Fall at 8of9

Client Appreciation Party 2018

We officially made our new office our home by hosting a client appreciation party in the new space on October 18, 2018. Check out the photos here. Everyone enjoyed food, drinks (including our signature cocktail) and engraved 8of9 flasks! A big thank you to our clients for being constant supporters and advocates for 8of9. We truly appreciate it!

Our Blockchain and Bitcoin Expertise

8of9 has been at the forefront of blockchain and virtual currency regulations. We offer consulting in these rapidly changing fields and offer informational products on these topics. From our extensive Overview of Blockchain & Bitcoin 50 State Law to our free Blockchain & Bitcoin Glossary, beginners and experts can be sure to find what they need!

Regulatory Consulting for Financial Institutions

8of9 continues to offer consulting to financial institutions. From front-to-back data overhauls to immediate regulatory issues that require attention, 8of9 has tackled numerous critical priorities for our clients. Our teams of financial, legal, and technical experts have led projects on topics such as:

  • International Margin Rules (including BCBS-IOSCO, EMIR, FINRA 4210)
  • MiFID II
  • ISDA/MSFTA Negotiation
  • Projections (DFAST, LCR/NSFR, Risk-based P&L)
  • Contract Lifecycle Management
  • Business Migrations
  • CCAR
  • FATCA
  • Recovery and Resolution Plans
  • U.S. Resolution Stay Protocol & Rule; QFC Recordkeeping Rules

U.S. Resolution Stay Protocol & Rule Blog Post

Click here to learn more about the 2018 ISDA U.S. Resolution Stay Protocol and U.S. Resolution Stay Rule. Discover the purpose of these regulations, more about Qualified Financial Contracts, which entities will be affected and the impact on G-SIBs.

Mary K & the 8of9 Team


Timeline of NY Bitcoin Regulation: BitLicense and Beyond!

2014
  • The New York Department of Financial Services introduced the BitLicense Regulatory Framework.

    This regulation would require many virtual currency businesses to pay a $5,000 non-refundable application fee for a license. An alternative is for businesses to obtain a charter which would only be granted under specific business purposes.

  • BitLicense Regulatory Framework goes into effect.

    The BitLicense requirement applies to many virtual currency businesses, including those engaged in:

    • virtual currency transmission;
    • storing, holding, or maintaining control of virtual currency on behalf of another individual;
    • buying and selling virtual currency as a customer business;
    • performing exchange services as a customer business; or
    • controlling, administering, or issuing virtual currency.

  • BitLicense Regulation Controversy

    NY’s BitLicense Regulation created controversy and drove businesses to leave the state, such as ShapeShift.io. At the same time, many states were examining BitLicense as a potential regulatory framework to adapt for their own legislatures.

  • Circle Internet Financial issued license.

  • Gemini Trust Company, LLC. issued charter.

  • XRP II, LLC. (an affiliate of Ripple Labs, Inc.) issued license.

  • Coinbase issued license.

  • A new bill with the potential to reverse BitLicense is introduced as NY A9899 in the NY State Assembly.

     

    • A9899 was introduced by assembly member Ron Kim.
    • This bill creates a regulatory sandbox which would encourage the growth of NY startups in the cryptocurrency and blockchain sector.
    • A9899 also amends banking law so that licensing on virtual currency businesses is prohibited.

  • Gemini Trust Company, LLC. issued charter with further allowances.

  • Paxos Trust Company, LLC. issued charter.

  • Genesis Global Trading issued license.

  • Xapo, Inc. issued license.

  • Square, Inc. issued license.

  • BitPay, Inc. issued license.

  • A9899 is pending in the NY State Assembly.

2018

Our Bitcoin & Blockchain Practice Grows, Plus Our New Office!

Bitcoin and Blockchain Consulting

Distributed ledger technology and cryptocurrency companies have come under increased scrutiny for their incomplete regulatory and compliance programs. This creates challenges for startups and organizations innovating in cryptocurrency (e.g., Ripple and Bitcoin) and distributed ledger technologies (e.g., hashgraph and blockchain). 8of9 has developed expertise in this evolving area and has helped clients navigate U.S. and international regulations to meet their unique needs. Contact Christine.Min@8of9.nyc to find out more.

Overview of Blockchain & Bitcoin State Law 

Our experience in this rapidly changing field enabled us to create a comprehensive overview of all DLT & cryptocurrency laws, legislation, and guidance across the fifty states. We provide detailed state-by-state explanations on DLT & cryptocurrency related regulations. Our informational product includes recent updates on hot topics such as taxes on cryptocurrency businesses, legality of smart contracts, and status of ICOs under state securities laws. Coming Fall 2018!

Regulatory Consulting for Financial Institutions

As we expand our offerings, 8of9’s consultants continue to deliver for our financial services clients. Our team has worked with global banks on a wide range of projects including:
  • International Margin Rules (including BCBS-IOSCO & FINRA 4210)
  • Netting Remediation
  • FATCA- related projects
  • Improved approaches to legal due diligence for new clients
  • Recovery and Resolution Plans
  • AML/KYC Market Utility Projects

8of9's New Home!

We are excited to announce our big move from 1115 Broadway to W 26th Street. Our new space provides the perfect environment to tackle more as we continue to expand our regulatory consulting practice and presence within the RegTech/FinTech Industry.

Learn About the Credit Risk Mitigation Framework in the European Union

Need to know more about the EBA’s report on the current Credit Risk Mitigation Framework? Check out our post summarizing the EBA’s findings and explaining the context of their work.

What a time to be alive!

Mary K & the 8of9 Team


Dodd-Frank Rollbacks: the Crapo Bill and Volcker 2.0

In the past month, parts of the Dodd-Frank Act have been updated through the Crapo Bill and the Volcker Rule rollback. Read on for more information on these important changes.

The Crapo Bill

Date: May 24, 2018

How: President Trump signed off on the Crapo bill, which passed the Senate and House of Representatives earlier this year.

Key changes to Dodd-Frank:

  • Banks with less than $250 billion in assets will no longer be required to undergo stress tests, whereas previously, the threshold was $50 billion.
  • A few large financial institutions, like American Express and BB&T, will no longer be deemed systemically important, allowing them to avoid stringent oversight from regulators.
  • Some loan originators, including small lenders, will be exempt from certain disclosures formerly required by the Home Mortgage Disclosure Act (HMDA).

Volcker 2.0 Update

Date: May 30, 2018

How: The Federal Reserve voted to approve Volcker 2.0, a broad proposal that eases financial crisis-era regulations on risky trading. Fed Chairman, Jerome Powell said, “Our goal is to replace overly complex and inefficient requirements with a more streamlined set of requirements.” The proposal still requires approval by four other banking regulators, but they are expected to follow the Fed’s lead.

Key changes to Dodd-Frank:

  • The level of regulator scrutiny would correspond to the amount of trading that goes on at a particular bank, which means lower compliance costs for banks with smaller trading operations.
  • Proprietary trading would still be banned under the proposed update.


8of9 Heatmap: Regulatory Changes Under President Trump

8of9 Heatmap:


Regulatory Changes Under President Trump


A Crazy 2018 for 8of9!

Star Wars Party People

Thanks to everyone who came to our Star Wars opening night screening at the Regal Theater. We were thrilled to have so many 8of9 family members in attendance (and if you’ve been a friend and supporter of 8of9- we consider you family). You’re likely famous & on our website!

Did you get an 8of9 Death Star ice cube mold? Your support over the years has meant more than we can express.

Meet our New COO!

We are thrilled to welcome Aaron Heisler, a financial industry veteran, as the new COO of 8of9! Aaron has been solving complex technology and regulatory challenges for more than a decade. He’s held leadership positions at Credit Suisse, Lela (a data technology startup), and Ernst & Young; and he has built a reputation of consistently delivering exceptional value in both strategy and implementation. Learn more about Aaron!

Riding the Bitcoin/Cryptocurrency Wave

8of9 is increasing our presence in the Bitcoin/Cryptocurrency space with a new client! They are set to go live in one thousand EU locations and 8of9 is providing expertise in EU/US regulations in this evolving and complex new market.

8of9 Continues to Grow...

Last, but not least, we’re excited to share the news that Mary K and her husband, Red, are welcoming their first child in July 2018. While this is a big event for the Kopczynski family, never fear! Mary is fully working her 4210 magic until the regulators’ deadline and will be doubling down on RegTech when she’s back from a short maternity break!

What a time to be alive!

Mary K & the 8of9 Team


Spotlight on the Agency: OCC & Regulations on the Horizon

Spotlight on the Agency: OCC & Regulations on the Horizon

The Office of the Comptroller of the Currency (“OCC”) is an independent bureau of the U.S. Department of the Treasury[1] that charters, regulates, and supervises:

All National Banks

All Federal Savings Associations

Federal Branches and Agencies of Foreign Banks

The OCC ensures that all banks operating in the United States (both foreign and domestic) “run according to sound, safe practices and abide by all relevant regulations and laws. It also ensures that there is sufficient access to financial products and services and that customers are treated fairly.”[2]

 

As a result of the Dodd-Frank Act, the OCC merged with the Office of Thrift Supervision (“OTS”) in an effort to end lenders’ ability to shop regulators. Regulator shopping is the practice of banks/lenders picking and choosing amongst various state and federal regulators to find the most favorable rules and taxes. This merger saw the OCC take on supervision of 700+ institutions and gave the OCC rulemaking authority over national banks and federal thrifts.[3] Dodd-Frank also required the OCC to revise many of their rules on federal preemption of state law, limiting OCC authority. The agency is now required to determine preemptions on a case-by-case basis, which provides states with more power to protect consumers.[4]

 

Interesting things are coming from the OCC. The agency recently made a proposal to “grant special purpose national bank charters to fintech companies,”[5] which would allow the OCC to officially deem certain FinTech companies as “safe” and sufficiently compliant.[6] Keith Noreika, the new head of the OCC, recently commented that they are still in the “exploratory phase of this implementation.[7]

 

 

 

[1] “About the OCC” Office of the Comptroller of the Currency official website, https://www.occ.treas.gov/about/what-we-do/mission/index-about.html

[2] “What is the OCC?” Herold’s Financial Dictionary, https://www.financial-dictionary.info/terms/occ/

[3] Prior, Jon “OCC begins absorption of the OTS”, Housingwire, July 21, 2011, https://www.housingwire.com/articles/occ-begins-absorption-ots

[4] Williamson & Heimenz, “Preemption of State Consumer

Protection Laws: Dodd-Frank Changes and the New (Old) Barnett Standard” National Consumer Law Center, November 29, 2011, https://www.nclc.org/images/pdf/conferences_and_webinars/webinar_trainings/presentations/2011-2012/preemption_webinar_nov_2011.pdf

[5] Curry, Thomas J. “Exploring Special Purpose National Bank Charters for Fintech Companies”, December 2016, https://www.occ.treas.gov/topics/responsible-innovation/comments/special-purpose-national-bank-charters-for-fintech.pdf

[6] Milanovic, Nik, “An obscure regulatory debate has put the entire U.S. fintech community on edge” Techcrunch, April 24, 2017, https://techcrunch.com/2017/04/24/an-obscure-regulatory-debate-has-put-the-entire-u-s-fintech-community-on-edge/

[7] Irrera, Anna, “U.S. banking regulator not ready for fintech charter applications”, Reuters, September 13, 2017,  https://www.reuters.com/article/us-occ-fintech/u-s-banking-regulator-not-ready-for-fintech-charter-applications-idUSKCN1BO2SA


Volcker Rule: A One Year Reprieve For Certain Foreign Banks & Investment Funds

The U.S. agencies responsible for enforcing the Volcker Rule issued  A ONE YEAR REPRIEVE FOR CERTAIN FOREIGN BANKS & INVESTMENT FUNDS,  via a joint statement on July 21, 2017.

What does this mean for the year?

  • This year is a grace period allowing agencies time to amend Volcker.
  • Foreign banking entities that engage in activities or investments with a “qualifying foreign excluded fund” within their control, will NOT be found to be in violation of the Volcker Rule.
  • A “qualifying foreign excluded fund” acquired, sponsored, or owned by foreign banking entities will NOT be treated as a bank entity,[1] therefore avoiding the impairments of Volcker.[2]
  • Non-bank entities are NOT subject to the prohibition on proprietary trading with covered funds (e.g., certain hedge funds, private equity funds, etc.).

A “qualifying foreign excluded fund” is defined as an entity that:

  • is organized, offered and sold outside of the U.S.;
  • would be a covered fund had it established itself in the US or collected funds from investors mainly to invest in financial instruments for resale, other disposition, or for trading;
  • is NOT otherwise considered a banking entity except by virtue of a foreign banking entity’s acquisition or retention of an ownership in, or sponsorship of, the entity;
  • is established and operated as part of an asset management business; and,
  • is NOT operated in a manner that enables a foreign banking entity to dodge the requirements of the Volcker Rule.

How do you figure out if you qualify for relief?

  • Are you a foreign bank that has investments in or sponsorship of “qualifying foreign excluded funds”?
  • Can you meet the “Solely Outside the United States” (SOTUS) exemption requirements?
    • The banking entity is not organized or “controlled” by a banking entity organized in the U.S.;
    • The activity or investment by banking entity is pursuant to Sec. 4(c), paragraphs (9) or (13) of the BHC Act;
    • No ownership interest in the covered fund is offered for sale or sold to a U.S. resident; and,
    • The activity or investment occurs solely outside of the United States.

It's only a temporary fix:

  • How will agencies prevent unintended consequences such as extraterritorial reach?
  • Foreign banks and funds are left asking, “Who will ultimately be subject to the Volcker Rule?”


GDPR: Key Changes to Know

The Global Data Protection Regulation is set to shake up the way that companies process the personal data of EU citizens. GDPR will officially apply to all member states and companies (referred to as “data processors” or “data controllers”) processing EU citizen data on May 25, 2018. The change from the previous Data Protection Directive to the new GDPR requires adopting new policies and procedures! Here are some key changes to note:

In General- Broader Scope and Stiffer Penalties

  1. The reach of GDPR is much greater than the Data Protection Directive. The language is broad and meant to be sweeping.
  2. It applies to:
  • Data processors and data controllers who monitor and collect the data of EU citizens.
  • Most companies with an online presence operating in the EU or whose customers are EU citizens.
    • This is especially problematic for companies providing services online, because their business is likely to have captured an EU citizen’s data at some point or will in the future.

The penalties for companies who are found to be noncompliant with GDPR are hefty. They are tiered and range all the way up to the higher of 20 million Euros or 4% of annual global turnover. This is a staggering fine that companies will seek to avoid at all costs.

1. More Stringent Consent Requirements

GDPR will effectively ban “bundling” consent as well as the practice of pre-checking boxes for data subjects to un-check. Consent must be unambiguous and revocable. Consent must also be independently obtained for the processing of data for different reasons. This means that if a company wishes to obtain a subject’s data for various reasons consent must be obtained for each reason, and consent must not be implied.

Consent Checklist

Have you:

  • Put in place consent “click throughs” on your website?
  • Inserted language into the click through consents pertaining to children and whether you will be controlling or processing their data?
  • Have you unbundled your consent click throughs to form multiple check boxes for each discrete incident of data processing?

2. Stricter Notification Requirements

Notification of a data breach is required within 72 hours of the breach to the appropriate authorities and to the data subjects impacted. Strict new notification requirements would prevent future Equifax situations (in which a data breach occurred and data subjects were not notified until months after).

Notification Checklist

Have you:

  • Put in place specific procedures to report potential data breaches in an efficient and prompt manner?
  • Ensured that your company is taking a “privacy by design” approach to data processing and new projects?

3. Tougher Compliance and Accountability

Companies are now required to keep records of their data privacy efforts and of their Privacy Impact Assessments (“PIA”).

Compliance and Accountability Checklist

Have you:

  • Allocated budget for a Data Protection Officer?
  • Implemented measures to easily “erase” a data subject?
    • (Remember! Data erasure was established by Europe’s highest court in 2014)
  • Put in place methods of documenting Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs) for new projects your company takes on to ensure early privacy risk detection?