Cryptocurrency fuels ransomware payments

Cryptocurrency fuels ransomware payments and without regulation, it could get much worse. The rapid ascent of crypto, like other emerging technologies before it, has far outpaced the federal government's ability to regulate it.

 

Read the full article HERE.

 

Bernie Madoff and Jordan Belfort and their criminal financial schemes

Ike Sorkin, lawyer to both Bernie Madoff and Jordan Belfort (Wolf of Wall Street), discusses their criminal financial schemes and how regulatory safeguards failed. This is a repeat of the TRACE podcast episode that was originally published in June 2017.

With the recent death of Bernie Madoff, it is perhaps a timely opportunity to revisit the details. 

You can listen to this podcast
HERE.

How to Regulate Big Tech? Ideas from the BIS

The U.S. House Judiciary subcommittee, in a 449-page report last October characterized Amazon, Apple, Facebook and Google as “gatekeepers” with “significant and durable market power.” The antitrust panel acknowledged open competition’s economic benefits and opportunities but compared the Big Techs to “the kinds of monopolies we last saw in the era of oil barons and railroad tycoons.”

“Big Techs have done something quite remarkable,” Agustín Carstens, general manager of the Bank for International Settlements (BIS), said in a January talk, Public Policy for Big Techs in Finance. “Within less than two decades, they have gone from being startups to dominating a range of markets. This is unprecedented,” Carstens said, noting that financial services accounted for “only 11%” of Big Tech revenues “so far.” 

In Fintech Regulation: How to Achieve a Level Playing Field, a paper published in early February, Fernando Restoy, chairman of the BIS Financial Stability Institute (FSI), examines the straightforward “same activity, same regulation” principle alongside so-called entity-based regulation. 

The full article here; How to Regulate Big Tech? The BIS Has Some Ideas

 

What Happened to China's Superstar Entrepreneur Jack Ma? - WSJ

After Jack Ma criticized Chinese regulators, Beijing scuttled the initial public offering of his fintech giant Ant and he largely disappeared from public view. WSJ looks at recent videos of the billionaire to show how he got himself into trouble.

GameStop: what it reveals about the US stockmarket - The Economist

The frenzied rise of GameStop’s share price baffled Wall Street and panicked the US Treasury. What does the GameStop story reveal about American stockmarkets? "Economist" experts answer your questions.

Regulators issue warning to cryptocurrency investors after Bitcoin reaches new all-time high

Regulators have issued fresh warnings on investing in cryptocurrencies after Bitcoin skyrocketed to a new all-time high last week.

The UK’s Financial Conduct Authority (FCA) has cautioned consumers about the high risks involved in investing in cryptocurrencies.

“Investing in cryptoassets, or investments and lending linked to them, generally involves taking very high risks with investors’ money,” the City watchdog said in a statement. “If consumers invest in these types of product, they should be prepared to lose all their money.”

The warning closely follows the regulator’s ban on selling crypto-derivates to consumers which came into effect January 6.

You can read the full article on Bobsguide HERE

International banking supervisory community meets virtually - Focus on the future of banking supervision in a changing world

The 21st International Conference of Banking Supervisors (ICBS), hosted virtually by the Office of the Superintendent of Financial Institutions (OSFI) and the Bank of Canada, was held on 19-22 October 2020. Approximately 450 senior banking supervisors and central bankers representing close to 100 countries took part.

Delegates discussed a wide range of issues related to the future of banking supervision in a changing world. The discussions covered the digitization of finance and the evolution of banking models, operational resilience, climate-related financial risks and remote working arrangements. Participants also exchanged views on the challenges for central banks and bank supervisors in advanced and emerging market economies during the Covid-19 pandemic, as well as adapting to the changing operating environment for central banks and supervisors.

The event included several panel discussions and keynote speeches by Pablo Hernández de Cos, Chair of the Basel Committee on Banking Supervision and Governor of the Bank of Spain, and Prithwiraj Choudhury, Associate Professor at Harvard Business School.

This successful event marks the first time that the Basel Committee has worked with a host country to offer a completely virtual conference.

The ICBS, which has been held every two years since 1979, brings together bank supervisors and central bankers from around the world as well as representatives of international financial institutions. The conference promotes the discussion of key supervisory issues and fosters the continuing cooperation in the oversight of international banking. With its wide membership of senior supervisors and policymakers, the ICBS presents a unique opportunity for a broad-based discussion on issues that are timely and relevant to supervisors in both advanced and emerging market economies.

Big Short: Fintech Fraud Wirecard Explained (EY Accounting Scandal)

Eddie Donmez takes a look at the German Payment processing Fintech- Wirecard. He dives into the 15-year long accounting fraud that saw €1.9bn go missing and draws parallels to previous scandals like Lehman Brothers and Enron. Are there more FinTechs out there that have grown too quickly and let their standard slip?

The Future of Credit: How Technology is Changing the Game

From Visual Capitalist

The concept of credit itself dates back over 5,000 years to ancient civilizations such as the Sumerians and Babylonians.

But how has consumer credit evolved over time?

This motion graphic video shows you the past, present, and future of consumer credit, with a focus on the new technologies that are completely re-shaping how credit will work in the coming years.

Basel III Update

The Basel Committee has just published its sixteenth progress report on adoption of the Basel regulatory framework

In it, the committee sets out the adoption status of Basel III standards for each Basel Committee on Banking Supervision (BCBS) member jurisdiction as at the end-March 2019.

This is an update to the Committee’s previous progress reports, which have been published on a semiannual basis since October 2011. In 2012, the Committee started the Regulatory Consistency Assessment Programme (RCAP) to monitor progress in introducing domestic regulations, assessing their consistency and analysis in regulatory outcomes. As part of this program, the Committee periodically monitors the adoption of Basel standards. The monitoring initially focused on the Basel risk-based capital requirements, and has since expanded to cover all Basel standards. These include the finalised Basel III post-crisis reforms published by the Committee in December 2017, which will take effect from 1 January 2022 and which will be phased in over five years.

As of the end-March 2019, all 27 member jurisdictions have risk-based capital rules, Liquidity Coverage Ratio (LCR) regulations and capital conservation buffers in force.

Twenty-six member jurisdictions also have final rules in force for the countercyclical capital buffer and the domestic systemically important bank (D-SIB) requirement.

With regard to the global systemically important bank (G-SIB) requirements published in 2013, all members that are home jurisdictions to G-SIBs have final rules in force. The leverage ratio based on the existing (2014) exposure definition has been partly or fully implemented in 26 member jurisdictions.

Moreover, 26 member jurisdictions have issued draft or final rules for the Net Stable Funding Ratio (NSFR), and 21 member jurisdictions have issued final rules for the revised securitisation framework. Also, 26 member jurisdictions have issued draft or final rules for the standardised approach for measuring counterparty credit risk exposures (SA-CCR), and 24 member jurisdictions have issued draft or final rules for the capital requirements for bank exposures to central counterparties (CCPs).

You can access the full report, with detailed statuses for each member jurisdiction HERE.

A guide to FDIC and Cybersecurity Examinations – What should you focus on?

By Stanley Epstein

FDIC – what is does and how it operates

The United States “Federal Deposit Insurance Corporation” (FDIC) plays a very important role in the preservation and promotion of public confidence in the U.S. financial system by insuring deposits in banks and thrift institutions; by identifying, monitoring and addressing risks to the deposit insurance funds; and by limiting the effect on the U.S. economy and the financial system when a bank or thrift fails.

The FDIC was created in 1933, as an independent agency of the federal government. This was a response to the thousands of bank failures that occurred during the 1920s and early 1930s.

The FDIC receives no government funds - it is backed by premiums that banks and thrifts pay for deposit insurance coverage and from earnings on investments in U.S. Treasury securities. About $9 trillion of deposits in U.S. banks and thrifts are insured by FDIC.

The FDIC also directly examines and supervises more than 4,500 banks and savings banks for operational safety and soundness, more than half of the institutions in the U.S. banking system.

Why doesn’t the FDIC cover all U.S. banks? Well, this is dependent on whether banks have been chartered by states or by the federal government. Banks chartered by states also have the choice of whether to join the Federal Reserve System. The FDIC is the main federal regulator of banks that are chartered by the states that do not join the Federal Reserve System. The FDIC is also the back-up supervisor for the remaining insured banks and thrifts.

The FDIC also has a major role in compliance; it examines banks for compliance with consumer protection laws, which include the Fair Credit Billing Act, the Fair Credit Reporting Act, the Truth-In-Lending Act, and the Fair Debt Collection Practices Act, among others. The FDIC also examines banks for compliance with the Community Reinvestment Act (CRA) which requires banks to help meet the credit needs of the communities they were chartered to serve.

When a bank or thrift fails the FDIC responds immediately to protect insured depositors. The failed institution is generally closed by its chartering authority - the state regulator, or the Office of the Comptroller of the Currency. While the FDIC has several options for resolving institution failures, the one used most often is to sell the deposits and loans of the failed institution to another institution. Customers of the failed institution automatically become customers of the assuming institution. Most of the time, from the customer's point of view the transition is seamless.

FDIC Examinations

FDIC bank examinations generally focus on the IT systems of banks with a particular focus on information security. The federal banking agencies issued Interagency Guidelines Establishing Information Security Standards (“Interagency Guidelines”) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), which is based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of service providers.

The examination process relies on bank management attestations regarding the extent to which IT risks are being managed and controlled. Examiners focus their efforts on management-identified weaknesses and may confirm selected safeguards described by management as adequate. Nonetheless, reports by the Office of the Inspector General within the FDIC indicate that examiners may not be consistent in their review of bank compliance with the Interagency Guidelines and do not regularly provide a clear statement of adequacy on intrusion detection programs and incident response plans.

The following provides a snapshot of information concerning FDIC IT examinations.

• Currently about 2,300 IT examinations at financial institutions and technology service providers are conducted by FDIC in a year.
• IT examinations at a financial institution that is found to have adequate security takes between 8 – 10 days to complete.
• IT examinations at a financial institution that is found to have some degree of supervisory concern take a while longer –15 to 20 days on average. 

Being prepared for an FDIC examination  
 
As IT examinations are a regular feature of the FDIC’s work, the boards of banks and bank directors should be adequately prepared for these. The question is where should their focus be when making such preparations?

Below are 10 key points that need to be take into account when such preparations are made;

1. Is bank management properly qualified to manage all aspects of the bank’s IT operations? Does this include compliance with all the relative data security laws and regulations? Is the bank’s Board happy with the qualification of bank management to handle this?
2. Does the bank have a designated “Vendor Management Coordinator”? Does she/he have the appropriate level of due diligence and vendor risk modeling experience that matches the type and quality of the bank’s IT services?
3. Do the bank Directors have a clear understanding of what services are outsourced? Does the banks Vendor Management Program meet the requirements and guidance of the FFIEC IT Examination Handbook, “Outsourcing Technology Services”?
4. What about the bank’s “Business Continuity Planning/Disaster Recovery Plan”? Does it adequately address the sudden loss of IT services?
5. When was the last time that your senior management reviewed the “Incident Response” section of your BCP/DR plan?
6. Has your bank carried out a strategic test of your “Incident Response” plan (e.g. a tabletop simulation)?
7. Has your bank carried out an operational test of your “Incident Response” plan (e.g. breach simulation)?
8. Does your bank have a plan regarding how you would communicate news of a breach to bank customers, regulators and law enforcement?
9. Does your bank have cyber insurance coverage? Does your management understand what is and is not covered under this policy?
10. Does your bank have the necessary external resources identified and contractually bound to give you assistance and support in the event of a security incident?