Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 17, the CFPB issued a statement from Bureau Director Kathy Kraninger announcing she has asked Congress to grant the Bureau “clear authority to supervise for compliance with the Military Lending Act (MLA).” The statement expresses Kraninger’s interest in protecting servicemembers and their families and notes the requested authority would complement the Bureau’s MLA enforcement work. The announcement acknowledges the recently introduced House legislation, H.R. 442, which would directly grant the Bureau supervisory authority over the MLA, and also includes suggested draft legislation the Bureau sent to both the U.S. House of Representatives and the U.S. Senate (here and here). The draft legislation would amend the Consumer Financial Protection Act to include a section providing the Bureau “nonexclusive authority to require reports and conduct examinations on a periodic basis” for the purposes of (i) assessing compliance with the MLA; (ii) obtaining information about the compliance systems or procedures associated with the law; and (iii) detecting and assessing associated risks to consumers and to markets.
As previously covered by InfoBytes, in August 2018, then acting Director Mick Mulvaney internally announced the Bureau would cease supervisory examinations of the MLA, contending the law did not explicitly grant the Bureau the authority to examine financial institutions for compliance. A bipartisan coalition of 33 state Attorneys General wrote to Mulvaney expressing concern over the decision and after her confirmation, a group of 23 House Democrats urged Kraninger to resume the examinations. (Covered by InfoBytes here and here.)
The Bureau’s request that Congress grant it authority to examine for compliance with the MLA suggests that it does not intend to do so unless Congress acts.
On December 6, the U.S. Senate confirmed, in a 50 to 49 vote, Kathy Kraninger as the new Director of the CFPB for a five year term. Kraninger replaces acting CFPB Director Mick Mulvaney, under whom she served at the Office of Management and Budget (OMB) as the associate director for general government. Prior to OMB, Kraninger worked at the Department of Homeland Security and in Congress on the House and Senate Committees on Appropriations. In July, Kraninger testified before the Senate Banking Committee where she fielded questions covering a range of topics and notably stated that, “Congress, through [the] Dodd-Frank Act, gave the Bureau incredible powers and incredible independence from both the president and the Congress in its structure. . . . My focus is on running the agency as Congress established it, but certainly working with members of Congress. I’m very open to changes in that structure that will make the agency more accountable and more transparent.” (Detailed coverage on Kraninger’s hearing available here.)
While her views on consumer financial protection issues are largely unknown, Kraninger is expected to continue with Mulvaney’s initiatives, at least in the near term. Currently, the Bureau is, among other things, (i) expected to release a proposed rule reconsidering the ability-to-repay provisions of the rule covering Payday, Vehicle Title, and Certain High-Cost Installment Loans in January 2019 (covered by InfoBytes here); (ii) fighting three constitutional challenges to its single-director structure (InfoBytes coverage here and here and here); and (iii) receiving pushback from state Attorneys General on its reported decisions to no longer supervising financial institutions for compliance with the Military Lending Act (MLA) and reexamine the requirements and enforcement of the Equal Credit Opportunity Act (ECOA) (covered by InfoBytes here and here).
In a press statement released shortly after the vote, Mulvaney praised the Senate for confirming Kraninger and spoke of his time as acting Director, “[t]his last year has been an important step in the history of the Bureau as we take our place among the most notable regulatory bodies of our country -- and frankly the world. Like all transitions, it was not always as smooth as we would've all liked, but the Bureau has emerged stronger for it.”
On November 27, the Senate Committee on Commerce, Science and Transportation’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security conducted a hearing to discuss, among other topics, whether the FTC should be granted expanded authority over consumer data privacy and security. The hearing entitled “Oversight of the Federal Trade Commission” heard from the Chairman of the FTC as well as the agency’s four commissioners. Ranking Member Senator Bill Nelson’s opening statement discussed the need for providing additional resources to the FTC in order to ensure the agency is able to perform its mandated duties and effectively protect U.S. consumers from unfair or deceptive acts or practices. The five witnesses agreed that enforcement remains a priority for the FTC and called for comprehensive consumer privacy legislation that would clarify the agency’s authority and the rules relating to data security and breach notification, while fostering competition and innovation to the benefit of consumers. Specifically, FTC Chairman Joseph Simons stated he would support federal data security legislation if it provided the following three items: (i) the ability to seek civil money penalties to effectively deter unlawful conduct; (ii) jurisdiction over nonprofits and common carriers; and (iii) broad rulemaking authority to issue implementing rules under the Administrative Procedures Act for consumer protection issues such as privacy and data security. Commissioner Rohit Chopra also emphasized the need for Congress to support the FTC’s authority under Section 13B of the FTC Act, which authorizes the FTC to seek preliminary and permanent injunctions against companies and individuals.
However, Senator Blumenthal argued that too often the FTC has “fallen short” on protecting consumer privacy, particularly in terms of enforcement and pressing challenges. According to Senator Blumenthal, big tech companies misuse their power and consent orders are not “vigorously and adequately enforced.” He argued that the FTC must have the tools and resources to establish meaningful penalties for first offenses that pose a credible deterrent and recognize state attorneys general to ensure violations are investigated and punished.
Among other things, the hearing also discussed topics addressing: (i) the FTC’s ongoing series of public hearings reexamining the agency’s approach to consumer privacy in light of changing technologies (see previous InfoBytes coverage here); (ii) federal preemption versus state-by-state laws and the risk of inconsistencies and compliance challenges; (iii) the potential use of the FTC’s Section 6B authority, which would allow requests to be sent to the tech industry to understand what data is collected from consumers and how that information is used, shared, and sold; (iv) privacy protections for children, including the strengths and weaknesses of the Children’s Online Privacy Protection Act, particularly with respect to children ages 13 and older; (v) data minimization controls; and (vi) notice and comment rulemaking authority.
The results are in: Party control of the U.S. House of Representatives will change for the third time in 12 years, leaving legions of pundits to speculate about what happens next. Prospects for a fundamental change in the way Congress and Washington operate are dim, particularly given that the U.S. Senate remains under Republican control. With new legislation most likely dead on arrival due to the political stalemate on Capitol Hill, the Democrats’ most reliable opportunity to exert their will is almost certainly through congressional oversight and investigations. The last time the Democrats controlled the House during a Republican presidency, following the 2006 midterms, Rep. Henry Waxman remarked that Congress’s oversight powers are “just as important, if not more important than legislation.”
While it is tempting to dismiss congressional oversight, and the attendant theatrical hearings and testimony as nothing but sound and fury, the reality for companies, executives, and others under the microscope is far less anodyne. Lack of preparation and ill-conceived strategy in responding to congressional investigations heightens the prospect of reputational harm that, unchecked, will frustrate business goals, damage shareholders, and derail — or end — careers.
* * *
Click here to read the full special alert.
Please join us for a Dec. 5 webcast that will delve deeper into these topics and offer some thoughts on navigating the coming tide of congressional investigations. If you have questions about congressional investigations or other related issues, please visit our Congressional Investigations practice page, or contact a Buckley Sandler attorney with whom you have worked in the past.
Consumer advocates testify before Senate Commerce Committee on need for federal consumer data privacy legislation
On October 10, the Senate Committee on Commerce, Science, and Transportation held the second in a series of hearings on the subject of consumer data privacy safeguards. The hearing entitled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act” heard from consumer privacy advocates on lessons from the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of 2018, and what types of consumer protections should be considered in future federal legislation. Committee Chairman, Senator John Thune, opened the hearing by emphasizing the importance of promoting privacy without stifling innovation. Senator Thune stated that, while understanding the experience of technology and telecommunications companies in this space is important, any new federal privacy law must also incorporate views from affected industry stakeholders and consumer advocates.
The consumer privacy advocate witnesses agreed there is a need for heightened consumer protections and rights, and that the time is ripe to have a debate on what a consumer data privacy law at the federal level would look like and how it would work with state level laws. However, witnesses cautioned that federal legislation should create a floor and not a ceiling for privacy that will not prevent states from passing their own privacy laws. One of the witnesses who led the effort behind the California ballot initiative that resulted in the CCPA emphasized that federal legislation should contain a robust enforcement mechanism, while a witness from the Center for Democracy & Technology said that (i) lawmakers should give the FTC the ability to fine companies that violate consumers’ privacy and provide the agency with more resources; and (ii) a federal law should cover entities of all sizes and clarify what secondary and third-party uses of data are permissible.
Among other things, the hearing also discussed topics addressing: (i) GDPR open investigations; (ii) support for state Attorney General enforcement rights; (iii) privacy protections for children, including the strengths and weaknesses of the Children’s Online Privacy Protection Act, particularly with respect to children ages 13 and older; and (iv) consumers’ rights to control their personal data.
Global technology companies testify before Senate Commerce Committee on need for federal consumer data privacy legislation
On September 26, the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “Examining Safeguards for Consumer Data Privacy” to discuss whether federal lawmakers should write a broad federal online privacy law in the wake of the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of 2018, which was amended on September 23. Committee Chairman, Senator John Thune, noted that the September 26 hearing was the first in a series of hearings the Committee plans to hold to discuss consumer data privacy concerns. Testifying before the Committee were executives representing six global technology and telecommunications companies who all agreed that there is a need for federal consumer privacy safeguards that would give consumers more control over the way their data is used. The witnesses also supported the idea of engaging in further discussions with the Committee regarding the FTC’s enforcement powers under its current authority to determine whether the agency needs more resources and tools to carry out its responsibilities effectively. However, the witnesses cautioned that Congress needed to strike an appropriate balance between industry accountability and giving government agencies unchecked power. The witnesses also voiced their opposition to proposed legislation that would require businesses to notify consumers of data breaches within 72 hours of their discovery.
Among other things, the hearing also discussed topics addressing: (i) GDPR compliance burdens; (ii) the need for federal privacy laws to preempt the growing “patchwork” of inconsistent state laws; (iii) pitfalls of mandatory opt-in requirements for consumers; (iv) data use transparency and mandatory disclosures; and (v) efforts undertaken by companies to monitor violations of the Children’s Online Privacy Protection Act, particularly with respect to both in-house and third-party apps offered by the several of the witnesses’ companies.
On August 23, the Senate Banking Committee approved, in a 13-12 party-line vote, Kathy Kraninger to be the next Director of the CFPB, which carries a five-year term. Kraninger’s nomination next moves to the full Senate. Acting Director, Mick Mulvaney, will remain in his position for the foreseeable future, as the Federal Vacancies Reform Act allows him to continue in his acting capacity until the full Senate confirms or denies Kraninger’s nomination.
In July, Kraninger testified before the Senate Banking Committee where she fielded questions covering a range of topics, including whether she would appeal a June ruling by a federal judge in New York asserting that the CFPB’s structure was unconstitutional. While Kraninger did not provide a substantive answer to that question, she did comment that, “Congress, through [the] Dodd-Frank Act, gave the Bureau incredible powers and incredible independence from both the president and the Congress in its structure. . . . My focus is on running the agency as Congress established it, but certainly working with members of Congress. I’m very open to changes in that structure that will make the agency more accountable and more transparent.” See more detailed InfoBytes coverage on Kraninger’s July nomination hearing here.
On May 24, President Trump signed the Economic Growth, Regulatory Relief, and Consumer Protection Act (S. 2155) (the bill) — which modifies provisions of the Dodd-Frank Act and eases certain regulations on certain smaller banks and credit unions. Upon signing, the White House released a statement quoting the president, “[c]ommunity banks are the backbone of small business in America. We are going to preserve our community banks.”
The House, on May 22, passed the bipartisan regulatory reform bill by a vote of 258-159. The bill was crafted by Senate Banking, Housing, and Urban Affairs Committee Chairman Mike Crapo, R-Idaho and passed by the Senate in March. The House passed the bill without any changes to the Senate version, even though House Financial Services Chairman, Jeb Hensarling, originally pushed for additional reform provisions to be included. Specifically, the bill does not include certain provisions that were part of Hensarling’s Financial CHOICE Act, such as (i) a complete repeal of the Volker Rule; (ii) subjecting the CFPB to the Congressional appropriations process and restructure the agency with a bipartisan commission; and (iii) reducing the Financial Stability Oversight Council’s (FSOC) authority to designate nonbank financial institutions as Systemically Important Financial Institutions (SIFIs).
In response to the bill’s passage, the OCC’s Comptroller of Currency, Joseph Otting, issued a statement supporting the regulatory changes and congratulating the House, “[t]his bill restores an important balance to the business of banking by providing meaningful reductions of regulatory burden for community and regional institutions while safeguarding the financial system and protecting consumers.” Additionally, acting Director of the CFPB, Mick Mulvaney, applauded Congress, noting that the reforms to mortgage lending were “long overdue” and called the bill “the most significant financial reform legislation in recent history.”
As previously covered by InfoBytes, the highlights of the bill include:
- Improving consumer access to mortgage credit. The bill’s provisions state, among other things, that: (i) banks with less than $10 billion in assets are exempt from ability-to-repay requirements for certain qualified residential mortgage loans held in portfolio; (ii) appraisals will not be required for certain transactions valued at less than $400,000 in rural areas; (iii) banks and credit unions that originate fewer than 500 open-end and 500 closed-end mortgages are exempt from HMDA’s expanded data disclosures (the provision would not apply to nonbanks and would not exempt institutions from HMDA reporting altogether); (iv) amendments to the S.A.F.E. Mortgage Licensing Act will provide registered mortgage loan originators in good standing with 120 days of transitional authority to originate loans when moving from a federal depository institution to a non-depository institution or across state lines; and (v) the CFPB must clarify how TRID applies to mortgage assumption transactions and construction-to-permanent home loans, as well as outline certain liabilities related to model disclosure use.
- Regulatory relief for certain institutions. Among other things, the bill simplifies capital calculations and exempts community banks from Section 13 of the Bank Holding Company Act if they have less than $10 billion in total consolidated assets. The bill also states that banks with less than $10 billion in assets, and total trading assets and liabilities not exceeding more than five percent of their total assets, are exempt from Volcker Rule restrictions on trading with their own capital.
- Protections for consumers. Included in the bill are protections for veterans and active-duty military personnel such as: (i) permanently extending from nine months to one year the protection that shields military personnel from foreclosure proceedings after they leave active military service; and (ii) adding a requirement that credit reporting agencies provide free credit monitoring services and credit freezes to active-duty military personnel. The bill also addresses the creation of an identity theft protection database. Additionally, the bill instructs the CFPB to draft federal rules for the underwriting of Property Assessed Clean Energy loans (PACE loans), which would be subject to the TILA ability-to-repay requirement.
- Changes for bank holding companies. Among other things, the bill raises the threshold for automatic designation as a SIFI from $50 billion in assets to $250 billion. The bill also subjects banks with $100 billion to $250 billion in total consolidated assets to periodic stress tests and exempts from stress test requirements entirely banks with under $100 billion in assets. Additionally, certain banks would be allowed to exclude assets they hold in custody for others—provided the assets are held at a central bank—when computing the amount such banks must hold in reserves.
- Protections for student borrowers. The bill’s provisions include measures to prevent creditors from declaring an automatic default or accelerating the debt against a borrower on the sole basis of bankruptcy or cosigner death, and would require the removal of private student loans on credit reports after a default if the borrower completes a loan rehabilitation program and brings payments current.
Each provision of the bill will take effect at various intervals from the date of enactment up to 18 months after.
Trump signs legislation repealing CFPB auto guidance, Mulvaney praises action; CFPB to reexamine ECOA requirements
On May 21, President Trump signed resolution S.J. Res. 57, which repeals CFPB Bulletin 2013-02 on indirect auto lending and compliance with the Equal Credit Opportunity Act (ECOA). The president’s signature completes the disapproval process under the Congressional Review Act (CRA), which began after the Government Accountability Office (GAO) issued a letter in December 2017 to Senator Pat Toomey (R-Pa) stating that “the Bulletin is a general statement of policy and a rule” that is subject to override under the CRA. The Senate passed the disapproval measure in April and the House approved it in the beginning of May. (Previously covered by InfoBytes here.)
The repeal responds to concerns that the bulletin improperly attempted to regulate auto dealers, which the Dodd-Frank Act excluded from the Bureau’s authority. In a statement after the president’s signing, CFPB acting Director Mick Mulvaney praised the action and thanked the president and Congress for “reaffirming that the Bureau lacks the power to act outside of federal statutes.” He also stated that the repeal “clarifies that a number of Bureau guidance documents may be considered rules for purposes of the CRA, and therefore the Bureau must submit them for review by Congress. The Bureau welcomes such review, and will confer with Congressional staff and federal agency partners to identify appropriate documents for submission.”
Additionally, acting Director Mulvaney announced plans to reexamine the requirements of ECOA, “[g]iven a recent Supreme Court decision distinguishing between antidiscrimination statutes that refer to the consequences of actions and those that refer only to the intent of the actor.” Although the decision is not identified, it is likely the June 2015 Supreme Court decision in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc., which concluded that disparate impact claims are permitted under the Fair Housing Act but acknowledged some limitations on its application. (Covered by a Buckley Sandler Special Alert.)
On May 8, the House voted to repeal, under the Congressional Review Act (CRA), CFPB Bulletin 2013-02 (Bulletin) on indirect auto lending and compliance with the Equal Credit Opportunity Act (ECOA). As previously covered by InfoBytes, the Senate approved the resolution on April 18 and the White House issued a Statement of Administrative Policy supporting the Senate resolution; it is expected that President Trump will sign the measure soon.
If the measure is successful, this would be the first time that Congress has used the CRA to repeal a regulatory issuance outside the statute’s general 60-day period. In December 2017, the Government Accountability Office (GAO) issued a letter to Senator Pat Toomey (R-Pa) stating that “the Bulletin is a general statement of policy and a rule” that is subject to override under the CRA, which allowed for the Senate to introduce the resolution measure years after the CFPB released the Bulletin.
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jessica L. Pollet to discuss "Law & compliance speedsmarts" at the American Financial Services Association Law & Compliance Symposium
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program