Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 28, FHFA announced that it will raise the maximum conforming loan limits (CLL) for mortgages purchased in 2024 by Fannie Mae and Freddie Mac from $726,200 to $776,550 (the 2023 CLL limits covered by InfoBytes here) for most of the United States. In Alaska, Hawaii, Guam, and the U.S. Virgin Islands, the maximum loan limit for one-unit properties will be 1,149,825. According to the FHFA, due to rising home values (up 5.56 percent since 2022), CLL will be higher for all but five U.S. counties.
On November 28, the FTC announced it is sending more than $3 million in refunds to businesses from an enforcement action against a Colorado-based digital marketplace company. In 2022, the FTC filed an administrative complaint alleging, among other things, that the defendant made false, misleading, or unsubstantiated claims regarding the quality and source of the leads it was selling to service providers, such as general contractors and small lawn care businesses (covered by InfoBytes here). As a result of its January proposed order, FTC will disperse 110,372 refunds to eligible home service providers, and is sending out 91,273 claims forms to businesses that paid for one of defendant’s services.
CFPB obtains stipulated judgment ordering student financing company to pay over $30 million in damages
On November 20, the United States Bankruptcy Court for the District of Delaware entered a stipulated judgment in favor of the CFPB and 11 other state enforcement agencies in connection with an adversary proceeding against a vocational training program. As previously covered by InfoBytes, the complaint alleged that the education firm (company) engaged in deceptive practices by misrepresenting its income share agreement as not a loan and not debt, and misleading borrowers into believing that no payments would need to be made until they received a job offer. According to the CFPB, the company trained consumers to become sales development representatives, an entry-level role that requires “little or no prior sales experience or training,” and made promises it could not deliver on, such as promising a “6-figure” career in software sales. The company also initially priced its services at $2,500 in 2018, and then increased it to $15,000 the following year without any value justification. The company would recoup its payment through income share agreements (ISA). The CFPB alleged multiple causes of action against the company, including violations of the CFPA, TILA, and the FDCPA, among others. The stipulated judgment includes orders requiring the company to refund student borrowers, cancel outstanding loans, and permanently shut down.
On November 28, the OIG for the FDIC delivered a material loss review report. The report’s objectives were twofold: first, to determine why a bank’s issues led to a material loss to the deposit insurance fund; and second, to review the FDIC’s supervision of the bank and make recommendations to prevent similar losses in the future.
The report outlined 11 recommendations for the FDIC to implement so it can improve its supervision process over the banking sector. The recommendations include: (i) to evaluate if and why banks may wait to issue CAMELS ratings downgrades until they issue a Report of Examination; (ii) to identify whether the training curriculum should be adjusted to emphasize why timely ratings changes are important; (iii) to review FDIC examination guidance to determine if enhancements are necessary to highlight when a bank’s practices do not align with its policies, and make recommendations; (iv) to evaluate and update examination guidance to require supervisory actions when it violates its risk-appetite statement metrics; (v) to comprehensively review the FDIC manual for any updates to the examination guidance pertinent to evaluating the stability of uninsured deposits; (vi) to comprehensively review the FDIC manual to determine if any updates are required to the examination guidance pertinent to banks’ deposit outflow assumptions for liquidity stress testing; (vii) to revisit examination guidance to determine if any updates are required for monitoring other banks, horizontally, for similar risk characteristics; (viii) to revisit examination guidance to determine if any updates are required regarding incorporating shared risk characteristics that lead to risk in the FDIC’s supervisory approach; (ix) to explore research methods to monitor large bank reputational risk; (x) to evaluate if Chief Risk Officers should place more consideration on unrealized losses and declines in fair value; and (xi) to work with other federal regulators on evaluating necessary rule changes, such as the adoption of noncapital triggers.
On November 29, the FDIC released the Third Quarter 2023 Quarterly Banking Profile for FDIC-insured community banks, reporting an aggregate net income of $68.4 billion in the third quarter of 2023, which is down $2.4 billion (3.4 percent) from the previous quarter. The FDIC said higher realized losses on securities and lower noninterest income were among the causes of the decreased net income for the quarter. The FDIC emphasized, among other things, that the banking industry is still facing significant effects from current economic conditions, especially regarding commercial real estate values and other downside risks. According to the remarks provided by FDIC Chairman Gruenberg, such issues will remain areas of attention by the FDIC.
On November 28, the State AG of Massachusetts filed an assurance of discontinuance with a household goods rental company for unfair and deceptive debt collection practices. The company offers household goods under a rent-to-own payment contract as part of its business model. According to the assurance, customers would rent a good and then pay it off over several months to several years to obtain ownership; however, the assurance of discontinuance alleges that, for customers who failed to make payment or never returned the item, the company resorted to aggressive tactics: sending employees out to collect payments by making house visits, “pounding on doors, turning doorknobs to see if they were unlocked, and demanding to be let in.”
In addition to these collection tactics, the assurance of discontinuance states that the company would file criminal complaints. The AG of Massachusetts finds this to be an improper use of “the criminal process, [such as] the threat of arrest or prosecution, as a [d]ebt collection tool.” Additionally, if a customer failed to make timely payments or return the rented property, the company would file a criminal complaint alleging their customers were committing larceny. In the assurance, the company agrees to pay a $8.75 million, and the company must cease filing criminal complaints against customers.
On November 27, the NYDFS entered into a consent order with a title insurance company, which required the company to pay $1 million for failing to maintain and implement an effective cybersecurity policy and correct a cybersecurity vulnerability. The vulnerability allowed members of the public to access others’ nonpublic information, including driver’s license numbers, social security numbers, and tax and banking information. The consent order indicates the title insurance company discovered the vulnerability as early as 2018. The title insurance company’s failure to correct these changes violated Section 500.7 of the Cybersecurity Regulation.
In May 2019, a cybersecurity journalist published an article on the existence of a vulnerability in the title insurance company’s application, that led to a public exposure of 885 million documents, some found through search engine results. The journalist noted that “replacing the document ID in the web page URL… allow[ed] access to other non-related sessions without authentication.” Following the cybersecurity journalist’s article, and as required by Section 500.17(a) of the Cybersecurity Regulation, the title insurance company notified NYDFS of its vulnerability, at which point NYDFS investigated further. The title insurance company has been ordered to pay the penalty no later than ten days after the effective date.
On November 29, the Supreme Court heard oral argument in the SEC’s request to appeal the 5th Circuit’s decision in Securities and Exchange Commission v. Jarkesy. As previously covered by InfoBytes, the 5th Circuit held that the SEC’s in-house adjudication of a petitioners’ case violated their Seventh Amendment right to a jury trial and relied on unconstitutionally delegated legislative power. At oral argument, Justice Kavanaugh stated in his questioning of Principal Deputy Solicitor General Brian Fletcher (representing the SEC) that given the severity of the potential outcome of cases, the SEC’s decision-making process fully being carried out in-house could be “problematic,” and that it “doesn’t seem like a neutral process.” Meanwhile, Fletcher mentioned that the boundaries and “outer edges” of the public rights doctrine can be “fuzzy.” Justices’ questions also centered around Atlas Roofing v. Occupational Safety and Health Review Commission—a Supreme Court case that held that “Congress does not violate the Seventh Amendment when it authorizes an agency to impose civil penalties in administrative proceedings to enforce a federal statute.”
On November 20, DFPI announced it is seeking public comment before it begins its formal rulemaking process on its Digital Financial Assets Law (DFAL), which was enacted on October 13. As previously covered by InfoBytes, DFAL created a licensing requirement for businesses engaging in digital financial asset business activity and is effective on July 1, 2025.
For comments that recommend rules, DFPI encourages comments that “propose specific rule language and provide an estimate, with justification, of the potential economic impact on business and individuals that would be affected by the language.” Additionally, DFPI requests metrics, applicable information about economic impacts, or quantitative analysis to support comments. Among other topics, DFPI especially asks for comments related to (i) application fees and potential fee adjustments based on application complexity; (ii) surety bond or trust account factors; (iii) if capital minimums should vary by the type of activity requiring licensure; and (iv) its stablecoin approval process.
Comments must be received by January 12, 2024. On January 8, 2024, DFPI will host a Virtual Informal Listening Session with stakeholders to discuss feedback on this informal invitation for comments.
DFPI recently published a report on consumer crypto-related complaints collected through its new online complaint portal. According to the third-quarter 2023 CSO report, some of the most common complaints include (i) consumers being scammed into transferring digital assets from a legitimate crypto account to a fraudulent platform; (ii) consumers losing access to funds after transferring to an unknown wallet; (iii) consumers who invest in sham crypto investments by sending US dollars to a scammer’s platform, wallet, or bank; (iv) consumers making additional investments to scammers after receiving the first and only return; (v) consumers with concerns regarding their account activity on legitimate crypto platforms; and (vi) consumers approached by scammers via text message and social media. DFPI shared tips on how consumers can protect themselves against scams as well, noting that “[i]f it seems too good to be true, it probably is.”