Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On February 13, Senate Committee on Banking, Housing, and Urban Affairs Chairman Mike Crapo (R-ID) and Ranking Member Sherrod Brown (D-OH) invited stakeholder feedback on “the collection, use and protection of sensitive information from financial regulators and private companies” as a means of informing potential future legislation. In a press release issued by the committee, Crapo noted, “Given the exponential growth and use of data, and corresponding data breaches, it is worth examining how the Fair Credit Reporting Act should work in a digital economy, and whether certain data brokers and other firms serve a function similar to the original consumer reporting agencies.” He further stressed the importance of understanding how consumer data is compiled and protected, and how consumers are able to access and correct sensitive information. The release sought answers to five questions designed to help examine ways in which legislation, regulation, or the implementation of best practices can (i) provide consumers better control over their financial data, as well as timely data breach notifications; (ii) ensure consumers receive disclosures concerning both the type of information being collected and its purpose for collection; (iii) provide consumers control over how their data is being used—including the sharing of information by third-parties; (iv) protect consumer data and ensure the accuracy of reported information in a consumer’s credit file; and (v) allow consumers the ability to “easily identify and exercise control of data that is being . . . collected and shared” as a determining factor when establishing whether a consumer is eligible for, among other things, credit or employment.
On February 1, Chairman of the Senate Banking, Housing, and Urban Affairs Committee, Mike Crapo (R-ID) released an outline for a sweeping legislative overhaul of the U.S. housing finance system. Most notably, the plan would end the Fannie Mae and Freddie Mac (GSEs) conservatorships, making the GSEs private guarantors while also allowing other nonbank private guarantors to enter the market. Highlights of the proposal include:
- Guarantors. The GSEs would be private companies, competing against other nonbanks for mortgages, subject to a percentage cap. The multifamily arms of the GSEs would be sold and operated as independent guarantors. Consistent with current GSE policy, the eligible mortgages would, among other things, be subject to loan limits set by FHFA and would be required to have an LTV of no more than 80 percent unless the borrower obtains private mortgage insurance.
- Regulation of Guarantors. FHFA, structured as a bi-partisan board of directors, would charter, regulate, and supervise all private guarantors, including the former GSEs. FHFA would be required to create prudential standards that include (i) leverage requirements; (ii) if appropriate, risk-based capital requirements; (iii) liquidity requirements; (iv) overall risk management requirements; (v) resolution plan requirements; (vi) concentration limits; and (vii) stress tests. Guarantors would be allowed to fail.
- Ginnie Mae. Ginnie Mae would operate the mortgage securitization platform and a mortgage insurance fund. Additionally, Ginnie Mae would provide a catastrophic government guarantee to cover tail-end risk, backed by the full-faith and credit of the U.S.
- Transition. In addition to a cap on the percent of all outstanding eligible mortgages, the legislation would require guarantors to be fully capitalized within an unspecified number of years after enactment.
- Affordable housing. Current housing goals and duty-to-serve requirements would be eliminated and replaced with a “Market Access Fund,” which is intended to address the homeownership and rental needs of underserved and low-income communities.
As previously covered by InfoBytes, on January 29, Chairman Crapo released the Senate Banking Committee’s agenda, which also prioritizes housing finance reform.
On January 29, the Chairman of the Senate Banking, Housing, and Urban Affairs Committee, Mike Crapo (R-ID), outlined his upcoming committee agenda, which prioritized housing finance. Specifically, Crapo stated “housing finance reform is the last piece of unaddressed business from the financial crisis,” emphasizing that the continued conservatorship of Fannie Mae and Freddie Mac should be addressed with bipartisan legislation to establish better taxpayer protection and increase competition among mortgage guarantors. Crapo also highlighted, among other things, potential legislative needs for (i) capital markets, specifically legislation that would encourage capital formation and reduce burdens for smaller businesses; (ii) data breaches and solutions to provide consumers greater control over their financial data; (iii) credit bureau reform to make it easier for consumers to interface with credit bureaus generally and dispute inaccuracies; and (iv) improvements in the regulatory landscape covering fintech innovation. Crapo also acknowledged the upcoming expiration of the National Flood Insurance Program in May, noting that the program was extended ten times last Congress, and any significant reforms need to balance taxpayer interest with the assistance of consumers.
The Committee will continue to provide ongoing oversight over the federal financial regulatory agencies, including whether the regulations, guidance and supervisory expectations are consistent with the intent of the sponsors of the Economic Growth, Regulatory Relief, and Consumer Protection Act. Additionally, the Committee will (i) continue its review of the “benefits of agencies that have a bipartisan commission, rather than a single director; a Congressional funding mechanism; and a safety and soundness focus,” and (ii) conduct oversight into financial companies’ actions with regard to access to credit, including whether companies withhold access to customers and industries they disfavor.
On January 25, top Democratic Congressional leaders, Maxine Waters and Sherrod Brown, wrote to acting Director of the FHFA, Joseph Otting, requesting that he clarify and expand on his reported remarks concerning the administration’s plan to move Fannie Mae and Freddie Mac (collectively, “GSEs”) out of conservatorship. Specifically, Otting reportedly told FHFA employees that he would soon announce a plan to move the GSEs out from under government control and that he was given a “clear mission” outlined by Treasury and the White House of “what they want to accomplish” with the agency. Waters and Brown expressed concern about Otting’s ability to lead the agency independently based on these comments, as well as a recent filing of the agency with the U.S. Court of Appeals for the 5th Circuit stating that the agency would no longer defend the constitutionality of the FHFA’s structure. (Covered by InfoBytes here.) Waters and Brown also requested that Otting submit by February 1 a copy of the “mission that Treasury and the White House have outlined.” In response, Otting stated that he appreciated the Democratic leaders’ interest in housing finance, outlined the statutory duties of the FHFA, and welcomed input as they “begin the journey of evaluating the Enterprises and developing a framework for ending conservatorship.”
As previously covered by InfoBytes, in June 2018, the White House announced a government reorganization plan titled, “Delivering Government Solutions in the 21st Century: Reform Plan and Reorganization Recommendations.” The plan covers a wide-range of government reorganization proposals, including a proposal to end the conservatorship of the GSEs and fully privatize the companies.
On November 29, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Money Laundering and Other Forms of Illicit Finance: Regulator and Law Enforcement Perspectives on Reform” to discuss efforts to improve the Bank Secrecy Act/anti-money laundering (BSA/AML) regulatory, supervisory, and enforcement regime. Committee Chairman Mike Crapro, R-Idaho, opened the hearing by emphasizing the need for a continued dialogue on modernizing the BSA/AML regime to “encourage the innovation necessary to combat illicit financing while also encouraging regulators to focus on more tangible threats, and law enforcement to increase interagency cooperation and improve information sharing throughout the process.”
Among other things, Financial Crimes Enforcement Network (FinCEN) Director Kenneth A. Blanco highlighted the following three key priorities as part of FinCEN’s “multi-prong approach” to the regulatory reform process: (i) examining and understanding the value and effectiveness of the BSA through data-driven analysis in conjunction with both considering changes to enhance efficiency (such as evaluating suspicious activity and currency transaction reporting requirements) and engaging with regulators through, for example, monthly meetings with the FFIEC’s Anti-Money Laundering Working Group; (ii) “promot[ing] responsible innovation and creative solutions to combat money laundering and terrorist financing” by exploring ways to collaborate with financial institutions to improve AML/countering the financing of terrorism compliance, fostering innovation, and leveraging technology while also minimizing vulnerabilities; and (iii) “[e]nhancing public-private partnerships that reveal and mitigate vulnerabilities” and sharing information with the private sector to help identify suspicious activity.
OCC Compliance and Community Affairs Senior Deputy Comptroller Grovetta N. Gardineer discussed the agency’s efforts to enhance the efficiency of its current supervisory practices, and commented on how new technologies such as artificial intelligence and machine learning provide opportunities for banks to cut costs and identify suspicious activity. Gardineer also highlighted the OCC’s Money Laundering Risk System, which allows for the identification of potentially higher-risk community bank areas by “identifying the products and services offered by these institutions, as well as the customers and geographies they serve.” In addition, Gardineer offered recommendations for BSA amendments to improve supervisory efforts, such as (i) requiring a periodic review of BSA/AML regulations to identify those that may be outdated or burdensome; (ii) amending BSA safe harbor rules to clarify that a financial institution can file a suspicious activity report without being exposed to civil liability; and (iii) expanding safe harbor to permit information sharing beyond money laundering and terrorism financing between financial institutions without incurring liability. Moreover, Gardineer stated that FinCEN’s notice requirement with respect to information-sharing under section 314(b) of the USA Patriot Act should be eliminated or modified in order to enhance institutions’ ability to share information.
FBI Criminal Investigative Division Section Chief Steven M. D'Antuono also discussed, among other things, the Treasury Department’s recent Customer Due Diligence Final Rule (see previous InfoBytes coverage here), and stated that the Rule is “a step toward a system that makes it difficult for sophisticated criminals to circumvent the law through use of opaque corporate structures.”
On August 23, the Senate Banking Committee approved, in a 13-12 party-line vote, Kathy Kraninger to be the next Director of the CFPB, which carries a five-year term. Kraninger’s nomination next moves to the full Senate. Acting Director, Mick Mulvaney, will remain in his position for the foreseeable future, as the Federal Vacancies Reform Act allows him to continue in his acting capacity until the full Senate confirms or denies Kraninger’s nomination.
In July, Kraninger testified before the Senate Banking Committee where she fielded questions covering a range of topics, including whether she would appeal a June ruling by a federal judge in New York asserting that the CFPB’s structure was unconstitutional. While Kraninger did not provide a substantive answer to that question, she did comment that, “Congress, through [the] Dodd-Frank Act, gave the Bureau incredible powers and incredible independence from both the president and the Congress in its structure. . . . My focus is on running the agency as Congress established it, but certainly working with members of Congress. I’m very open to changes in that structure that will make the agency more accountable and more transparent.” See more detailed InfoBytes coverage on Kraninger’s July nomination hearing here.
CFPB Succession: Kraninger testifies before Senate Banking Committee; Bureau nominates Paul Watkins to lead Office of Innovation
On July 19, the Senate Banking Committee held a confirmation hearing for Kathy Kraninger on her nomination as permanent director of the CFPB. Prior to the hearing, the White House issued a fact sheet asserting that “Kraninger has the management skills and policy background necessary to reform and refocus the Bureau.” In her written testimony Kraninger shared four initial priorities: (i) the Bureau should be fair and transparent, utilize a cost benefit analysis to facilitate competition, and effectively use notice and comment rulemaking to ensure the proper balance of interests; (ii) the Bureau should work closely with other regulators and states to “take aggressive action against bad actors who break the rules by engaging in fraud and other illegal activities”; (iii) data collection will be limited to what is needed and required under the law and measures will be taken to ensure the protection of the data; and (iv) the Bureau will be held accountable to the public for its actions, including its expenditure of resources.
Chairman of the Committee Senator Mike Crapo, R-Idaho, remarked in his opening statement that he hoped Kraninger “will be more accountable to senators on this Committee than Director Cordray was” but that he had “the utmost confidence that she is well-prepared to lead the Bureau in enforcing federal consumer financial laws and protecting consumers in the financial marketplace.” Conversely, Senator Elizabeth Warren, D-Mass., released a staff report prior to the hearing detailing Kraninger’s tenure at OMB and identifying her participation in several alleged management failures in the current administration.
During the hearing, Kraninger received questions covering a range of topics, including whether she would appeal last month’s ruling by a federal judge in New York that the CFPB’s structure was unconstitutional. (See previous InfoBytes coverage on the ruling here.) Kraninger responded that constitutionality questions are “not for me in this position to answer.” However, Kraninger did comment that “Congress, through [the] Dodd-Frank Act, gave the Bureau incredible powers and incredible independence from both the president and the Congress in its structure. . . . My focus is on running the agency as Congress established it, but certainly working with members of Congress. I’m very open to changes in that structure that will make the agency more accountable and more transparent.” Kraninger also commended recent efforts by the OCC to encourage banks to make small-dollar loans, discussed plans to consult Bureau staff on the use of the disparate impact theory in enforcement, and stated she will seek to promote the agency’s regulatory views through formal rulemaking instead of through enforcement.
On July 18, acting Director of the CFPB Mick Mulvaney announced the selection of Paul Watkins to lead the Bureau’s new Office of Innovation. The Office of Innovation—a recent addition to the Bureau—will focus on policies for facilitating innovation, engage with entrepreneurs and regulators, and review outdated or unnecessary regulations. Specifically, the Office of Innovation will replace what was previously known as Project Catalyst, which was—as previously discussed in InfoBytes—responsible for facilitating innovation in consumer financial services. Prior to joining the Bureau, Watkins worked for the Arizona Attorney General and helped launch the first state regulatory sandbox for fintech innovation. (See previous InfoBytes coverage on Arizona’s regulatory sandbox here.) Earlier in May, Mulvaney announced at a luncheon hosted by the Women in Housing & Finance that the Bureau is working to build its own regulatory sandbox program, and last year the agency took steps to make it easier for emerging technology companies to comply with federal rules by issuing its first “no action letter.”
Federal Reserve chair delivers semi-annual congressional testimony, discusses U.S. financial conditions and regulatory relief act
On July 17, Federal Reserve Chair Jerome Powell testified before the Senate Banking Committee and spoke the next day before the House Financial Services Committee. In his semi-annual congressional testimony, Powell presented the Federal Reserve’s Monetary Policy Report, and discussed the current economic situation, job market, inflation levels, and the federal funds rate. Powell stressed, among other things, that interest rates and financial conditions remain favorable to growth and that the financial system remains in a good position to meet household and business credit needs. Chairman of the Committee, Senator Mike Crapo, R-Idaho, remarked in his opening statement that, while recent economic developments are encouraging, an effort should be made to focus on reviewing, improving, and tailoring regulations to be consistent with the recently passed Economic Growth, Regulatory Relief, and Consumer Protection Act S.2155/P.L. 115-174 (the Act). During the hearing, Powell confirmed that the Fed plans to implement provisions of the Act as soon as possible. (See previous InfoBytes coverage here.) When questioned by Senator Sherrod Brown, D-Ohio, about the direction the Fed plans to take to address stress test concerns, Powell responded that the Fed is committed to using stress tests, particularly for the largest, most systemically important institutions, and that going forward, the Fed wants to strengthen the tests and make the process more transparent. Powell also indicated the Fed intends to “publish for public comment the range of factors [the Fed] can consider” when applying prudential standards. Powell also stated that he believes government-sponsored-enterprise reform would help the economy in the long term.
When giving testimony to the House Financial Services Committee, Powell also commented that cryptocurrency does not currently impair the Fed’s work on monetary policy and that the Fed will not seek jurisdiction over cryptocurrency and instead will defer to the SEC’s oversight as well as Treasury’s lead to identify the right regulatory structure.
On July 12, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act” to discuss the scope and enforcement of the Fair Credit Reporting Act (FCRA), the measures undertaken by the CFPB and the FTC to oversee credit bureau data security and accurate credit reporting, and other laws and regulations as they pertain to credit bureaus. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by discussing the need to understand the “current state of data security, data accuracy, data breach policy” given consumers’ increased reliance on technology and recent cybersecurity incidents.
Associate Director for the Division of Privacy and Identity Protection at the FTC, Maneesha Mithal, discussed in prepared remarks the FTC’s role in implementing, enforcing, and interpreting the FCRA, as we all as the importance of educating consumers and businesses about FCRA requirements. According to Mithal, the FCRA continues to be a “top priority” for the FTC as the consumer reporting system evolves and new technologies emerge. Mithal discussed consumer reporting agency (CRA) FCRA compliance requirements concerning, among other things, dispute resolution processes, furnisher obligations, and credit reporting accuracy. Specifically, Mithal commented on the FTC’s more than 30 FCRA enforcement actions, in addition to the more than 60 law enforcement actions taken against companies for allegedly failing to implement reasonable data security practices. Mithal also touched upon the FTC’s business guidance and consumer education efforts concerning FCRA rights and obligations.
Assistant Director for Supervision Policy at the Bureau, Peggy Twohig, similarly discussed the Bureau’s authority over CRAs and furnishers with respect to the agency’s supervisory and enforcement authority, and noted, among other things, that while the agency possesses broad authority to promulgate rules as required to enforce the FCRA, it lacks rulemaking authority under certain sections of the FCRA related to red flags and the disposal of records, which fall under the FTC’s purview. Twohig further commented on the Bureau’s efforts to educate consumers on a variety of topics, including data breaches, credit freezes, and credit and identity monitoring.
On April 16, the FDIC’s Office of Inspector General (OIG) released its Special Inquiry Report—“The FDIC’s Response, Reporting, and Interactions with Congress Concerning Information Security Incidents and Breaches”—which contains findings from an examination of the FDIC’s practices and policies related to data security, incident response and reporting, and Congressional interactions. The Special Inquiry Report is the culmination of a request made by the former Chairman of the Senate Committee on Banking, Housing, and Urban Affairs in 2016, and focuses on the circumstances surrounding eight information security incidents that occurred in 2015 and 2016—seven of which involved personally identifiable information and constituted data breaches. An eighth incident involved the removal of “highly sensitive components of resolution plans submitted by certain large systemically important financial institutions without authorization” by a departing FDIC employee.
According to the report, the OIG asserts that, among other things, the FDIC failed to (i) put in place a “comprehensive incident response program and plan” to handle security incidents and breaches; (ii) clearly document risk assessments and decisions associated with data incidents; (iii) fully consider the range of impacts on bank customers whose information was compromised; (iv) promptly notify consumers when an incident occurred and did not adequately consider notifications as a separate decision from whether it would provide credit monitoring services; (v) for at least one incident, failed to convey the seriousness of the breach; and (vi) provide timely, accurate, and complete responses to Congressional requests to gather information about how the agency was handling the incidents.
As a result of these findings, the OIG presented recommendations and timeframes for the FDIC to “address the systemic issues.” Recommendations include: (i) clearly defining roles and responsibilities within the FDIC Breach Response Plan, and establishing procedures “consistent with legal, regulatory, and/or operational requirements for records management”; (ii) establishing a separation between consumer breach notifications and the offer of credit monitoring services; (iii) adhering to established timeframes for reporting incidents to FinCEN when suspicious activity report information has been compromised; (iv) conducting an annual review of the Breach Response Plan to confirm that that the guidance has been consistently followed during the preceding year; (v) developing guidance and training to ensure that employees and contractors are fully aware of the legal consequences of removing any sensitive information from FDIC premises before they depart; (vi) ensuring that FDIC policies, procedures, and practices result in complete, accurate statements and representations to Congress, and updating and correcting prior statements and representations as necessary; (vii) clarifying “legal hold policies and processes”; and (viii) specifying that the Office of Legislative Affairs is responsible for “providing timely responses to Congressional requests and communicating with Congressional staff regarding those requests.”
The FDIC concurred with the recommendations and has completed corrective actions for two, with plans to address the remaining recommendations between June and December of this year. The FDIC has also agreed to keep the OIG informed of the progress made to address the identified performance issues.
- Jeffrey S. Hydrick to discuss "State legislative update" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to speak at the "Business model primer" at the NMLS Annual Conference & Training
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jessica L. Pollet to discuss "Law & compliance speedsmarts" at the American Financial Services Association Law & Compliance Symposium
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program