Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 17, the CFPB issued a statement from Bureau Director Kathy Kraninger announcing she has asked Congress to grant the Bureau “clear authority to supervise for compliance with the Military Lending Act (MLA).” The statement expresses Kraninger’s interest in protecting servicemembers and their families and notes the requested authority would complement the Bureau’s MLA enforcement work. The announcement acknowledges the recently introduced House legislation, H.R. 442, which would directly grant the Bureau supervisory authority over the MLA, and also includes suggested draft legislation the Bureau sent to both the U.S. House of Representatives and the U.S. Senate (here and here). The draft legislation would amend the Consumer Financial Protection Act to include a section providing the Bureau “nonexclusive authority to require reports and conduct examinations on a periodic basis” for the purposes of (i) assessing compliance with the MLA; (ii) obtaining information about the compliance systems or procedures associated with the law; and (iii) detecting and assessing associated risks to consumers and to markets.
As previously covered by InfoBytes, in August 2018, then acting Director Mick Mulvaney internally announced the Bureau would cease supervisory examinations of the MLA, contending the law did not explicitly grant the Bureau the authority to examine financial institutions for compliance. A bipartisan coalition of 33 state Attorneys General wrote to Mulvaney expressing concern over the decision and after her confirmation, a group of 23 House Democrats urged Kraninger to resume the examinations. (Covered by InfoBytes here and here.)
The Bureau’s request that Congress grant it authority to examine for compliance with the MLA suggests that it does not intend to do so unless Congress acts.
On December 18, NYDFS announced a $15 million settlement with an international bank and its New York branch resolving allegations stemming from an investigation into the governance, controls, and corporate culture relating to the bank’s whistleblower program. According to the announcement, NYDFS’ investigation determined that several members of senior management failed to follow or apply the bank’s whistleblower policies and procedures, which allegedly allowed the bank’s CEO to attempt to identify the author(s) of two whistleblowing letters criticizing his and bank’s management’s roles in recruiting and employing a recently hired senior executive. Additionally, the investigation found that, in alleged violation of New York Banking Law, the bank (i) failed to devise and implement effective governance and controls with respect to the whistleblower program; and (ii) failed to submit a report to NYDFS immediately upon discovering misconduct.
NYDFS acknowledged the bank’s substantial cooperation in the investigation, including engaging an outside consultant to perform an independent review of the whistleblowing policies, processes, and controls. Additionally NYDFS stated the bank has already addressed certain deficiencies noted in the Consent Order, including implementing (i) procedures which recognize that concerns raised outside whistleblowing channels may nevertheless constitute whistleblows; (ii) procedures which would avoid escalating a whistleblow to the subject of the concern; and (c) procedures to preserve whistleblower anonymity. In addition to the $15 million penalty, the bank must create a written plan to improve compliance and oversight of the whistleblower program and submit a report to NYDFS that contains all instances of whistleblower complaints since January 2017, attempts to identify whistleblowers, and any reported or sustained instances of whistleblower retaliation.
On December 14, Maxine Waters (D-CA) and 22 other House Democrats issued a letter urging the new CFPB Director, Kathy Kraninger, to resume supervisory examinations of the Military Lending Act (MLA). As previously covered by InfoBytes, according to reports citing “internal agency documents,” the Bureau ceased supervisory examinations of the MLA, contending the law does not authorize the Bureau to examine financial institutions for compliance with the MLA. In response, a bipartisan coalition of 33 state Attorneys General sent a letter to then acting Director, Mick Mulvaney, expressing concern over the decision (covered by InfoBytes here).
The letter from Waters, who is expected to be the next chair of the House Financial Services Committee, and the other 22 Democratic members of the Committee, argues that “there is no question the [CFPB] has the authority and the responsibility to supervise its regulated entities for compliance with the MLA.” As support, the letter cites to the Bureau’s authority to oversee a “wide range of regulated entities,” the establishment of the Bureau’s Office of Servicemember Affairs, and the 2013 amendments to the MLA, which gave the Bureau the authority to enforce the act. The letter also points to the Bureau’s work obtaining $130 million in relief for servicemembers, veterans, and their families through enforcement actions, as well as the 109 complaints the Bureau has received from military consumers since 2011.
On December 10, the CFPB released a new proposed policy on No-Action Letters (NAL) and a new federal product sandbox. The new NAL proposal, which would replace the 2016 NAL policy, is “designed to increase the utilization of the Policy and bring certain elements more in line with similar no-action letter programs offered by other agencies.” The proposal consists of six sections. Highlights include:
- Description of No-Action Letters. The letter would indicate to the applicant, that subject to good faith, substantial compliance with the terms of the letter, the Bureau would not bring a supervisory or enforcement action against the recipient for offering or providing the described aspects of the product or service covered by the letter.
- Submitting Applications. The proposal includes a description of the items an application should contain and invites applications from trade associations on behalf of their members, and from service providers and other third parties on behalf of their existing or prospective clients.
- Assessment of Applications. The Bureau intends to grant or deny an application within 60 days of notifying the applicant that the application is deemed complete.
- Issuing No-Action Letters. NALs will be signed by the Assistant Director of the Office of Innovation or other members in the office, and will be duly authorized by the Bureau. The Bureau may revoke a NAL in whole or in part, but before the Bureau revokes a NAL, recipients will have an opportunity to cure a compliance failure within a reasonable period.
- Regulatory Coordination. In order to satisfy the coordination requirements under Dodd-Frank, the Bureau notes it is interested in partnering with state authorities that issue similar forms of no-action relief in order to provide state applicants an alternative means of also receiving a letter from the Bureau.
- Disclosure of Information. The Bureau intends to publish NALs on its website and in some cases, a version or summary of the application. The Bureau may also publish denials and an explanation of why the application was denied. The policy notes that disclosure of information is governed by the Dodd-Frank Act, FOIA and the Bureau’s rule on Disclosure of Records and Information, which generally would prohibit the Bureau from disclosing confidential information.
Notable changes from the 2016 NAL policy include, (i) NALs no longer have a temporal duration—under the new proposal, there is no temporal limitation except in instances of revocation; (ii) applicants are no longer are required to commit to sharing data about the product or service covered by the application; and (iii) the letters are no longer staff recommendations, but issued by authorized officials in the Bureau to provide recipients greater assurance of the relief.
The proposal also introduces the Bureau’s “Product Sandbox,” which offers substantially the same relief as the NAL proposal but also includes: (i) approvals under one or more of three statutory safe harbor provisions of TILA, ECOA, or the EFTA; and (ii) exemptions by order from statutory provisions of ECOA, HOEPA, and FDIA, or regulatory provisions that do not mirror statutory provisions under rulemaking authority. The proposal notes that two years is the expected duration for participation in the Sandbox, but similar to the no-action relief above, the no-action relief from the Sandbox program can be of unlimited duration—if approved under the sandbox program, “the recipient would be immune from enforcement actions by any Federal or State authorities, as well as from lawsuits brought by private parties.”
Comments on the proposals are due within 60 days of publication in the Federal Register.
On November 9, the CFPB issued its semi-annual report to Congress, covering the Bureau’s work from October 1, 2017 to March 30, 2018. The report, which is required by the Dodd-Frank Act, addresses, among other things, problems faced by consumers with regard to consumer financial products or services; significant rules and orders adopted by the Bureau; and various supervisory and enforcement actions taken during the majority of acting Director Mick Mulvaney’s tenure. Specifically, the report includes (i) a summary of five “significant” state Attorney General actions pursuant to Section 1042 of the Dodd-Frank Act, which allows states to enforce the federal law; (ii) a review of the Bureau’s fair lending efforts, noting that it “conducted fewer fair lending supervisory events. . .than in the prior period,” but “cleared a substantially higher number of MRAs or MOU items from past supervisory events than in the prior period”; (iii) a discussion of non-prime and secured credit cards marketed to consumers; and (iv) a list of upcoming initiatives, which includes requests for information regarding, among other things, the Bureau’s consumer complaint and consumer inquiry handling processes, the Bureau’s inherited regulations and inherited rulemaking authorities, the Bureau’s adopted regulations and new rulemaking authorities, Bureau rulemaking processes, Bureau public reporting practices of consumer complaint information, Bureau external engagements, the Bureau’s supervision program, and the Bureau’s enforcement processes.
Notably, the report also discusses the budget for FY 2018, acknowledging the unusual January 2018 request for zero dollars in funding for the Bureau’s quarterly operations (previously covered by InfoBytes here). As for FY 2019, Mulvaney most recently requested nearly $173 million for Q1, which is still significantly below former Bureau Director Richard Cordray’s FY 2017 Q1 request of $217 million.
On November 2, the Federal Reserve Board (Board) finalized a new supervisory rating system for large financial institutions that is aligned to the core areas supporting qualifying institutions’ safety and soundness and is effective February 1, 2019. Supervisors will use the new rating system to assign confidential ratings for “all domestic bank holding companies and non-insurance, non-commercial savings and loan holding companies with $100 billion or more in total consolidated assets”—an increase from the $50 billion threshold proposed originally. The Board stated that the new rating system “will also apply to U.S. intermediate holding companies of foreign banking organizations with $50 billion or more in total consolidated assets.” The new rating system is designed to (i) better align with current Board supervisory programs and practices; (ii) “[e]nhance the clarity and consistency of supervisory assessments and communications of supervisory findings and implications”; and (iii) “provide transparency related to the supervisory consequences of a given rating.”
According to the Board, supervisors will continue to apply the existing rating system to bank holding companies with less than $100 billion in total consolidated assets, as well as to non-insurance, non-commercial savings and loan holding companies who do not meet the $100 billion total consolidated asset minimum threshold.
On October 29, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver, and Consent (AWC), fining a broker-dealer $2.75 million for identified deficiencies in its anti-money laundering (AML) program. According to FINRA, design flaws in the firm’s AML program allegedly resulted in the firm’s failure to properly investigate (i) certain third-party attempts to gain unauthorized access to its electronic systems, and (ii) other potential illegal activity, which should have led to the filing of Suspicious Activity Reports (SARs). FINRA notes that this failure primarily stemmed from the firm's use of an inaccurate “fraud case chart,” which provided guidance to employees about investigating and reporting requirements related to suspicious activity where third parties use “electronic means to attempt to compromise a customer's email or brokerage account.” Consequently, FINRA alleges that the firm failed to file more than 400 SARs and did not investigate certain cyber-related events. Among other things, FINRA also asserts that the firm failed to file or amend forms U4 or U5, which are used to report certain customer complaints, due to an overly restrictive interpretation of a requirement that complaints contain a claim for compensatory damages exceeding $5,000.
The firm neither admitted nor denied the findings set forth in the AWC agreement, but agreed to address identified deficiencies in its programs.
On October 22, the Federal Reserve Board (Board) entered into a written agreement with an Oklahoma state chartered bank, which outlines a compliance proposal to “maintain the financial soundness” of the bank. The agreement requires the bank to submit, within 60 days, written plans to improve various aspects of the bank’s functions including, but not limited to, (i) internal controls; (ii) credit risk management; (iii) liquidity and funds management; (iv) interest rate risk management; (v) information technology/cybersecurity; and (vi) BSA/AML compliance. The agreement also prevents the bank from extending, renewing, or restructuring any credit for any borrower whose loans or other extensions of credit were part of the Board’s examination critiques, without prior approval from the board of directors, who are required to document the reasons for the credit extension and certify its compliance with the terms of the agreement.
On October 23, a bipartisan coalition of 33 state Attorneys General sent a letter to acting Director of the CFPB, Mick Mulvaney, expressing concern over reports that the Bureau is no longer supervising financial institutions for compliance with the Military Lending Act (MLA). The Attorneys General wrote that the Bureau would be “failing to abide by its statutorily mandated duty to enforce the MLA” by interpreting its authority to preclude the examination of lenders for compliance with the act. Specifically, the Attorneys General point to recent amendments to the MLA providing that the statute “shall be enforced” by the Bureau (among other agencies) “under any . . . applicable authorities available to the [Bureau].” This includes the authority to examine lenders “to ‘detect and assess risks to consumers.” According to the Attorneys General, the origination of non-MLA compliant loans to servicemembers constitutes such a risk.
On September 25, the CFPB issued Bulletin 2018-01, which announces changes to how it communicates supervisory expectations to institutions. According to the bulletin, effective immediately, examination reports and supervisory letters will include two categories of findings that convey supervisory expectations: (i) Matters Requiring Attention (MRAs); and (ii) Supervisory Recommendations (SRs). MRAs will continue to be used to outline specific goals for institutions to accomplish in order to correct violations of law, remediate harmed consumers, and address compliance management system (CMS) weaknesses, and will include timeframes for companies to report on its efforts to address MRAs and timeframes for implementation. SRs will be used when the Bureau has not identified violations of law but noted weaknesses in CMS and will contain recommended actions to address weaknesses. The bulletin notes that neither MRAs nor SRs are legally enforceable, but emphasizes the Bureau will consider an institution’s response in addressing the noted concerns when assessing a compliance rating, prioritizing future supervisory work, or assessing the need for an enforcement action.
- Buckley Webcast: Tips for this year’s FHA annual recertification and what the shutdown means
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference
- Melissa Klimkiewicz to discuss "RESPA-compliant marketing" at NEXT
- Daniel P. Stipano to provide "Update on AML/SAR reporting and enforcement" at an Mortgage Bankers Association webinar
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Successors in interest updates" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference