InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FHFA publishes final rule on GSE capital plans
On June 1, the FHFA announced a final rule requiring Fannie Mae and Freddie Mac (GSEs) to submit annual capital plans and provide prior notice for certain capital actions “consistent with the regulatory framework for capital planning for large bank holding companies.” As previously covered by InfoBytes, in December 2021, FHFA issued the noticed of proposed rulemaking. These capital plans must include several mandatory elements, including (i) “[a]n assessment of the expected sources and uses of capital over the planning horizon that reflects the [GSE]’s size, complexity, risk profile and scope of operations, assuming both expected and stressful conditions”; (ii) “[e]stimates of projected revenues, expenses, losses, reserves and pro forma capital levels,” along with any additional capital measures the GSEs deem relevant; (iii) “[a] description of all planned capital actions over the planning horizon”; (iv) a discussion of stress test results and how the capital plans will account for these results; and (v) a discussion of any anticipated changes to a GSE’s business plan that may likely have a material impact on the GSE’s capital adequacy or liquidity. The final rule noted that the FHFA intends to review the capital plans for comprehensiveness, reasonableness, and relevant supervisory information, and plans to review the GSE’s regulatory and financial reports, as well as the results of any conducted stress tests and any other information required by FHFA or related to the GSE’s capital adequacy. Should the GSEs determine that there has been or will be a material change to their risk profile, financial condition, or corporate structure since the submission of the last plan (or if directed by FHFA), they must resubmit their capital plans within 30 days. The final rule also incorporates the determination of the stress capital buffer into the capital planning process, which will be provided to the GSEs by August 15 of each year, along with an explanation of the results of the supervisory stress test. The final rule is effective 60 days after publication in the Federal Register. Under the final rule, each GSE will submit its first capital plan by May 20, 2023.
FTC secures TRO against credit repair scheme
On May 31, the FTC announced that the U.S. District Court for the Eastern District of Maryland granted a temporary restraining order against a credit repair operation for allegedly engaging in deceptive practices that scammed consumers out of more than $213 million. According to the FTC’s complaint, the operation targeted consumers with low credit scores promising its products could remove all negative information from their credit reports and significantly increase credit scores. The operation allegedly violated the FTC Act, the Credit Repair Organizations Act, and the Telemarketing Sales Rule by, among other things, (i) making misrepresentations regarding its credit repair services; (ii) selling a product that purportedly sends rent payment information to credit bureaus even though “this information is not generally part of consumers’ credit score and many credit bureaus don’t accept this kind of information directly from consumers”; (iii) charging illegal advance fees; (iv) failing to provide consumers required information such as refund and cancellation policies; and (v) recruiting consumers to sell credit repair products to other consumers as part of a pyramid scheme even though few consumers ever received the promised earnings (and many consumers actually lost money as agents). Beyond the temporary restraining order, the FTC is seeking a permanent injunction, monetary relief, and other equitable relief.
Freddie’s automated underwriting now includes bank account data
On May 26, Freddie Mac announced new automated underwriting capabilities that will allow mortgage lenders to verify assets, income, and employment using borrower-approved bank account data. The new functionality is available starting June 1, through Freddie’s asset and income modeler (AIM) within the Freddie Mac Loan Product Advisor. According to Freddie’s announcement, the automated underwriting capability “provides the borrower’s current employment status using borrower-approved bank account (direct deposit) or payroll data obtained from designated third-party service providers” in order to give “lenders a more efficient option than obtaining oral or written verification of employment prior to closing.” Freddie cited a recent study, which found that adopting offerings like AIM helps lenders “significantly boost efficiency and shorten cycle times by as much as 15 days.” These efficiencies, Freddie said, “translate into a 30 percent reduction in loan origination costs, greater customer satisfaction, and an increase in applications being completed and closed.” The announcement also noted that Freddie recently released the industry’s first automated-assessment of direct deposit income, which enables AIM to access additional fixed income or alternative income sources such as retirement, Social Security, Veteran Affairs benefits, alimony, and child support, as well as income from an applicant’s tax return for self-employed individuals.
FDIC releases April enforcement actions
On May 27, the FDIC released a list of administrative enforcement actions taken against banks and individuals in April. During the month, the FDIC made public eight orders consisting of “three consent orders, one order of prohibition, one order to pay civil money penalty, one section 19 order, and two orders terminating consent orders.” The FDIC also released one notice seeking "an order of prohibition and an order to pay civil money penalty.” An order to pay a civil money penalty was imposed against a Missouri-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank: (i) “made, increased, extended, or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; and (ii) “made, increased, extended, or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral.” The order requires the payment of a $2,250 civil money penalty.
The FDIC also issued a consent order to a Louisiana-based bank, which alleged that the bank had “unsafe or unsound banking practices or violations of law or regulation relating to deficiencies in management and Board oversight, earnings performance, capital support, interest rate risk management, and asset quality.” The bank neither admitted nor denied the alleged violations but agreed to, among other things, “maintain its Total Risk-Based Capital ratio equal to or greater than 12.00 percent.”
FTC takes action against telemarketing operation
On May 25, the FTC announced an action resolving allegations against a subscription scam operation and its officers (collectively, “defendants”) that allegedly deceptively used telemarketing schemes on consumers. According to the complaint, which was filed in the U.S. District Court for the District of Nevada, the defendants allegedly violated the FTC Act and the Telemarketing Sales Rule (TSR) by calling consumers to claim that they were conducting a survey and offering “free” or low-cost magazine subscriptions. After the survey, the defendants allegedly sent consumers a bill falsely stating that they agreed to pay several hundred dollars for the magazine subscriptions. According to the FTC, there was a “no-cancellation policy,” and the defendants allegedly harassed consumers when they refused to pay the exorbitant bills, including by threatening to initiate collection actions or threatening to submit derogatory information about them to the major credit bureaus. The proposed order follows a 2010 permanent injunction that was entered against the same defendants, which prohibited them from committing future violations. The recent order requires the defendants to pay a suspended judgment of $14.4 million and requires them to give up all claims to money already paid to the FTC. Additionally, the defendants are required to monitor their compliance with the proposed order “and may face significant contempt remedies if they violate its terms.” The FTC noted that the original monetary relief was vacated after the Supreme Court’s decision in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here). The FTC pointed out that the “settlement of this matter for a suspended judgment of $14.47 million, after originally having been awarded $24 million at trial, demonstrates the challenges since the Supreme Court’s AMG decision.”
Brainard discusses central bank digital currency at House hearing
On May 25, Fed Governor Lael Brainard spoke before the U.S. House Financial Services Committee in a virtual hearing titled “Digital Assets and the Future of Finance: Examining the Benefits and Risks of a U.S. Central Bank Digital Currency.” According to the Committee’s memorandum regarding the hearing, the Fed defines a central bank digital currency (CBDC) as a “digital liability of a central bank that is widely available to the general public,” and though definitions vary, “understanding what distinguishes cryptocurrency from fiat government-issued currency is fundamental.” The memorandum also discussed the Fed’s publication of a discussion paper in January, Money and Payments: The U.S. Dollar in the Age of Digital Transformation, which calls for public comments on questions related to the possibility of a U.S. CBDC (covered by InfoBytes here). In Brainard’s prepared statement, she noted that the “rapid ongoing evolution” of digital assets “should lead us to frame the question not as to whether there is a need for a central bank-issued digital dollar today, but rather whether there may be conditions in the future that may give rise to such a need.” Brainard also stated that “there are risks of not acting, just as there are risks of acting.” While there has not been a decision on creating a U.S. CBDC, Brainard stated that “it is important to undertake the necessary work to inform any such decision and to be ready to move forward should the need arise.” Additionally, Brainard pointed to recent pressure on two widely used stablecoins and resulting market turmoil that “underscore the need for clear regulatory guardrails to provide consumer and investor protection, protect financial stability, and ensure a level playing field for competition and innovation across the financial system.” Brainard further stated that a U.S. CBDC could be a potential “way to ensure that people around the world who use the dollar can continue to rely on the strength and safety of the U.S. currency to transact and conduct business in the digital financial system.”
HUD announces Kansas disaster relief
On May 26, HUD announced disaster assistance for certain areas in Kansas impacted by severe winter storms and straight-line winds from March 17 to March 22. The disaster assistance follows President Biden’s major disaster declarations on May 25. According to the announcement, HUD is providing immediate foreclosure relief, making various FHA mortgage insurance available to disaster victims, and providing information on housing providers as well as HUD-approved housing counseling agencies, among other measures. Specifically, HUD is providing an automatic 90-day moratorium on foreclosures of FHA-insured home mortgages for covered properties effective May 25. It is also making various FHA insurance options available to victims whose homes require repairs or were destroyed or severely damaged. HUD’s Section 203(h) program allows borrowers from participating FHA-approved lenders to obtain 100 percent financing, including closing costs, for homes in which “reconstruction or replacement is necessary.” HUD’s Section 203(k) loan program enables individuals to finance the repair of their existing homes or to include repair costs in the finance of a home purchase or a refinance of a home. HUD is also allowing administrative flexibilities to community planning and development grantees, as well as to public housing agencies and Tribes.
CFPB questions CEOs on credit card payment reporting
On May 25, the CFPB announced that it sent letters to the CEOs of the nation’s largest credit card companies asking them to explain how they furnish data to credit reporting agencies regarding the exact monthly payment amounts made by borrowers. The letters noted that in 2020, the Bureau released a consumer credit trends report on the prevalence of actual payment information in consumer credit reporting, concluding that actual payment furnishing for installment loan products had increased steadily between 2012 and 2020 while actual payment furnishing for credit card and retail revolving accounts had declined significantly (covered previously by InfoBytes here). The Bureau stated in the letters that, based on “easily accessible credit report information,” the CFPB understands that the addressed companies do not currently “regularly or consistently” report actual payment amount information to the nationwide credit reporting agencies. The Bureau asserted, that without this information, lenders may have more difficulty pricing credit and offering consumers “the best valued credit offers and loans for their money.” Additionally, the letter stated that, “[c]onsumers reasonably expect that they will receive competitively priced credit based on their ability to manage and repay their credit obligations, but this is impaired if actual payment amount information is being suppressed by major credit card companies.” The letters present a series of questions that ask the CEOs to explain their companies’ credit card data furnishing practices, which include, among other things, if there are any “material barriers that would prevent including the actual payment field in the account information your company already furnishes,” and if there are “plans to start furnishing actual payment amount information.” The Bureau noted the letter does not serve as a supervisory request, and answering these questions is not mandatory, but submission of answers is due in writing within thirty days of the receipt of this letter.
Senate confirms Sandra Thompson as FHFA director
On May 25, the U.S. Senate voted along party lines to confirm Sandra L. Thompson as Director of the FHFA. Thompson has served as acting Director since June following the U.S. Supreme Court’s split decision in Collins v. Yellen, which held that it was unconstitutional for FHFA’s leadership structure to allow the President to fire the FHFA director only for cause. (Covered by InfoBytes here.) According to President Biden’s nomination announcement, Thompson brings “over four decades of government experience in financial regulation, risk management, and consumer protection,” including previously serving as Deputy Director of FHFA’s Division of Housing Mission and Goals where she oversaw the agency’s housing and regulatory policy, capital policy, financial analysis, and fair lending space, as well as all mission activities for the GSEs and the Federal Home Loan Banks. Thompson also worked for more than 23 years at the FDIC where she served in a variety of leadership positions. Her most recent position at the FDIC was Director of the Division of Risk Management Supervision. Thompson also led the FDIC’s “examination and enforcement program for risk management and consumer protection at the height of the financial crisis” and “the FDIC’s outreach initiatives in response to a crisis of consumer confidence in the banking system.”
Social media company to pay $150 million to settle FTC, DOJ data security probe
On May 25, the DOJ filed a complaint on behalf of the FTC against a global social media company for allegedly misusing users’ phone numbers and email addresses uploaded for security purposes to target users with ads. (See also FTC press release here.) According to the complaint, the defendant deceived users about the extent to which it maintained and protected the security and privacy of users’ nonpublic contact information. Specifically, from May 2013 to September 2019, the defendant asked users to provide either a phone number or an email address to improve account security. The defendant, however, allegedly failed to inform the more than 140 million users who provided phone numbers or email addresses that their information would also be used for targeted advertising. The FTC claimed the defendant used the collected information to allow advertisers to target specific ads to specific users by matching the phone numbers or email addresses with data they already had or obtained from data brokers. DOJ’s complaint alleged that the defendant’s conduct violated the FTC Act and the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield agreements, which require participating countries to adhere to certain privacy principles in order to legally transfer data from EU countries and Switzerland. This conduct also allegedly violated a 2011 FTC consent order with the defendant stemming from claims that the defendant deceived users and put their privacy at risk by failing to safeguard their personal information. According to DOJ’s complaint, the 2011 order “specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information.”
Under the terms of the proposed order, the defendant would be required to pay a $150 million civil penalty and implement robust compliance measures to improve its data privacy practices. According to the FTC and DOJ announcements, these measures would (i) “allow users to use other multi-factor authentication methods such as mobile authentication apps or security keys that do not require users to provide their telephone numbers”; (ii) require the defendant to “notify users that it misused phone numbers and email addresses collected for account security to also target ads to them and provide information about [its] privacy and security controls”; (iii) require the defendant to implement and maintain a comprehensive privacy and information security program, including conducting “a privacy review with a written report prior to implementing any new product or service that collects users’ private information,” regularly testing its data privacy safeguards, and obtaining regular independent assessments of its data privacy program; (iv) limit employee access to users’ personal data; and (v) require the defendant to notify the FTC should it experience a data breach, and provide reports after any data privacy incident affecting 250 or more users. Additionally, the defendant would be banned from profiting from deceptively collected data.