Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 11, a bipartisan group of 29 state Attorneys General, the District of Columbia Attorney General, and an official from the Hawaii Office of Consumer Protection, responded to the FTC’s request for comment on whether the agency should make changes to its identity theft detection rules (the Red Flags Rule and the Card Issuers Rule), which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. (Covered by InfoBytes here.)
In their response, the Attorneys General urge the FTC not to repeal the Rules, arguing that it “would place consumers at greater risk of identity theft, especially consumers in states that have not enacted” laws that complement the Rules. Instead, the response letter requests the FTC modify the Rules to “ensure their continued relevance” and “keep pace with the ingenuity of identity thieves.” The suggestions include: (i) that notices of changes to email addresses and cell phone numbers be sent to both the prior and updated addresses and phone numbers, an expansion of the current use of mailing addresses; (ii) the encouragement of more current forms of authentication, including multi-factor authentication, to replace examples which imply that knowledge-based authentication by itself is sufficient; and (iii) the addition of new suspicious activity examples related to the use of an account, such as a covered account accessed by unknown devices or IP addresses, an unauthorized user unsuccessfully trying to guess account passwords through multiple attempts, and attempts by foreign IP addresses to access multiple accounts in a close period of time.
On January 31, the CFPB published a request for information (RFI) on the consumer credit card market. Section 502 of the Credit Card Accountability and Responsibility Disclosure Act (CARD Act) of 2009 requires the Bureau to conduct a review of the consumer credit card market every two years and to seek public comment to assist in that review. While the Bureau seeks feedback on all aspects of the consumer credit card market, the RFI specifically seeks comments related to, among other things, (i) the terms of credit card agreements and the practices, such as collection efforts, of credit card issuers; (ii) the effectiveness of disclosures related to rates, fees, and other cost terms; (iii) prevalence of unfair, deceptive, or abusive acts or practices in the market; and (iv) credit card product innovation. Comments must be received by May 1, 2019.
On January 22, a coalition of 14 state Attorneys General submitted a comment letter responding to the FDIC’s Request for Information (RFI) on small-dollar lending. (See previous InfoBytes coverage on the RFI here.) According to the letter, while the coalition welcomes the FDIC’s interest in encouraging FDIC-supervised financial institutions to offer responsibly underwritten and prudently structured small-dollar credit products that are economically viable and address consumer credit needs, the coalition simultaneously raises several legal risks affecting state-chartered banks seeking to enter this space.
- Banks face challenges when entering into relationships with “fringe lenders,” specifically with respect to the potential evasion of state restrictions related to state usury laws, “rent-a-bank” lending, and tribal sovereign immunity. The coalition recommends that the FDIC discourage banks from entering into such relationships.
- State-chartered banks are still subject to state unfair or deceptive acts or practices laws and state-law unconscionability claims. The coalition recommends that the FDIC encourage banks to evaluate consumers’ ability to repay, factoring in conditions such as consumers’ monthly expenses, their ability to repay a loan’s entire balance without re-borrowing, and their “capacity to absorb an unanticipated financial event. . .and, nonetheless, still be able to meet the payments as they become due.” The coalition recommends that the FDIC include the factors banks should consider before extending small-dollar loans to consumers in any guidance that it issues.
On December 4, the FTC released a request for public comment on whether the agency should make changes to its identity theft detection rules—the Red Flags Rule and the Card Issuers Rule—which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. The FTC is seeking comment as part of its systematic review of all of its regulations and guides. According to the FTC, consumer complaints relating to identity theft represented the third largest category of consumer complaints made to the FTC through the first three quarters of 2018 and the second largest category in 2017. The FTC is seeking comment on all aspects of the two rules, but also poses specific questions for commenters to address, such as (i) whether there is a continuing need for the specific provisions of the rules; (ii) what significant costs have the rules imposed on consumers and businesses; and (iii) whether there are any types of creditors that are not currently covered by the Red Flags Rule but should be covered. The request for comment is due to be published in the Federal Register shortly, and comments must be received by February 11, 2019.
On November 14, the FDIC issued a request for information (RFI) seeking public comment on ways it can encourage FDIC-supervised financial institutions to offer “responsible, prudently underwritten small-dollar credit products that are economically viable and address the credit needs of bank customers.” In the RFI’s release, FDIC Chairman Jelena McWilliams pointed to studies showing that “[c]onsumers benefit when small-dollar credit products are available from banks” and requested “the public to use the RFI process to tell [the FDIC] how to ensure that consumers can obtain small dollar credit from banking institutions in a responsible manner.” The RFI seeks information related to the “full spectrum of issues” related to banks offering small-dollar credit, including regulatory and non-regulatory obstacles for banks, as well as actions the FDIC could take to assist banks in serving the small-dollar market. In addition to general feedback, the RFI includes a list of suggested topics and questions for commenters to address. Comments will be due 60 days after publication in the Federal Register.
Recently, the OCC and the CFPB have also made efforts to encourage banks to meet the small-dollar credit needs of consumers. In May, the OCC issued Bulletin 2018-14 encouraging banks to offer responsible short-term, small-dollar installment loans with typical maturities between two and 12 months (covered by InfoBytes here). In addition to applauding the OCC’s Bulletin, the CFPB announced it expects to publish proposed rules reconsidering the ability-to-repay provisions of the rule covering Payday, Vehicle Title, and Certain High-Cost Installment Loans in January 2019 (covered by InfoBytes here).
On October 1, the FDIC released a request for information (RFI) on “FDIC Communication and Transparency.” The agency is seeking comments and information on how the agency can make its “communication with insured depository institutions (IDIs) more effective, streamlined, and clear [, including] . . . maximiz[ing] efficiency and minimiz[ing] burden associated with obtaining information on FDIC laws, regulations, policies, and other materials relevant to IDIs.” The RFI requests feedback on all types of communication from the FDIC, including (i) regulations, policies, procedures, and guidance; (ii) news and updates; (iii) industry data, educational materials, and outreach; and (iv) general and direct communications, such as email subscriptions, in-person meetings, and compliance reviews. In addition to general feedback, the RFI includes a list of suggested topics and questions for commenters to address.
Comments must be received by December 4.
On September 25, the CFPB released a report on the Bureau’s data governance program, including what data the Bureau collects, from where the data is sourced, and how the data is used and reused within the Bureau. The report emphasizes that data informs a large portion of the Bureau’s work, including rule writing, supervision, enforcement, consumer education, and market monitoring. The report details the more than 188 data collections from public sources, government agencies, commercial vendors, financial institutions, and consumers that the Bureau has undertaken to date. In connection with the report, the Bureau issued a request for information (RFI) seeking feedback on the Bureau’s data governance program and data use. Specifically, the RFI requests comments on, among other things, (i) the overall effectiveness and efficiency of the Bureau’s data collections; (ii) privacy issues related to the Bureau’s data collection practices; (iii) ways the Bureau should or should not reuse data collected for one purpose to inform other work; and (iv) ways the Bureau could make data reporting less burdensome. Comments must be received by December 27.
On June 7, acting Director of the CFPB, Mick Mulvaney, dismissed the Bureau’s action against PHH, which spawned years of litigation and a constitutional challenge to the CFPB’s structure. In January, the U.S. Court of Appeals for the D.C. Circuit issued its en banc decision concluding the CFPB’s structure is constitutional but affirmed the October 2016 panel opinion that the CFPB misinterpreted RESPA and its statute of limitations (covered by a Buckley Sandler Special Alert). The $109 million penalty imposed on PHH by the CFPB was vacated and the case was sent back to CFPB leadership for review. On June 6, in response to an order by Mulvaney, PHH and the Bureau’s enforcement counsel filed a joint statement addressing whether further proceedings were necessary and jointly recommended dismissal of the matter.
On June 6, Mulvaney reportedly removed all current members of the Consumer Advisory Board (CAB), the Community Bank Advisory Council (CBAC), and the Credit Union Advisory Council (CUAC). In a blog post, the Bureau’s policy associate director for external affairs noted that the changes to the advisory boards were in response to the comments received from the Bureau’s Request for Information (RFI) on external engagements (previously covered by InfoBytes here). The comment period for the RFI closed on May 29. According to the blog, the Bureau will still continue its statutory obligation under the Dodd-Frank Act to convene the CAB and provide forums for the CBAC and the CUAC. The councils will be re-staffed with a smaller membership from the 2018 application and selection process. The changes come only a few days after it was reported that Mulvaney canceled his meeting with the CAB for the second time since he took on the acting director role.
On June 4, the New York Attorney General, Barbara Underwood, along with fourteen other state Attorneys General submitted a comment letter in response to the CFPB’s Request for Information (RFI) on the public reporting of consumer complaints, previously covered by InfoBytes here. The Attorneys General highlight the utility of the CFPB’s consumer complaint database, stating it “has been an invaluable resource for identifying trends and patterns,” and noting its usefulness in investigations into certain companies “whose misconduct was initially brought to [their] attention through a critical mass of complaints filed with the CFPB.” The letter also comments on the database’s benefit to the public for (i) empowering consumers to educate themselves; (ii) incentivizing companies to treat consumers fairly; and (iii) potentially revealing patterns of widespread misconduct. The coalition concludes the letter by urging the CFPB to maintain the public database.
Additionally, on the same day, the New Jersey Attorney General, Gurbir Grewal, responded to the same RFI with similar sentiments but also emphasized that eliminating or reducing the public availability of the database “would conflict with the open-government principles of the Freedom of Information Act” (FOIA) because FOIA requires government agencies to proactively disclose frequently requested records. According to Grewal, the Bureau receives a substantial number of requests for consumer complaint records and this number will likely increase without the public database.
On April 11, the CFPB released its twelfth (and apparently final) Request for Information (RFI) in a series seeking feedback on the Bureau’s operations. This RFI solicits public comment to assist the Bureau in assessing its handling of consumer complaints and consumer inquiries. Pursuant to the Dodd-Frank Act, the CFPB is required to “facilitate the centralized collection of, monitoring of, and response to consumer complaints regarding consumer financial products or services.” According to the RFI, a “consumer complaint” relates to an issue a consumer has with an identifiable entity, whereas a “consumer inquiry” is a consumer request for information from the CFPB regarding a financial product or service, a CFPB action, or the status of a complaint. While the Bureau is seeking feedback on all aspects of its consumer complaints and consumer inquiries processes, the RFI specifically seeks comments related to (i) how the Bureau distinguishes between complaints and inquiries, including if there should be a process for companies to reclassify consumer submissions; (ii) the complaint submission process, including the channels of submission and whether consumers should be allowed to authorize a third-party to submit on their behalf; and (iii) whether the Bureau should develop a process for companies to provide responses to consumer inquiries. The RFI is expected to be published in the Federal Register on April 16. Comments will be due 90 days from publication.
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jessica L. Pollet to discuss "Law & compliance speedsmarts" at the American Financial Services Association Law & Compliance Symposium
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program