Top Story Technology Related

The Financial Stability Board (FSB) this morning announced it has published a toolkit for financial authorities and financial institutions for their third-party risk management and oversight.

The toolkit was developed in response to concerns over the extent and nature of financial institutions’ interactions with a broad and diverse ecosystem of third-party service providers, which could have implications for financial stability.

The primary emphasis of the toolkit is on critical third-party services, given the potential impact of their disruption on financial institutions’ critical operations and financial stability. It also looks holistically at financial institutions’ third-party risk management in light of changing industry practices and recent regulatory and supervisory approaches to operational resilience.

The toolkit, which incorporates feedback from a public consultation conducted over the summer, aims to (i) reduce fragmentation in regulatory and supervisory approaches to third-party risk management across jurisdictions and different areas of the financial services sector; (ii) strengthen financial institutions’ ability to manage third-party risks and financial authorities’ ability to monitor and strengthen the resilience of the financial system; and (iii) facilitate coordination among relevant stakeholders (i.e. financial authorities, financial institutions and third-party service providers).

The FSB promotes international financial stability by coordinating national financial authorities and international standard-setting bodies as they work toward developing strong regulatory, supervisory and other financial sector policies. It fosters a level playing field by encouraging coherent implementation of these policies across sectors and jurisdictions. Working through its members, it seeks to strengthen financial systems and increase the stability of international financial markets. The policies developed in the pursuit of this agenda are implemented by jurisdictions and national authorities.

Yesterday, Treasury reported that OFAC sanctioned eight foreign-based Democratic People’s Republic of Korea’s (DPRK) agents that facilitate sanctions evasion, including revenue generation and missile-related technology procurement that support the DPRK’s weapons of mass destruction (WMD) programs. Additionally, OFAC sanctioned cyber espionage group Kimsuky for gathering intelligence to support the DPRK’s strategic objectives. OFAC acted in coordination with Australia, Japan, and the Republic of Korea.

For the names and identification information of the designated individuals and entity, see this BankersOnline OFAC Update.

The FDIC has released a list of enforcement actions taken in October 2023. Included were three consent orders to pay civil money penalties, three consent orders to cease and desist, and two removal/prohibition orders :

• Transportation Alliance Bank (DBA TAB Bank), Ogden, Utah, was ordered to pay a civil money penalty of $315,000 for deceptive practices involving a "rebate processing fee" for early payment of certain loans.
• Paramount Bank, Hazelwood, Missouri, was assessed an $85,000 penalty for reporting inaccurate HMDA data for 2020 and 2021.
• Range Bank, Marquette, Michigan, was assessed a $4,000 civil money penalty for failing to require escrow of flood insurance premium payments on four loans on which the bank collected escrow payments for taxes and homeowner's insurance premiums.
• Herring Bank, Amarillo, Texas, was issued a cease and desist order (jointly issued with the Texas Department of Banking) due in part to weaknesses in access controls for IT and in its corporate bond accounting software.
• Royal Business Bank, Los Angeles, California, was issued a cease and desist order (issued jointly with the California Department of Financial Protection and Innovation) related to the bank's Bank Secrecy Act/Anti Money Laundering Compliance Program.
• TrustTexas Bank, SSB, Cuero, Texas, received a cease and desist order, issued jointly with the Texas Department of Savings and Mortgage Lending, for allegedly unsafe or unsound banking practices relating to interest rate risk exposure, deterioration in capital protection and earnings, and deficiencies in management and oversight by the Board.
• Brian Ferris, a former loan officer of Berkshire Bank, Pittsfield, Massachusetts, received a corrected order of prohibition relating to his alleged participation in a conspiracy to defraud the bank by submitting fraudulent loan applications to the bank that were referred to him by two co-conspirators who operated a loan brokerage business.
• Patricia Westmoreland, a former bank manager for Branch Banking and Trust Company, now known as Truist Bank, Charlotte, North Carolina, received an order of prohibition for allegedly embezzling approximately $201,000 and falsifying bank records.

On Monday, the Securities and Exchange Commission reported it has charged Payward Inc. and Payward Ventures Inc., together known as Kraken, with operating Kraken’s crypto trading platform as an unregistered securities exchange, broker, dealer, and clearing agency.

According to the SEC’s complaint, since at least September 2018, Kraken has made hundreds of millions of dollars unlawfully facilitating the buying and selling of crypto asset securities. The SEC alleges that Kraken intertwines the traditional services of an exchange, broker, dealer, and clearing agency without having registered any of those functions with the Commission as required by law. Kraken’s alleged failure to register these functions has deprived investors of significant protections, including inspection by the SEC, recordkeeping requirements, and safeguards against conflicts of interest, among others.

The SEC’s complaint also alleges that Kraken’s business practices, deficient internal controls, and poor recordkeeping practices present a range of risks for its customers. Kraken allegedly commingles its customers’ money with its own, including paying operational expenses directly from accounts that hold customer cash. Kraken also allegedly commingles its customers’ crypto assets with its own, creating what its own auditor had identified as “a significant risk of loss” to its customers.

In February of this year, Kraken agreed to cease offering or selling securities through crypto asset staking services or staking programs and pay a civil penalty of $30 million. [Editor's note: According to The Motley Fool, “staking” is the way many cryptocurrencies verify their transactions, and it allows participants to earn rewards on their holdings; crypto staking involves committing one's crypto assets to support a blockchain and confirm transactions.]

The Office of the Comptroller of the Currency (OCC) has announced that registration is open for its symposium on the tokenization of real-world assets and liabilities on February 8, 2024, at its headquarters in Washington, D.C.

The symposium will include panel discussions among thought leaders, academics, community groups, and the banking industry on tokenization and is open to the public for in-person or virtual attendance.

The event will feature opening remarks from Acting Comptroller of the Currency Michael J. Hsu and keynote remarks from Hyun Song Shin, Economic Adviser and Head of Research at the Bank for International Settlements (BIS). The symposium will also include moderated panel discussions to explore the legal foundations for digital asset tokens, tokenization use cases, and risk management and control considerations. There will also be a panel discussion of academic papers on tokenization.

Registration is required for in-person attendance at the symposium and is open until January 22, 2024, or until full, whichever occurs first. For security reasons, in-person attendees will be subject to screening and must present a valid government-issued identification to enter the building. The symposium will also be livestreamed.

The Securities and Exchange Commission has announced charges against Jake Soberal and Irma Olguin, Jr., the former co-CEOs of Fresno, California-based private technology services startup Bitwise Industries Inc., for misleading investors about the company’s finances. Soberal and Olguin have agreed to resolve the charges against them.

The SEC's complaint alleges that Soberal and Olguin made material misrepresentations and falsified documents concerning Bitwise’s cash position and historical financial performance while raising approximately $70 million from investors in 2022. Soberal and Olguin allegedly created and provided investors with falsified bank records and a fake audit report that showed, respectively, inflated cash balances and higher revenues than Bitwise actually generated. Soberal and Olguin’s alleged misrepresentations and falsified materials painted Bitwise as a healthy, growing business with favorable financial performance. In reality, and as Soberal and Olguin allegedly knew, Bitwise faced constant cash shortages and was often on the brink of failure because it was unable to generate sufficient funds from its operations. As alleged, Soberal and Olguin’s scheme came to light in May 2023 when Bitwise failed to make payroll and abruptly furloughed—and then terminated—all of its hundreds of personnel.

“In one instance, the defendants allegedly conspired to send a purported screenshot to investors of a company bank account showing a cash balance of $23.4 million. In actuality, the account had only $325,100 in it. That’s not a bank error—that’s fraud, and the SEC is taking action to hold the defendants accountable,” said Monique C. Winkler, Regional Director of the SEC’s San Francisco Regional Office.

Soberal and Olguin have each agreed to the entry of a partial judgment, subject to court approval, imposing permanent and conduct-based injunctions as well as an officer and director bar, and reserving the issues of disgorgement, prejudgment interest, and a civil penalty for further determination by the court.

In a parallel action, the U.S. Attorney’s Office for the Eastern District of California (USAO) has announced criminal charges against Soberal and Olguin.

On Monday, OFAC announced a settlement with daVinci Payments, which manages prepaid reward card programs. DaVinci agreed to remit $206,213 to settle its potential civil liability for apparent violations of sanctions on Crimea, Iran, Syria, and Cuba. Between November 15, 2017 and July 27, 2022, daVinci enabled reward cards to be redeemed from persons in sanctioned jurisdictions. The settlement amount reflects OFAC’s determination that daVinci’s conduct was non-egregious and voluntarily self-disclosed.

Between March 2020 and February 2022, in the course of a compliance review and subsequent investigation, daVinci discovered that on 12,378 occasions it had redeemed prepaid cards for users with Internet Protocol (IP) addresses associated with Iran, Syria, Cuba, and Crimea. After daVinci began preventing access to its platform from IP addresses associated with these sanctioned jurisdictions, the company further discovered it had redeemed prepaid cards for 13 card recipients who had used email addresses with suffixes (sometimes called top-level domains) associated with sanctioned jurisdictions (e.g., Syria is .sy, Iran is .ir) during the redemption process and who were apparently resident therein.

Over the course of the relevant time period, this absence of comprehensive geolocation controls led daVinci to process 12,391 redemptions totaling $549,134.89 for cardholders apparently located in sanctioned jurisdictions, resulting in apparent violations of the Cuban Assets Control Regulations, 31 C.F.R. § 515.201; the Iranian Transactions and Sanctions Regulations, 31 C.F.R. § 560.204; the Ukraine-/Russia-Related Sanctions Regulations, 31 C.F.R. § 589.287; and the Syrian Sanctions Regulations, 31 C.F.R. § 542.207 (the “Apparent Violations”).

The statutory maximum civil monetary penalty applicable for the apparent violations is $4,399,759,685. OFAC determined that the apparent violations were voluntarily self-disclosed and were nonegregious. Accordingly, under OFAC’s Economic Sanctions Enforcement Guidelines, the base civil monetary penalty applicable in this case would be one-half of the transaction value for each Apparent Violation, which is $274,950. The settlement amount of $206,213 reflects OFAC’s consideration of daVinci's remedial measures and cooperation in OFAC's investigation.

On Friday, the Federal Trade Commission released the National Do Not Call Registry Data Book for Fiscal Year 2023, which shows that consumer complaints about robocalls and unwanted live telemarketing calls have decreased to a five-year low.

Now in its fifteenth year of publication, the data book also provides the most recent fiscal year information available on robocall complaints, the types of calls consumers reported to the FTC, and a complete state-by-state analysis. According to the data book, complaints about imposter calls again topped the list, with more than 175,000 received during the fiscal year ending on September 30, 2023, 117,000 of which were robocalls. In such calls, imposters falsely pose as representatives of government, such as the Social Security Administration or the IRS, legitimate business entities or as people affiliated with them.

On Friday, the Treasury Department reported that OFAC had sanctioned Ekaterina Zhdanova, a Russian national, for her role in laundering and moving funds using virtual currency on behalf of Russian elites.

For identification information on Zhdanova, see this BankersOnline OFAC Update.

OCC Bulletin 2023-35, issued yesterday, published the revised interagency examination procedures for the Telephone Consumer Protection Act (TCPA). The OCC, Federal Deposit Insurance Corporation, and the National Credit Union Administration have revised the interagency examination procedures to reflect amendments to the TCPA that became effective on October 25, 2021.

With the publication of the revised interagency examination procedures, the OCC has rescinded the “Telephone Consumer Protection Act and Junk Fax Protection Act” section of the “Other Consumer Protection Laws and Regulations” booklet of the Comptroller’s Handbook. OCC examiners will rely on the interagency procedures.