BIS Staff: Banks Have Power Over Bigtech, But We’re Not So Sure
A new paper from BIS staff argues that bigtech firms have so much power over small-and-medium sized enterprises (SMEs) using their networks that they must “self-limit” this to continue to grow, leading them to share data with banks that fund loans via cheap deposits. We find the paper puzzling given its description of the captive ecosystem in which bigtechs can readily exploit data unavailable to banks to set credit terms and also enforce loan agreements by virtue of their power to exclude an SME from a vital source of customers.
CFPB’s Sweeping Data-Protection Standards Now Effective
Today’s Federal Register includes the CFPB’s circular on insufficient data protections and security; the circular is now effective. As noted (see FSM Report INFOSEC28), the circular states that inadequate consumer-data safeguards may constitute a breach of unfair, deceptive, or abusive acts or practices (UDAAP) protection standards subject to Bureau enforcement. It notably expands the Bureau’s legal interpretations of UDAAP, its authority over nonbanks, and its broad reading of “service providers.”
OCC Prioritizes Community Banks
The OCC today released its five-year strategic plan. It focuses on staffing, service, and administrative issues, but also briefly notes policy priorities. These include advancing financial inclusion and literacy, deepening collaboration with other regulators, reinforcing and minimizing the regulatory burden on community banks, and developing guidance to facilitate community banks’ transition to digital banking.