Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 21, the Conference of State Bank Supervisors (CSBS) issued a request for information (RFI) on issues related to state money transmission and payments regulation as state regulators begin coordinating model legislation for all 50 states to adopt in whole or in part. CSBS’ RFI is based upon recommendations made by the Fintech Industry Advisory Panel (a part of CSBS’ Vision 2020 previously covered by InfoBytes here) and seeks feedback on several areas of law and regulation to help states create harmonized definitions and interpretations on a national level. According to the Advisory Panel, “despite the general similarity of state money transmission laws, each state defines and interprets money transmission and its exemptions differently.” The RFI solicits comments framed towards outlined policy standards and risks on the following issues:
(i) The scope of covered money transmission activities and applicable exemptions; (ii) the change in control process, including the personal vetting requirements for individuals deemed new control persons; (iii) prudential regulations—in particular, permissible investment, net worth, and surety bond requirements; (iv) supervision processes; and (v) coordination—in particular, how states can ensure the areas outlined above are implemented consistently without state-by-state policy diversion or needless duplication of effort.
Comments on the RFI are due April 20 and will be made publically available here.
On February 11, a bipartisan group of 29 state Attorneys General, the District of Columbia Attorney General, and an official from the Hawaii Office of Consumer Protection, responded to the FTC’s request for comment on whether the agency should make changes to its identity theft detection rules (the Red Flags Rule and the Card Issuers Rule), which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. (Covered by InfoBytes here.)
In their response, the Attorneys General urge the FTC not to repeal the Rules, arguing that it “would place consumers at greater risk of identity theft, especially consumers in states that have not enacted” laws that complement the Rules. Instead, the response letter requests the FTC modify the Rules to “ensure their continued relevance” and “keep pace with the ingenuity of identity thieves.” The suggestions include: (i) that notices of changes to email addresses and cell phone numbers be sent to both the prior and updated addresses and phone numbers, an expansion of the current use of mailing addresses; (ii) the encouragement of more current forms of authentication, including multi-factor authentication, to replace examples which imply that knowledge-based authentication by itself is sufficient; and (iii) the addition of new suspicious activity examples related to the use of an account, such as a covered account accessed by unknown devices or IP addresses, an unauthorized user unsuccessfully trying to guess account passwords through multiple attempts, and attempts by foreign IP addresses to access multiple accounts in a close period of time.
On January 31, the CFPB published a request for information (RFI) on the consumer credit card market. Section 502 of the Credit Card Accountability and Responsibility Disclosure Act (CARD Act) of 2009 requires the Bureau to conduct a review of the consumer credit card market every two years and to seek public comment to assist in that review. While the Bureau seeks feedback on all aspects of the consumer credit card market, the RFI specifically seeks comments related to, among other things, (i) the terms of credit card agreements and the practices, such as collection efforts, of credit card issuers; (ii) the effectiveness of disclosures related to rates, fees, and other cost terms; (iii) prevalence of unfair, deceptive, or abusive acts or practices in the market; and (iv) credit card product innovation. Comments must be received by May 1, 2019.
On January 22, a coalition of 14 state Attorneys General submitted a comment letter responding to the FDIC’s Request for Information (RFI) on small-dollar lending. (See previous InfoBytes coverage on the RFI here.) According to the letter, while the coalition welcomes the FDIC’s interest in encouraging FDIC-supervised financial institutions to offer responsibly underwritten and prudently structured small-dollar credit products that are economically viable and address consumer credit needs, the coalition simultaneously raises several legal risks affecting state-chartered banks seeking to enter this space.
- Banks face challenges when entering into relationships with “fringe lenders,” specifically with respect to the potential evasion of state restrictions related to state usury laws, “rent-a-bank” lending, and tribal sovereign immunity. The coalition recommends that the FDIC discourage banks from entering into such relationships.
- State-chartered banks are still subject to state unfair or deceptive acts or practices laws and state-law unconscionability claims. The coalition recommends that the FDIC encourage banks to evaluate consumers’ ability to repay, factoring in conditions such as consumers’ monthly expenses, their ability to repay a loan’s entire balance without re-borrowing, and their “capacity to absorb an unanticipated financial event. . .and, nonetheless, still be able to meet the payments as they become due.” The coalition recommends that the FDIC include the factors banks should consider before extending small-dollar loans to consumers in any guidance that it issues.
On December 4, the FTC released a request for public comment on whether the agency should make changes to its identity theft detection rules—the Red Flags Rule and the Card Issuers Rule—which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. The FTC is seeking comment as part of its systematic review of all of its regulations and guides. According to the FTC, consumer complaints relating to identity theft represented the third largest category of consumer complaints made to the FTC through the first three quarters of 2018 and the second largest category in 2017. The FTC is seeking comment on all aspects of the two rules, but also poses specific questions for commenters to address, such as (i) whether there is a continuing need for the specific provisions of the rules; (ii) what significant costs have the rules imposed on consumers and businesses; and (iii) whether there are any types of creditors that are not currently covered by the Red Flags Rule but should be covered. The request for comment is due to be published in the Federal Register shortly, and comments must be received by February 11, 2019.
On November 14, the FDIC issued a request for information (RFI) seeking public comment on ways it can encourage FDIC-supervised financial institutions to offer “responsible, prudently underwritten small-dollar credit products that are economically viable and address the credit needs of bank customers.” In the RFI’s release, FDIC Chairman Jelena McWilliams pointed to studies showing that “[c]onsumers benefit when small-dollar credit products are available from banks” and requested “the public to use the RFI process to tell [the FDIC] how to ensure that consumers can obtain small dollar credit from banking institutions in a responsible manner.” The RFI seeks information related to the “full spectrum of issues” related to banks offering small-dollar credit, including regulatory and non-regulatory obstacles for banks, as well as actions the FDIC could take to assist banks in serving the small-dollar market. In addition to general feedback, the RFI includes a list of suggested topics and questions for commenters to address. Comments will be due 60 days after publication in the Federal Register.
Recently, the OCC and the CFPB have also made efforts to encourage banks to meet the small-dollar credit needs of consumers. In May, the OCC issued Bulletin 2018-14 encouraging banks to offer responsible short-term, small-dollar installment loans with typical maturities between two and 12 months (covered by InfoBytes here). In addition to applauding the OCC’s Bulletin, the CFPB announced it expects to publish proposed rules reconsidering the ability-to-repay provisions of the rule covering Payday, Vehicle Title, and Certain High-Cost Installment Loans in January 2019 (covered by InfoBytes here).
On October 1, the FDIC released a request for information (RFI) on “FDIC Communication and Transparency.” The agency is seeking comments and information on how the agency can make its “communication with insured depository institutions (IDIs) more effective, streamlined, and clear [, including] . . . maximiz[ing] efficiency and minimiz[ing] burden associated with obtaining information on FDIC laws, regulations, policies, and other materials relevant to IDIs.” The RFI requests feedback on all types of communication from the FDIC, including (i) regulations, policies, procedures, and guidance; (ii) news and updates; (iii) industry data, educational materials, and outreach; and (iv) general and direct communications, such as email subscriptions, in-person meetings, and compliance reviews. In addition to general feedback, the RFI includes a list of suggested topics and questions for commenters to address.
Comments must be received by December 4.
On September 25, the CFPB released a report on the Bureau’s data governance program, including what data the Bureau collects, from where the data is sourced, and how the data is used and reused within the Bureau. The report emphasizes that data informs a large portion of the Bureau’s work, including rule writing, supervision, enforcement, consumer education, and market monitoring. The report details the more than 188 data collections from public sources, government agencies, commercial vendors, financial institutions, and consumers that the Bureau has undertaken to date. In connection with the report, the Bureau issued a request for information (RFI) seeking feedback on the Bureau’s data governance program and data use. Specifically, the RFI requests comments on, among other things, (i) the overall effectiveness and efficiency of the Bureau’s data collections; (ii) privacy issues related to the Bureau’s data collection practices; (iii) ways the Bureau should or should not reuse data collected for one purpose to inform other work; and (iv) ways the Bureau could make data reporting less burdensome. Comments must be received by December 27.
On June 7, acting Director of the CFPB, Mick Mulvaney, dismissed the Bureau’s action against PHH, which spawned years of litigation and a constitutional challenge to the CFPB’s structure. In January, the U.S. Court of Appeals for the D.C. Circuit issued its en banc decision concluding the CFPB’s structure is constitutional but affirmed the October 2016 panel opinion that the CFPB misinterpreted RESPA and its statute of limitations (covered by a Buckley Sandler Special Alert). The $109 million penalty imposed on PHH by the CFPB was vacated and the case was sent back to CFPB leadership for review. On June 6, in response to an order by Mulvaney, PHH and the Bureau’s enforcement counsel filed a joint statement addressing whether further proceedings were necessary and jointly recommended dismissal of the matter.
On June 6, Mulvaney reportedly removed all current members of the Consumer Advisory Board (CAB), the Community Bank Advisory Council (CBAC), and the Credit Union Advisory Council (CUAC). In a blog post, the Bureau’s policy associate director for external affairs noted that the changes to the advisory boards were in response to the comments received from the Bureau’s Request for Information (RFI) on external engagements (previously covered by InfoBytes here). The comment period for the RFI closed on May 29. According to the blog, the Bureau will still continue its statutory obligation under the Dodd-Frank Act to convene the CAB and provide forums for the CBAC and the CUAC. The councils will be re-staffed with a smaller membership from the 2018 application and selection process. The changes come only a few days after it was reported that Mulvaney canceled his meeting with the CAB for the second time since he took on the acting director role.
On June 4, the New York Attorney General, Barbara Underwood, along with fourteen other state Attorneys General submitted a comment letter in response to the CFPB’s Request for Information (RFI) on the public reporting of consumer complaints, previously covered by InfoBytes here. The Attorneys General highlight the utility of the CFPB’s consumer complaint database, stating it “has been an invaluable resource for identifying trends and patterns,” and noting its usefulness in investigations into certain companies “whose misconduct was initially brought to [their] attention through a critical mass of complaints filed with the CFPB.” The letter also comments on the database’s benefit to the public for (i) empowering consumers to educate themselves; (ii) incentivizing companies to treat consumers fairly; and (iii) potentially revealing patterns of widespread misconduct. The coalition concludes the letter by urging the CFPB to maintain the public database.
Additionally, on the same day, the New Jersey Attorney General, Gurbir Grewal, responded to the same RFI with similar sentiments but also emphasized that eliminating or reducing the public availability of the database “would conflict with the open-government principles of the Freedom of Information Act” (FOIA) because FOIA requires government agencies to proactively disclose frequently requested records. According to Grewal, the Bureau receives a substantial number of requests for consumer complaint records and this number will likely increase without the public database.
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium