Buried within the National Defense Authorization Act ("NDAA") for Fiscal Year 2023 is an important title that will require the US Treasury Department (the "Treasury") to set, and other federal regulators to implement, data reporting standards for the financial entities that they regulate. As a result of the enactment of Title LVII, the Financial Data Transparency Act of 2022, a new framework of rules will need to be promulgated over the next two years that will affect the form and type of data that regulated financial entities must submit to federal regulators. In this Legal Update, we discuss the standards that will be created and what they mean for many regulated financial entities.
For years, federal consumer and financial regulators have collected data from regulated entities pursuant to various authorities. The data sets collected by these regulatory agencies are numerous and varied, numbering in the hundreds. Some of the data collection and reporting requirements are standardized across the regulatory agencies, while other information is not standardized in the way it is collected or made available to users. For example, the Federal Reserve Board (the "Fed") publishes an extensive data dictionary on how it collects standardized data online. In contrast, bank merger applications and resolution plans are submitted in a narrative format that defies standardization or machine readability.
Standards That Will Be Developed
Enacted on December 23, 2022, the Financial Data Transparency Act (the "Act") requires the Treasury and seven other federal regulators to jointly propose and implement rules for data standards for information reported to the regulators by financial entities under their jurisdiction.1 The regulators are the Treasury, the Federal Insurance Deposit Corporation ("FDIC"), the Office of the Comptroller of the Currency ("OCC"), the Consumer Financial Protection Bureau ("CFPB"), the Federal Reserve ("Fed"), the National Credit Union Administration ("NCUA"), the Federal Housing Finance Agency ("FHFA"), and the Securities and Exchange Commission ("SEC").2 These regulators must issue the proposed rules for public comment by June 2024 and finalize the rules by December 2024, although another two years will be allowed for implementation.
Under the Financial Data Transparency Act, the Treasury must coordinate with the other regulators to develop the data standards. The standards must include common identifiers for the information reported to the covered regulators, including a common, open license, nonproprietary legal entity identifier for all entities reporting data to the regulators.3 The standards also must, to the extent practicable, satisfy the following criteria.
- The standards must render collected data fully searchable and machine-readable.
- The standards must enable high quality data through schemas that clearly define the meaning of the data, with any associated metadata logged in machine-readable format.
- Data collected to satisfy a regulatory reporting requirement must be consistently identified as such in the associated machine-readable metadata.
- The standards must be nonproprietary or made available under an open license.
- The standards must incorporate standards developed and maintained by voluntary consensus standards bodies.
- The standards must use, be consistent with, and implement applicable accounting and reporting principles.
The finalized data standards will be adopted by each regulator through the rulemaking process and, presumably, implemented in the reporting requirements of each regulator through adjustments to their existing reporting requirements. Once the reporting requirements are updated by a regulator, all data collected from financial entities subject to its jurisdiction will be submitted pursuant to the standards, to the extent feasible. This must be done within two years of when the data standards are finalized by the Treasury.
The Act has additional requirements applicable to the publishing of collected and reported data. Specifically, all public data that is published by the regulators must be made available as an open government data asset, freely available for download, rendered in a human-readable format, and accessible via an application programming interface where appropriate. Further, the Act makes clear that nothing in it should be construed as requiring the Treasury or other regulators to collect or make publicly available additional information beyond the requirements in effect at the time of the Act's enactment.
Regulated financial entities should begin to consider how they would comply with the new data standards and identify any potential compliance problems with the proposed rules issued by the regulators. Regulators collect hundreds of different information sets from regulated financial entities, and each set will need to conform to the new data standards. The complexity of this task invariably means that without thoughtful comments by the regulated financial entities who are best equipped to assess the effectiveness and efficiency of the proposed rules, there is a higher risk that the final rules will contain compliance challenges.
Additionally, regulated financial entities will almost certainly be required to submit legal entity identifier information as a result of the new data standards. The FDIC recently noted that a significant number of banks that have a legal entity identifier are not reporting it on their Call Report and reminded banks that they must include the legal entity identifier if they already have one.4 This focus on legal entity identifiers will only continue, and regulated financial entities should consider familiarizing themselves with the registration and maintenance process.
1. National Defense Authorization Act for Fiscal Year 2023, Pub. L. 117-263, tit. LVIII (2022), https://www.congress.gov/bill/117th-congress/house-bill/7776.
2. The Financial Data Transparency Act includes additional provisions for the SEC that reflect nuances of the securities markets and are beyond the scope of this Legal Update. Furthermore, the Act notes that it is also applicable to "any other primary financial regulatory agency designated by the Secretary." However, it does not appear any additional agencies have been designated for inclusion at this time.
3. See our recent article on legal entity identifiers: https://www.mayerbrown.com/en/perspectives-events/publications/2022/11/the-abcs-of-leis-and-what-you-may-not-know.
4. FDIC, FIL-3-2022 (Jan. 7, 2022).
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe - Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2020. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.