- Enforcements
- SEC fines 10 prominent broker-dealers and investment advisers $79M for record keeping violations.
- Brokerage firms are fined a total of $19M in the same week the WSJ reports that Wall Street is starting to push back at the amount and frequency of fines by choosing to fight back in federal courts. (Source 1, Source 2)
- SEC Fines Credit Rating Agencies $12M for long standing record keeping failures.
- Exam Priorities
- In contrast with past practice of announcing annual exam priorities in January, this year, the SEC accelerated their announcement to October. The purpose of this practice is to provide regulated entities advance notice of key risk areas and topics the SEC exam division plans to incorporate into their compliance exams. The report is organized by following entity types and also discusses a series of common risk areas
- Investment advisers
- Private fund investment advisers
- Broker-dealers
- SROs (including exchanges)
- Clearing Agencies
- Other Market Participants (municipal advisors, swap dealers, transfer agents)
- The OCC Issues Exam Priorities for FY 2024. The Key areas of focus in the OCC Operating Plan include following that are hot regulatory topics for the banking industry:
- Cybersecurity
- Digital Ledger Technology (DLT) Activities (crypto and digital asset custody; use of blockchain)
- Payments (systems, products, services)
- Change Management
- BSA/AML/OFAC
- Consumer Compliance
- Fair Lending
- In contrast with past practice of announcing annual exam priorities in January, this year, the SEC accelerated their announcement to October. The purpose of this practice is to provide regulated entities advance notice of key risk areas and topics the SEC exam division plans to incorporate into their compliance exams. The report is organized by following entity types and also discusses a series of common risk areas
- Cyber Security
- October is National Cybersecurity Awareness Month. Although national (and international) cybersecurity standards have been developed and there are some regulations at the state- and federal-level, there is no national cybersecurity regulatory framework in the US. Here’s a summary of cyber rulemaking developments in 2023:
- March 2023 – The White House issued its 2023 National Cybersecurity Strategy building on efforts by earlier administrations and replacing the 2018 National Cyber Strategy (NCS). Intended to be implemented alongside other strategies important to a digital economy including the National AI Initiative, the NCS identifies 5 pillars the Office of the National Cyber Director (ONCD) is directed to work on with various federal agencies.
- July 2023 – The ONCD released a NCS Implementation Plan (NCSIP) that lays out a roadmap of federal initiatives to build out the 5 pillars, including new regulations providing guidance to critical infrastructure providers during incident response and recovery
- July 2023 – the SEC adopted new regulations amending 17 CFR Parts 229, 232, 239, 240, and 249 (eff September 5, 2023) requiring public companies (and foreign private issuers) to make public disclosures about their cybersecurity risk management practices and material incidents.
- August 2023 – Making regulation for critical infrastructure a priority, the ONCD issued a Request for Information asking for public feedback on ways to harmonize existing regulations with new regulations being considered applicable to emerging technologies critical to the nation’s infrastructure. Comments are due October 31, 2023.
- October is National Cybersecurity Awareness Month. Although national (and international) cybersecurity standards have been developed and there are some regulations at the state- and federal-level, there is no national cybersecurity regulatory framework in the US. Here’s a summary of cyber rulemaking developments in 2023:
- Regulation Around Junk Fees
- Foreshadowing rulemaking at the federal level, California passed a new law that, beginning July 1, 2024, with certain exceptions, makes unlawful advertising, displaying, or offering a price for a good or service that does not include all mandatory fees or charges other than taxes or fees imposed by a government on the transaction. The White House issued a statement summarizing actions being taken by federal agencies to crack down on junk fees, including:
- FTC proposing new rule mandating fee transparency (16 CFR Part 464). Comments are due 60 days after proposal is published in Federal Register (pending)
- CFTC issuing an Advisory Opinion (Guidance) interpreting Section 1034(c) of the 2010 Consumer Financial Protection Act (see 12 U.S.C. 5534(c)) prohibiting large banks and credit unions from imposing unreasonable obstacles on customers, to mean prohibiting them from charging consumers fees for basic information about their own accounts.
- Foreshadowing rulemaking at the federal level, California passed a new law that, beginning July 1, 2024, with certain exceptions, makes unlawful advertising, displaying, or offering a price for a good or service that does not include all mandatory fees or charges other than taxes or fees imposed by a government on the transaction. The White House issued a statement summarizing actions being taken by federal agencies to crack down on junk fees, including:
- Suing the SEC
- Six trade groups sue the SEC to vacate the new private fund regulator framework that goes into force November 13th.
- The Managed Fund Association (MFA), the largest global trade group for private funds, joined 5 other trade groups in suing the SEC arguing that it exceeded its regulatory authorities under the Investment Advisers Act and other relevant laws and did not satisfy administrative rulemaking obligations, including failure to demonstrate a need for the rule. The relief requested is for the court to hold that the new rule is illegal and for the court to vacate and set aside the rule.
- Six trade groups sue the SEC to vacate the new private fund regulator framework that goes into force November 13th.
- Regulating AI
- Governments around the world are racing to regulate AI and its groundbreaking innovations but the speed by which the technology is advancing is complicating their efforts. In the absence of a framework for regulating AI at the federal level, states are rapidly stepping into the breach with rulemaking.
- Open Banking
- Payments and financial services technology provider Fiserv and data network Plaid launched a data-sharing partnership connecting customers at Fiserv hosted banks and credit connections to Plaid network apps and services enabling consumer access to, and control over sharing , their financial data with third parties in another step towards “open banking” in the U.S.
- Fast following regulation of consumer data privacy, is emerging regulation to protect the rights of consumers to personal data generated in digital interactions that are prevalent in the financial sector (open banking). Referred to as Consumer Data Right (CDR) regulation, the goal is to provide consumers with more control over their personal data by enabling them to share that data with the businesses they select for uses they choose.
Subscribe to Compliance Insider newsletter
Subscribe to Ascent’s monthly newsletter for regulatory roundups like this, compliance insights, industry news and more.