, 2025, the FATF added Laos and Nepal to its list of Jurisdictions Under Increased Monitoring and removed the Philippines from that list.

The FATF’s list of High-Risk Jurisdictions Subject to a Call for Action remains the same, with Iran, the Democratic People’s Republic of Korea (DPRK), and Burma subject to calls for action. Specifically, the FATF continues to call on jurisdictions to apply countermeasures on Iran and DPRK. Burma remains subject to the application of enhanced due diligence, but not countermeasures.

The OCC has reported it has identified, isolated, and resolved a security incident involving an administrative account in the OCC email system. A limited number of affected email accounts have been disabled.

The OCC reported the incident to the Cybersecurity and Infrastructure Security Agency, as required. There is no indication of any impact to the financial sector at this time.

The Securities and Exchange Commission has announced its creation of the Cyber and Emerging Technologies Unit (CETU) to focus on combating cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space. The CETU, led by Laura D’Allaird, replaces the Crypto Assets and Cyber Unit and is comprised of approximately 30 fraud specialists and attorneys across multiple SEC offices.

The CETU will utilize its staff’s substantial fintech and cyber-related experience to combat misconduct as it relates to securities transactions in these priority areas:

• Fraud committed using emerging technologies, such as artificial intelligence and machine learning
• Use of social media, the dark web, or false websites to perpetrate fraud
• Hacking to obtain material nonpublic information
• Takeovers of retail brokerage accounts
• Fraud involving blockchain technology and crypto assets
• Regulated entities’ compliance with cybersecurity rules and regulations
• Public issuer fraudulent disclosure relating to cybersecurity