InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NCUA to reinstate civil money penalties for late call reports
Recently, the National Credit Union Administration (NCUA) announced it will reinstate assessing civil money penalties for credit unions that fail to submit a call report (NCUA Form 5300) in a timely manner. The call report program was suspended after December 2019 during the Covid-19 pandemic. “The December 2023 Call Report will be the first reporting cycle under the reinstated program and will be due by 11:59:59 p.m. Eastern time, January 30, 2024.” The NCUA states it will send a reminder to credit unions with outstanding call reports a week before their deadline. The NCUA will also consider extenuating circumstances, including the size and good faith of the credit union, the gravity of the violation, the history of previous violations, and other matters like natural disasters or incapacitation of key employees.
CFPB report analyzes college banking and credit card agreements
On December 19, the CFPB released a report titled College Banking and Credit Card Agreements: Annual Report to Congress, which found that some college-sponsored financial products marketed towards students have less advantageous terms and conditions, and higher fees compared to typical market products.
According to the report, when colleges decided to subcontract with third-party financial service providers to facilitate the application of federal financial aid, they entered “college banking agreements” offering deposit accounts for students, which can function as debit or prepaid cards. The report distinguished between colleges that pay for certain service providers to facilitate the processing of federal financial aid disbursements (referred to as Tier One college banking arrangements), and colleges that are paid by certain service providers to offer deposit accounts and prepaid cards to the student population (referred to as Tier Two college banking arrangements). Tier Two account issuers paid colleges an aggregated of over $19.6 million in 2022. The CFPB observed that some colleges’ financial product partners charge students overdraft fees, despite the general industry trend to move away from such fees. The CFPB also warned in its report that certain overdraft fees can violate the CFPA.
The report also found that students at HBCUs and Hispanic-servicing institutions on average pay higher fees per account. The CFPB also noted several other additional fees charged to students by financial institutions, including (i) dormant account fees; (ii) deposit and withdrawal fees for student ID cards that also function as prepaid cards; and (iii) “sunset” fees imposed on students to pay after graduation or reaching a certain age.
Regarding partnerships in credit cards, the CFPB noted that although the passage of the CARD Act reduced the profitability of marketing credit cards on college campuses, thousands of new accounts between colleges and credit card issuers are opened every year. The CFPB also noted that college students maintain a high level of reliance on credit cards to cover costs and it indicated that it “will continue to research evolving practices” to understand how credit cards are being marketed to college students.
CFPB reports on consumers’ experience with overdraft, NSF fees
On December 19, the CFPB released a report titled Overdraft and Nonsufficient Fund Fees: Insights from the Making Ends Meet Survey and Consumer Credit Panel, a report providing insight into consumers’ experience with overdraft/NSF activity. The CFPB stated that the report is based on data from the 2023 Making Ends Meet survey (covered by InfoBytes here) and the CFPB’s Consumer Credit Panel. Among other findings, the report found that roughly a quarter of consumers reside in households that were charged an overdraft or NSF fee in the past year. The report additionally found that 43 percent of consumers charged an overdraft fee were surprised by their most recent account overdraft, while only 22 percent expected it. The report noted that this trend is more pronounced among those who experience infrequent overdrafts (15 percent) as opposed to those who have been charged multiple overdraft fees (56 percent).
The CFPB additionally highlighted most households incurring overdraft and NSF fees have available credit on a credit card, adding that “among consumers in households charged 0, 1-3, 4-10, and more than 10 overdraft fees in the past year, the shares with no credit available on a credit card are 19 percent, 32 percent, 38 percent, and 49 percent, respectively.”
President Biden vetoes bill on CFPB small business data rule
On December 19, President Biden vetoed bill S. J. Res. 32 that would have repealed the CFPB’s small business data collection rule known as “Small Business Lending Under the Equal Credit Opportunity Act (Regulation B).” As previously covered by InfoBytes, the small business data collection rule, under Section 1071 of the Dodd-Frank Act, requires small business owners to provide demographic data (i.e., race, gender, ethnicity, etc.), as well as geographic information, lending decisions, and credit pricing to lenders. According to President Biden’s statement accompanying the veto, the CFPB’s final rule brings “transparency to small business lending” and repealing this rule would “hinder” the government’s ability to conduct oversight of predatory lenders. The bill is now to be returned to the Senate to be voted on again and can only become law if two-thirds of members support the bill. Separately, in October, a U.S. District Court in Texas imposed an injunction on the CFPB’s small business data rule (covered by InfoBytes here).
CFPB adjusts asset-size exemption thresholds for Regulations C and Z
On December 18, the CFPB adjusted the asset-size exemption thresholds for Regulation C (as part of the Home Mortgage Disclosure Act) and Regulation Z (as part of TILA), based on a 4.1 percent increase in the average year-over-year CPI-W from November. For Regulation C, the exemption threshold increased from $54 million to $56 million. Accordingly, any financial institution with assets of $56 million or less is exempt from collecting housing-related lending data in 2024.
For Regulation Z, and certain first-lien higher-priced mortgage loans, the exemption threshold increased from $2.537 billion to $2.640 billion. Similarly, but applicable to certain insured depository institutions and insured credit unions, the exemption threshold increased from $11.374 billion to $11.835 billion.
Fed releases its Senior Financial Officer Survey results
On December 15, the Federal Reserve Board of Governors released the results from a survey sent in September to senior bank officers asking questions about their strategies and practices for managing reserve balances, called the “Senior Financial Officer Survey” (SFOS). Ninety-three of the 100 surveyed banks responded, including 59 domestic and 34 foreign banking organizations, holding, in the aggregate, three-fourths of the total reserve balances in the banking system.
The survey results summarized answers in four sections. Part one’s responses were on the bank’s balance sheet strategy. The Fed reported that roughly two-thirds of respondents expect the size of their balance sheet to remain unchanged (plus or minus two percent) over the next six months. For part two of the survey, the Fed gleaned feedback on a bank official’s lowest comfortable level of reserves (LCLOR) – defined as the lowest dollar level comfortably held in reserves by the bank, before taking any action to increase their reserves. When compared to the May 2023 results of the SFOS survey, half of the respondents reported the same LCLOR, or within a ten percent range, to their previous estimate; the remaining respondents were split between increases or decreases larger than the ten percent range. Three-fourths of respondents reported that their bank does not allow reserves to fluctuate below its LCLOR.
Part three discusses deposit rates and the survey asked about a bank’s cumulative deposit betas from March 2022 to September 2023. Respondents reported an average cumulative retail deposit beta of 35 percent from that period, and estimated retail deposit betas to be 41 percent for the period through March 2024. Lastly, in part four, the Fed’s survey asked about the bank’s views on standing repo facility (SRF). Among the respondent banks meeting the criteria to be an SRF, half reported that they already were an SRF counterparty or expressed interest in becoming one, while the remainder reported no interest in becoming a counterparty on SRF.
FTC report details key takeaways from AI and creative fields panel discussion
On December 18, the FTC released a report highlighting key takeaways from its October panel discussion on generative artificial intelligence (AI) and “creative industries.” As previously covered by InfoBytes, the FTC hosted a virtual roundtable to hear directly from creators on how generative AI is affecting their work and livelihood given the FTC’s interest in understanding how AI tools impact competition and business practices. The report presents a summary of insights gathered during the roundtable and explains the FTC’s particular jurisdictional interest in regulating AI. The report explains that the FTC has brought several recent enforcement actions relating to AI and how the use of AI can potentially violate Section 5 of the FTC Act, which “prohibits unfair or deceptive acts or practices and unfair methods of competition.” Additionally, the report mentioned how President Biden’s recent Executive Order on the Safe, Secure and Trustworthy Development and Use of AI (covered by InfoBytes here), encourages the FTC to leverage its existing faculties to protect consumers from harms caused by AI and to ensure competition in the marketplace. The FTC’s report explains that it is appropriately taking such actions, both through enforcement actions and by gathering information. The Commission additionally stipulated that training generative AI on “protected expression” made by a creator without the creator’s consent or the sale of that generated output could constitute an unfair method of competition or an unfair or deceptive practice. The FTC added that this may be amplified by actions that involve deceiving consumers, improperly using a creator’s reputation, reducing the value of a creator’s work, exposing private information, or otherwise causing substantial injury to consumers. The Commission further warned that “conduct that may be consistent with other bodies of law nevertheless may violate Section 5.”
DOJ announces crackdown on fraud networks targeting consumer accounts
On December 15, in conjunction with the DOJ’s Consumer Protection Branch efforts to crack down on fraud, the DOJ unsealed two cases against groups that allegedly stole money from consumer accounts with financial institutions. According to the DOJ, the groups used “deceptive tactics” to cover the fraud, and in the two cases, the Department is seeking “temporary restraining orders and the appointment of receivers to stop defendants from dissipating assets.”
The first case (in the U.S. District Court for the Southern District of Florida) involves a group that allegedly committed bank and wire fraud and stole millions from consumers and small businesses by repeatedly creating sham companies. According to the complaint, since at least 2017, the defendants operated fraud schemes disguised as legitimate online marketing service providers by fabricating websites, forging consumer authorizations for charges, and establishing a “customer service” call center to handle complaints. The defendants allegedly obtained bank account information from individuals and small businesses without permission and utilized payment processors to make unauthorized debits to accounts. The DOJ claims that, to carry out the fraud, the defendants used remotely created checks, which are created remotely by a payee using the account holder’s information but without their signature. The second case (in the U.S. District Court for the Eastern District of California) bears many similarities to the first case, including the type of alleged fraud scheme. Both cases also involve the use of “microtransactions,” which are low-dollar fake transactions designed to artificially lower the apparent rate of return or rejected transactions. The defendants in the second case in particular allegedly gathered large deposits from their merchant clients and used those funds to initiate microtransactions that appeared as if they were payments for the merchants’ goods and services. Essentially, according to the Department’s complaint, the merchants paid themselves: the funds initially paid to the defendants were returned to the merchants as microtransactions, while the defendants allegedly collected a percentage of the transactions as service fees.
FSOC report highlights AI, climate, banking, and fintech risks; CFPB comments
On December 14, the Financial Stability Oversight Counsel released its 2023 Annual Report on vulnerabilities in financial stability risks and recommendations to mitigate those risks. The report was cited in a statement by the Director of the CFPB, Rohit Chopra, to the Secretary of the Treasury. In his statement, Chopra said “[i]t is not enough to draft reports [on cloud infrastructure and artificial intelligence], we must also act” on plans to focus on ensuring financial stability with respect to digital technology in the upcoming year. In its report, the FSOC notes the U.S. banking system “remains resilient overall” despite several banking issues earlier this year. The FSOC’s analysis breaks down the health of the banking system for large and regional banks through review of a bank’s capital and profitability, credit quality and lending standards, and liquidity and funding. On regional banks specifically, the FSOC highlights how regional banks carry higher exposure rates to all commercial real estate loans over large banks due to the higher interest rates.
In addition, the FSOC views climate-related financial risks as a threat to U.S. financial stability, presenting both physical and transitional risks. Physical risks are acute events such as floods, droughts, wildfires, or hurricanes, which can lead to additional costs required to reduce risks, firm relocations, or can threaten access to fair credit. Transition risks include technological changes, policy shifts, or changes in consumer preference which can all force firms to take on additional costs. The FSOC notes that, as of September 2023, the U.S. experienced 24 climate disaster events featuring losses that exceed $1 billion, which is more than the past five-year annual average of 18 events (2018 to 2022). The FSOC also notes that member agencies should be engaged in monitoring how third-party service providers, like fintech firms, address risks in core processing, payment services, and cloud computing. To support this need for oversight over these partnerships, the FSOC cites a study on how 95 percent of cloud breaches occur due to human error. The FSOC highlights how fintech firms face risks such as compliance, financial, operational, and reputational risks, specifically when fintech firms are not subject to the same compliance standards as banks.
Notably, the FSOC is the first top regulator to state that the use of Artificial Intelligence (AI) technology presents an “emerging vulnerability” in the U.S. financial system. The report notes that firms may use AI for fraud detection and prevention, as well as for customer service. The FSOC notes that AI has benefits for financial instruction, including reducing costs, improving inefficiencies, identifying complex relationships, and improving performance. The FSOC states that while “AI has the potential to spur innovation and drive efficiency,” it requires “thoughtful implementation and supervision” to mitigate potential risks.
EU Commission, Council, and Parliament agree on details of AI Act
On December 9, the EU Commission announced a political agreement between the European Parliament and the European Council regarding the proposed Artificial Intelligence Act (AI Act). The agreement is provisional and is subject to finalizing the text and formal approval by lawmakers in the European Parliament and the Council. The AI Act will regulate the development and use of AI systems, as well as impose fines on any non-compliant use. The object of the law is to ensure that AI technology is safe and that its use respects fundamental democratic rights while balancing the need to allow businesses to grow and thrive. The AI Act will also create a new European AI Office to ensure coordination, transparency, and to “supervise the implementation and enforcement of the new rules.” According to this EU Parliament press release, powerful foundation models that pose systemic risks will be subject to specific rules in the final version of the AI Act based on a tiered classification.
Except with foundation models, the EU AI Act adopts a risk-based approach to the regulation of AI systems, classifying these into different risk categories: minimal risk, high-risk, and unacceptable risk. Most AI systems would be deemed as minimal risk since they pose little to no risk to citizens’ safety. High-risk AI systems would be subject to the heaviest obligations, including certifications on the adoption of risk-mitigation systems, data governance, logging of activity, documentation obligations, transparency requirements, human oversight, and cybersecurity standards. Examples of high-risk AI systems include utility infrastructures, medical devices, institutional admissions, law enforcement, biometric identification and categorization, and emotion recognition systems. AI systems deemed “unacceptable” are those that “present a clear threat to the fundamental rights of people” such as systems that manipulate human behaviors, like “deep fakes,” and any type of social scoring done by governments or companies. While some biometric identification is allowed, “unacceptable” uses include emotional recognition systems at work or by law enforcement agencies (with narrow exceptions).
Sanctions for breach of the law will range from a low of €7.5 million or 1.5 percent of a company’s global total revenue to as high as €35 million or 7 percent of revenue. Once adopted, the law will be effective from early 2026 or later. Compliance will be challenging (the law targets AI systems made available in the EU), and companies should identify whether their use and/or development of such systems will be impacted.