Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Halperin discusses invoking UDAAP under CFPA

    Federal Issues

    On June 29, the American University Washington College of Law held a symposium centered in part around the CFPB’s new approach for examining institutions for unfair conduct. During the CFPB’s New Approach to Discrimination: Invoking UDAAP symposium, CFPB Assistant Director for the Office of Enforcement Eric Halperin answered questions related to updates recently made to the Bureau’s Unfair, Deceptive, or Abusive Acts or Practices Examination Manual. These updates detail the agency’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service as an unfair act or practice. (Covered by a Buckley Special Alert here.) The Bureau published a separate blog post by its enforcement and supervision heads explaining that they were “cracking down on discrimination in the financial sector,” and that the new procedures would guide examiners to look “beyond discrimination directly connected to fair lending laws” and “to review any policies or practices that exclude individuals from products and services, or offer products or services with different terms, in an unfairly discriminatory manner.”

    Assistant Director Halperin’s remarks were followed by a discussion of the Bureau’s revisions to its Examination Manual by a panel that consisted of David Silberman of the Center for Responsible Lending, Kitty Ryan of the American Bankers Association, and John Coleman of Buckley LLP, which was moderated by Jerry Buckley. Topics covered included a June 28 letter that trade associations sent to the CFPB urging recission of revisions to the Examination Manual.

    In his interview with American University Law School Professor V. Gerard Comizio, Halperin stated that the CFPB’s Examination Manual updates provide guidance on how examiners will implement the Bureau’s statutory authority to examine whether an act or practice is unfair because it may cause or is likely to cause substantial injury to consumers that is not reasonably avoidable and not outweighed by countervailing benefits to consumers or competition. He stressed that the update does not create a new legal standard under the three prongs of the unfairness standard. Halperin also discussed how the Bureau’s UDAAP authority interacts with laws enacted specifically to prevent discriminatory conduct such as ECOA and the Fair Housing Act, and touched on steps institutions should consider taking to ensure compliance. Notably, when asked whether the Bureau intends to pursue disparate impact claims under the CFPA, Halperin stated that disparate impact, along with disparate treatment, are wholly distinct concepts from Dodd-Frank’s prohibition on unfair acts and practices. He added that in assessing an unfair act and practice, the key is to examine the substantial injury prong and then assess the reasonable avoidability and the countervailing benefits prongs. He further explained that the unfairness test does not contain an intentional standard and noted that there have been cases brought by both the FTC and the Bureau where there was injurious conduct that was not intentional or specifically known to the party engaging in this practice. According to Halperin, substantial injury alone is not sufficient to prove unfairness and using disparate impact as the mechanism of proof is not what the Bureau uses to prove an unfairness claim.

    Halperin reiterated that the CFPB Examination Manual is designed to provide transparency to financial institutions about the types of issues that examiners will be inquiring about in furtherance of determining whether there has been an unfair act or practice under the current framework, and does not extend or create new law. In terms of practical compliance implications, Halperin said most financial institutions should already have robust UDAAP compliance systems in place and should already be looking for potential unfair acts or practices and examining patterns and group characteristics to identify the root cause of any issues, and to avoid substantial injury to consumers. With respect to a white paper recently sent to CFPB Director Rohit Chopra from several industry groups and the U.S Chamber of Commerce urging the Bureau to rescind the UDAAP exam manual (covered by InfoBytes here), Halperin commented that he has not had time to fully digest the white paper in detail but hoped that some of what was discussed during the symposium, particularly on the legal principles that will be used both in the exam manual and in any supervision and enforcement actions, clarifies that the Bureau is looking for conduct that violates the unfairness test.

    Federal Issues Agency Rule-Making & Guidance CFPB Examination UDAAP Unfair Disparate Impact Discrimination ECOA Fair Housing Act

    Share page with AddThis
  • CFPB reports on credit card line decreases

    Federal Issues

    On June 29, the CFPB issued a report analyzing the impact of credit card line decreases (CLD) on consumers. The report is a part of a CFPB series that examines consumer credit trends using a longitudinal sample of approximately five million de-identified credit records maintained by one of the three nationwide consumer reporting agencies. The report described how credit card companies increasingly used credit line decreases during both the Great Recession and at the start of the Covid-19 pandemic. According to the Bureau, in issuing the report it “sought to examine the importance and impact of these decisions by credit card companies” because of the “critical role credit plays in financial resiliency, especially during a downturn.” Key findings of the report include, among other things, that: (i) 67 percent of consumers who had CLDs did not show evidence of a recent delinquency on any credit card, and 83 percent had no delinquency on the card that received the CLD; (ii) the median amount of credit decreased by approximately 75 percent for consumers across different credit score tiers; (iii) the median deep subprime, subprime, near-prime, and prime account utilization reached 94 percent when the CLD was applied; and (iv) the median credit scores for consumers with a recent card delinquency on any card decreased between 33 and 87 points.

    Federal Issues CFPB Consumer Finance Credit Cards Credit Report Consumer Reporting Agency

    Share page with AddThis
  • Freddie to consider rent payments in automated underwriting

    Federal Issues

    On June 29, Freddie Mac announced that it will begin considering on-time rent payments as part of its loan purchase decisions to increase homeownership opportunities for first-time homebuyers. Starting July 10, with a borrower’s permission, mortgage lenders and brokers will be able to submit bank account data showing 12-months of on-time rent payments through Freddie’s automated underwriting system. According to Freddie, bank account data will be “obtained from designated third-party service providers using the same automated process used to verify assets, income and employment” using its asset and income modeler. Freddie explained that eligible rent payment data includes checks, electronic transactions, or digital payments made through specific payment apps. “These automated capabilities provide greater efficiencies to lenders and allows them to deliver a better borrower experience while continuing to meet Freddie Mac’s strong credit underwriting standards,” the announcement said. Additional requirements for submitting rent payment data to Freddie’s underwriting system will be announced in an upcoming July Single-Family Seller/Servicer Guide Bulletin.

    Federal Issues Freddie Mac GSEs Underwriting Mortgages Consumer Finance

    Share page with AddThis
  • CFPB ends EWA sandbox

    Federal Issues

    On June 30, the CFPB issued an order terminating a financial services company’s sandbox approval order related to its earned wage access (EWA) lending model. As previously covered by InfoBytes, the Bureau issued a two-year approval order to the company in December 2020, which provided the company safe harbor from liability under TILA and Regulation Z (to the fullest extent permitted by section 130(f) as to any act done in good faith compliance with the order). The company’s product allowed employees access to their earned but unpaid wages prior to payday and granted employees of a participating employer the ability to download the company’s app and agree to the company’s terms prior to engaging in an EWA program. The Bureau said in its announcement that it had informed the company earlier in June “that it was considering terminating the approval order in light of certain public statements the company made wrongly suggesting a CFPB endorsement of its products.” According to the Bureau, the company then requested termination of the order in order, citing the need to make changes to its fee model that would have required modifying the existing approval order. The Bureau noted that the company “requested termination of the order so it could make fee model changes quickly and flexibly.” The Bureau’s announcement indicated that it plans to issue guidance “soon” regarding earned wage access products and the definition of “credit” under TILA and Regulation Z.

    Federal Issues CFPB Regulatory Sandbox Earned Wage Access TILA Regulation Z Consumer Finance

    Share page with AddThis
  • CFPB warns debt collectors on “pay-to-pay” fees

    Agency Rule-Making & Guidance

    On June 29, the CFPB issued an advisory opinion to state its interpretation that Section 808 of the FDCPA and Regulation F generally prohibit debt collectors from charging consumers “pay-to-pay” fees for making payments online or by phone. “These types of fees are often illegal,” the Bureau said, explaining that its “advisory opinion and accompanying analysis seek to stop these violations of law and assist consumers who are seeking to hold debt collectors accountable for illegal practices.” 

    These fees, commonly known as convenience fees, are prohibited in many circumstances under the FDCPA, the Bureau said. It pointed out that allowable fees are those authorized in the original underlying agreements that consumers have with their creditors, such as with credit card companies, or those that are affirmatively permitted by law. Moreover, the Bureau stressed that the fact that a law does not expressly prohibit the assessment of a fee does not mean a debt collector is authorized to charge a fee. Specifically, the advisory opinion interprets FDCPA Section 808(1) to permit collection of fee only if: (i) “the agreement creating the debt expressly permits the charge and some law does not prohibit it”; or (ii) “some law expressly permits the charge, even if the agreement creating the debt is silent.” Additionally, the Bureau’s “interpretation of the phrase ‘permitted by law’ applies to any ‘amount’ covered under section 808(1), including pay-to-pay fees.” The Bureau further added that while some courts have adopted a “separate agreement” interpretation of the law to allow collectors to assess certain pay-to-pay fees, the agency “declines to do so.”

    The Bureau also opined that a debt collector is in violation of the FDCPA if it uses a third-party payment processor for which any of that fee is remitted back to the collector in the form of a kickback or commission. “Federal law generally forbids debt collectors from imposing extra fees not authorized by the original loan,” CFPB Director Rohit Chopra said. “Today’s advisory opinion shows that these fees are often illegal, and provides a roadmap on the fees that a debt collector can lawfully collect.”

    As previously covered by InfoBytes, the Bureau finalized its Advisory Opinions Policy in 2020. Under the policy, entities seeking to comply with existing regulatory requirements are permitted to request an advisory opinion in the form of an interpretive rule from the Bureau (published in the Federal Register for increased transparency) to address areas of uncertainty.

    Agency Rule-Making & Guidance Federal Issues CFPB Advisory Opinion Fees Junk Fees Consumer Finance FDCPA Regulation F Debt Collection

    Share page with AddThis
  • Insurers consider biometric exclusions as privacy cases increase

    Privacy, Cyber Risk & Data Security

    According to sources, some insurers are considering adding biometric exclusions to their insurance policies as privacy lawsuits increase. An article on the recent evolution of biometric privacy lawsuits noted an apparent increase in class actions claiming violations of the Illinois Biometric Information Privacy Act (BIPA), as “more courts began ruling that individuals need not show actual injury to allege BIPA violations.” The article explained that insurance carriers now “argue that general liability policies, with their lower premiums and face values, don’t insure data privacy lawsuits and can’t support potentially huge BIPA class action awards and settlements.” This issue is poised to become increasingly important to carriers and policyholders as additional states seek to regulate biometric privacy. The article noted that in the first quarter of 2022, seven states (California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York) introduced biometric laws generally based on Illinois’ BIPA. Texas and Washington also have biometric laws, but without a private right of action.

    Privacy/Cyber Risk & Data Security Insurance BIPA State Issues Courts Biometric Data

    Share page with AddThis
  • OFAC amends Global Terrorism Sanctions Regulations

    Financial Crimes

    On June 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a final rule amending the Global Terrorism Sanctions Regulations. Specifically, the final rule “authorizes the Secretary of the Treasury to prohibit the opening, and prohibit or impose strict conditions on the maintaining, in the United States, of a correspondent account or payable-through account of any foreign financial institution that the Secretary of the Treasury, in consultation with the Secretary of State, has determined, on or after September 24, 2001 (the effective date of amended E.O. 13224), has knowingly conducted or facilitated any significant transaction on behalf of any person whose property and interests in property are blocked pursuant to amended E.O. 13224.” The final rule is effective July 1.

    Financial Crimes OFAC Federal Register Of Interest to Non-US Persons Department of Treasury OFAC Sanctions

    Share page with AddThis
  • OFAC sanctions nearly 100 Russian targets; prohibits Russian gold imports

    Financial Crimes

    On June 28, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Orders (E.O.) 14024 and 14065 against 70 entities—many of which, according to OFAC, “are critical to the Russian Federation’s defense industrial base, including State Corporation Rostec, the cornerstone of Russia’s defense, industrial, technology, and manufacturing sector.” Twenty-nine Russian individuals were also designated. “We once again reaffirm our commitment to working alongside our partners and allies to impose additional severe sanctions in response to Russia’s war against Ukraine,” Treasury Secretary Janet L. Yellen said. OFAC’s designations occurred in tandem with actions taken by the U.S. State Department, which include sanctions against an additional 45 entities and 29 individuals as well as visa restrictions against “officials believed to have threatened or violated Ukraine’s sovereignty, territorial integrity, or political independence.” Additionally, OFAC immediately prohibited the importation of Russian gold into the U.S. (unless licensed or otherwise authorized by OFAC). As a result of the sanctions, all property and interests in property belonging to the designated persons in the U.S. are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC noted that U.S. persons are prohibited from participating in transactions with the sanctioned persons unless authorized by a general or specific license.

    A joint alert issued by FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security also urged financial institutions to remain vigilant against Russian and Belarusian export control evasion and to take a “risk-based approach” for identifying potentially suspicious activity, such as end-use certificates, export documents, or letters of credit-based trade financing. “Financial institutions and the private sector continue to play a key role in disrupting Russia’s efforts to acquire critical goods and technology to support its war-making efforts,” OFAC stated in its announcement.

    On the same day, OFAC issued several new Russia-related general licenses (GL): (i) GL 39 authorizes the wind down of transactions ordinarily incident and necessary involving State Corporation Rostec that are normally prohibited by E.O. 14024; (ii) GL 40 authorizes “all transactions ordinarily incident and necessary to the provision, exportation, or reexportation of goods, technology, or services to ensure the safety of civil aviation involving one or more of” certain blocked entities; (iii) GL 41 authorizes certain transactions related to agricultural equipment that are normally prohibited by the Russian Harmful Foreign Activities Sanctions Regulations; (iv) GL 42 authorizes certain transactions with the Federal Security Services; and (v) GL 43 authorizes the divestment or transfer of debt or equity of, and wind down of derivative contracts involving the Public Joint Stock Company Severstal or Nord Gold PLC.

    OFAC also published a Determination Pursuant to Section 1(a)(i) of Executive Order 14068 concerning prohibitions related to the importation of Russian gold and issued one new and one amended frequently asked question.

    The Russian Elites, Proxies, and Oligarchs (REPO) Task Force also issued a joint statement summarizing actions taken by REPO members against sanctioned Russians. The efforts have led to more than $30 billion worth of sanctioned Russians’ assets being blocked or frozen and has heavily restricted sanctioned Russians’ access to the international financial system.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions Russia Ukraine Ukraine Invasion Department of State FinCEN Department of Commerce

    Share page with AddThis
  • District Court says Massachusetts law will apply in choice-of-law privacy dispute

    Privacy, Cyber Risk & Data Security

    On June 28, the U.S. District Court for the District of South Carolina ruled that it will apply Massachusetts law to negligence claims in a putative class action concerning a cloud-based services provider’s allegedly lax data-security practices. The plaintiffs claimed that the defendant’s “security program was inadequate and that the security risks associated with the Personal Information went unmitigated, allowing [] cybercriminals to gain access.” During discovery, the defendant (headquartered in South Carolina) stated that its U.S. data centers are located in Massachusetts, Texas, California, and New Jersey, and that the particular servers that housed the plaintiffs’ data (and were the initial entry point for the ransomware attack) are physically located in Massachusetts. While both parties stipulated to the application of South Carolina choice-of-law principles generally, the plaintiffs specifically requested that South Carolina law be applied to their common law claims of negligence, negligence per se, and invasion of privacy since it was the state where defendant executives made the cybersecurity-related decisions that allegedly allowed the data breach to occur. However, the defendant countered that the law of each state where a plaintiff resides should apply to that specific plaintiff’s common law tort claims because the “damages were felt in their respective home states.” Both parties presented an alternative argument that if the court found the primary choice-of-law theory to be unfounded, then Massachusetts law would be appropriate as “Massachusetts was the state where the last act necessary took place because that is where the data servers were housed.”

    In determining which state’s common-law principles apply, the court stated that even if some of the cybersecurity decisions were made in South Carolina, the personal information was stored on servers in Massachusetts. Moreover, the “alleged decisions made in South Carolina may have contributed to the breach, but they were not the last act necessary to establish the cause of action,” the court wrote, noting that in order for the defendant to be potentially liable, the data servers would need to be breached. The court further concluded that “South Carolina’s choice of law rules dictate that where an injury occurs, not where the result of the injury is felt or discovered is the proper standard to determine the last act necessary to complete the tort.” As such, the court stated that Massachusetts law will apply as that is where the data breach occurred.

    Privacy/Cyber Risk & Data Security Courts State Issues Massachusetts South Carolina Class Action

    Share page with AddThis
  • Agencies release host state loan-to-deposit ratios

    On June 28, the FDIC, Federal Reserve Board, and OCC (collectively, "the agencies") released the current host state loan-to-deposit ratios for each state or territory, which the agencies use to determine compliance with Section 109 of the Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994 (Interstate Act). Under the Interstate Act, banks are prohibited from establishing or acquiring branches outside of their home state for the primary purpose of deposit production. Branches of banks controlled by out-of-state bank holding companies are also subject to the same restriction. Determining compliance with Section 109 requires a comparison of a bank’s estimated statewide loan-to-deposit ratio to the estimated host state loan-to-deposit ratio. If a bank’s statewide ratio is less than one-half of the published host-state ratio, an additional review is required by the appropriate agency, which involves a determination of whether a bank is reasonably helping to meet the credit needs of the communities served by the bank’s interstate branches.

    Bank Regulatory Federal Issues OCC FDIC Bank Compliance Federal Reserve Riegle-Neal Act

    Share page with AddThis

Pages