US Treasury Publishes Reports on Third-Party Risk, Other Updates

The FSOC annual report for 2022 reviews financial market developments, describes potential emerging threats to U.S. financial stability, identifies vulnerabilities in the financial system, and makes recommendations to mitigate those threats and vulnerabilities. In the report, the Council identifies 14 financial vulnerabilities that have been categorized into financial risks, financial institutions, financial market structure, operational and technological risks, and climate-related financial risks. The report sets out the following key recommendations with respect to digital assets, climate risks, cyber risk, and LIBOR transition:

• To address gaps identified in the regulation of digital assets, the Council recommends the enactment of legislation providing for rulemaking authority for federal financial regulators over the spot market for crypto-assets that are not securities. Steps should be taken to address regulatory arbitrage, since crypto-asset entities offer services similar to traditional financial institutions but do not have a consistent or comprehensive regulatory framework.  An assessment should be made of whether vertically integrated market structures can or should be accommodated under existing laws and regulations. Finally, the Council recommends that Council members continue to build capacities related to data and the analysis, monitoring, supervision, and regulation of digital asset activities.
• The Council supports actions to improve the availability of data for assessing climate-related financial risks and recommends state and federal agencies coordinate to identify, prioritize, and procure the necessary data.  The Council also recommends state and federal agencies continue their work to advance appropriately tailored supervisory expectations of regulated entities’ risk management practices.  Financial regulators should continue to promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to consider climate-related financial risks in their investment and lending decisions.  The Council recommends enhanced coordination of data and risk assessment through the Council’s Climate-related Financial Risk Committee.
• The Council supports ongoing partnerships between state and federal agencies and private firms to assess cyber vulnerabilities and further build cyber resilience. The report notes that Council member agencies made significant strides in 2022 in their efforts to collect better data for managing cyber risk; the Council encourages agencies to continue gathering additional information they need to monitor and assess cyber-related financial stability risks. 
• Given the large volume of legacy USD LIBOR contracts outstanding, the Council advises firms to take advantage of any existing contractual terms or opportunities for renegotiation to transition their remaining legacy LIBOR contracts before the publication of USD LIBOR ends. The Council members have emphasized that derivatives and capital markets should continue moving to SOFR, a broad and robust measure of borrowing rates.

The report on the fundamental elements of ransomware resilience for the financial sector provides financial entities with high-level building blocks for addressing the ransomware threat. It is part of a series of Fundamental Elements produced by the CEG, which provides an overview of the current policy approaches, industry guidance, and best practices in place throughout the G7. Additionally, G7 has revised the 2018 fundamental elements of cybersecurity for the financial sector to focus on the management of third-party relationships as well as on the Information and Communications Technology (ICT) supply chain management. The updated fundamental elements stress the importance of extensive information-sharing and transparency to cope with an ever-changing threat landscape. G7 has added a new fundamental element (Element 7) describing the role of third parties in the financial sector.

Related Links

• Reports on Ransomware and Third-Party Risk
• FSOC Annual Report
• Report on Ransomware (PDF)
• Report on Third-Party Risk (PDF)

Keywords: Americas, US, Banking, Cyber Risk, ESG, Climate Change Risk, Benchmark Reforms, Crypto-Assets, Regtech, Third-Party Risk, Cloud Computing Services, US Treasury