Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 16, the SEC’s Office of Compliance Inspections and Examinations issued a Risk Alert to discuss compliance issues related to Regulation S-P—the SEC’s primary rule regarding privacy notices and safeguard policies—and to provide assistance to registered investment advisors and broker-dealers (registrants) when issuing compliant privacy and opt-out notices. Regulation S-P requires registrants to provide customers with a clear and conspicuous notice accurately reflecting its privacy policies and practices, plus any options to opt out of sharing certain non-public personal information with nonaffiliated third parties. The notice must be sent annually throughout the duration of the customer relationship. Regulation S-P also requires registrants to implement written policies and practices reasonably designed to ensure that customer records and information are secure and protected against unauthorized access. The Risk Alert provides examples of common Regulation S-P compliance deficiencies and weaknesses, and advises registrants to “review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are compliant with Regulation S-P.”
On April 9, Senators Elizabeth Warren (D-Mass) and Sherrod Brown (D-Ohio) released responses to inquiries sent last month to the Federal Reserve Board, the OCC, and the CFPB, which expressed, among other things, concern about the level of response taken by a national bank regarding its auto-lending practices, as well as the bank’s remediation plans and compliance risk management efforts. In response, the regulators individually discussed the bank’s progress to satisfy its obligations under existing consent orders.
Federal Reserve Chairman Jerome Powell wrote that the asset cap imposed on the bank will remain in place until the bank has implemented—to the Board’s satisfaction—remedies to address risk management breakdowns. Powell noted that the bank and the Board are comprehensively addressing the progress.
OCC Comptroller Joseph Otting emphasized that the agency continues “to monitor the bank’s work to remediate deficiencies” identified in previously issued orders, and commented that while the OCC is disappointed with the bank’s current corporate governance and risk management programs, it “is fully engaged and prepared to bring [the bank’s] matters to resolution.”
CFPB Director Kathy Kraninger stated that “while the Bureau is working with [the bank] to ensure its compliance with the consent order, I am not satisfied with the [b]ank’s progress to date and have instructed staff to take all appropriate actions to ensure the [b]ank complies with the consent order and [f]ederal consumer financial law.”
CFPB and Federal Reserve update HMDA examination procedures; CFPB updates ECOA baseline review procedures
On April 1, the CFPB and the Federal Reserve Board (Federal Reserve) issued revisions to the HMDA examination procedures covering data collected since January 1, 2018, under the HMDA amendments issued by the Bureau in October 2015 and August 2017, as well as section 104(a) of the Economic Growth, Regulatory Relief, and Consumer Protection Act (implemented and clarified by the 2018 HMDA Rule, which was covered by InfoBytes in August 2018 here.) According to the Federal Reserve’s CA 19-5, the HMDA examination updates include, (i) Narrative, Examination Objectives, and Examination Procedure sections that were developed by the Task Force on Consumer Compliance of the FFIEC; (ii) Review of Compliance Management System, Examination Conclusions and Wrap-Up, and Examination Checklist sections that were developed in consultation with the FDIC and the OCC; and (iii) sampling, verification, and resubmission procedures. With regard to HMDA data collected prior to January 1, 2018, institutions will continue to be examined according to the interagency HMDA examination procedures “transmitted with CA 09-10 and the HMDA sampling and resubmission procedures transmitted with CA 04-4.”
Additionally, in April, the CFPB also released updated ECOA baseline review procedures. The procedures consist of five modules: (i) Fair Lending Supervisory History; (ii) Fair Lending Compliance Management System (CMS); (iii) Fair Lending Risks Related to Origination; (iv) Fair Lending Risks Related to Servicing; and (v) Fair Lending Risks Related to Models. According to the Bureau, all exams will cover the Fair Lending CMS module and additional modules will be assigned depending on the scope of examination.
In March, the CFPB updated its examination procedures for short-term, small-dollar lending (payday lending) in its Supervision and Examinations Manual. The procedures are comprised of modules and each examination will cover one more module. Prior to using the procedures, examiners will complete a risk assessment and examination scope memorandum, which will assist in determining which of the five modules the exam will cover: (i) marketing; (ii) application and origination; (iii) payment processing and sustained use; (iv) collections, accounts in default, and consumer reporting; and (v) service provider relationships. The examinations will review for potential violations of TILA, EFTA, FDCPA, FCRA, ECOA, UDAAP, and Gramm-Leach-Bliley Act (GLBA), all of which apply to payday lending.
On March 12, the CFPB released its winter 2019 Supervisory Highlights, which outlines its supervisory and enforcement actions in the areas of auto loan servicing, deposits, mortgage servicing, and remittances. The findings of the report cover examinations that generally were completed between June 2018 and November 2018. Highlights of the examination findings include:
- Auto Loan Servicing. The Bureau determined that attempts to collect miscalculated deficiency balances from extended warranty products were unfair. The Bureau also found that deficiency notices were deceptive where eligible rebates were not sought or applied, although the notice purported to be calculated to include such rebates.
- Deposits. The Bureau found that companies engaged in a deceptive act or practice by failing to adequately disclose that when a payee accepts only a paper check through the institutions online bill-pay service, a debit may occur earlier than the date selected by the consumer.
- Mortgage Servicing. The Bureau noted several issues related to mortgage servicing, including servicers (i) charging consumers late fees greater than the amount permitted by mortgage notes; (ii) misrepresenting the reasons PMI could not be cancelled; and (iii) failing to complete loss mitigation applications with “reasonable diligence.”
- Remittances. The Bureau determined that remittance transfer providers erred when they failed to refund fees and taxes when funds were not made available to recipients by the date listed in the disclosure and the mistake did not result from one of the exceptions listed in the Remittance Rule.
The report notes that in response to most examination findings, the companies have already remediated or have plans to remediate affected consumers, and implement corrective actions, such as new policies and procedures.
Lastly, the report also highlights recent public enforcement actions and guidance documents issued by the Bureau.
On March 6, the FTC’s Office of Legal Counsel warned recipients that subpoenas and civil investigative demands (CID) issued by the agency are legally enforceable demands and should be taken seriously. The FTC stated it is willing “to work with parties and their counsel to determine the scope of the agency’s subpoena or CID and a timeframe for compliance” and issued a reminder that under the FTC’s Rules of Practice, parties are required to meet and confer to identify issues or concerns that may affect a party’s ability to comply. The FTC additionally discussed measures the Office of Legal Counsel may undertake in order to compel compliance, including the possibility of federal court action.
On February 28, the Federal Reserve Board announced an enforcement action against a bank holding company for alleged internal control deficiencies, resulting in unsafe and unsound practices in violation of the Federal Deposit Insurance Act that caused a financial loss to the company. The consent order acknowledges that the company has since addressed the deficiencies that contributed to the loss and implemented additional improvements in its internal controls and audit programs. The Federal Reserve Board assessed a civil money penalty of $1,012,500.
On March 5, U.S. Senate Democrats issued a letter urging CFPB Director, Kathy Kraninger, to resume reviews for compliance with the Military Lending Act (MLA) during routine lender examinations. The Senators argue that the existing statutory authorities for the Bureau “are more than sufficient to justify including MLA compliance in routine examinations,” in an apparent response to Kraninger’s January request to Congress to grant the Bureau “clear authority” to conduct the examinations. (Covered by InfoBytes here.) The Senators cite to Section 1024(b)(1)(C) of the Dodd-Frank Act, which states that the Bureau “shall require reports and conduct examinations on a periodic basis . . . for purposes of . . . detecting and assessing risks to consumers and to markets for consumer financial products and services,” and asserts that charging servicemembers and their families more than 36 percent in violation of the MLA is “clearly a risk” to consumers. Concluding that the CFPB has all the authority it needs to include the MLA in routine examinations, the Senators request the Bureau provide a full justification of the leadership’s decision to not review for compliance with the MLA by March 8.
On February 27, the CFPB released new technical specifications for prepaid account issuers to use when submitting account agreements pursuant to the prepaid account rule. Issuers can now register to use the new electronic submission system “Collect” before the April 1, 2019 effective date of the Bureau’s prepaid rule. (See previous InfoBytes coverage on the prepaid rule here.) The Bureau reminded issuers that all prepaid account agreements offered as of April 1, 2019, must be submitted to the CFPB by May 1, 2019. After May 1, issuers are required to make rolling submissions to the Bureau within 30 days whenever a new agreement is offered, amendments are made to a previously submitted agreement, or a previously submitted agreement is withdrawn. Along with the technical specifications, the Bureau also released several compliance resources, including a user guide, quick reference guide, FAQs and a recorded webinar.
In February, the CFPB released an updated version of the Supervision and Examination Manual, which includes changes to the examination and targeted reviews section of the manual. The Bureau noted that the purpose of a risk-focused review is to direct Bureau resources toward the areas with higher risk. The updated manual section covers the review process from start to finish, beginning with the pre-review planning and concluding with the transmission of the final report or letter. The February updates also include the release of new examination report and supervisory letter templates.
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program