Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 25, the SEC announced two enforcement actions against a subsidiary (respondent) of a German multinational investment bank and financial services company, in which the respondent agreed to pay a total of $25 million in penalties arising from (i) purportedly misleading statements respondent made regarding its Environmental, Social, and Governance (ESG) program; and (ii) its failure to develop a mutual fund Anti-Money Laundering (AML) program. According to the order, respondent allegedly marketed itself to clients and investors as a leader in ESG that adhered to specific policies for integrating ESG considerations into its investments but failed to implement certain provisions of its global ESG integration policy. The order contains a number of statements that respondent made concerning its ESG program that the SEC found to be materially misleading. For example, respondent allegedly represented through its ESG Policy that its research analysts were required to include financially material and reputation relevant ESG aspects into its valuation models, investment recommendations and research reports and consider material ESG aspects as part of their investment decision, but respondent’s internal analyses allegedly showed that research analysts have inconsistent levels of documented compliance with this requirement. The SEC determined that respondent’s failure to implement certain policies and procedures violated multiple sections of the Advisers Act, including Section 206(2), “which prohibits an investment adviser, directly or indirectly, from engaging ‘in any transaction, practice, or course of business which operates as a fraud or deceit upon any client or prospective client.’”
Through the ESG order, respondent has agreed to pay a $19 million civil penalty and to cease and desist from committing any further violations of the violated sections of the Advisors Act. The SEC also charged respondent with a separate Anti-Money Laundering order, for failure to comply with the Bank Secrecy Act and FinCen regulations. Respondent did not admit nor deny the SEC’s claims.
On September 19, the U.S. District Court for the Eastern District of New York granted in part and denied in part a complaint filed by two pro se plaintiffs who alleged that the defendant’s debt collection efforts related a balance due from a timeshare membership program violated the FCRA, TILA, and FDCPA. In reaching its decision, the court explained that complaints filed by pro se pleadings must be construed more liberally than those drafted by lawyers. Notwithstanding this more liberal approach, however, the court still determined that plaintiffs’ TILA and FCRA claims were insufficiently pled. With respect to the TILA claim, the court stated that plaintiffs failed to specify which provisions were allegedly violated and only alleged that “Defendant has computed and imposed an internal alleged account balance on plaintiff including principal balance, interest rates, fees and terms without property consumer transparency of mode of accounting verification methods,” which was insufficient to allege a TILA violation. The court noted that to the extent it could interpret plaintiffs’ complaint to implicate specific provisions of the FCRA, plaintiffs still failed to state claim under any of the potentially relevant provisions, either because there was no private right of action or there were no facts supporting any alleged claims.
By contrast, plaintiffs did allege specific provisions of the FDCPA that defendant’s conduct purportedly breached. While the court still concluded that plaintiffs failed to state a claim with regard to most of the cited FDCPA provisions, it determined that plaintiffs had plausibly stated a claim under 15 U.S.C. § 1692g, which, among other things, requires a debt collector to cease debt collection efforts if, within 30 days of receiving a validation notice from the debt collector, a consumer disputes the debt or any portion thereof.
Although the record did not reflect whether the defendant had sent plaintiffs a validation notice, the court, in liberally construing plaintiffs’ complaint, found it reasonable to “infer” that such notice had been provided to the plaintiffs. Specifically, the court reasoned that plaintiffs’ notarized letter to defendant, titled “Validation of Debt / Claim” was likely sent in response to a validation notice from defendant, and therefore, under Section 1692g, all collection activity should have ceased following receipt of plaintiffs’ letter.
On September 28, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2024. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) asset and liability management; (ii) credit; (iii) allowances for credit losses; (iv) cybersecurity; (v) operations; (vi) digital ledger technology activities; (vii) change in management; (viii) payments; (ix) Bank Secrecy Act/AML compliance; (x) consumer compliance; (xi) Community Reinvestment Act; (xii) fair lending; and (xiii) climate-related financial risks.
Two of the top areas of focus are asset and liability management and credit risk. In its operating plan the OCC says that “Examiners should determine whether banks are managing interest rate and liquidity risks through use of effective asset and liability risk management policies and practices, including stress testing across a sufficient range of scenarios, sensitivity analyses of key model assumptions and liquidity sources, and appropriate contingency planning.” With respect to credit risk, the OCC says that “Examiners should evaluate banks’ stress testing of adverse economic scenarios and potential implications to capital” and “focus on concentrations risk management, including for vulnerable commercial real estate and other higher-risk portfolios, risk rating accuracy, portfolios of highest growth, and new products.”
The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
On September 20, the Federal Reserve, FDIC, and OCC announced they are providing a 36-month extension to give favorable consideration under the CRA for bank activities that help revitalize or stabilize areas in Puerto Rico and the U.S. Virgin Islands impacted by Hurricane Maria. This extension is the second extension following the original period provided in January 2018 and the first extension granted in May 2021.
The agencies determined that the FEMA’s designation of parts of Puerto Rico and the U.S. Virgin Islands as “active disaster areas” demonstrates ongoing community need to the area. The extension allows the agencies to give favorable consideration to a financial institution’s activities in the qualifying areas that satisfy the definition of “community development” under the CRA, including loans and investments, through September 20, 2026. The activities will be treated consistently with the agencies’ original Interagency Statement in January 2018.
On September 21, FHFA Office of Inspector General (OIG) released a report on Federal Home Loan Bank Supervisory Activities in 2023 in Response to Market Disruptions (report), to evaluate the Division of Federal Home Loan Bank Regulation (DBR) risk assessment. DBR is responsible for supervising the Federal Home Loan (FHL) Bank System “to ensure the safe and sound operation of FHL banks.” The OIG addressed March bank failures and how the DBR scrutinized the FHL banks’ member credit risk management practices and, more broadly, into the system’s role in lending to troubled members. The report found that DBR examiners, in response to the increased risk environment, adjusted its supervisory activities and examination planning. Additionally, the OIG noted that DBR intends to conduct a comprehensive assessment of credit risk management across the entire FHL bank system to address concerns regarding systemic vulnerabilities. The report also revealed that in the review of examiner compliance, although DBR mostly followed procedure and requirements, “in certain instances, examiners did not describe primary worksteps in their pre-examination analysis memoranda, as required by DBR procedures.”
According to the report, FHFA also ordered an assessment of six FHL banks during or after the March market disruption, “in response to the abrupt increase in demand for FHLBank advances and the collapse of several member banks.” The report notably revealed that home loan banks’ credit risk management “fail[ed] to meet existing expectations.” As a result, DBR is preparing a supervisory letter for all the FHL banks and an advisory bulletin on member credit risk.
On September 27, the CFPB released a data point report titled 2022 Mortgage Market Activity and Trends, which analyzes residential mortgage lending activity and trends for 2022. The 2022 HMDA data reflects the fifth year of data that incorporates amendments to HMDA made by Dodd-Frank.
The CFPB noted in its press release accompanying the report that “in 2022, mortgage applications and originations declined markedly from the prior year, while rates, fees, discount points, and other costs increased. Overall affordability declined significantly, with borrowers spending more of their income on mortgage payments and lenders more often denying applications for insufficient income.” They also noted that “as in years past, independent lenders continued to dominate home mortgage lending, with the exception of home equity lines of credit.” Specifically, Lenders previously reported a 2.4 percent increase in closed-end site-built single-family originations from 2020 to 2021. In 2022, lenders reported 6.7 million closed-end site-built single-family originations, a 50.9 percent decrease from 13.7 million in 2021. Other highlighted trends in mortgage applications and originations found in the 2021 HMDA data point include, among other things:
- The total number of applications dropped 38.6 percent, and originations decreased by 44.1 percent;
- Borrowers’ costs and fees for taking out mortgages rose 22 percent from 2021, and a higher percentage of borrowers paid discount points than any year since this type of data has been collected;
- Refinances were down by 73.2 percent from 2021, with most refinances being cash-out refinances, which the CFPB noted can increase the risk of foreclosure. The CFPB noted that “in a reversal of recent trends, the median credit score of refinance borrowers declined below the median credit score of purchase borrowers.” Home-equity refinances, however, rose in 2022, with depository institutions dominating the home-equity lines of credit;
- Black and Hispanic white borrowers, borrowers of low- or moderate-income, and borrowers taking out loans secured with properties in low- or moderate-income neighborhoods accounted for a large share of refinance loans;
- Due to a rise in mortgage interest rates, average monthly mortgage payments increased by more than 46 percent;
- Debt to income ratio became more likely to be reported as a denial reason for denied applications across racial/ethnic groups in 2022.
In CFPB Director Rohit Chopra’s statement regarding the results of the 2022 HMDA data, he stated, “The significant changes in the rate environment in 2022 are having considerable impacts on the mortgage market. I expect these trends will continue in 2023 given further increases in average mortgage interest rates.”
On September 20, the Senate Banking Committee held its first hearing on the use of artificial intelligence (AI) in the financial services space, further revealing a partisan divide regarding the utilities and risks associated with the technology. In his opening remarks, Committee Chairman Sherrod Brown cautioned that although AI technology promises new efficiencies and opportunities, it also carries unique risk of harm to consumers and workers in the financial services space, including the potential for discriminatory practices in lending and the reduction of job security and wages. He called for “rigorous testing and evaluation of AI models” before they are put to use by companies and other organizations in the financial services space. By contrast, Chairman Brown’s counterpart, Acting Ranking Member Mike Rounds touted the successes that similar technologies have brought to the financial services industry and stated that AI presents more upside than risk, particularly in the space of fraud detection and prevention. He urged Congress to take a “pro-innovative” role in regulating AI and warned that halting or slowing progress in this space will only allow competitors in other countries to develop more advanced technologies.
The Committee then heard from several witnesses working in the AI and machine learning (ML) space, including both industry professionals and professors. Overall, these witnesses championed the potentials of AI, explaining its potential for “greater efficiency, enhanced insight, expanded access, and lower costs” but cautioned that the utilization of AI and ML is not a “one size fits all” model and will require careful consideration and oversight to minimize the risks it could pose to consumers and the markets.
On September 21, the FCC adopted rules that would strengthen and modernize the requirements that providers under the Voice over Internet Protocol (VoIP) need to abide by to obtain direct access to telephone numbers. The rules impose guardrails to make it more difficult for those who make illegal robocalls to access telephone numbers, which the FCC stated helps to protect national security and law enforcement, safeguard the nation’s finite numbering resources, reduce the opportunity for regulatory arbitrage, and further promote public safety. The FCC finalized the rules after the FCC sought comment in 2021 under the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which directed the FCC to examine its rules regarding direct access to telephone numbers.
The rules require an applicant seeking direct access to telephone numbers to:
- Provide certifications regarding its compliance with FCC robocall rules, FCC interconnected VoIP provider rules, and timely filing of FCC Forms 477 and 499.
- Submit disclosures on and continue to update its ownership structure, including related foreign entities, to reduce the risk that U.S. numbering resources reach bad actors abroad.
- Comply with applicable business-related state laws and registration requirements.
The rules codify the FCC’s role in completing direct access application review and rejection and the authorization revocation process.
Additionally, the rules instruct the North American Numbering Council to study numbering use to inform the FCC’s future rulemaking. The rules also seek comments on a variety of topics, including further reforms on new direct access applications, duties of existing direct access authorization holders, and whether direct access applicants should disclose a list of states where they will provide initial services.
The rules will take effect 30 days after publication in the Federal Register.
On September 20, FDIC Chairman Martin J. Gruenberg delivered prepared remarks at the Exchequer Club, discussing the risks posed by nonbank financial institutions (nonbanks) to the U.S. financial system. He noted that nonbanks hold a significant share of the financial sector, with assets totaling around $20.5 trillion in 2021, emphasizing their importance alongside traditional banks. Gruenberg highlighted the financial stability concerns associated with nonbanks, especially their limited regulation and supervision compared to traditional banks. He further mentioned the interconnectedness between nonbanks and banks, and the potential for nonbanks to transmit risk during market shocks, which underscores the need for attention to these issues. Specifically, Gruenberg stated that the “information about the risks undertaken by a variety of nonbanks is severely lacking”, and transparency about these issues will ensure a safer financial system. Gruenberg also pointed out that nonbanks are becoming increasingly active in mortgage finance, business lending, and consumer financial services. He discussed some risks associated with hedge funds and leveraged investment vehicles generally, such as their reliance on short-term funding, and their potential to disrupt the stability of financial markets. Gruenberg concluded by advocating for a comprehensive strategy to address the financial stability risks posed by nonbanks, emphasizing the importance of transparency, oversight, and prudential requirements for nonbank financial institutions.
On September 21, the CFPB announced the beginning of its anticipated rulemaking regarding consumer reporting, including a proposal to remove medical bills from credit reports. This announcement builds upon a hearing the CFPB held in July 2023 on medical billing and collections, highlighting its range of negative impact on marginalized communities (covered by InfoBytes here). In the CFPB’s announcement, Director Rohit Chopra emphasized the inconsequential “predictive value” of medical bills in credit reports despite their prevalence in American households, thus the agency's goal is to alleviate the burden on individuals facing medical debt. The Bureau’s press release highlighted components to its outline of proposals and alternatives under consideration, such as (i) prohibiting consumer reporting companies from including medical bills in consumers’ credit reports; (ii) prohibiting creditors from relying on medical bills for underwriting decisions; and (iii) prohibiting debt collectors from leveraging the credit reporting system to pressure consumers into paying their debts. The rule would not prevent creditors from accessing medical bill information, such as validating need for medical forbearances, or evaluating loan applications for paying medical debt.
In addition to the proposed removal of medical debt from consumer reports, the Bureau’s outline includes other notable proposals regarding consumer reports. The Bureau’s proposals include”
- As previously covered by InfoBytes, applying the FCRA to data brokers by altering the FCRA definitions of “consumer report” and “consumer reporting agency”, to “address whether and how the FCRA applies to newer actors and practices in the credit reporting marketplace, including questions such as coverage of data brokers and certain consumer reposting agency practices regarding marketing and advertising.” In particular, the Bureau is also considering a proposal that would provide that data brokers selling “consumer reports” containing consumers’ payment history, income, and criminal records would be considered a consumer reporting agency. The Bureau is also exploring clarifications on when data brokers qualify as consumer reporting agencies and furnish consumer reports.
- Clarifying whether “credit header data” qualifies as a consumer report, which could limit the disclosure or sale of credit header data without valid reasoning.
- Clarifying that certain targeted marketing activities that do not directly share information with a third party nevertheless are subject to the FCRA.
- Proposing a definition of the terms “assembling” and “evaluating” to include intermediaries or vendors that “transmit consumer data electronically between data sources and users.”
- Clarifying whether and when aggregated or anonymized consumer report information constitutes or does not constitute a consumer report. Specifically, the Bureau contemplates providing that a data broker’s sale of particular data points such as “payment history, income, and criminal records” would “generally be a consumer reports, regardless of the purpose for which the data was actually used or collected, or the expectations of that data broker
- Establishing the steps that a company must take to obtain a consumer’s written instructions to a obtain a consumer report.
- Addressing a consumer reporting agency’s obligation under the FCRA to protect consumer reports from a data breach or unauthorized access.