InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC approves amendment to Safeguards Rule requiring nonbanks to report data breaches
On October 27, the FTC approved an amendment to the Safeguards Rule to require nonbanks to report data breaches. Under the amended rule, financial institutions, including mortgage brokers, motor vehicle dealers, and payday lenders, will be required to notify the FTC of data breaches as soon as possible, and no later than 30 days after the discovery of incident involving at least 500 consumers. Notice of an incident is required if unencrypted consumer information was acquired without their authorization, as the FTC noted that encrypted consumer information is unlikely to cause consumer harm. The FTC will provide an online form that will be used to report certain information, including the type of information involved in the security event and the number of consumers affected or potentially affected. Additionally, the amended rule will require nonbanks to “to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.” As previously covered by InfoBytes, the FTC recently extended compliance on some Safeguards provisions finalized in October 2021 (covered by InfoBytes here), to June of this year.
The commission voted 3-0 to publish the amendment, which will become effective 180 days after its publication in the Federal Register.
Republicans take issue with CFPB agenda
On September 12, several Republican senators sent a letter to CFPB Director Rohit Chopra expressing concerns that the Bureau is again pursuing “a radical and highly-politicized agenda unbounded by statutory limits.” In particular, the letter took issue with recent Bureau reports on the use of overdraft fees (covered by InfoBytes here and here), calling the agency’s actions a “relentless smear campaign” against banks. “Charging fees that customers chose to pay should not be disturbing or illegal, and yet, the CFPB appears to have developed a particular disdain for banks charging their customers for services, pejoratively calling overdraft protection ‘junk fees,’” the letter stated. Additionally, the letter claimed that the Bureau is changing its rules in order to publish previously confidential information about financial institutions to make it easier to threaten them with reputational harm (covered by InfoBytes here), without affording the financial institution the similar ability to, for example, disclose the existence of a CFPB examination. Among other things, the new procedural rule establishes a disclosure mechanism intended to increase transparency of the Bureau’s risk-determination process that will exempt final decisions and orders by the CFPB director from being considered confidential supervisory information, allowing the Bureau to publish the decisions on their website. According to the senators, the rule requires nonbanks to keep confidential information relating to a decision issued by the Bureau, including facts that could question the decision or raise procedural concerns. “The one-sided nature of the CFPB’s rule change gives the agency the ability to publicly tarnish an institution’s name without affording the firm the power to defend itself,” the letter said. The letter also decries a recent change to the agency’s rules of adjudication to make it more difficult for companies to defend themselves against novel enforcement theories by bypassing an administrative law judge and permitting the director to rule directly on the validity of the legal basis for the enforcement action.
OCC says synthetic banking providers require supervision
On November 3, acting Comptroller of the Currency Michael J. Hsu spoke before the American Fintech Council’s Fintech Policy Summit 2021 and warned that “[t]he rebundling of banking services by fintechs and the fragmented supervision of universal crypto firms pose significant medium- to long-term risks to consumers, businesses, and financial stability.” Hsu also noted that large “universal” cryptocurrency firms interested in offering a wide range of financial services should “embrace comprehensive, consolidated supervision” like that given to banks. “Crypto firms today are regulated at most only partially and selectively, with no single regulator having a comprehensive view of the firm as a whole,” Hsu stated, adding “[t]his warrants greater attention as crypto firms, especially the universals, get bigger, engage in a wider range of activities and risk-taking, and deepen their interconnectedness within the crypto ecosystem and with traditional finance.” Warning that these “synthetic banking providers” (SBPs) could create a “run risk” and regulatory arbitrage, Hsu stressed the importance of removing “the disparity between the rights and obligations of banks and the rights and obligations of synthetic banking providers by holding SBPs to banking standards.” He further warned that customers’ needs must be met in a way that is reliable, consistently safe, sound, and fair, and discussed several reasons why more SBPs have not sought to become banks, including that “regulators have been unpredictable with regards to chartering new banks and approving fintech acquisitions of banks.” Establishing a clear, shared approach to the bank regulatory perimeter related to emerging technologies can address this challenge, he advised.
Hsu also announced that the OCC concluded its review of recent bank charter applications and cryptocurrency-related interpretive letters and stated that the agency will communicate its determinations and feedback to bank charter applicants in the coming weeks. Findings from a “crypto sprint” done in conjunction with the FDIC and Federal Reserve will also be communicated shortly. “The content of these communications—on the chartering decisions, interpretive letters, and the crypto sprint—will be broadly aligned with the vision for the bank regulatory perimeter laid out here today,” Hsu stated.Brainard addresses FedNow and other payment issues
On February 5, Federal Reserve Governor Lael Brainard spoke at the “Symposium on the Future of Payments” to discuss benefits and risks associated with the digitalization of payments and currency. Noting that some of the new players in this space are outside financial regulatory guardrails and offer new currencies that “could pose challenges in areas such as illicit finance, privacy, financial stability, and monetary policy transmission,” Brainard stressed the importance of assessing new approaches and redrawing existing parameters. Emphasizing, however, that no federal agency has broad authority over the payments systems, Brainard stated that Congress should review how retail payments are regulated in the U.S., given the growth in ways that money is able to move around without the need for a financial intermediary. Banking agencies may oversee nonbank payments “to the extent there is a bank nexus” or bank affiliation, Brainard noted, however, she cautioned that “this oversight will be quite limited to the extent that nonbank players reduce or eliminate the nexus to banks, such as when technology firms develop payments services connected to digital wallets rather than bank accounts and rely on digital currencies rather than sovereign currencies as the means of exchange.” According to Brainard, “a review of the nation’s oversight framework for retail payment systems could be helpful to identify important gaps.”
Among other topics, Brainard stated that the Fed is currently reviewing nearly 200 comment letters concerning the proposed FedNow Service announced last summer, which would “facilitate end-to-end faster payment services, increase competition, and ensure equitable and ubiquitous access to banks of all sizes nationwide.” (Covered by InfoBytes here.) Brainard also discussed the possibility of creating a central bank digital currency (CBDC). While noting that the “prospect for rapid adoption of global stablecoin payment systems has intensified calls for central banks to issue digital currencies in order to maintain the sovereign currency as the anchor of the nation’s payment systems,” Brainard stressed the importance of taking into account private sector innovations and considering whether adding a new form of central bank liability would improve the payment system and reduce operational vulnerabilities from a safety and resilience perspective. She noted that the Fed is “conducting research and experimentation related to distributed ledger technologies and their potential use case for digital currencies, including the potential for a CBDC.”
Representatives hold hearing on “rent-a-bank” schemes
On February 5, the House Financial Services Committee held a hearing titled “Rent-A-Bank Schemes and New Debt Traps: Assessing Efforts to Evade State Consumer Protections and Interest Rate Caps” to discuss policies relating to state interest rate caps and permissible interest rates on small dollar loans such as payday and car-title loans. As previously covered by a Buckley Special Alert, in November, the OCC and the FDIC proposed rules meant to override the 2015 Madden v. Midland funding decision from the U.S. Court of Appeals for the Second Circuit, and reinforce that when a national bank or savings association, or state chartered bank, transfers a loan, the permissible interest rate after the transfer is the same as it was prior to the transfer. In January, however, a group of attorneys general from 21 states and the District of Columbia submitted a comment letter to the OCC claiming the proposed rule would encourage predatory lending through “rent-a-bank schemes.” (Covered by InfoBytes here.) During the hearing, Committee Chairwoman Maxine Waters (D-CA), expressed concern that the two agency proposals would harm consumers by allowing non-banks to partner with banks and enable non-bank lenders to “peddle harmful short-term, triple-digit interest rate loans.” Representative Rashida Tlaib (D-MI) echoed that concern when she suggested that “rent-a-bank” schemes allow non-banks to dodge state interest rate laws. Many Republicans had views differing from those expressed by Tlaib and Waters. North Carolina Representative Patrick McHenry remarked that the proposals from the OCC and the FDIC merely formalized the “valid when made” rule that had been in use for over a century. At the hearing, HR 5050, which would cap federal interest rates on certain small loans at 36 percent, was also discussed, with several Democrats stressing that the cap may negatively affect credit availability to some consumers.
Conference of State Bank Supervisors releases nationwide list of fintech innovation contacts
On April 10, following a nationwide fintech forum for state banking regulators and financial services executives co-hosted by the New York Department of Financial Services and the Conference of State Banking Supervisors (CSBS), CSBS issued a press release announcing that regulators from all 50 states and the District of Columbia have designated an “Innovation Staff Contact” within each of their offices to facilitate and streamline communications between state regulators and the financial services industry. Fintech topics include money transmissions, payments, lending, and licensing. According to the president of CSBS, “State regulators see how fintech is reshaping the financial services industry. And an Innovation Contact is but the latest step that states are taking to engage with industry and modernize nonbank regulation.” Last year, as previously covered in InfoBytes, CSBS introduced “Vision 2020,” an initiative geared towards streamlining the state regulatory system to support business innovation and harmonize licensing and supervisory practices, while still protecting the rights of consumers. Additionally, this past February, CSBS announced that financial regulators from seven states have agreed to a multi-state compact that will offer a streamlined licensing process for money services businesses, including fintech firms. (See previous InfoBytes coverage here.)
Houses passes two bipartisan bills to ease stress test requirements and nonbank challenges to SIFI designations
On April 11, by a vote of 245-174, the House passed H.R. 4293, the “Stress Test Improvement Act of 2017,” which would amend the Dodd-Frank Act to modify stress test requirements for bank holding companies and certain nonbank financial companies. Among other things, H.R. 4293 prohibits the Federal Reserve Board’s (Board) to object to a company’s capital plan “on the basis of qualitative deficiencies in the company’s capital planning process” when conducting a Comprehensive Capital Analysis and Review (CCAR), and reduces the frequency of stress testing from semiannual to annual. As previously covered in InfoBytes, on April 10, the Board issued its own proposed changes intended to simplify the capital regime applicable to bank holding companies with $50 billion or more in total consolidated assets by integrating the Board’s regulatory capital rule and CCAR and stress test rules.
Separately on April, 11, the House passed H.R. 4061 by a vote of 297-121. The bipartisan bill, “Financial Stability Oversight Council (FSOC) Improvement Act of 2017,” would require FSOC to consider the appropriateness of subjecting nonbank financial companies (nonbanks) designated as systemically important to prudential standards “as opposed to other forms of regulation to mitigate the identified risks.” Among other things, the bill would also require FSOC to allow nonbanks the opportunity to meet with FSOC to present relevant information to contest the designation both during an annual reevaluation, as well as every five years after the date of final determination.
FSOC agrees to dismiss SIFI designation appeal
On January 23, the U.S. Court of Appeals for the D.C. Circuit dismissed an appeal by the Financial Stability Oversight Council (FSOC) after both parties filed a joint stipulated motion to voluntarily dismiss the case. The litigation began in 2015 when a national insurance firm sued FSOC over its designation of the firm as a nonbank systemically important financial institution (SIFI). In March 2016, the district court issued its opinion agreeing with the insurance firm and finding the FSOC determination arbitrary and capricious because it failed to consider the financial impact the SIFI designation would have on the firm. FSOC appealed the court’s ruling but after a change in FSOC leadership, agreed to jointly dismiss the appeal with the insurance firm.
For more InfoBytes coverage on SIFIs, click here.
HUD IG Blames Ginnie Mae for Inadequate Supervision; HUD IG Concludes HUD Did Not Follow Requirements When Forgiving Debts
On September 21, the HUD Inspector General (IG) released an audit report of Ginnie Mae’s oversight of nonbanks in the mortgage servicing industry. The report found that Ginnie Mae did not adequately respond to the growth in its nonbank issuer base; a base, the report notes, that tends to have more complex financial and operating structures than banking institutions. The IG found, among other things, that Ginnie Mae may not be prepared to identify problems with nonbank issuers prior to default, requiring additional funds from the U.S. Treasury to pay back investors in the event of a large default.
On the same day, the IG also announced a report which found that HUD did not always follow applicable requirements when forgiving debts and terminating debt collections. The report determined that HUD’s review process for evaluating debt forgiveness or collection termination was not thorough enough to ensure that statutory, regulatory, and policy requirements associated with this process were met—such as ensuring DOJ approval was obtained when required.
DOJ Announces Settlements with Non-Bank Mortgage Lender to Resolve Alleged False Claims Act Violations
On August 8, the DOJ announced a $74.5 million settlement with a non-bank mortgage lender and certain affiliates to resolve potential claims that they violated the False Claims Act by knowingly originating and underwriting mortgage loans insured by the U.S. Department of Housing and Urban Development and the Veterans Administration (VA), and by selling certain loans to Fannie Mae and Freddie Mac that did not meet applicable requirements. According to the terms of the two settlement agreements, $65 million of the settlement will be paid to resolve allegations relating to FHA loans, and $9.45 million will be paid to resolve potential civil claims relating to certain specified VA, Fannie Mae, and Freddie Mac loans. The settlements also fully resolved a False Claims Act qui tam lawsuit that had been pending in the United States District Court for the Eastern District of New York.
The settlement included no admission of liability by the lender. The lender issued a statement responding to the settlements: “We have agreed to resolve these matters, which cover certain legacy origination and underwriting activities, without admitting liability, in order to avoid the distraction and expense of potential litigation. While we cooperated fully in these investigations since receiving subpoenas in 2013, we concluded that settling these matters is in the best interest of [the company] and its constituents.”