Weekly Fintech Focus

  • California passes a new law to help cannabis businesses and their service providers access financial services.
  • NY DFS calls for designating certain social media companies as systemically important to impose cybersecurity regulations.
  • The European Central Bank issues a new report about moving forward with development of the digital euro.

New Law Helps California Cannabis Businesses to Obtain Financial Services

California Governor Newsom recently signed into law AB 1525, a bill that makes it easier for businesses legally engaged in or servicing the cannabis industry in the state to access financial services and provides new information-sharing mechanisms to facilitate the relationship between cannabis businesses and financial institutions. The law clarifies that entities that receive deposits, extend credit, conduct fund transfers, transport cash, or provide other financial services to legal cannabis businesses do not commit a crime under California law solely because the person receiving the benefit of the services is engaged in licensed cannabis activity. The law also provides for a licensed cannabis business to request that a state or local licensing authority share that business’s application, license, and other regulatory and financial information with a financial institution.

NY DFS Calls for Designation of Some Social Media Companies as Systemically Important

On October 14, 2020, the New York Department of Financial Services (NY DFS) released a report stemming from its investigation into a hack of Twitter this summer. The Twitter hack compromised numerous accounts of major public figures and cryptocurrency exchanges, enabling the hackers to steal over $100,000 in cryptocurrency through the scheme. The report places responsibility for the breadth of the hack on Twitter for certain failures in its cybersecurity program. NY DFS licenses and oversees many of the cryptocurrency exchanges that were hacked and found that the exchanges worked quickly to mitigate the risks created by the hack.

The NY DFS report goes further than assigning responsibility and calls for the largest social media companies to be designated as systemically important institutions and made subject to regulation to manage cybersecurity risks. Social media companies are not subject to any prudential regulator, and become subject to regulations (like cybersecurity or consumer financial services laws) only as the social media companies’ activities expand to those areas.

Designating an entity as systemically important has been done in the past for critical infrastructure, including telecommunications, utilities, and finance. Such designation comes with increased oversight and regulation to ensure that the critical infrastructure is protected from attack or deterioration and supports the public interest. In 2019, the Financial Stability Oversight Council (FSOC) considered the benefits of designating certain cloud services providers as systemically important related to their services provided to financial institutions (as we covered in our blog here). At that time, FSOC maintained that it would not yet designate cloud services providers as systemically important, and would instead rely on regulatory oversight of the financial institutions that utilized cloud services.

The NY DFS’s call to designate certain social media companies as systemically important is just like what happened with certain financial institutions in the wake of the financial crisis. Under those systemically important designations, a financial institution could be designated as a Systemically Important Financial Institution (SIFI) “where the failure of or a disruption to the functioning of a financial market utility or the conduct of a payment, clearing, or settlement activity could create, or increase, the risk of significant liquidity or credit problems spreading among financial institutions or markets and thereby threaten the stability of the financial system of the United States.” The NY DFS states that the “risks posed by social media to our consumers, economy, and democracy are no less grave than the risks posed by large financial institutions. The scale and reach of these companies, combined with the ability of adversarial actors who can manipulate these systems, require a similarly bold and assertive regulatory approach.” Although the report does not provide much direction, it does call for the creation of a social media analogue to FSOC.

ECB Moving Towards the Digital Euro

This month, the European Central Bank (ECB) issued an updated report on its project to create a digital euro, and announced that the ECB has decided to continue work on the possible issuance of a digital euro. A public consultation on the digital euro began on October 12, 2020, and will seek input from financial institutions, regulators, and the public. The ECB will consider whether to start a digital euro project “towards mid-2021.”  In the meantime, the ECB intends to engage in practical experimentation and conduct a policy assessment of the challenges and benefits of a digital euro.

A digital euro would be an electronic form of central bank money that would be accessible to all as a risk-free liability of the central bank. It would work alongside cash and would not replace it. The ECB has not yet settled on a specific design, but any design must meet requirements around accessibility, robustness, safety, efficiency, and privacy, as well as complying with other applicable laws.

The report also noted some risks for an internationally traded digital euro, including potential use in terrorist financing, money laundering, or other criminal activity.