InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Kansas enacts financial institutions information security act
On April 20, the Kansas governor signed SB 44 to enact the Kansas financial institutions information security act. The Act establishes information security standards for covered entities, and applies to credit service organizations, mortgage companies, supervised lenders, money transmitters, trust companies, and technology-enabled fiduciary financial institutions. A covered entity will be required to develop, implement, and maintain a cybersecurity system to protect consumer information, and must ensure its information security program is maintained as part of its books and records in compliance with established record retention requirements. Additionally, the state bank commissioner is granted the authority to adopt “all rules and regulations necessary to govern and administer the [Act’s] provisions.” The commissioner is also given an assortment of enforcement tools to administer the Act, including: conducting routine examinations; investigating a covered entity’s operations; issuing subpoenas; assessing fines and civil penalties not to exceed $5,000 per violation, as well as investigation and enforcement costs; censuring registered or licensed covered entities; entering into memorandums of understanding or consent orders; revoking, suspending, or refusing to renew the registration or license of covered entities; issuing cease-and-desist orders; filing for injunctions; or issuing emergency orders to prevent harm to consumers. The Act takes effect July 1.
FDIC announces Indiana disaster relief
On April 24, the FDIC issued FIL-18-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Indiana affected by severe storms, straight-line winds, and tornados from March 31 to April 1. The FDIC acknowledged the unusual circumstances faced by affected institutions and encouraged those institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements, and instructs institutions to contact the Chicago Regional Office if they expect delays in making filings or are experiencing difficulties in complying with publishing or other requirements.
Hsu discusses open banking
Acting Comptroller of the Currency Michael J. Hsu recently discussed the evolution and impact of open banking during remarks at the Spring FDX Global Summit. Defining open banking as “enabling consumer-permissioned sharing of financial data with third parties to empower consumers, foster competition, and expand financial inclusion,” Hsu explained that, under the concept, consumers may eventually be able to access a wide range of financial service providers and move checking and savings accounts between providers more readily. Hsu cautioned, however, that new risks may arise due to increases in the “volume and complexity of consumer-permissioned sharing.” Hsu highlighted the interconnectedness of open banking, safety and soundness, and the changing culture of banking due to the digitalization of banking and the associated promises of innovation. “The potential for open banking to provide consumers with greater control over their financial data, to increase the portability of banking accounts, and to foster greater competition and fairness in the provision of financial services is significant and may impact banking in a variety of ways,” he said.
Hsu commented that, while the OCC supports opening banking, it is also cautious about potential increases to liquidity, operational, and compliance risks. While account portability “will be empowering for consumers, in isolation this would likely increase the liquidity risk of retail deposits for banks,” Hsu said. Additionally, increasing the volume and complexity of consumer-permissioned sharing has the potential to introduce new risks and necessitate new controls, Hsu said, adding that banks operating as data providers will need to “interact with aggregators, fintechs, technology firms, and competitor banks,” and “expand from reliably handling their customers’ money, to also reliably handling their financial data.” Underscoring the blurred lines between banking and commerce in the digital arena, Hsu emphasized that “[o]pen banking cannot be accomplished by banks alone. Data aggregators and fintechs already play a significant role, which will expand as open banking is more fully adopted.”
Fed governor weighs tokenization and AI
On April 20, Federal Reserve Governor Christopher J. Waller spoke on innovation and the future of finance during remarks at the Global Interdependence Center. Commenting that “[i]nnovation is a double-edged sword, with costs and benefits, and different effects on different groups of people,” Waller stressed the importance of considering whether innovation is creating new efficiencies and helping to mitigate risks and increase financial inclusion or whether it is creating new or exacerbating existing risks. Waller’s remarks focused on two specific areas of innovation that he believes may have the potential to deliver substantial benefits to the banking industry: tokenization and artificial intelligence (AI).
With respect to tokenization and tokenized assets, Waller flagged several advantages to innovations in this space that use blockchain over traditional transaction approaches, including (i) being able to offer faster or “even near-real time transfers,” which can, among other things, give parties precise control over settlement times and reduce liquidity risks; and (ii) “smart contract” functionalities, which can help mitigate settlement and counterparty credit risks by constructing and executing transactions based on the meeting of specified conditions. He acknowledged, however, that both innovations introduce risks, including potential cyber vulnerabilities and other risks.
Waller also addressed the banking industry’s use of AI to increase the range of marketing possibilities, expand customer service applications, monitor fraud, and refine credit underwriting processes and analysis, but cautioned that AI also presents “novel risks,” as these models rely on high volumes of data, which can complicate efforts to detect problems or biases in datasets. There is also the “black box” problem where it becomes difficult to explain how outputs are derived, where even AI developers have difficulty understanding exactly how the AI technology approach works, Waller stated. “All of these innovations will have their champions, who make claims about how their innovation will change the world; and I think it’s important to view such claims critically,” Waller said. “But it’s equally important to challenge the doubters, who insist that these innovations are much ado about nothing, or that they will end in disaster.”
FSOC seeks feedback on risk framework, nonbank determinations
On April 21, the Financial Stability Oversight Council (FSOC) released a proposed analytic framework for financial stability risks, “intended to provide greater transparency to the public about how [FSOC] identifies, assesses, and addresses potential risks to financial stability, regardless of whether the risk stems from activities or firms.” FSOC explained in a fact sheet that the proposed framework would not impose any obligations on any entity, but is instead designed to provide guidance on how FSOC expects to perform certain duties. This includes: (i) identifying potential risks covering a broad range of asset classes, institutions, and activities, including new and evolving financial products and practices as well as developments affecting financial resiliency such as cybersecurity and climate-related financial risks; (ii) assessing certain vulnerabilities that most commonly contribute to financial stability risk and considering how adverse effects stemming from these risks could be transmitted to financial markets/market participants, including what impact this can have on the financial system; and (iii) responding to potential risks to U.S. financial stability, which may involve interagency coordination and information sharing, recommendations to financial regulators or Congress, nonbank financial company determinations, and designations relating to financial market utility/payment, clearing, and settlement activities that are, or are likely to become, systemically important.
The same day, FSOC also released for public comment proposed interpretive guidance relating to procedures for designating systemically important nonbank financial companies for Federal Reserve supervision and enhanced prudential standards. (See also FSOC fact sheet here.) The guidance would revise and update previous guidance from 2019, and “is intended to enhance [FSOC’s] ability to address risks to financial stability, provide transparency to the public, and ensure a rigorous and clear designation process.” FSOC explained that the proposed guidance would include a two-stage evaluation and analysis process for making a designation, during which time companies under review would engage in significant communication with FSOC and be provided an opportunity to request a hearing, among other things. Designated companies will be subject to annual reevaluations and may have their designations rescinded should FSOC determine that the company no longer meets the statutory standards for designation.
Comments on both proposals are due 60 days after publication in the Federal Register.
Both CFPB Director Rohit Chopra and OCC acting Comptroller Michael J. Hsu issued statements supporting the issuance of the proposed interpretive guidance. Chopra commented that, if finalized, the proposed guidance “will create a clear path for the FSOC to identify and designate systemically important nonbank financial institutions” and “will accelerate efforts to identify potential shadow banks to be candidates for designation.” Hsu also noted that sharing additional details to improve the balance and transparency of FSOC’s work “would both make it easier for [FSOC] to explain its analysis of potential risks and create an opportunity for richer public input on the analysis.”
House subcommittee holds hearing on stablecoin regulation
The House Financial Services Subcommittee on Digital Assets, Financial Technology and Inclusion recently held a hearing to examine stablecoins’ role in the payment system and to discuss proposed legislation for creating a federal framework for issuing stablecoins. A subcommittee memorandum identified different types of stablecoins (the most popular being pegged to the U.S. dollar to diminish volatility) and presented an overview of the market, which currently consists of more than 200 different types of stablecoins, collectively worth more than $132 billion. The subcommittee referred to a 2021 report issued by the President’s Working Group on Financial Markets, along with the FDIC and OCC (covered by InfoBytes here), in which it was recommended that Congress pass legislation requiring stablecoins to be issued only by insured depository institutions to ensure that payment stablecoins are subject to a federal prudential regulatory framework. The subcommittee discussed draft legislation that would define a payment stablecoin issuer and establish a regulatory framework for payment stablecoin issuers, including enforcement requirements and interoperability standards.
Subcommittee Chairman, French Hill (R-AR), delivered opening remarks, in which he commented that the proposed legislation would require stablecoin issuers to comply with redemption requirements, monthly attestation and disclosures, and risk management standards. Recognizing the significant amount of work yet to be done in this space, Hill said he believes that “innovation is fostered through choice and competition,” and that “one way to do that is through multiple pathways to become a stablecoin issuer, though with appropriate protections [to] prevent regulatory arbitrage and a race to the bottom.” He cited reports that digital asset developers are leaving the U.S. for countries that currently provide a more established regulatory framework for digital assets, and warned that this will stymie innovation, jobs, and consumer/investor protection. He also criticized ”the ongoing turf war between the SEC and CFTC” with respect to digital assets, and warned that “[w]hen you have two agencies contradicting each other in court about whether one of the most utilized stablecoins in the market is a security or a commodity, what you end up with is uncertainty.”
Witness NYDFS Superintendent Adrienne A. Harris discussed the framework that is currently in place in New York and highlighted requirements for payment stablecoin issuers operating in the state. In a prepared statement, Harris said many domestic and foreign regulators call the Department’s regulatory and supervisory oversight of virtual currency the “gold standard,” in which virtual currency entities are “subject to custody and capital requirements designed to industry-specific risks necessary for sound, prudential regulation.” Harris explained that NYDFS established “additional regulations, guidance, and company-specific supervisory agreements to tailor [its] oversight” over financial products, including stablecoins, and said the Department is the first agency to provide regulatory clarity for these types of products. She highlighted guidance released last June, which established criteria for regulated entities seeking to issue USD-backed stablecoins in the state (covered by InfoBytes here), and encouraged a collaborative framework that mirrors the regulatory system for more traditional financial institutions and takes advantage of the comparative strengths offered by federal and state regulators. Federal regulators will be able to comprehensively address “macroprudential considerations” and implement foundational consumer and market protections, while states can “leverage their more immediate understanding of consumer needs” and more quickly modernize regulations in response to industry developments and innovation, Harris said.
Rates committee approves SOFR best practices
On April 21, the Alternative Reference Rates Committee (ARRC) announced the endorsement of the CME Group’s Term SOFR rates, which ARRC formally recommended in 2021 (covered by InfoBytes here). The ARRC endorsement recommended that use of Term SOFR rates be limited to specific purposes, including as a fallback rate for legacy LIBOR cash products, for new use in business loans and certain securitizations, and for use in derivatives issued to end-users to hedge cash products that reference the Term SOFR rate. ARRC stated that, while it recognizes the usefulness of Term SOFR in certain business lending transactions, it continues to recommend the use of overnight SOFR and SOFR averages for all products. ARRC further encouraged market participants “to continue to monitor use of Term SOFR over time given the importance that such use continues to be proportionate to the base of transactions underlying the Term SOFR rate, and does not materially detract from those transactions in a way that compromises the robustness of the Term SOFR rate itself as the market evolves, as outlined in the ARRC’s principles.” Additionally, ARRC stated that the recommended uses outlined within the document regarding the use of Term SOFR will not change and “are meant to apply as permanent recommendations for the market.”
FTC testifies on privacy efforts
On April 18, FTC Chair Lina M. Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya testified before the House Energy and Commerce Subcommittee on Innovation, Data, and Commerce on the agency’s efforts to protect consumers from unfair or deceptive practices and unfair methods of competition. The hearing addressed the agency’s 2024 budget request, as well as topics focused on rulemaking authority, junk fees, robocalls, fraud, and privacy initiatives, among others. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) delivered opening remarks, during which she cited the resignation of both Republican commissioners and criticized the agency’s “abuses of power.”
In a prepared statement, the commissioners provided an overview of the agency’s consumer protection work, including its initiatives to safeguard consumers’ privacy that take a multi-pronged approach focusing on health data, children and teens, and data security. The commissioners broadly discussed recent enforcement actions taken to protect sensitive health data and commented on FTC efforts to use the agency’s rulemaking authority to protect children in the marketplace (the FTC is currently reviewing the Children’s Online Privacy Protection Act Rule to determine any necessary changes and is exploring how commercial surveillance may be fueling manipulative advertising practices targeted towards children and teens). They also flagged a recent data security action as an example of how the agency “is pivoting toward requiring restrictions on what data firms can collect and retain.” According to the testimony, the FTC engaged in 35 investigations, cases, and enforcement projects with foreign consumer, privacy, and criminal enforcement agencies during the last fiscal year. The commissioners also said the agency is currently reviewing comments received on a 2022 advance notice of proposed rulemaking (covered by InfoBytes here), which sought feedback on the widespread collection of consumers’ personal information as well as concerns relating to consumer data security and commercial surveillance. While the commissioners reiterated the agency’s strong support for federal privacy legislation, Chair Rodgers said the FTC voted on partisan lines “to act unilaterally” on its own set of rules.
FHFA seeks to codify fair lending oversight
On April 19, FHFA issued a notice of proposed rulemaking (NPRM) to codify several existing practices and programs relating to the agency’s fair lending oversight requirements for the Federal Home Loan Banks and Fannie Mae and Freddie Mac (GSEs). Intended to provide increased public transparency and greater oversight and accountability to the regulated entities’ fair housing and fair lending compliance, the NPRM seeks to also formalize requirements for the GSEs to maintain Equitable Housing Finance Plans, which are designed to address racial and ethnic disparities in homeownership and wealth and foster housing finance markets that provide equitable access to affordable and sustainable housing (covered by InfoBytes here). The NPRM will also codify requirements for the GSEs to collect and report homeownership education, housing counseling, and language preference information from the Supplemental Consumer Information Form (SCIF). Lenders are required to use the SCIF as part of the application process for loans with application dates on or after March 1, that will be sold to the GSEs (covered by InfoBytes here). Comments on the NPRM are due 60 days after publication in the Federal Register.
3rd Circuit: No ambiguity in collection dispute notice
On April 18, the U.S. Court of Appeals for the Third Circuit affirmed the dismissal of a putative FDCPA class action debt collection lawsuit concerning allegedly misleading dispute language. A letter the plaintiff received from the defendant debt collector included the following statement:
Unless you notify this office within 30 days after receiving this notice that you dispute the validity of this debt or any portion thereof, this office will assume this debt is valid. If you notify this office in writing within 30 days after receiving this notice that you dispute the validity of this debt or any portion thereof, this office will obtain verification of the debt or obtain a copy of a judgment and mail you a copy of such judgment or verification. If you request of this office in writing within 30 days after receiving this notice[,] this office will provide you with the name and address of the original creditor, if different from the current creditor.
If you dispute the debt, or any part thereof, or request the name and address of the original creditor in writing within the thirty-day period, the law requires our firm to suspend our efforts to collect the debt until we mail the requested information to you.
The plaintiff argued that the suspended collection language in the second paragraph violated the FDCPA because it led her to believe “that she could suspend collection by disputing all or part of the debt orally outside of the 30-day window.” Doing so, the plaintiff maintained, would conflict with her rights under Section 1692g(b) of the statute, which “guarantees that, if a consumer invokes her § 1692g(a) right to request information about a debt, and the consumer invokes this right in writing and within the thirty-day period prescribed by statute, a debt collector must ‘cease collection of the debt’ until it has provided the requested information to the debtor.” While the defendant was not required to notify the plaintiff about her rights under 1692g(b), the plaintiff claimed that including inaccurate information about those rights gave her “contrary and inconsistent” information.
The district court dismissed the action for failure to state a claim on the premise that, when “read holistically,” the letter did not suggest that the plaintiff could have collection activity suspended by orally disputing the debt outside the 30-day window. On appeal, the 3rd Circuit agreed with the district court that the language that preceded the disputed statement “eliminates any ambiguity” because “it explains that a debtor who wishes to avail herself of her statutory right to validation of a debt must request validation in writing and within 30 days of receiving a collection notice.”