InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases enforcement actions
On May 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Alaska-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” The order requires the bank to, among other things, establish a compliance committee, submit a BSA/AML action plan, and develop a written suspicious activity monitoring and reporting program.
FTC to strengthen advertising and endorsement guidelines against fraudulent reviews
On May 19, the FTC announced it is considering changes to strengthen its advertising guidelines to address fake and manipulative reviews, as well as concerns over inadequate disclosure tools. The Commission unanimously voted to submit a notice of proposed changes to its “Guides Concerning the Use of Endorsements and Testimonials in Advertising” (Endorsement Guides), which were enacted in 1980 and amended in 2009. Under the Endorsement Guides, advertisers are required “to be upfront with consumers and clearly disclose unexpected material connections between endorsers and a seller of an advertised product.” In February 2020, the FTC issued a request for comments on, among other things, whether the Endorsement Guides are effective at addressing concerns in the marketplace, as well as issues related to social media disclosures, incentive reviews, and affiliate links. According to the Commission’s announcement, the proposed changes (i) warn “social media platforms that some of their tools for endorsers are inadequate and may open them up to liability”; (ii) clarify that the Endorsement Guides cover fake reviews; (iii) add a new principle, which provides that “in procuring, suppressing, boosting, organizing, or editing consumer reviews, advertisers should not distort or misrepresent what consumers think of their products”; (iv) clarify that social media tags are covered by the Endorsement Guides; (v) modify “the definition of ‘endorsers’ to bring virtual influencers—that is, computer-generated fictional characters—under the guides”; (v) provide an example addressing the microtargeting of a discrete group of consumers; and (vi) introduce a new section addressing concerns related to child-directed advertising.
A public event will be hosted by the FTC on October 19 to address topics including “children’s capacity at different ages and developmental stages to recognize and understand advertising content and distinguish it from other content,” and the “need for and efficacy of disclosures as a solution for children of different ages, including the format, timing, placement, wording, and frequency of disclosures.”
FTC cracks down on ed tech providers’ COPPA compliance
On May 19, the FTC warned providers of education technology (ed tech) tools for children that they must fully comply with all provisions of the Children’s Online Privacy Protection Act (COPPA). The Commission voted unanimously to approve a policy statement clarifying how COPPA applies to ed tech tools that gather data about children, while underscoring prohibitions on harvesting and monetizing children’s data. The policy statement explained that ed tech providers cannot force children to disclose more information than is reasonably necessary for participating in their educational services and are prohibited from using collected data for marketing or advertising purposes. Additionally, providers are prohibited from retaining children’s data for longer than necessary to fulfill the purpose for which it was collected, and must have procedures in place to keep the data secure. The FTC noted that “even absent a breach, COPPA-covered ed tech providers violate COPPA if they lack reasonable security.” Providers that fail to comply with COPPA may face civil penalties as well as new requirements and limitations on their business practices to stop the unlawful conduct. The policy statement comes as the FTC reexamines COPPA. As previously covered by InfoBytes, the Commission launched a rule review in 2019.
House Republicans concerned about CFPB UDAAP manual and administrative adjudications
On May 19, nineteen Financial Services Committee Republicans sent a letter to CFPB Director Rohit Chopra expressing concerns about the agency’s new UDAAP supervisory policy and the recent changes to CFPB administrative adjudication procedures. As previously covered by a Buckley Special Alert, the Bureau revised its UDAAP exam manual to highlight the CFPB’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service. With the March announcement, the Bureau made clear its view that any type of discrimination in connection with a consumer financial product or service could be an “unfair” practice — and, therefore, the CFPB can bring discrimination claims related to non-credit financial products. According to the letter, “the CFPB’s new [UDAAP] supervisory policy and the recent changes to CFPB administrative adjudication procedures deviate significantly from past practices.” The letter further argued that “Congress enacted the fair lending laws and delegated their enforcement to the CFPB, clearly defining the limits of CFPB’s jurisdiction.” Additionally, the letter noted that “[e]xtending ECOA’s disparate treatment and disparate impact analysis to non-credit financial products and services ignores these clear limits.” The legislators also contended that “[i]n addition to radically reinterpreting UDAAP, changes to the way the CFPB will supervise for UDAAP will impose significant new responsibilities on supervised entities.”
The letter also expressed concerns regarding changes recently made to the rules governing CFPB administrative adjudications. As previously covered by InfoBytes, in February the Bureau published a procedural rule and request for public comment in the Federal Register to update its Rules of Practice for Adjudication Proceedings. The Bureau indicated that the amendments would provide greater procedural flexibility, providing parties earlier access to relevant information, expanding deposition opportunities, and making various changes related to “timing and deadlines, the content of answers, the scheduling conference, bifurcation of proceedings, the process for deciding dispositive motions, and requirements for issue exhaustion, as well as other technical changes.” According to the letter, this represents a “disturbing” action that is “contrary to [Chopra’s] comments about intending to establish durable jurisprudence made during testimony before the House Financial Services Committee in October 2021,” and “does not abide by typical notice and comment procedures.” The nineteen House Republicans on the Committee stated their view that “it is appropriate for the CFPB to immediately revert back to the previous Rules of Practice and conduct notice and comment rulemaking before [] any new procedures become effective.”
FDIC reinstates SARC as final review in supervisory appeals
On May 17, the FDIC adopted revised Guidelines for Appeals of Material Supervisory Determinations to reinstate the Supervision Appeals Review Committee (SARC) as the final level of review in the agency’s supervisory appeals process. The SARC’s restoration appears to eliminate the independent Office of Supervisory Appeals, which was created and staffed in 2021. The Office of Supervisory Appeals was designed to have final authority to resolve appeals by a panel of reviewing officials and be independent from other divisions within the FDIC that have authority to issue material supervisory determinations (covered by InfoBytes here).
According to the revised guidelines, the SARC will include one inside member of the FDIC’s Board of Directors (serving as chairperson); a deputy or special assistant to each of the other inside board members; and the general counsel as a non-voting member. The guidelines provide a list of material supervisory determinations, including CAMELS, IT, trust, and CRA ratings; consumer compliance ratings; loan loss reserve provision determinations; TILA restitutions; and decisions to initiate informal enforcement actions (such as memoranda of understanding).
The guidelines apply to all FDIC-supervised financial institutions, including state nonmember banks, industrial banks, and insured U.S. branches of non-U.S. banks.
While public comments from industry had supported an independent supervisory appeals process, the revised guidelines are posted in final (not draft) form on the FDIC’s website, with the FIL asserting that the guidelines take effect May 17 (before the comment period concludes on June 21). The notice and request for comments was published in the Federal Register on May 20.
FDIC releases process for MDI designation requests
On May 19, the FDIC released a process for insured institutions or applicants for deposit insurance to submit requests for recognition as a minority depository institution (MDI). As previously covered by InfoBytes, last June the FDIC approved and released an updated Statement of Policy Regarding Minority Depository Institutions to enhance the agency’s efforts to preserve and promote MDIs.
The updated statement of policy details the framework by which the FDIC implements objectives set forth in Section 308 of FIRREA and describes agency initiatives for fulfilling its MDI statutory goals. According to the FDIC, “supervised institutions or applicants for deposit insurance that seek to be recognized as an MDI may submit a written request, signed by a duly authorized officer or representative of the institution or applicant, at any time to the appropriate regional office.” Supervised institutions are also able to submit requests in connection with a merger application or a change in control notice. Requests should contain sufficient information in support of the designation, and the FDIC will send a letter acknowledging recognition of the institution as an MDI if an institution has met the eligibility requirements.
FDIC approves final rule for trust, mortgage servicing account insurance
On May 18, the FDIC published a final rule that amends the deposit insurance regulations for trust accounts and mortgage servicing accounts. According to the FDIC, the final rule is “intended to make the deposit insurance rules easier to understand for depositors and bankers, facilitate more timely insurance determinations for trust accounts in the event of a bank failure, and enhance consistency of insurance coverage for mortgage servicing account deposits.”
The final rule, among other things: (i) establishes updates to the Banker Resources Guide Deposit Insurance Page with the Small Entity Compliance Guide (Community Bank Information) to promote understanding of the regulations; (ii) amends the deposit insurance regulations by merging the revocable and irrevocable trusts categories; (iii) “amends the regulation to expand the current per-borrower coverage of up to $250,000 to include any funds paid into the account to satisfy the principal and interest obligation of the mortgagors to the lender”; and (iv) establishes that certain “depositors within excess of $1.25 million in trusts deposits at a particular IDI may want to make changes given the new coverage limits” effective April 1, 2024.
Hsu urges banks to evaluate risk management exposures
On May 17, acting Comptroller of the Currency Michael J. Hsu stressed “[n]ow is the time for banks to take a fresh look at their exposures and take actions to adjust their risk positions—to ‘trim their sails,’ so to speak—ahead of potential uncertainty and volatility.” Hsu said banks should take action now to examine exposure and adjust risk profiles ahead of potential uncertainty and volatility in interest rates and loan performance. “Empowering risk managers and enforcing discipline in risk-taking will enable banks to better navigate the rate environment and will lower the chances of nasty surprises as quantitative tightening occurs,” Hsu stressed. Banks should also re-review their risk identification capabilities and assess the comprehensiveness of their counterparty credit risk management practices, paying close attention to areas where risk limits or other practices have been relaxed for “high-priority, high-growth clients, especially where increasing wallet share has been a goal.” He also cautioned banks against taking on too much risk associated with a single economic concentration, flagging commercial real estate and loans to non-depository financial institutions (including broker-dealers, asset managers, and investment funds) as specific areas where banks may suffer considerable losses when markets turn. Banks should also be careful not to relax underwriting standards, Hsu warned, pointing to some banks that have lowered their retail credit underwriting to obtain new customers and volume growth. “Actions today to defease high-impact tail risks can temper the need to go full ‘risk-off’ tomorrow, ensuring that the banking industry can remain a source of strength to the economy, as it has throughout the pandemic and recent market turbulence,” Hsu stated.
FDIC rule seeks to thwart misrepresentations about deposit insurance
On May 17, the FDIC approved a final rule implementing its authority to prohibit any person or organization from making misrepresentations about FDIC deposit insurance or misusing the FDIC’s name or logo. According to the FDIC, the final rule responds to the “increasing number of instances where individuals or entities have misused the FDIC’s name or logo, or have made false or misleading representations about deposit insurance.” To promote transparency on the FDIC’s processes for investigating and enforcing potential breaches of prohibitions under Section 18(a)(4) of the Federal Deposit Insurance Act, the final rule clarifies the agency’s procedures for identifying, investigating, and where necessary, taking formal and informal action to address potential violations, and establishes a primary point-of-contact for receiving complaints and inquiries about potential misrepresentations regarding deposit insurance. The final rule takes effect 30 days after publication in the Federal Register.
In response, the CFPB released Consumer Financial Protection Circular 2022-02 to provide that covered firms are likely in violation of the CFPA’s prohibition on deceptive acts or practices “if they misuse the name or logo of the FDIC or engage in false advertising or make material misrepresentations to the public about deposit insurance, regardless of whether such conduct (including the misrepresentation of insured status) is engaged in knowingly.” As previously covered by InfoBytes, the newly introduced circulars serve as policy statements for other agencies with consumer financial protection responsibilities. Specifically, the Bureau warned that (i) “[m]isrepresenting the FDIC logo or name will typically be a material misrepresentation”; (ii) claiming “financial products or services are ‘regulated’ by the FDIC or ‘insured’ or ‘eligible for’ FDIC insurance are likely deceptive if those claims expressly or implicitly indicate that the product or service is FDIC-insured when that is not in fact the case” (e.g. emerging financial products and services including digital assets and crypto-assets); and (iii) misusing the FDIC’s name or logo creates harm for firms that engage in honest advertising and marketing. CFPB Director Rohit Chopra, as an FDIC board member, announced the Bureau’s support for the final rule. “Misrepresentation claims about deposit insurance are particularly relevant today,” Chopra noted. “FDIC staff has noted an uptick in potential violations in recent years. We are especially concerned about potential misconduct involving novel technologies, including so-called stablecoins and other crypto-assets. While new technologies may yield significant benefits for households, workers, and small businesses, they nonetheless pose risks to consumers who may be baited by misrepresentations or false advertisements about deposit insurance.”
Acting Comptroller of the Currency Michael J. Hsu specifically called out the timeliness of the final rule in light of changes in the marketplace, technological developments, and rapidly evolving consumer behaviors. The final rule “is especially important in light of the growth of nonbank crypto firms and fintechs and their relationships with banks,” Hsu stated. “The potential for consumer confusion about the status of cash held at these firms is high and this final rule will help provide clarity.”
CFPB seeks consistent enforcement of consumer financial law
On May 16, the CFPB launched a new system for providing transparent guidance on how the agency intends to administer and enforce federal consumer financial laws. Consumer Financial Protection Circular 2022-01 discusses the broad variety of agencies responsible for enforcing federal consumer financial law, including the CFPA’s prohibition on unfair, deceptive, and abusive acts or practices, and 18 other “enumerated consumer laws” (some of which provide for private enforcement). The circulars will serve as policy statements under the Administrative Procedure Act for other agencies with consumer financial protection responsibilities such as the FDIC, OCC, Federal Reserve Board, and NCUA. Because other federal agencies, including the DOJ, the FTC, the Farm Credit Administration, and the Departments of Transportation and Agriculture, also have certain enforcement responsibilities, the Bureau stressed the importance of ensuring entities subject to the jurisdiction of multiple agencies receive consistent expectations regardless of a company’s status. Specifically, the circulars “will provide background information about applicable law, articulate considerations relevant to the CFPB’s exercise of its authorities, and advise other parties with authority to enforce federal consumer financial law.” The Bureau announced it has identified several issues that would benefit from clear and consistent enforcement and strongly encouraged other agencies to reach out to the Bureau with suggestions for new circulars. Circulars will be authorized by CFPB Director Rohit Chopra and published on the Bureau’s website and in the Federal Register. The Bureau also welcomes feedback on any issued circulars.