《德勤:2023年银行监管展望报告(英文版)(29页).pdf》由会员分享,可在线阅读,更多相关《德勤:2023年银行监管展望报告(英文版)(29页).pdf(29页珍藏版)》请在三个皮匠报告上搜索。
1、2023 banking regulatory outlookCENTER forREGULATORY STRATEGYAMERICAS2023 banking regulatory outlook2ContentsStill work to do to meet core and emerging supervisory expectations 1Responding to forces of innovation 4Fortifying governance and controls as part of core safety and soundness 8Data governanc
2、e and reporting Cyber and information technology(IT)risk Bank Secrecy Act(BSA)/anti-money laundering(AML)and sanctions Consumer protection and financial inclusion Expanding the scope of financial risk management 18Capital Liquidity Climate-related financial risk Looking forward to an active 2023 22E
3、ndnotes 23Contacts 262023 banking regulatory outlook1The banking system was subjected to significant forces in 2022,including inflation,rising interest rates,equity and bond market declines,plunging cryptocurrency prices,consequences(political,trade,economic)of the Russia-Ukraine conflict,lingering
4、effects of the COVID pandemic,andto at least some extentthe reemergence of consumers from pandemic isolation.Despite these challenges,banks overall have maintained adequate capital and liquidity levels signifying their underlying strength to withstand stress and suggesting that there is no bank cris
5、is at present or on the near horizon.1 As was true in 2021,no Federal Deposit Insurance Corporation(FDIC)insured depository institution failed in 2022.However,concerns about systemic risk and resolvability in the banking sector persist.In 2022,regulators resurrected the too-big-to-fail moniker with
6、a renewed focus on applying certain resolution requirements to those large banks that are not considered Global Systemically Important Banks(G-SIBs).Providing regulatory decision-makers with“more options”in the event of large bank failure was the catalyst behind the potential pushdown of G-SIB requi
7、rements including single point of entry,total loss absorbing capital,and separability to the largest of non-G-SIBs.2 The systemic risk and resolvability of non-G-SIBs are two topics that may also flow through to ongoing revisions of the Bank Merger Act.3The stark contrast between the runs,liquidity
8、issues,and other troubles evident in the cryptocurrency sector,and the comparative stability of banks and their affiliated enterprises within US bank holding companies(BHC),raises important public policy questions.For example,some would argue that the differing results between the banks and nonbank/
9、crypto markets demonstrate the effectiveness of the stringent regulation and supervision within the bank regulatory perimeter and a need to pull additional activities within that perimeter or otherwise subject them to bank-like regulation.4 Others would credit the actions(or perhaps inaction)of the
10、banking regulators in keeping cryptocurrencies and related activity largely outside of that perimeter and would argue for further scrutiny of bank and nonbank interactions.Still others would cite luck,noting the still relatively small size and nascent Still work to do to meet core and emerging super
11、visory expectations status of the crypto-asset market.5 Whatever your view may be,it is not a leap to believe that the events of 2022 will lead to additional regulation and supervision,including further pressures at the perimeter separating banks and nonbanks.6 With fintech companies and nonbanks lo
12、oking to offer a range of payment and financial services products enabled by technological developments,we are seeing races across the industry to get access to the regulatory“assets”(e.g.,access to the payments system and access to FDIC-insured deposits)that can drive sustained returns.The federal
13、banking regulators continue to carefully guard the keys,all while subject to the scrutiny of their congressional leaders.In the meantime,to the extent that bank regulatory policies(e.g.,regulations,supervisory guidance)have been slowed by a transition in administrations and pandemic considerations,t
14、hose headwinds are abating.Onsite examinations are returning to full swing,following whatever respite might have occurred during the height of the pandemic(when supervision focused on offsite monitoring).In stating its supervisory priorities for 2023,the Federal Reserve Board of Governors(FRB)stated
15、 that banks still have“work to do”to meet supervisory expectations,especially for governance and controls.7 Elements of governance and controls are also emphasized by the Office of the Comptroller of the Currency(OCC)and deemed priority objectives for 2023.8 The OCC classifies operational risk as“el
16、evated,”and“risk-focused”supervisory plans for individual institutions will likely be developed using these objectives as a basis.9 Outside of stated priorities and expressed expectations,the FRB,OCC,FDIC,and Consumer Financial Protection Bureau(CFPB)will likely assess compliance and risk management
17、 frameworks during the normal course of supervision.The Biden administration now has key policymakers in place,including new Vice Chair for Supervision at the FRB Michael S.Barr;recently confirmed FDIC Chairman Martin Gruenberg and a full slate of FDIC directors;CFPB Director Rohit Chopra;and active
18、 Acting Comptroller of the Currency Michael Hsu,who appears to be fully aligned with the administrations priorities.As detailed in this outlook,important regulatory proposals have been made,and more actions are anticipated in 2023.2023 banking regulatory outlook22Banking regulators have exhibited in
19、creased supervisory collaboration and are effectively connecting themes between supervisory events to draw conclusions and identify emerging risks throughout the banking sector.This collaboration is driving ever-increasing regulatory expectations and a“race to the top.”Against this backdrop,our 2023
20、 banking regulatory outlook will take a deeper look at 2022 developments and possible 2023 regulatory actions from core safety and soundness to fortifying governance and controls across the following key areas:Responding to forces of innovation Digital assets:Permissibility versus advisability Forti
21、fying governance and controls as part of coresafety and soundness Data governance and reporting Cyber and information technology(IT)risk Bank Secrecy Act(BSA)/anti-money laundering(AML)and sanctions Consumer protection and financial inclusion Expanding the scope of financial risk management Capital
22、Liquidity Climate-related financial riskWith fintech companies and nonbanks looking to offer a range of payment and financial services products enabled by technological developments,we are seeing races across the industry to get access to the regulatory“assets”(e.g.,access to the payments system and
23、 access to FDIC-insured deposits)that can drive sustained returns.2023 banking regulatory outlook32023 banking regulatory outlook2023 banking regulatory outlook4and-mortar presence,to examine how they deliver services to their customers,many of whom now demand compelling,intuitive digital experience
24、s on both mobile and online platforms,similar to what they receive from leading e-commerce companies.As banks change the way they deliver services to address changing customer expectations,bank-fintech partnerships are growing in number and sophistication.Banks are plugging fintechs into their core
25、platforms to obtain leading capabilities such as intuitive user interfaces or onboarding experiences.On the flipside,banks are also serving as the back end to fintechs,often providing customer access to FDIC-insured deposit accounts and payments systems,as well as loan funding and other capabilities
26、.Digital assets:Permissibility versus advisabilityThe FRB,OCC,and FDICs January 3,2023,joint statement reinforces previous regulatory views and draws a clear line in the sand on regulatory sentiment about the permissibility versus advisability of crypto activities.14 The definition of crypto-assets
27、set forth in the joint statement is very broad,including stablecoins and other tokenized assets,and along with the connotation of the advisability language,the messaging in the statement represents a proverbial brick wall to at-will bank engagement.The OCC was the first mover among federal bank regu
28、lators,establishing a process for national banks to obtain the OCCs non-objection before engaging in new crypto-related activities in 2021.15 In 2022,the FDIC(for state nonmember banks)issued guidance,and the FRB(for state member banks)has followed suit.16 While these notification processes have not
29、 stopped bank crypto-related activities dead in their tracks,they have introduced meaningful speed bumps,and now must be built into the planning processes for banks seeking to engage in these activities.Responding to forces of innovation Federal banking regulators are watching the transformation of
30、banking by innovative means and using their existing supervisory capacity to maintain the safe and sound operation of banks.A recent“Joint Statement on Crypto-Asset Risks to Banking Organizations”(joint statement)captures the hardline view of the FRB,OCC,and FDIC on supervised banks and their engage
31、ment with crypto-related banking activities.10 A broad definition of crypto-assets,list of key risks,and cautionary statements about certain activities that may be permissible,but not advisable,are the primary components of the joint statement.11 Regulators will likely refer back to the joint statem
32、ent to amplify existing concerns in advance of more prescriptive regulation.As the regulatory perimeter evolves in response to a shifting competitive landscape,disruptive forces are reshaping banking business models,products,and services.Indeed,there are several industry trends transforming the bank
33、ing value chain,including fast-growing digital banking offerings;an increasing interest in digital assets,particularly cryptocurrency-related activity;banking as a service(BaaS);and AI-enabled tools deployed in front-and back-office operations and integrated into core banking products and services.F
34、or example,artificial intelligence(AI)can help organizations improve efficiency,lower costs,enable growth,boost differentiation,manage risk,comply with regulations,and upgrade the customer experience.ChatGPT,released in November 2022,experienced significant adoption at the onset with one million use
35、rs signing up in five days.12 Utilization of this AI-driven tool in the banking sector is expected to support legal analysis,investment research,bank financial condition summations,faster generation of written documents,and other activities.As banks look to reduce funding costs given inflation and m
36、acroeconomic impacts,we expect optimization efforts to be front and center.While many organizations were already investing in AI enablement,the pandemic also heightened customer expectations around digital banking.13 This prompted many banks,especially those with substantial brick-2023 banking regul
37、atory outlook5The relationship between innovation and risk became apparent as“crypto winter”(an elongated time frame during which crypto prices decline and remain low)reduced valuations and resulted in bankruptcies of significant players.17 Regulators have largely stalled bank activity in the crypto
38、 sector,insulating some banks from significant losses,and preventing further spread throughout the financial system and real economy.This distinguished the“crypto winter”events from past significant market disruptions that resulted in government interventions.This result was not preordained.Several
39、factors limited the spread of turmoil in the crypto market.These factors include the still relatively small size of the crypto-asset ecosystem,the reticence among regulators to allow banks to fully engage with the asset class,and the absence of crypto-assets on bank balance sheets.As we look to 2023
40、,significant questions remain about how the regulatory perimeter should expand to address known risks that investors and consumers are facing,including clarity on how banks should engage with distributed ledger technologies and digital assets more broadly.The industry continues to focus on the long
41、game with the belief that distributed ledger technology and the tokenization of assets will be a transformative shift for markets.We expect regulators to be forced to deal with policy and supervisory questions of what is acceptable and how it should be governed.We also expect that enforcement and ot
42、her supervisory actions may have unintended consequences.As one recent example,a possible unintended consequence of the Security and Exchange Commissions(SEC)2022 Staff Accounting Bulletin No.121(SAB 121)may have been to push core digital-asset custody activities to less regulated market participant
43、s.18 With the industry hoping for clarity across a wide range of regulatory questions,the level of complexity of the US regulatory system continues to pose a unique challenge relative to other jurisdictions in addressing core,open questions.Nevertheless,firms continue to explore use cases for distri
44、buted ledger technology(DLT)and tokenization.For market participants,we expect actions from regulators to increase as they use existing supervisory tools to enforce and protect the US banking system.We explore the following pathways for significant action on digital assets by lawmakers and regulator
45、s:Banking agency enforcement and interpretive activity Congressional efforts to legislateBanking agency enforcement and interpretive activityRegulatory activity in 2022(guidelines,rule proposals and finalizations,and public consultations)at the state,federal,and international levels created strong d
46、isincentives for banks to engage with crypto-assets.It remains to be seen whether regulators industry engagement will enable them to process requests more efficiently in 2023.Also unknown is the extent to which regulators learnings will inform and lead to their issuance of broader-based regulations
47、and other guidance.Given the market events of 2022,and subject to the potential enactment of federal legislation,we expect the regulators to continue to move cautiously regarding crypto-asset activities in 2023.With that said,we expect a more coordinated approach from the federal regulators in 2023
48、and increasing heightened supervisory actions.Congressional efforts to legislate2022 saw vigorous development and introduction of bills to clarify the regulatory treatment of crypto-assets.Despite the perceived enthusiasm and calls for legislation by the Treasury and Financial Stability Oversight Co
49、uncil(FSOC)via the Executive Order(EO)reports in late 2022,no federal legislation was enacted last year.Several bills proposed in 2022,albeit prior to a significant crypto-exchange bankruptcy and related events in late 2022,outline possible approaches should legislation happen.2023 banking regulator
50、y outlook6When and what sort of legislation eventually might pass remains the subject of intense speculation,but stablecoin legislation may be a place where consensus is possible.19 From a global perspective,the United States is falling behind in its development of a policy framework,with the Europe
51、an Union agreeing to text for its Markets in Crypto-assets regulation and the United Kingdom making an earnest attempt at legislation as well.20 Given recent market events,we expect the legislative and regulatory rulemaking process to make headway in 2023.Looking aheadWhile progress on the policy fr
52、ont has been slower than many market participants would like to see,2022 offered glimpses of the potential future state.In 2023,all eyes will be on a new Congress for potential federal legislation to address stablecoins,other crypto-assets,and potentially a US Central Bank Digital Currency(CBDC).Ban
53、ks can play a key role in the institutionalization of the asset class as the US regulatory framework develops.From a policy perspective,the cautious stance of regulators has pushed many activities to entities outside of the bank regulatory perimeter.Banks,as highly regulated entities,can serve as re
54、liable custodians and issuers if certain regulatory hurdles are cleared.It is critical,in the absence of legislative clarity,for banks and nonbanks to keep close tabs on regulatory developments and to be mindful of banking regulators risk management and general safety and soundness expectations.We e
55、xpect banking regulators to continue to heavily scrutinize new digital-asset product launches,including continuing to place a heavy emphasis on third-party risk management.When focusing on digital assets,banks should consider several actions:Engage in early and frequent regulatory dialogue and satis
56、faction of any applicable regulatory application or non-objection processes.Demonstrate use of existing control frameworks(e.g.,new product approval)that are tailored to the risks presented by the proposed product,service,and third-party relationships.Ensure alignment of digital-assets strategy with
57、 the organizations overall strategy and risk appetite.Demonstrate the actual product has a real market and consumer utility and that the benefits are substantive.Equip the board and senior management with resources and staff to undertake these initiatives.2023 banking regulatory outlook72023 banking
58、 regulatory outlook2023 banking regulatory outlook8Fortifying governance and controls as part of core safety and soundnessThe federal banking regulators have signaled that their entrance into the upcoming supervisory cycle will be characterized by an intense focus on post-pandemic financial risk.The
59、 increase in large bank supervisory findings over the first half of 2022 was met with the OCC and FRBs commitment to assess remediation of outstanding supervisory findings,with particular emphasis on Matters Requiring Attention(MRAs)in 2023.21 Following up on remediation efforts has shifted from a r
60、outine touchpointusually,a given within the normal course of supervisionto a known supervisory priority for the federal banking regulators.This is a clear indication that banks will need to be intentional about addressing identified weaknesses in a comprehensive way to prevent the escalation of open
61、 MRAs to Matters Requiring Immediate Action(MRIAs),or even more severe enforcement actions.Regulators have reiterated this point with recent emphasis on the delineation of roles and responsibilities across the three lines,including enterprise governance and oversight,before confirming successful and
62、 sustainable remediation.Under the FRBs large financial institution(LFI)ratings systemcurrently applicable to 37 holding companies with banking subsidiaries supervised across the FRB,OCC,and FDIC“governance and controls”is the catch-all ratings component where the broadest range of topical areas are
63、 covered and similarly where supervisory issues are the most heavily concentrated for large banks.22 Elements of governance and controls are also engrained in the supervisory framework for subsidiary banks and are an equally important supervisory focal point at both the bank and holding company leve
64、ls.We see the following topics as fundamental to improving key functions and capabilities contributing to a banks governance and controls as well as its safe and sound operation.Data governance and reportingEffective management,including crisis management,depends on reliable and timely information i
65、n a rapidly evolving environment.Regulators need data to assess economic developments and analyze interconnectedness within the financial system.For regulators to properly monitor risks and the effects of policy,banks need to provide real-time data,which will be collected more frequently.In times of
66、 stress,regulators may need to collect data not captured by current reports or that is currently captured only at infrequent intervals to monitor the effectiveness of policy measures.Increasing data availability and improving data quality represent two critical priorities for banks.As bank regulator
67、s become more data dependent,they are driving the already high prioritization of strategic data programs at the banks that they supervise.The demand for better data is resulting in banking regulators placing sustained pressure and emphasis on banks to improve their data quality for risk,management,a
68、nd regulatory data purposes.These expectations are underscored by recent enforcement actions and supervisory findings citing banks lack of internal controls,ineffective governance,weaknesses in data infrastructure,and fragmented technology environment.Regulators are aware that the remediation of wea
69、knesses associated with data generally requires more time as compared to other risk management weaknesses;however,the supervisory focus is placed on the presence of appropriate controls to promote data availability and quality during the remediation process.232023 banking regulatory outlook9Data gov
70、ernance weaknesses continue to concern regulatorsThe need to provide granular levels of information,with increasing frequency,presents operational challenges and significant reputational risk for many banks.Regulators data concerns are based on banks historic lack of:Governance structure that enforc
71、es accountability,measures data quality,and allocates resources to address data and financial reporting challenges.Firmwide data integrity and quality assurance programs that cover management information systems(MIS),financial reporting,and regulatory requirements.An effective change management infr
72、astructure.Firmwide data programs that include policies for creating and maintaining standard data and account definitions.Firmwide integrated accounting,risk,and data repositories with emphasis on a streamlined technology infrastructure.The lack of sufficient data governance leads to inefficient da
73、ta quality,negatively affecting data used for managing risk and compliance with regulatory rules and standards.This has the potential to lead to supervisory concerns across firms legal entities,prompting data-related examination activities that include the assessment of:Effectiveness of remediation
74、plans and the execution of timely and complete deliverables as outlined in these plans.Effectiveness of data offices in improving data quality.Data lineage that ensures data is traced to the source(end-to-end lineage),including documentation for Authorized Data Sources(ADS),which tracks controls for
75、 data quality at the data source and subsequent transformations.Firms still struggle with siloed data storage and significant manual intervention.To meet these regulatory demands,firms will need to create a dynamic data environment where the processes and infrastructure can quickly adapt to changing
76、 needs for financial,nonfinancial,and risk data,especially in times of stress.In executing the road map to deliver a sustainable data environment that can meet regulatory requirements and expectations,there are several considerations and challenges to overcome.To start,the firm should commit to stre
77、ngthening overall governance over the end-to-end data life cycle.Since data ownership is commonly segregated from the data aggregation function,a lack of consistency in the process and controls mindset,if not under a common framework,leads to data quality issues.Standardizing the processes and contr
78、ols across the firm is imperative.Underlying the efforts to create a flexible data model is the need for investments in foundational data elements across the firm that can solve multiple reporting needs with single,rather than repeated,remediation.Understanding where data issues reside and how they
79、impact reporting is critical when setting out the road map.Efforts to evaluate outstanding supervisory findings should provide organizations with the ability to clean up outstanding thematic items and build strategic solutions.Just as important as the strategic solution is maintaining controls and l
80、evel of quality on existing data while the controls and infrastructure continue to undergo enhancements.To enforce high data quality across the firm,accountability models need better enforcement and linkage to data governance management programs.This includes developing actionable measures and metri
81、cs.To ensure high data quality standards are met,a greater focus on conformance testing and controls around data transformations is needed.Meeting the data expectations of regulators continues to challenge banks.Transforming legacy technology solutions into a strategic data environment is a foundati
82、onal investment firms should make,not only to meet current expectations but be agile enough to meet future requirements and regulations.Data supervisory findings have linked the impact of IT architecture and its complexity.Solutions should be an enterprisewide activity needing senior management and
83、board support that can be sustained over time.2023 banking regulatory outlook10To meet regulatory expectations for data and reporting sustainably,firms need to develop a firmwide data culture that values data processes and data quality.Achieving a true firmwide data culture can be elusive.A thoughtf
84、ul road map needs to be developed that includes achievable milestones and deliverables.When focusing on data governance and reporting,banks should consider several actions:Migrate to a product-level view away from a specific report view and establishing traceable ADS.Strengthen overall governance ov
85、er the end-to-end data processes.Integrate the firms data management programs with the regulatory data environment.Emphasize accountability of key stakeholders(including the first line),improve coordination between impacted areas,and create actionable metrics.Invest in finance,risk,and data architec
86、ture and information technology(IT)infrastructure to increase the data capabilities needed to achieve these actions.Enhance internal controls around the report preparation life cycle(all lines)and establish independent quality assurance(QA)functions and broader data-quality programs.Strengthen the c
87、ompetencies and training of the data resources at the corporate and business levels.Emphasize the attestation approach across reportsall reports should maintain core foundation requirements for attestation and awareness of data being reported.2023 banking regulatory outlook11Cyber and information te
88、chnology(IT)riskSweeping changes in technology have led to accelerated technology adoption and innovation,businesses becoming more interconnected,and customers being empowered with“digital first”experiences.These advancements,however,also present cyber risks.Like business leaders,policymakers are al
89、so taking notice and updating laws,regulations,and practices to work with critical infrastructure industries for an organized approach to cyberthreats.A watershed change in the policy approach can be traced to the Biden administrations 2021 EO.24 Most noticeably,the EO called for a standard set of o
90、perating procedures and definitions among federal agencies.Regulators have used the transitional time since the announcement of the EO to update their guidance on cybersecurity,encouraging engagement from the top,advising multilayered control environments,standardizing incident response,and governin
91、g third-party relationships.Regulators are continuing to raise the barOver the past several years,regulators have increasingly raised expectations by demanding greater organizational responsibility for managing cybersecurity risk.While they historically have provided flexibility for adoption based o
92、n the size,nature,and complexity of the organization,the regulations have become more prescriptive and are mandating that all organizations adopt minimum“cyber hygiene measures”that demonstrate that the requirements have been implemented.The shift to remote work has also increased the need for stron
93、ger cyber defenses.For example,multifactor authentication,previously seen as an advanced capability,is now becoming a requirement,as seen by the New York State Department of Financial Services(NYDFS)mandate on heightened authentication requirements for access to nonpublic information as well as to o
94、ther sensitive data,systems,and interfaces.25 With increased digitization levels,where data is stored and how it is further used creates opportunities and risks.Regulators are trying to keep up and are focusing guidance on risk management principles for the cloud,AI,and machine learning(ML).This pre
95、sents an opportunity for organizations to shape and influence the emerging regulations.Engagement and governance from the topDeficiency in effective cybersecurity policies and procedures to secure organization assets and data is an increasing concern of regulators.They continue to emphasize increase
96、d involvement and accountability of the board and senior leadership in setting the strategy and overseeing the organizations cybersecurity program.A mature cyber strategy aligns with business strategy and enables an organization to meet its business objectives.Setting the tone from the top requires
97、organizations to streamline their governance,reporting,and communication structure,where cybersecurity is treated as a core business function and capability.Proposed supervisory guidance includes new considerations making it clear that board responsibilities(e.g.,approval of significant contracts or
98、 plans,oversight of the third-party risk management program)can only be delegated to a“designated board committee”(or potentially existing committee with specific mandate)that reports to the board.26 Transparency and standardization in incident responseRegulators disclosure requirements continue to
99、become more rigorous to reflect changing risks and investor needs.With the heightened frequency and severity of incidents in the financial industry,regulators are increasingly focused on transparency and standardization in incident notification and management.In March 2022,Congress passed a landmark
100、 bill,“Cyber Incident Reporting for Critical Infrastructure Act of 2022(CIRCIA),”which requires owners and operators of critical infrastructure in 16 sectors to report an incident that they reasonably believe has occurred to the Cybersecurity and Infrastructure Security Agency(CISA)within 72 hours.2
101、7 In addition,the CISA must be notified of any ransomware payments within 24 hours.Although not in effect yet,this“game-changing”regulation strives to close visibility gaps that impede incident response for government agencies.2023 banking regulatory outlook12Similarly,prudential banking regulators
102、have also moved away from“as soon as possible”reporting requirements to more stringent reporting requirements such as a“36-hour window”for banks and bank service providers for incidents that they believe in good faith could cause material disruption.28 While the requirements vary,almost all regulato
103、rs are requiring early notifications and disclosures of incidents that cause significant business disruptions with issuance of follow-up reports as the investigation evolves.Banking regulators are extending their reach beyond the banking organizations to service providers as well,requiring vendors t
104、o notify affected bank customers immediately after the vendor experiences a cybersecurity incident.Accountability for cybersecurity incident response and notification is shifting from information technology leaders to the board and business leaders.Regulators are urging organizations to have greater
105、 involvement of senior leadership and board members both during and after an incident has occurred.The Financial Stability Boards(FSB)October 2022 consultative document takes a comprehensive approach for encouraging standardization,including common terminologies and a standardized format for reporti
106、ng.29Governance of third-party risk management(TPRM)Banks are outsourcing their business and risk management activities to harness the wide array of innovative products,services,and capabilities offered by third parties.The outsourcing of activities has,in many cases,led to bank and nonbank relation
107、ships that rely on new technology(e.g.,from fintech firms)and present new risks to banks.These relationships have grown rapidly over the past few years and tend to cause regulatory concerns where nonbank activities are generally not subject to the same level of oversight as banks.The prevalence of b
108、ank and nonbank relationships adds another layer of complexity where increasing ransomware attacks have recently plagued service providers and other third parties placing even more emphasis on TPRM.30 The OCC has emphasized that organizations must manage risks that third parties may pose and continu
109、e to make TPRM a key element of focus in their examinations.31 With increasingly sophisticated attack methods,it is expected that organizations undertake a wider security lens to manage third-party relationships.TPRM policies and procedures should outline the organizations strategy and identify the
110、inherent risks related to the engagement with the third party,including details on the due diligence and governance around vendor selection.Banking organizations should perform ongoing monitoring commensurate with the risk level and complexity of the relationship and periodically reassess existing r
111、elationships to determine whether the nature of an activity by a third party becomes critical.When focusing on cyber and information technology(IT)risk,banks should consider several actions:Delegate cybersecurity board responsibilities as needed to a board committee with a clear mandate and director
112、s with IT-related skills,as needed.Establish a robust policy management program that can account for more prescriptive changes to laws,regulations,practices,and supervisory expectations;test for efficiency regularly;and update when needed to ensure effective linkage to IT architecture,IT risk assess
113、ments,and broader views of financial crime.Involve board and senior leadership during and after a cybersecurity incident and ensure that the necessary processes and controls are in place to assess the severity of the incident in the context of the Computer Security Incident Notification Rule.Reasses
114、s existing critical third-party relationships to ensure that the appropriate amount of ongoing monitoring is in place.2023 banking regulatory outlook13Bank Secrecy Act(BSA)/anti-money laundering(AML)and sanctionsGoing into 2023,we see three primary areas at the forefront of regulators agendas:(1)mee
115、ting their obligations under the AML Act of 2020(AMLA);32(2)sanctions;and(3)the increased prevalence of digital assets throughout the banking ecosystem.Regulators to meet obligations under AMLA Since the passage of the AMLA,the Financial Crimes Enforcement Networks(FinCEN)accomplishments have includ
116、ed its publication of National Priorities,the first of three final rules on Beneficial Ownership,and the Notice on Trade in Antiquities and Art.33 However,the agency continues its efforts to meet AMLA commitment deadlines,including proposed updates to BSA reporting thresholds and a study on effectiv
117、e information for law enforcement.34Most notably,FinCEN has delayed issuing guidance on effective AML programs and the use of emerging and innovative technologies to assist in BSA compliance.Interim leadership at FinCEN has indicated that the advance notice of proposed rulemaking(ANPR)related to the
118、se areas is in the works.35 The AML Program effectiveness proposed regulation amendment was initially published in September 2020 and given that it is now more than two years after the close of the comment period,we expect to see progress in 2023.36 On September 29,2022,FinCEN issued a Final Rule im
119、plementing the Beneficial Ownership Information(BOI)requirements of 2020s Corporate Transparency Act(CTA)legislation.37 The BOI reporting requirements go into effect on January 1,2024,and are considered some of the most comprehensive changes to the anti-money laundering and countering the financing
120、of terrorism(AML/CFT)compliance framework since the USA PATRIOT Act of 2001.FinCEN is expected to establish protocols for access to and disclosure of beneficial ownership information and revise FinCENs May 2018 Customer Due Diligence Rule(CDD Rule)through additional rulemakings.38 The CTA does not m
121、andate a deadline for the issuance or protocols for accessing and disclosing information,but FinCEN is required to amend the CDD Rule no later than one year after the effective date of the final version of the Proposed Rule to conform to the CTAs implementing regulations.39 This leaves a potential g
122、ap of one year where banks could request beneficial ownership information from their customers who would be exempt from reporting this information under the new rule.Sanctions evasion requires enhanced diligence The implementation of financial sanctions has changed drastically with the start of the
123、Russian invasion of Ukraine.Since the inception of the war in February 2022,regulatory bodies from the United States and European Union(EU)have imposed multiple sanctions and export controls on Russia and their allies supporting this invasion attempting to influence a change in policy,impose a signi
124、ficant cost,and weaken Russias military capability and its ability to continue with this war.We do not believe that the pace of new sanctions will be slow moving.As each round of sanctions is imposed,Russia continues to identify methods to circumvent them,resulting in a tug-of-war between Russia and
125、 the jurisdictions imposing sanctions.Most recently,the US Department of the Treasury has identified Russian entities attempting to dodge sanctions using cryptocurrency.40 Additionally,Russia may leverage front companies formed outside of Russia and utilize fraudulent end-user licenses to import san
126、ctioned goods.41 Institutions must ensure their capabilities to update sanctions screening filters and know-your-customer(KYC)information are designed to keep pace with the frequency of new sanctions issuances.Banks and nonbanks should remain diligent and proactive in identifying direct or indirect
127、techniques related to sanctions evasion.Institutions should also continue to train their compliance staff in identifying and escalating potential circumvention,monitor for new sanctions,and be rigorous in updating their procedures and processes and closing any potential program gaps.2023 banking reg
128、ulatory outlook14Digital assets remain an enforcement focusAs digital assets continue their push toward the mainstream,we are seeing increased enforcement actions in that area,and we expect to continue to see this trend throughout 2023.Regulators are looking for prudent risk management of digital as
129、sets and their AML risks,particularly the scaling of resources,technology,governance,sanctions screening process,related transaction monitoring identification,investigation,and reporting.Institutions are methodically assessing opportunities,including custody and payments products and services,bankin
130、g digital-asset exchanges,and supporting commercial clients as well as other crypto-related areas.Banks are currently walking a fine line between meeting their compliance obligations under AML/CFT requirements and respecting the wishes of consumers who are attracted to digital assets for their priva
131、cy and simplicity features.As much as institutions may want to prioritize the customer experience,its critical to remember that while there is a need for clarity of AML expectations for digital-assets firms and specific rules may not be in place,current AML/CFT requirements still extend to digital-a
132、ssets products and services.Consumer protection and financial inclusionWe expect regulators continued enforcement momentum in protecting against consumer harm under current agency leadership in 2023,especially at the margins of the“regulatory perimeter.”This continuing pressure means that the legal
133、arrangements and cultural differences and potential governance gaps between banks and nonbanks need to be clearly understood and addressed by all stakeholders to ensure effective compliance.The tone at the top of all the federal banking agencies increasingly suggests an enhanced focus on consumer ha
134、rm,and heightened levels of scrutiny are evident.The CFPB is expected to maintain its proactive stance on a range of consumer protection issues,as prudential banking regulators work in tandem to address the root cause of core risk management breakdowns that may lead to consumer protection shortfalls
135、.Several of the CFPBs actions have drawn strong negative reactions from the financial services industry for the interpretations and the processes followed by the agency in adopting the rule or guidance in question.The reactions have included litigation brought by a broad range of industry trade grou
136、ps seeking to invalidate at least one significant CFPB action.42 In addition,a 2022 Federal Fifth Circuit Court of Appeals decision,finding the CFPBs funding mechanism to be unconstitutional,introduces a wild card with potentially far-reaching implications.43 That decision could have a material impa
137、ct on the agencys ability to take enforcement actions going forward.It appears that the final resolution of this question will await an ultimate appeal to the Supreme Court and its decision(which,unlike the Fifth Circuit decision,would be national in its impact).The divided results from the midterm
138、elections,together with divided views in Congress regarding the CFPB and its mission,means that any congressional action to address this issue will remain challenging.When focusing on BSA/AML and sanctions,banks should consider several actions:Dont wait for FinCEN to consider what“effectiveness”in A
139、ML/CFT compliance means for your institution;develop metrics accordingly.Consider the staffing and procedural implications of a final rule requiring BOI for legal entities.Update sanctions screening filters and KYC information in place to keep up with the pace of new sanctions.Continually assess thi
140、rd-party risk and put appropriate safeguards in place.Develop a strategy to meet compliance obligations for new digital products.2023 banking regulatory outlook15We anticipate movement on the following regulatory initiatives during 2023:Expanded unfairness definition strengthens principle of fair ba
141、nkingThe application of unfair,deceptive,or abusive acts and practices(UDAAP)for discrimination,purportedly beyond what is covered by the Equal Credit Opportunity Act(ECOA),is currently being contested in litigation.44 While the outcome of that action could limit the citation of an unfairness violat
142、ion,vigilance to ensure fair treatment of customers remains a core tenet of banking services.Open banking around the cornerThe Advanced Notice of Proposed Rulemaking to implement requirements of Section 1033 of the Dodd-Frank Act(DFA)is a key initiative for achieving increased competition and consum
143、er choice throughout the banking industry.45 The final rule promoting data access standards will be released for comment,with final issuance targeted for 2023.Adoption of this rule will likely have a material impact on the business models of all banking service providers with downstream implications
144、 in areas such as security,privacy,and innovation.Fraud in peer-to-peer(P2P)paymentsThe CFPB has communicated concerns about fraud in using P2P payments.The agency is particularly focused on whether entities are following through with protections provided by existing regulations,and whether current
145、practices are meeting the spirit of these rules.Additional guidance is expected to be issued on this topic.46 Buy now,pay later(BNPL)UDAAP exposure The BNPL industry has been closely evaluated by CFPB with findings from the agencys 2021 information request published in a recent report.47 The report
146、highlights concerns that protections afforded under Regulation Z(Truth in Lending)and Regulation E(Electric Fund Transfers)are not afforded to consumers due to the structure of BNPL transactions.The CFPB is expected to issue an interpretation that addresses the potential gaps in protection.In additi
147、on,examinations and investigations will likely apply UDAAP with the requirement in Regulations Z and E serving as the basis for meeting the UDAAP elements.48 Cryptocurrency and the impact on consumers Growing consumer engagement with cryptocurrency companies and investment in crypto-assets have prom
148、pted similar increases in related consumer complaints collected by the CFPB,most of which were received within the past two years.49 The CFPBs analysis of crypto-related consumer complaints covered a range of issues and shortfalls that present measurable challenges in and detract from the reputation
149、 of the crypto-asset markets.The federal banking regulatory agencies recognized the potential adverse impacts that crypto-related activities may have on consumers in a 2021 joint statement regarding a crypto-asset policy sprint initiative and,at that time,committed to providing“coordinated and timel
150、y clarity”around these matters.50 The FDICs issuance of resources reiterating deposit insurance applicability and coverages and providing guidance on compliance with the Federal Deposit Insurance Act is one example of a regulatory action taken to provide the necessary clarity.51 We expect to see mor
151、e consumer-focused rules and guidance as Congress and the federal banking regulators address the need for an overall supervisory and regulatory cryptocurrency framework.In the interim,the federal banking regulators have used their enforcement authority to seek corrective action,where needed.For exam
152、ple,the FDIC issued several informal enforcement letters against cryptocurrency companies,and the CFPB issued a Civil Investigative Demand involving a cryptocurrency company.52 These actions signify the agencies readiness to use their existing toolkits when addressing crypto-related consumer matters
153、 in the coming year.2023 banking regulatory outlook16Section 1071 to change small business lending complianceThe small business loan data collection rule is expected to be released early in 2023.53 The proposed rule includes adding a new subpart(subpart B)to the CFPBs Regulation B to implement Secti
154、on 1071s requirements.The proposed rule requires“covered financial institutions”that engage in small business lending to collect and report data on loan applications,creating a comprehensive database of small business credit applications and allowing regulators to identify and address fair lending c
155、oncerns related to small businesses.54 If the requirements in the proposed rule remain,as we expect they will,there will be organizational changes required across people,processes,and technology.This proposed rule introduces a substantial shift in how both banks and nonbanking institutions,including
156、 fintech companies,manage small business lending across the entire life cycle.In advance of the rule change,banks should establish the proper data capabilities and technology,integrate within fair and responsible bank management programs,and coordinate oversight across the three lines.Interagency Co
157、mmunity Reinvestment Act(CRA)rule to reflect banking advances This rule is expected to be finalized on an interagency basis in early 2023 and will result in material changes to the information considered in the evaluation based on an entitys size and how that information is assessed.55 The proposed
158、change in the CRA regulation recognizes the reduction of geographic banking boundaries and accelerates the use of digital banking with mobile applications.56 These developments will likely yield more appropriate CRA assessments for financial institutions and better evaluation outcomes as the activit
159、ies align with the true service area.One other particularly notable change is the addition of a“Retail Services and Products Test”category,which will require data-gathering capabilities that may not currently exist within an institution.When focusing on consumer protection and financial inclusion,ba
160、nks should consider several actions:Assess data collection,aggregation,reporting,and analytics capabilities to meet new CRA,1071,and 1033 requirements and increasing expectations in other areas.Review the TPRM oversight program and ensure there is awareness of the consumer compliance risks and requi
161、rements.Evaluate legal agreements and risk oversight with respect to nonbanks,and document the impacts these arrangements have on the banks risks,controls,and other processes.Ensure change management programs are functioning effectively and reach beyond new product offerings to include material oper
162、ational changes regardless of the cause.Perform fair lending assessments for potential discrimination beyond lending activities under the tenets of unfairness.Assess model algorithms for underwriting and appraisals for unintended discriminatory outcomes.Evaluate consumer complaint analytics capabili
163、ties to ensure adequate identification of emerging issues.Determine the pervasiveness of adverse consumer impacts when compliance concerns are detected,and fully remediate the harm.2023 banking regulatory outlook172023 banking regulatory outlook2023 banking regulatory outlook18Expanding the scope of
164、 financial risk management The banking system closed out 2022 in overall sound condition,with sufficient capital and liquidity levels generally noted across individual banks and BHCs.The ability of existing risk management processes to capture risks resulting from external factors will be a focal po
165、int for regulators in 2023.Specifically,the potential impact of changing fiscal and economic conditions on banks capital and liquidity positions will need additional consideration in stress testing and other risk management measures.To the extent that geopolitical events may have an adverse impact(d
166、irect or indirect)on bank financial results,those risks will also need to be accounted for.Risk management practices related to climate-related financial risk should be materializing in anticipation of banking regulators finalized guidance,adding yet another layer to financial risk management for ba
167、nks.CapitalCapital planning uncertainty will continue in 2023 as new risks emerge,including the impacts of inflation and rising interest rates,that have not been experienced since the early 1980s.New capital requirements are anticipated,in conjunction with the US finalization and implementation of t
168、he Basel III international regulatory standards,as well as the potential pushdown of large bank total loss absorbing capital(TLAC)requirements on the largest regional banks,that may further constrain the size and types of assets held by banks.Capital planning models and underlying assumptions should
169、 be nimble to predict financial performance,growth,and level of capital distributions.With increasing variability of outcomes,even the most mature capital planning models and processes will be challenged to maintain accurate forecasts.Banking agencies will endeavor,through policy,oversight,and stres
170、s testing,to ensure the levels of capital in the banking system are sufficient to absorb losses.Stress testing will continue to evolve to use more dynamic scenarios as new risks emerge.The coming year will likely bring more direction to the agencies capital-related priorities.Supervisory priorities
171、for 2023 include financial stability,managing interest rate risk,and strategic and operational planning.Basel III endgame impact The Basel Committee on Banking Supervision(BCBS)recommended Enhanced Basel III rules(popularly referred to as“Basel III endgame”)to be effective starting in January 2023.U
172、S regulators have indicated the effective date for implementing these capital rules will be extended to January 2025 for US banks,consistent with the timing for banks in the European Union.57 The US regulators proposed rule is expected to be published in early 2023.58 Updates to the new framework in
173、clude adjusting the supplementary leverage ratio,countercyclical capital buffer,and stress testing and are expected to strengthen financial stability and resilience.59 The proposed revisions are also expected to align with prior Basel III implementation decisions in the United States(e.g.,no relianc
174、e on external ratings for risk weights)and are meant to increase simplicity,risk sensitivity,and comparability of regulatory capital across banks.The complexity of revisions to the market risk regulatory framework,including the Fundamental Review of the Trading Book(FRTB)rule,will require substantia
175、l efforts to comply with the new requirements.This includes significant modeling efforts,the need for sourcing additional data attributes from internal and external sources,and implementing operational processes to support the new data requirements.Regulatory capital requirements,either existing or
176、new,require that banking organizations maintain rigor around governance and controls over new operational processes,regulatory capital interpretations,data quality,and testing.2023 banking regulatory outlook19Liquidity Consumers and businesses parked cash in depository institutions throughout the pa
177、ndemic at unprecedented levels.From the end of 2019 to the beginning of 2022,deposits at domestic commercial banks rose by more than 35%.62 This trend,along with the stimulative effects of FRB asset purchases and other programs,led to a substantial increase in banks total assets and liabilities.The
178、increase in deposit funding and the reduction of the FRBs balance sheet are key factors for regulators reviewing Internal Liquidity Stress Tests(ILST)in 2023.ILST requirements are intended to help firms determine adequate levels of liquidity to maintain in the event of idiosyncratic and/or market-wi
179、de stress.Scenarios and assumptions,unique to each institution,are based on several factors and incorporated to provide a more realistic view of how the institution expects its operations to function in times of stress.Asset growth and regulatory implications for regional banks Regulatory oversight
180、of large banks remains a priority as they continue to increase in size and complexity,through both recent organic growth and merger activity.As banks(often“regional”)cross the regulatory thresholds of$50 billion and$100 billion,regulatory requirements increase.These banking organizations will experi
181、ence the supervisory effect across capital planning,liquidity risk management,stress testing,regulatory reporting,enterprisewide risk management,and enhanced governance.In response banking organizations increasing in size and complexity need to ensure that the required capabilities,processes,and tec
182、hnology infrastructure are appropriately supported across all products and legal entities.Regulators are also focused on containing the systemic effect should a large bank that is not designated as a G-SIB with a high level of deposits fail.This has led regulators to issue an ANPR,imposing TLAC for
183、large banks that are not already G-SIBs.The ANPR would require these banks to hold minimum levels of eligible long-term debt at the holding company level,similar to existing requirements for larger and more complex G-SIBs.60 If adopted,there is the possibility that conditionsaddressing resolvability
184、 and similar matters,including TLACwill be added to large bank merger approvals,especially with the Bank Merger Act subject to revision.61When focusing on capital,banks should consider several actions:Develop detailed plans to understand the impact of capital changes on levels and how it is measured
185、(or revisit existing plans where necessary).Confirm resources and skill sets in capital processes,and assess that modeling resources allow for stress testing and loss forecasting in rapidly changing economic scenarios.Maintain and enhance rigor around governance and risk management,regulatory capita
186、l interpretations,and data quality over capital and forecasting processes.Enhance risk processes as growth occurs,especially when crossing thresholds,to demonstrate control over risk management as size and complexity increase.2023 banking regulatory outlook20Climate-related financial riskDomestic an
187、d international supervisors have reached a consensus around the need to manage climate-related financial risk given the potential for unmanaged risk to have an adverse and possibly disparate impact on the local and global financial systems.Related proposed guidance and recommendations are outstandin
188、g at the OCC,FDIC,and more recently the FRB.The US federal banking regulators have solidified their perspectives on the importance of climate-related financial risk management in the banking sector and intend to issue interagency principles for large banks in 2023.Banks will also need to align risk
189、management programs and practices with expectations set forth by the BCBS,63 FSB,64 Task Force on Climate-related Financial Disclosures(TCFD),65 Network for Greening the Financial System(NGFS),66 the proposed and eventual final federal bank regulatory guidance,and state banking departments,as applic
190、able.Cross-jurisdictional coordination is likely already underway for banks with international operations,as international regulators are generally further ahead with the finalization of guidance and expectations.Whether domestically or internationally,banks will need to be aware of all applicable r
191、equirements and understand the extent to which inconsistencies in regulatory requirements and expectations may create operational,reporting,or other challenges.Scenario analysis The distinct difference between climate-related scenario analysis and stress testing continues to be a focal point for the
192、 FRB.The FRB took a significant step last year with its commitment to leading a piloted climate-related scenario analysis in 2023.The FRBs pilot will involve a subset of systemically important banks.67 No firm-specific information will be published,and the pilot will have no capital or supervisory i
193、mplications.68 The pilot may inform future interagency guidance or be considered a steppingstone toward the development of a climate-related financial risk scenario analysis framework.As regulators evaluate the effects of the pandemic and the rising interest rate environment,they are examining the c
194、omponents of ILST and the scenarios and assumptions used by institutions in their ILST models.Regulators are looking for institutions to provide more robust scenarios that include historical events and produce a forward-looking assessment of the institutions risks.With most liquidity processes desig
195、ned to handle more predictable economic cycles,regulators may require more dynamic scenarios to cover emerging risks.Additionally,there is more scrutiny being placed on assumptions to ensure they are based on sound data and tailored more to the institutions liquidity risk profile.In 2022,the FRB exp
196、anded liquidity reporting on the Complex institution liquidity monitoring report(FR 2052a/6G)to incorporate data needed to calculate the Net Stable Funding Ratio and present a balance sheet view of this data.The 6G is a complex set of data requirements that requires firms to do a good deal of interp
197、retative analysis to meet the requirements.In 2023,we believe the FRB will likely provide firms clarity on reporting issues and feedback on the new data requirements.When focusing on liquidity,banks should consider several actions:Refresh ILST scenarios and assumptionsgiven significant changes in th
198、e macroeconomicand interest rate environment.Examine deposit management practicesto ensure proper oversight of risk,that thereare adequate analytics to segment clientconcentrations and documentation to describecapabilities to support potential inquiry fromregulators.Test the resiliency of the recent
199、 6G 2052aimplementation ahead of horizontal reviewsto ensure the sustainability of updates and theaccuracy of data.2023 banking regulatory outlook21The publication of the scenarios used in the analysis and key insights of the analysis should help inform a broader portion of the banking population,po
200、ssibly assisting with their preparedness for like analysis in the future.This will be important given that large banks more broadly will need to incorporate internal scenario analysis into their risk management frameworks as outlined in applicable draft guidance.The FSB and NGFS have preliminarily a
201、ssessed global macroprudential and microprudential scenario analysis exercises at varying stages of completion in 36 countries,including the United States.69 The joint FSB and NGFS report reflects differences in approaches,modeling,and scenario development having a limiting effect on comparability b
202、etween analyses.While the FSB and NGFS have gained insight into the nature of existing vulnerabilities,the report communicates a common view that“exposures and vulnerabilities”may be underestimated.70 Data scenario analyses will likely require time for maturation prior to reliance on results for pol
203、icy development purposes.Being data-driven In conjunction with the application of disclosure requirements and key metrics associated with climate-related financial risk,banks are tasked with the collection and maintenance of new or enhanced data.Challenges with climate-related data include determini
204、ng appropriate data sources that are well defined.Once the sourcing is determined,banks will need to establish that the processes,governance,and controls are in place to onboard the necessary data and ensure the quality of data can be achieved through end-to-end processes.When focusing on climate-re
205、lated financial risk,banks should consider several actions:Assess the requirements outlined in allapplicable guidance(final and proposed)tounderstand where the requirements exceedthose of existing risk management practices orrequire new policies,procedures,and limits.Understand any inconsistencies b
206、etweenrequirements across regulators withsupervisory oversight responsibilities andaccount for the totality of expectationsin operations.Review existing scenario analysisframeworks for consistency with proposedprinciples,and refer to international lessonslearned for opportunities to improvecurrent a
207、pproaches.Develop an approach to data acquisition,maintenance,and reporting for use inscenario analysis and other data-driven riskmanagement activities.2023 banking regulatory outlook22Looking forward to an active 2023In 2023,marketplace developments will continue to pressure Congress and regulators
208、 to better define who is within the federal bank regulatory perimeter and the supervisory regimes these insiders(banks and nonbanks)will face.To the extent that there are newly included business types within the regulatory perimeter,either Congress or regulators will need to assign supervisory autho
209、rity and delineate oversight requirements.There are still unknowns in terms of frameworks and authorities that the regulators will need to address for banks to engage in an expanded range of activities.It is unclear if the pace of policy decisions in this area will catch up to the speed of innovatio
210、n.Banking regulators are positioned at the forefront of the ongoing transformation in the banking sector and,in many cases,have vocalized their priorities and concerns.With capital at the top of the interagency policy agenda and the FRBs large bank frameworkincluding elements of the supervisory stre
211、ss testing regimethe agency is leaning toward periodic review of capital policy and the development of flexible policies that are adjusted to satisfy the changing needs of the banking sector.The OCC and FDIC are similarly focused on capital from an examination standpoint and as a policy initiative t
212、ied to the finalization and implementation of the Basel III capital accord in the United States.Measuring and accounting for systemic risk and matters of resolvability in non-G-SIBs are items that the regulators will likely tackle in the year ahead.We could see additional capital considerations and
213、requirements become applicable to the largest of the non-G-SIBs this year,and these requirements may have an impact on how these firms are treated from a merger and acquisition perspective.The realization that the presence of significant systemic risk has trickled down into large banks is a regulato
214、ry turning point,and banks will need to watch for regulatory movement in this area.The swift pace of change in the current banking environment has introduced new consumer protection concerns and reiterated the importance of existing ones in the eyes of federal banking regulators.The CFPB has made co
215、nsiderable headway with both bank and nonbank supervisory activities,consistent with CFPB Director Chopras aggressive approach to consumer protection regulation.The application of a dormant supervisory authority to examine nonbanks beyond those identified by statute or regulation was a strategic mov
216、e that confirmed the continuation of regulatory intensity going forward.The CFPB has been known for using its supervisory and enforcement resources to probe industries and activities that may pose consumer harm and to hold them accountable,when warranted.It is expected that the agency will continue
217、to proactively pursue policy as well as supervisory initiatives in light of innovation concerning consumer-facing financial products and services.Regulators are planning to take a more aggressive approach to risk management supervision with a sharp focus on outstanding supervisory issues.The need fo
218、r banks to work toward remediation of supervisory findings and sustainability of remediation efforts will be paramount to avoid escalation of supervisory matters.The process of cleaning up the basics will help banks to get ahead and stay off the path of adverse supervisory actions.Banks will need to
219、 tune in to what regulatory leadership is saying and how that translates into what examiners on the ground are doing.Forthcoming regulation will need to reflect a fresh take on banking,one which accounts for changes in bank size and activity over time and recognizes risks associated with aspects of
220、climate-related financial risk,technology,banknonbank partnerships,and even the entrance into new business lines,such as digital assets.2023 banking regulatory outlook23Endnotes1.Board of Governors of the Federal Reserve System(FRB),“Supervision and regulation report,”November 10,2022;Office of the
221、Comptroller of the Currency(OCC),“OCC reports on key risks facing federal banking system,”news release,December 8,2022.2.OCC,“Acting Comptroller of the Currency Michael J.Hsu Remarks before the Wharton Financial Regulation Conference 2022 on Financial Stability and Large Bank Resolvability,”April 1,
222、2022.3.Deloitte,“Playing catch-up:The FDIC takes first steps to modernize the Bank Merger Act,”accessed January 9,2022.4.Financial Stability Oversight Council(FSOC),”Financial Stability Oversight Council annual report 2022,“December 16,2022.5.Financial Stability Board(FSB),“Assessment of risks to fi
223、nancial stability from crypto-assets,”February 16,2022.6.FSOC,“Financial Stability Oversight Council releases report on digital asset financial stability risks and regulation,”press release,October 3,2022.7.FRB,“Supervision and regulation report.”8.OCC,“OCC releases bank supervision operating plan f
224、or fiscal year 2023,”news release,October 6,2022.”9.OCC,“OCC reports on key risks facing federal banking system,”news release,December 8,2022.”10.FRB,“Agencies issue joint statement on crypto-asset risks to banking organizations,”joint press release,January 3,2022.11.Deloitte,“Banking regulators rei
225、nforce wall for bank involvement in crypto-assets,”2022.12.David G.W.Birch,“ChatGPT is a window into the real future of financial services,”Forbes,December 8,2022.13.Monica OReilly et al.,”2023 banking and capital markets industry outlook,“2022.14.FRB,“Agencies issue joint statement on crypto-asset
226、risks to banking organizations.”15.Deloitte,“Cryptocurrency notification protocols and readiness,”April 11,2022.16.Federal Deposit Insurance Corporation(FDIC),“FIL-16-2022:Notification of engaging in crypto-related activities,”press release,April 7,2022;FRB,“SR 22-6/CA 22-6:Engagement in Crypto-Asse
227、t-Related Activities by Federal Reserve-Supervised Banking Organizations,”August 16,2022.17.FSOC,“Financial Stability Oversight Council releases report on digital asset financial stability risks and regulation.”18.Securities and Exchange Commission(SEC),“Staff Accounting Bulletin No.121,”April 11,20
228、22.19.Deloitte,“Navigating the crypto regulatory landscape,”accessed January 5,2023.20.European Parliament,“Markets in crypto-assets(MiCA),”November 29,2022.21.FRB,“Supervision and regulation report.”22.FRB,“SR 19-3/CA 19-2:Large Financial Institution(LFI)Rating System,”February 26,2019;FRB,“Supervi
229、sion and regulation report.”23.FRB,“SR 19-3/CA 19-2:Large Financial Institution(LFI)Rating System.”24.The White House,“Executive Order on Improving the Nations Cybersecurity,”May 12,2021.25.New York State Department of Financial Services(NYDFS),“Guidance on multi-factor authentication,”December 7,20
230、21.26.FRB,“Agencies request comment on proposed risk management guidance for third-party relationships,”joint press release,July 13,2021.27.Cybersecurity and Infrastructure Security Agency(CISA),“Cyber Incident Reporting for Critical Infrastructure Act of 2022(CIRCIA),”accessed July 28,2022.28.FRB“S
231、R 22-4/CA 22-3:Contact Information in Relation to Computer-Security Incident Notification Requirements,”March 29,2022.29.FSB,“FSB makes proposals to achieve greater convergence in cyber incident reporting,”press release,October 17,2022.2023 banking regulatory outlook2430.OCC,“OCC reports on key risk
232、s facing federal banking system.”31.OCC,“Agencies request comment on proposed risk management guidance for third-party relationships,”news release,July 13,2021.32.William M.(Mac)Thornberry National Defense Authorization Act for Fiscal Year 2021,H.R.6395,116th Cong.(20192020).33.Financial Crimes Enfo
233、rcement Network(FinCEN),“FinCEN Notice on Antiquities and Art(FIN-2021-NTC2),”March 9,2021.34.FinCEN,“Prepared Remarks of FinCEN Acting Director Himamauli Das during the ABA/ABA Financial Crimes Enforcement Conference,”December 6,2022.35.FinCEN,“Prepared Remarks of FinCEN Acting Director Himamauli D
234、as during the ACAMS AML Conference,”October 12,2022.36.FinCEN,“Anti-Money Laundering Program Effectiveness,”September 17,2020.37.FinCEN,“FinCEN issues final rule for beneficial ownership reporting to support law enforcement efforts,counter illicit finance,and increase transparency,”press release,Sep
235、tember 29,2022.38.FinCEN,“Beneficial ownership information reporting rule fact sheet,”September 29,2022.39.Ibid.40.FinCEN,“FinCEN and BIS issue joint alert on potential Russian and Belarusian export control evasion attempts,”June 28,2022.41.US Department of the Treasury,“Treasury-Commerce-State Aler
236、t:Impact of Sanctions and Export Controls on Russias Military-Industrial Complex,”October 14,2022.42.Bloomberg Law,“Chamber of Commerce of the United States of America et al.v.Consumer Financial Protection Bureau,”filed September 28,2022.43.Jody Godoy,“Consumer agency asks U.S.Supreme Court to revie
237、w case that invalidated its funding,”Reuters,November 15,2022.44.US Chamber of Commerce,“U.S.Chamber files coalition lawsuit challenging the Consumer Financial Protection Bureaus recent update to the Unfair,Deceptive,or Abusive Acts or Practices section of its examination manual as unlawful,”Novembe
238、r 29,2022.45.Consumer Financial Protection Bureau(CFPB),“Consumer Access to Financial Records,”October 22,2020;CFPB,“Director Chopras Prepared Remarks at Money 20/20,”October 25,2022.46.CFPB,“Electronic Fund Transfers FAQs,”December 12,2021.47.CFPB,“CFPB study details the rapid growth of“buy now,pay
239、 later”lending,”press release,September 15,2022.48.CFPB,“Unfair,Deceptive,or Abusive Acts or Practices(UDAAPs)examination procedures,”March 16,2022.49.CFPB,“CFPB publishes new bulletin analyzing rise in crypto-asset complaints,”press release,November 10,2022.50.OCC,“Joint statement on crypto-asset p
240、olicy sprint initiative and next steps,”news release,November 23,2021.51.Deloitte,“The Federal Deposit Insurance Corporation(FDIC)heightens its enforcement of the Federal Deposit Insurance(FDI)Act,”2022;FDIC,“FDIC Law,Regulations,Related Acts-Federal Deposit Insurance Act,”last updated August 31,202
241、1.52.FDIC,“FDIC issues cease and desist letters to five companies for making crypto-related false or misleading representations about deposit insurance,”press release,August 19,2022;CFPB,“Decision and Order on Petition by Nexo Financial LLC to Modify Civil Investigative Demand,”November 22,2022.53.D
242、eloitte,“Impact of updates to Section 1071 on small business lending,”accessed December 7,2022.54.CFPB,“Summary of proposed rulemaking:September 2021 proposal regarding small business lending data collection,”September 1,2021.55.OCC,“CRA NPR infographic,”accessed December 7,2022.2023 banking regulat
243、ory outlook56.Deloitte,“Community Reinvestment Act and Digital Banking Activities,”accessed December 7,2022.57.Deloitte,“Implementing Basel 3.1 in the EU:Delay,defer,diverge-and more.,”October 28,2021.58.FRB,“Agencies reaffirm commitment to Basel III standards,”press release,September 9,2022.59.FRB,
244、“Speech by Vice Chair for Supervision Barr on making the financial system safer and fairer,”September 7,2022.60.FRB,“Federal Reserve Board invites public comment on an advance notice of proposed rulemaking to enhance regulators ability to resolve large banks in an orderly way should they fail,”press
245、 release,October 14,2022.61.Deloitte,“Playing catch-up:The FDIC takes first steps to modernize the Bank Merger Act,”accessed December 13,2022.62.Andrew Castro,Michele Cavallo,and Rebecca Zarutskie,“Understanding bank deposit growth during the COVID-19 pandemic,”FRB,June 3,2022.63.Basel Committee on
246、Banking Supervision(BCBS),“Principles for the effective management and supervision of climate-related financial risks,”June 15,2022.64.FSB,“Supervisory and regulatory approaches to climate-related risks,”press release,October 13,2022.65.Task Force on Climate-related Financial Disclosures(TCFD),“Reco
247、mmendations of the Task Force on Climate-related Financial Disclosures,”June 29,2017.66.Network for Greening the Financial System(NGFS),“Guide for supervisors:Integrating climate-related and environmental risks into prudential supervision,”May 2020.67.FRB,“Federal Reserve Board announces that six of
248、 the nations largest banks will participate in a pilot climate scenario analysis exercise designed to enhance the ability of supervisors and firms to measure and manage climate-related financial risks,”press release,September 29,2022.68.FRB,“Speech by Vice Chair for Supervision Barr on making the fi
249、nancial system safer and fairer.”69.FSB,“Current climate scenario analysis exercises may understate climate exposures and vulnerabilities,warn FSB and NGFS,”press release,November 15,2022.70.Ibid.2023 banking regulatory outlook26ContactsScott ZuckerSenior Manager|Deloitte Transactions and Business A
250、nalytics LLPZachary OliverManager|Deloitte Transactions and Business Analytics LLPJohnny LiManager|Deloitte Transactions and Business Analytics LLPConsumer protection and financial inclusionJohn GraetzPrincipal|Deloitte&Touche LLPPaul SanfordIndependent Senior Advisor to Deloitte&Touche LLPChris Tuc
251、kerSenior Manager|Deloitte&Touche LLPJessica GoldenManager|Deloitte&Touche LLPCapitalCourtney DavisPrincipal|Deloitte&Touche LLPJohn CorstonIndependent Senior Advisor to Deloitte&Touche LLPKrisha BlanchardSenior Manager|Deloitte&Touche LLPSudarshna KalyanaramanManager|Deloitte&Touche LLPRichard Rose
252、nthalPrincipal|Deloitte&Touche LLPContributorsDigital assetsRoy Ben HurManaging Director|Deloitte&Touche LLP Richard MumfordIndependent Senior Advisor to Deloitte&Touche LLPNaresh NagiaIndependent Senior Advisor to Deloitte&Touche LLPData governance and reportingKen LamarIndependent Senior Advisor t
253、o Deloitte&Touche LLPCyber and information technologyJulie BernardPrincipal|Deloitte&Touche LLPSunil KapurManaging Director|Deloitte&Touche LLPSean HodgkinsonSenior Manager|Deloitte&Touche LLPBank Secrecy Act,anti-money laundering,and sanctionsJohn WagnerManaging Director|Deloitte Transactions and B
254、usiness Analytics LLPLiquidityCarrie CheadlePrincipal|Deloitte&Touche LLPccheadleDELOITTE.comCourtney DavisPrincipal|Deloitte&Touche LLPRyan McDevittSenior Manager|Deloitte&Touche LLPClimate-related financial riskRicardo Martinez Principal|Deloitte&Touche LLP Ken LamarIndependent Senior Advisor to D
255、eloitte&Touche LLPDeloitte Center for Regulatory StrategyIrena Gecas-McCarthyPrincipal|Deloitte&Touche LLPJim EckenrodeManaging Director|Deloitte Services LPMichele JonesResearch Leader|Deloitte Services LPMeghan BurnsResearch Manager|Deloitte Services LPKyle CookeSr.Strategy&Operations Specialist|D
256、eloitte Services LP2023 banking regulatory outlook27About the Center The Deloitte Center for Regulatory Strategy provides valuable insight to help organizations in the financial services industry keep abreast of emerging regulatory and compliance requirements,regulatory implementation leading practi
257、ces,and other regulatory trends.Home to a team of experienced executives,former regulators,and Deloitte professionals with extensive experience solving complex regulatory issues,the Center exists to bring relevant information and specialized perspectives to our clients through a range of media,inclu
258、ding thought leadership,research,forums,webcasts,and events.This article contains general information only and Deloitte is not,by means of this article,rendering accounting,business,financial,investment,legal,tax,or other professional advice or services.This article is not a substitute for such prof
259、essional advice or services,nor should it be used as a basis for any decision or action that may affect your business.Before making any decision or taking any action that may affect your business,you should consult a qualified professional adviser.Deloitte shall not be responsible for any loss susta
260、ined by any person who relies on this article.About Deloitte This publication contains general information only and Deloitte is not,by means of this publication,rendering accounting,business,financial,investment,legal,tax,or other professional advice or services.This publication is not a substitute
261、for such professional advice or services,nor should it be used as a basis for any decision or action that may affect your business.Before making any decision or taking any action that may affect your business,you should consult a qualified professional advisor.Deloitte shall not be responsible for a
262、ny loss sustained by any person who relies on this publication.As used in this document,“Deloitte”means Deloitte&Touche LLP,a subsidiary of Deloitte LLP.Please see for a detailed description of our legal structure.Certain services may not be available to attest clients under the rules and regulations of public accounting.Copyright 2023 Deloitte Development LLC.All rights reserved.CENTER forREGULATORY STRATEGYAMERICAS