InfoBytes
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB petitions 5th Circuit to keep credit card late fee case in D.C.
On April 18, the CFPB asked a three-judge panel of the U.S. Court of Appeals for the Fifth Circuit to reconsider its earlier decision to grant a petition for a writ of mandamus requiring the U.S. District Court for the Northern District of Texas to claw back its earlier transfer of industry’s challenge to the CFPB’s credit card late fee rule to Washington D.C. (covered by InfoBytes here). The CFPB urges the 5th Circuit to grant a panel rehearing, suggesting that the panel’s earlier decision rested on “flawed factual premises” and would be “unworkable for courts.”
According to the CFPB, the panel relied on the incorrect assumption that “credit card issuers needed to have printed and distributed disclosure materials about the late fees to customers by March 29” to comply with the final rule. The Bureau asserted this was a “manufactured” deadline. The CFPB also stressed that TILA does not require the Bureau to provide advance notice for a reduction in the maximum late fee. Further, the Bureau’s petition expanded into four misconstrued facts, such as that it was not true that the panel needed to grant the plaintiffs’ alleged claim for “urgent relief,” that the plaintiffs’ preliminary injunction motion needed to be decided quickly, that the plaintiffs were “entitled” to a quick resolution, and that the panel erred again in deciding that the final late fee rule did not require compliance until May 14 (thus leaving six more weeks for a decision).
Second, the CFPB argued that the panel’s new standard for assessing whether a preliminary injunction was denied would be “unworkable” for courts in practice and would improperly interfere with the district courts’ authority to manage their dockets when plaintiffs seek preliminary injunctive relief. The Fifth Circuit has asked the plaintiffs to respond to the petition for rehearing by April 29, 2024.
Separately, the Fifth Circuit has set a schedule for “expedited briefing” on the appeal of the district court’s “effective denial” of plaintiffs’ motion for a preliminary injunction. The briefing, however, will not conclude until May 17, 2024, days after the CFPB’s credit card late fees rule goes into effect. The Fifth Circuit has not yet ruled on plaintiffs’ pending motion for a stay pending appeal, raising the prospect that the credit card late fees will go into effect only to be enjoined soon thereafter.
Nebraska enacts a comprehensive data privacy law
On April 17 Nebraska enacted LB 1074 (the “Act”), establishing a comprehensive consumer data privacy law. The Act applies to a person that is not a small business (as determined under the federal Small Business Act) who conducts business in Nebraska or produces a product or service used by Nebraska consumers and who processes or sells personal data. The Act includes exemptions for certain classes of data, including data subject to the Gramm-Leach-Bliley Act, as well as for certain entities including state agencies, financial institutions and their affiliates, nonprofits, higher education institutions, and covered entities or business associates governed by the privacy, security, and breach notification rules issued by the Department of Health and Human Services.
The Act grants consumers the right to (i) request information about whether their data is being processed; (ii) access their data; (iii) correct inaccuracies; (iv) delete their data; (v) obtain a portable copy of their data; and (vi) opt out of certain uses of their data, such as targeted advertising, sale, or “profiling in furtherance of a decision that produces a legal or similarly significant effect concerning the consumer.” Controllers, defined as persons that determine the purpose and means of processing personal data, must respond to authenticated consumer requests within 45 days and may extend the period once by another 45 days if necessary. If a request is denied, consumers must be informed of the reasons and instructed on how to appeal to the Attorney General. Controllers must offer a free response to two requests per year from each consumer but may charge a fee or refuse to act if requests are unfounded or excessive. Controllers also must establish an appeals process for consumers whose requests are denied, and inform the consumer of the outcome of their appeal within 60 days.
Rights afforded to consumers under the Act cannot be waived or limited by contract or agreement. Further, under the Act, controllers must provide consumers with a clear privacy notice including information similar to that required under the Gramm-Leach-Bliley Act.
The Act is effective on January 1, 2025 and enforceable by the Attorney General and does not provide a private right of action.
Tennessee prevents lenders from discriminating against specific factors
On April 22, the Governor of Tennessee signed into law HB 2100 (the “Act”) which amended the state consumer protection codes to prevent financial institutions and insurers (collectively, institutions) from discriminating in the provision or denial of services based on certain enumerated factors. Specifically, institutions will not be allowed to discriminate based on, among others: (i) a person’s political opinions, speech, or affiliations; (ii) a person’s religious beliefs, exercise, or affiliations; (iii) any factor that is not a quantitative, impartial and risk-based standard; or (iv) a “social credit score” that is based on certain identified factors, including the lawful ownership of a firearm, engagement in fossil fuel-related business, support of the state or federal government’s efforts to combat illegal immigration, or a person’s failure to meet environmental, social governance, corporate board composition, social justice, or diversity, equity, and inclusion standards so long as the person is in compliance with applicable state or federal law. The Act provides that engaging in the prohibited forms of discrimination constitutes an unfair trade practice. The Act will go into effect on July 1.
FinCEN renews real estate GTOs
On April 17, FinCEN renewed its Geographic Targeting Orders (GTOs) which require title insurance companies to identify the real owners of shell companies involved in cash real estate purchases. This renewal is effective from April 19, through October 15, and applies to specified counties and cities across various states, including California, Florida, New York, and the District of Columbia. The GTOs aim to gather data on potential illicit activities in the housing market and support regulatory initiatives. The minimum property purchase price for reporting remains at $300,000, except in Baltimore, where it is $50,000. FinCEN is also processing feedback from a February proposed rulemaking on anti-money laundering measures for the residential real estate sector.
FinCEN FAQs regarding the GTOs are available here.
FinCEN releases notice on U.S. passport card’s counterfeit use in finance
On April 15, FinCEN, along with the Department of State, released its notice on the apparent rise of counterfeit use of U.S. passport cards at financial institutions. FinCEN urged financial institutions to be “vigilant” in the fight against identity theft and fraud schemes, especially under their BSA practices. Since 2018, the Department of State has identified a “concerning increase” in counterfeit use of U.S. passport cards with apparently over 4,000 victims. FinCEN released this notice to help financial institutions identify and report suspicious activity by promoting three areas: (i) providing an overview of common scenarios and typologies; (ii) highlighting several red flags in areas of concern; and (iii) reminding financial institutions of their BSA obligations.
The notice discussed suspicious behavior, namely how individuals and fraud rings are falsely “making, selling, and using” counterfeit U.S. passport cards to access accounts at financial institutions. FinCEN noted actors prefer using U.S. passport cards since they are a less familiar form of identification and cheaper to counterfeit (compared to passport books). On fraudulent activity, FinCEN stated actors will use counterfeit U.S. passport cards to impersonate the victim at the victim’s “known financial institution branch.” After accessing the account successfully, the Department of State highlighted three types of attempted transactions: (1) asking questions on account balance and withdrawal limits and withdrawing large amounts of cash below the Currency Transaction Reporting (CTR) threshold; (2) cashing stolen or forged checks to obtain funds; and (3) establishing a new joint account with a second illicit actor as a joint owner. FinCEN outlined technical, behavioral, and financial red flags to help financial institutions detect and report suspicious activity. Red flags may include technical issues with a U.S. passport card’s photo, such as lack of raised text, and discrepancies in its holographic seal, among others. Last, FinCEN reminded financial institutions of BSA obligations, including, but not limited to, filing Suspicious Activity Reports (SARs) and CTRs.
Virginia enacts new prohibitions against certain electronic fund transfer fees
On April 17, the Virginia legislature enrolled HB 1519 into law, which amended provisions of the Virginia Code related to fees for electronic fund transfers. The legislation amended the Residential Landlord and Tenant Act to prohibit landlords from charging a tenant a processing fee for using an electronic fund transfer for the payment of either a security deposit, rent, or “any other amounts payable.” The legislation also amended the Virginia Consumer Protection Act to prohibit a supplier from charging a fee to a consumer for using an electronic fund transfer to purchase a good or service. However, this prohibition explicitly does not apply to ATM withdrawals or expedited service on an electronic fund transfer. The Act went into effect immediately upon enactment.
DOJ appeals District Court's ruling on the Corporate Transparency Act’s constitutionality
On April 15, the DOJ submitted a brief to the U.S. Court of Appeals for the Eleventh Circuit in support of an appeal of a summary judgment from the Northern District of Alabama that found the Corporate Transparency Act (CTA) unconstitutional, specifically its reporting provision (covered by InfoBytes here). On appeal, the government emphasized that the District Court misunderstood the scope and purpose of the CTA and made two key errors in invalidating it. The first error, according to the DOJ, is that the court mistakenly viewed the CTA as merely regulating the act of filing the incorporation papers, which generally falls under State domain, as opposed to regulating commerce, which Congress has the power to regulate. As to the second error, the DOJ noted that the District Court mischaracterized the CTA as a “single-subject statute” that is unrelated to the federal government’s broader efforts to combat financial crimes, such as money laundering and terrorism financing. The DOJ pointed out that, ownership records often do not exist, which makes the CTA necessary in order to help investigators trace illicit funds by creating easily accessible ownership records. The DOJ also stressed that the determination by Congress that the CTA’s reporting requirements are necessary to detect and prosecute financial crimes should be subject only to “rational basis” review, a standard that the CTA satisfies.
New York AG settles with bank over EIPA violations
On April 17, the New York attorney general (AG) announced a settlement with a bank (respondent) to resolve allegations that respondent improperly froze customer accounts and paid out consumer funds to debt collectors, and failed to properly oversee its service providers engaging in similar activity, in violation of the Exempt Income Protection Act (EIPA). The EIPA requires that banks, among other things, “not restrain consumers’ use of statutorily exempt funds, such as social security benefits, veterans benefits, and disability insurance… in consumers’ bank accounts up to an amount set every three years by New York’s Department of Financial Services.” New York law also bars debt collectors from acquiring funds that include certain government benefits.
According to the settlement, respondent typically employs the assistance of specific third-party servicer providers to market and deliver banking products like debit cards, prepaid cards, payroll cards, or gift cards to consumers while respondent holds the funds loaded onto those cards. Servicer providers administer the program and interact with consumers, including by clearing transactions through a network processor approved by respondent, and generally handling transaction disputes and preparing account statements, while respondent oversees and monitors the program and the service provider while retaining full control of the funds. The AG claimed that respondents failed to ensure its servicer providers complied with the EIPA, and that on numerous occasions, servicer providers allegedly froze accounts holding exempt funds or accounts with balances below legal thresholds, then paid debt collectors with the frozen funds under the instruction of respondent.
According to the AG, respondent’s servicer providers also engaged in deceptive acts and practices by allegedly falsely labeling legal processes as “court orders” instead of documents from debt collectors. Respondents also allegedly provided false information that account freezes could not be lifted even when account balances were below legal thresholds, and falsely claiming only debt collectors could release the freeze. Additionally, servicer providers allegedly directed consumers to debt collectors who often sought deals to release account freezes for a portion of the account balance, despite the freezes being void and subject to the protected wage threshold.
Under the terms of the settlement, respondent will refund $79,664 plus interest to approximately 88 New Yorkers whose funds were wrongfully turned over to debt collectors and amend its policies and procedures. Respondent must also pay a civil money penalty of $627,000, and comply with ongoing monitoring and compliance requirements.
OCC releases enforcement actions for April 2024
On April 18, the OCC released a list of recent enforcement actions against national banks, federal savings associations, and individuals affiliated with such entities (defined as institution-affiliated parties, or IAPs). The actions against banks include two formal agreements and one cease and desist order against three individual banks. In each instance, the OCC alleged that the banks engaged in unsafe or unsound practices related to some combination of board oversight, liquidity management, capital requirements, or credit risk. With respect to IAPs, the announcement included four enforcement actions against IAPs to “deter, encourage correction, or prevent violations, unsafe or unsound practices, or breaches of fiduciary duty,” The OCC issued prohibition orders, which prohibit the IAP from any participation in affairs of a bank or other institution), for all four IAPs and assessed civil money penalties ranging from $40,000 to $400,000 against three of them. The announcement also included two more prohibition orders against two additional IAPs for criminal activities. More information on the OCC’s enforcement action types can be found here.
Fed’s Bowman discusses risk management and bank supervision
On April 18, Fed governor Michelle Bowman delivered opening remarks at the Regional and Community Banking Conference in New York. During her speech, Bowman acknowledged the recent challenges that have impacted the U.S. banking system. She pointed out that recent events, including the pandemic, a rapid rise in inflation and interest rates, market uncertainties, and bank failures, have brought traditional risks, such as liquidity and interest rate risks, to the forefront, while other risks, like cybersecurity and third-party risks, “continue to evolve and pose new challenges.”
Bowman emphasized the importance of banks having robust risk management frameworks to identify and control both existing and emerging risks. She also stressed the need for banks to innovate responsibly and adapt their risk management as new products and services are introduced, while cautioning that regulators must balance supervision and regulation so as not to stifle responsible innovation. In light of the recent bank failures, Bowman also underscored the need for banks to have of contingency funding plans in place, which may include borrowing from the Federal Home Loan Banks or the Fed’s discount window. While regulators can encourage banks to maintain and test these plans, she noted that they should not overstep their role and interfere with management decisions.
Highlighting that these evolving risks can be exacerbated by inadequate bank supervision and acknowledging the need for a review and potential adjustments in supervision following the recent bank failures, Bowman stressed that supervision should remain commensurate to a bank’s size, complexity, and risk profile, and should focus on core and emerging risks so as not to impair the long-term viability of the banking system, including mid-sized and smaller banks.