InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC issues draft principles on climate risk management
On March 30, the FDIC announced a request for comment on draft principles, which provide a high-level framework for the safe and sound management of exposures to climate-related financial risks. The principles are intended for the largest financial institutions (those with over $100 billion in total consolidated assets), though the announcement notes that all financial institutions, regardless of size, can have material exposures to climate-related financial risks. The topics covered by the principles include: (i) governance; (ii) policies, procedures, and limits; (iii) strategic planning; (iv) risk management; (v) data, risk measurement, and reporting; and (vi) scenario analysis. The draft principles also highlight management of risk areas. Comments close 60 days after publication in the Federal Register. In a statement, acting FDIC Chairman Martin Gruenberg said the key principles are “an initial step toward the promotion of a consistent understanding of the effective management of climate-related financial risks.”
Agencies provide points of contact for computer security incident notifications
On March 29, the FDIC, OCC, and Federal Reserve Board issued guidance related to a final rule issued last November by the agencies along with the Federal Reserve Board, which requires a banking organization to timely notify its primary federal regulator in the event of a significant computer-security incident within 36 hours after the banking organization determines that a cyber incident has taken place. As previously covered by InfoBytes, the “Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers” final rule states that notification is required in certain circumstances for incidents that have affected: (i) the viability of a banking organization’s operations; (ii) its ability to deliver banking products and services; or (iii) the stability of the financial sector. Additionally, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, a banking organization’s operations for four or more hours. Compliance with the final rule begins May 1.
FDIC FIL-12-2022 states that supervised banks can comply with the final rule by notifying their case manager of an incident, notifying any member of an FDIC examination team if the event occurs during an examination, or by notifying the FDIC by email if it is unable to access its supervisory team contacts.
OCC Bulletin 2022-8 provides points of contact for national banks, federal savings associations, covered savings associations, and federal branches and agencies of foreign banking organizations for satisfying the final rule’s notification requirement. Banks may contact their supervisory office or submit a notification through the BankNet website or contact the BankNet Help Desk.
Fed SR 22-4/CA 22-3 states that regulated banking organizations should contact their designated point of contact about a notification incident, and may submit notice via email or phone. Banking organizations are also encouraged to contact the FRB through the same means if there is doubt as to whether a notification incident was experienced. Bank service providers are encouraged to contact the affected banking organization customer or its own legal advisor should there be doubt as to whether a material disruption or degradation in services has occurred that may impact the banking organization customer.
OCC updates commercial real estate lending booklet of Comptroller’s Handbook
On March 29, the OCC issued Bulletin 2022-7 version 2.0 of the “Commercial Real Estate Lending” booklet of the Comptroller's Handbook. The booklet rescinds version 1.1 of the booklet of the same title issued in January 2017 and Bulletin 2013-19, “Commercial Real Estate Lending: Comptroller's Handbook Revisions and Rescissions.” Among other things, the revised booklet: (i) indicates changes to laws and regulations since the booklet was last updated; (ii) reflects the agency’s issuances published and rescinded since the booklet was last updated; (iii) provides clarifying edits regarding supervisory guidance, sound risk management practices, and legal language; and (vi) resends certain content for clarifying purposes.
CFPB settles with student loan servicer over unfair practices
On March 30, the CFPB announced a settlement with a student loan servicer to resolve allegations that the company engaged in deceptive acts with respect to borrowers with Federal Family Education Loan Program (FFELP) loans about their eligibility for Public Service Loan Forgiveness (PSLF), in violation of the Consumer Financial Protection Act, among other things. The CFPB alleged that the company engaged in unfair, deceptive, or abusive acts or practices by misrepresenting: (i) that FFELP borrowers could not receive PSLF; (ii) that FFELP borrowers were making payments towards PSLF before loan consolidation; and (iii) that certain jobs were not eligible for PSLF. The Bureau also alleged that the servicer “did not provide any information about how to become eligible for PSLF when borrowers inquired about the program or mentioned that they worked in a job that was likely a qualifying public-service job.”
Under the terms of the consent order, the servicer is required to: (i) notify all affected borrowers of the Department of Education’s limited PSLF waiver to provide affected consumers the opportunity to take advantage of the waiver before it ends on October 31; (ii) “develop and implement a call script for Customer Service Representatives that, at minimum, requires them to solicit information from all FFELP Consumers about whether a consumer’s employment may make them eligible for PSLF, and if so, to direct them to a Public Service Specialist, who will provide accurate and complete information about PSLF”; and (iii) pay a civil money penalty of $1 million to the Bureau.
According to a statement by CFPB Director Rohit Chopra, the Bureau “has long been concerned that others in the student loan servicing industry have derailed borrowers from making progress toward loan cancellation,” and “CFPB law enforcement work has identified these problems for years, finding failures at multiple servicers.”
HUD offers disaster relief for homeowners in Puerto Rico
On March 29, HUD announced disaster assistance for certain areas in Puerto Rico impacted by a severe storm, flooding, and landslides from February 4 to February 6. The disaster assistance follows President Biden’s major disaster declarations on March 29. According to the announcements, HUD is providing an automatic 90-day moratorium on foreclosures of FHA-insured home mortgages for covered properties and is making FHA insurance available to victims whose homes were destroyed or severely damaged, such that “reconstruction or replacement is necessary.” HUD’s Section 203(k) loan program enables individuals who have lost homes to finance a home purchase or to refinance a home to include repair costs through a single mortgage. The program also allows homeowners with damaged property to finance the repair of their existing single-family homes. Furthermore, HUD is allowing administrative flexibilities to community planning and development grantees, as well as to public housing agencies.
CFPB complies with settlement agreement in FACA dispute over consumer financial law taskforce
On March 28, the CFPB filed its final status report detailing measures taken by the agency to remedy the Bureau’s Taskforce on Federal Consumer Financial Law’s stipulated violations of the Federal Advisory Committee Act (FACA). As previously covered by InfoBytes, in January the Bureau publicly announced that it settled a lawsuit filed by several consumer advocacy groups against the agency, which claimed that the taskforce was “illegally chartered” and violated FACA. The consumer advocacy groups claimed that the taskforce—which was established by the Bureau in 2019 under former Director Kathy Kraninger to provide recommendations to improve consumer financial laws and regulations—lacked balance, and that appointed members who “uniformly represent industry views” have worked on behalf of several large financial institutions or work as industry consultants or lawyers. Last year, the parties entered a stipulated settlement in the U.S. District Court for the District of Massachusetts (covered by InfoBytes here) in which the Bureau agreed to take several measures, including releasing all taskforce records, amending the taskforce’s final report to include a disclaimer that a January 2021 final report (covered by InfoBytes here) was produced in violation of FACA, and providing status reports until the Bureau has come into full compliance. The final status report certified to the court and the consumer advocacy groups that the Bureau has complied in full with the terms of the agreement.
FCC signs robocall enforcement partnerships with states
On March 28, the FCC announced it launched formal robocall investigation partnerships with the Connecticut, District of Columbia, Idaho, Kentucky, Minnesota, New Jersey, and Wyoming state attorneys general, bringing the total number of state-federal partnerships to 22. According to the FCC, the seven AGs entered into a Memoranda of Understanding (MOU) with state robocall investigators and the FCC’s Enforcement Bureau, which establishes critical information sharing and cooperation structures to investigate spoofing and robocall scam campaigns. The FCC also noted that it expanded existing MOUs in Michigan and West Virginia with robocall investigations. According to the press release, the MOUs help facilitate relationships with other actors, including other federal agencies and robocall blocking companies, and provide support for and expertise with critical investigative tools, including subpoenas and confidential response letters from suspected robocallers. The FCC also noted that “[d]uring investigations, both the FCC’s Enforcement Bureau and state investigators seek records, talk to witnesses, interview targets, examine consumer complaints, and take other critical steps to build a record against possible bad actors,” which “can provide critical resources for building cases and preventing duplicative efforts in protecting consumers and businesses nationwide.”
CFPB releases report on credit card late fees
On March 29, the CFPB released a report analyzing credit card late fees. Using three data sources to study the consumer impact of and industry reliance on late fees, the report found that credit card issuers charged approximately $12 billion in 2020. The Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act) requires that late fees be “reasonable and proportional,” and its implementing regulation (Regulation Z) sets a “safe harbor” for certain fee amounts, which are adjusted by the CFPB annually for inflation. The report described that these limits have increased to $30 for the first late payment and $41 for a subsequent late payment within 6 billing cycles. The Bureau noted that Congress transferred provisional authority to the CFPB, who “expects many major card issuers to hike fees further, based on inflation, given the existing reliance on the immunity provisions in the marketplace.” Other significant findings of the report include, among other things, that: (i) the average deep subprime account was charged $138 in late fees in 2019, compared with $11 for the average superprime account; (ii) credit card accounts held by consumers living in the United States’ poorest neighborhoods paid approximately twice as much on average in total late fees than those living in the richest areas in 2019; (iii) late fee volume decreased when stimulus checks arrived in 2020 and 2021, particularly in households with lower credit scores; and (iv) “[l]ate fees account for a greater share of charges for issuers who service a higher percentage of subprime accounts at almost 20 percent of total interest and fees.”
Chopra: Large repeat offenders should face tougher consequences
On March 28, CFPB Director Rohit Chopra warned that large, dominant banks and firms that repeatedly break the law “should be subject to the same consequences of enforcement actions as small firms.” Speaking before the University of Pennsylvania Law School as the 2022 Distinguished Lecturer on Regulation, Chopra told attendees that the current “double-standard” enforcement approach needs to end, and that the Bureau intends to establish dedicated units within its supervision and enforcement divisions to detect repeat offenders and corporate recidivists “to better hold them accountable.” This may mean that insured depository institutions lose access to federal deposit insurance or are put directly into receivership, Chopra stated, explaining that “[r]epeat offenses and, in particular, order violations, may be a sign that an institution’s condition or behavior is unsafe and unsound.”
Pointing out that penalties become meaningless if regulators are not willing to enforce them, Chopra stated that the Bureau needs “to move away from just monetary penalties and consider an arsenal of options that really work to stop repeat offenses.” To address this, Chopra outlined a new set of “bright-line structural remedies, rather than press-driven approaches” that the Bureau will consider when it discovers large entities are repeatedly committing the same types of violations. These include: (i) imposing limits or caps on size or growth; (ii) banning certain types of business practices; (iii) forcing companies to divest certain product lines; (iv) placing limitations on leverage or requirements to raise equity capital; and (v) revoking government granted privileges. Additionally, with respect to licensed nonbank institutions of all sizes that repeatedly violate the law, Chopra indicated that the Bureau will deepen its collaboration with state licensing officials to allow states to determine whether to suspend licenses or liquidate assets.
Chopra also raised the prospect of targeting individuals. “Agency and court orders bind officers and directors of the corporation, and so do the laws themselves, so there are multiple ways in which individuals are held accountable. Where individuals play a role in repeat offenses and order violations, it may be appropriate for regulatory agencies and law enforcers to charge these individuals and disqualify them. Dismissal of senior management and board directors, and lifetime occupational bans should also be more frequently deployed in enforcement actions involving large firms.” Chopra emphasized that “[w]hen it comes to individuals, we also need to pay close attention to executive compensation incentives. Important remedies for restoring law and order may include clawbacks, forfeitures, and other changes to executive compensation, including where we tie up compensation for longer periods of time and use that deferred compensation as the first pot of money to pay fines.”
OCC launches Dallas REACh
On March 28, the OCC announced the launch of Dallas REACh, which expands the OCC’s Project REACh (Roundtable for Economic Access and Change) efforts to Dallas, Texas, representing the agency’s fourth regional effort. As previously covered by InfoBytes, in 2020, the OCC launched this initiative to promote greater financial inclusion of underserved populations. According to the OCC, Project REACh brings together leaders from the banking industry, national civil rights organizations, and various businesses and technology organizations who will identify and reduce barriers to accessing capital and credit. The OCC further noted that Dallas REACh “will organize and initiate formal efforts to reduce financial barriers that include low rates of affordable homeownership, poor access to capital for minority-owned and small businesses, and underinvestment into trusted community institutions, such as minority depository institutions.” According to remarks by acting Comptroller of the Currency Michael J. Hsu at the launch of Dallas REACh, the agency is “excited to expand our efforts into the Dallas community, supporting local leaders, banks, and businesses as they discuss needs and work to address impediments to financial inclusion.”