InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases report on mortgage performance
On June 27, the OCC released its quarterly mortgage metrics report, which presents performance data for the first quarter of 2022 for loans that reporting banks own or service for others as a fee-based business. The first-lien mortgages included in the OCC’s quarterly report comprise 22 percent of all residential mortgage debt outstanding in the U.S., or approximately 12.2 million loans totaling $2.6 trillion in principal balances. The report, among other things, found that the performance of first-lien mortgages in the federal banking system improved during the first quarter of 2022. According to the report, 96.9 percent of mortgages were current and performing at the end of the quarter. The percentage of seriously delinquent mortgages was 1.8 percent in the first quarter of 2022, compared to 2.3 percent in the prior quarter. However, foreclosures increased compared to the prior quarter and a year earlier as pandemic-related accommodations wound down, with servicers initiating 19,524 new foreclosures in the first quarter of 2022.
FDIC releases May enforcement actions
On June 24, the FDIC released a list of 14 public enforcement actions taken against banks and individuals in May. These orders consist of “two consent orders, one modification of an 8(e) prohibition order, three orders to pay civil money penalty, three orders of prohibition, two section 19 orders, and one order of prohibition from further participation and order to pay, one order terminating amended supervisory prompt corrective action directive, and one order of termination of insurance.” Included is an order to pay a civil money penalty imposed against a Texas-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank failed “to obtain flood insurance or obtain an adequate amount of insurance coverage, at or before loan origination, for all structures in a flood zone, including multiple structures,” and failed “to force-place flood insurance, after loan origination, when the insurance on buildings securing the loan” was insufficient or nonexistent. The order assessed a $2,000 civil money penalty.
The FDIC also issued a consent order against a Utah-based bank based on alleged unsafe or unsound banking practices relating to the Bank Secrecy Act. The bank neither admitted nor denied the alleged violations but agreed to, among other things, “increase its oversight of the Bank's compliance with the BSA” and “conduct a comprehensive assessment of BSA/AML staffing needs.”
FTC, Florida file complaint against grant funding operation
On June 27, the FTC and the Florida attorney general filed a complaint against a Florida-based grant funding company and its owner (collectively, “defendants”) alleging that the defendants violated the Consumer Protection Act, the FTC Act, and the Florida Deceptive Unfair Trade Practices Act. According to the complaint, the defendants deceptively marketed grant writing and consulting services to minority-owned small businesses by, among other things, (i) promising grant funding that did not exist and/or was never awarded; (ii) misleading customers about the status of grant awards; and (iii) failing to honor a “money-back guarantee” and suppressing customer complaints. The complaint also alleged that the owner relied on funds that she acquired through the federal Paycheck Protection Program Covid-19 stimulus program to start the company. The U.S. District Court for the Middle District of Florida issued a restraining order with asset freeze, appointment of a temporary receiver, and other equitable relief order against the defendants, which also prohibits them from engaging in grant funding business activities.
Fannie and Freddie release updated guidance on credit score coding glitch
On June 24, Fannie Mae and Freddie Mac issued additional guidance related to a coding issue that impacted approximately 12 percent of credit scores earlier this year. As previously covered by InfoBytes, a consumer reporting agency informed lenders and industry members that it experienced a coding issue when it changed some of the technology to its legacy online model platform.
After making a determination that the underlying credit report data errors resulting from the coding issue “are not considered to be material erroneous credit data errors under Selling Guide B3-2-09,” Fannie Mae issued LL-2022-02 to provide requirements applicable specifically to impacted loans. Specifically, lenders are not required to obtain an updated credit report and re-underwrite the impacted loan “by resubmitting the loan to Desktop Underwriter® (DU® )” nor are they required to “re-assess the underwriting decision for non-DU loans, based solely on this issue.” An inaccurate credit score used at the time of underwriting will not render the loan ineligible for purchase, Fannie Mae stated, adding that a “repurchase request will not be issued based solely on this issue.” Guidance related to obtaining corrected credit scores and making data corrections, as well as information concerning loan-level price adjustments, post-closing quality control review, and representation and warranty relief is also provided in the lender letter.
Freddie Mac issued Bulletin 2022-14 to provide similar guidance to sellers about their credit reporting and data correction responsibilities, and stated that it will also “not issue a repurchase based solely on an inaccurate credit score used in the underwriting of a mortgage.”
The guidance is effective immediately.
OCC reports on key risks facing the federal banking system
On June 23, the OCC released its Semiannual Risk Perspective for Spring 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that as “banks continue to navigate the operational- and market-related impacts of the pandemic along with substantial government stimulus, current geopolitics have tightened financial conditions and increased downside risk to economic growth.” However, the OCC noted that banks’ financial conditions remain strong and that banks are well-positioned to “deal with the economic headwinds arising from geopolitical events, higher interest rates and increased inflation.”
The OCC highlighted operational, compliance, interest rate, and credit risks as key risk themes in the report. Observations include: (i) operational risk, including evolving cyber risk, is elevated, with an observed increase in attacks on the financial services industry given current geopolitical tensions; (ii) compliance risk remains heightened as banks navigate the current operational environment, regulatory changes, and policy initiatives; and (iii) credit risk remains moderate, with banks facing certain areas of weakness and potential longer-term implications resulting from the Covid-19 pandemic, inflation, and direct and indirect effects of the war in Ukraine. Staffing challenges among banks also present risks, with challenges posed by “strong competition” in the labor market.
The report also discussed the importance of appropriate due diligence of new digital asset products and services. The OCC said that it “continues to engage on an interagency basis to analyze various crypto-asset use cases,” and is looking to “provide further clarity on legal permissibility, as well as safety and soundness and compliance considerations related to crypto-assets” in the banking industry.
The OCC further stated it “will continue to monitor the development of climate-related financial risk management frameworks at large banks,” and reported that “OCC large-bank examination teams will integrate the examination of climate-related financial risk into supervision strategies and continue to engage with bank management to better understand the challenges banks face in this effort, including identifying and collecting appropriate data and developing scenario analysis capabilities and techniques.”
FTC seeks to ban auto lending “junk fees” and “bait-and-switch tactics”
On June 23, the FTC issued a notice of proposed rulemaking (NPRM) to ban “junk fees” and “bait-and-switch” advertising tactics related to the sale, financing, and leasing of motor vehicles by dealers. Specifically, the NPRM would prohibit dealers from making deceptive advertising claims to entice prospective car buyers. According to the FTC’s announcement, deceptive claims could “include the cost of a vehicle or the terms of financing, the cost of any add-on products or services, whether financing terms are for a lease, the availability of any discounts or rebates, the actual availability of the vehicles being advertised, and whether a financing deal has been finalized, among other areas.” The NPRM would also (i) prohibit dealers from charging junk fees for “fraudulent add-on products” and services that—according to the FTC—do not benefit the consumer; (ii) require clear, written, and informed consent (including the price of the car without any optional add-ons); and (iii) require dealers to provide full, upfront disclosure of costs and conditions, including the true “offering price” (the full price for a vehicle minus only taxes and government fees), as well as any optional add-on fees and key financing terms. Dealers would also be required to maintain records of advertisements and customer transactions. Comments on the NPRM are due 60 days after publication in the Federal Register.
The FTC noted that in the past 10 years, the Commission has brought more than 50 auto-related enforcement actions and helped lead two nationwide law enforcement sweeps including 181 state-level enforcement actions in this space. Despite these efforts, the FTC reported that automobile-related consumer complaints are among the top ten complaint types submitted to the Commission.
FHA issues temporary partial waivers for specific HECM policies
On June 23, FHA announced FHA INFO 2022-64 to issue the following temporary partial waivers to its Home Equity Conversion Mortgage (HECM) policies for senior homeowners impacted by the Covid-19 pandemic who continue to experience significant financial difficulties. Specifically, the first temporary partial waiver concerns Mortgagee Letter 2015-11. FHA notes that its waiver “allows mortgagees to offer repayment plans to HECM borrowers with unpaid property charges regardless of their total outstanding arrearage." The second waiver—concerning Mortgagee Letter 2016-07—“permits mortgagees to seek assignment of a HECM immediately after using their own funds to pay property taxes and insurance on or after March 1, 2020, by temporarily eliminating the three-year waiting period for such assignments.” Both waivers are effective through December 31.
FTC finalizes action against e-commerce platform for data breach cover up
On June 24, the FTC announced a final decision and order against two limited liability companies (respondents) accused of allegedly failing to secure consumers’ sensitive personal data and covering up a major breach. As previously covered by InfoBytes, the respondents—former and current owners of an online customized merchandise platform—allegedly violated the FTC Act by, among other things, misrepresenting that they implemented reasonable measures to protect customers’ personal information against unauthorized access and misrepresenting that appropriate steps were taken to secure consumer account information following security breaches. The complaint further alleged that respondents failed to apply readily available protections against well-known threats or adequately respond to security incidents, which resulted in the respondents’ network being breached multiple times. Under the terms of the final settlement, one of the respondents is required to pay $500,000 to victims of the data breaches. The other respondent is required to provide notice to consumers impacted by a 2019 data breach. Among other things, the order prohibits respondents from misrepresenting their privacy and security measures and requires that respondents implement comprehensive information security programs that are assessed by an independent third party.
CFPB updates FAQs on civil money penalties
On June 6, the CFPB updated its Civil Penalty Fund Frequently Asked Questions (FAQs). The FAQs, among other things: (i) present the Civil Penalty Fund Allocation Schedule; (ii) clarify basic definitions related to CFPB civil money penalties; (iii) clarify when the Bureau will begin to distribute funds; and (iv) explain redress and its difference from payments to victims from the Civil Penalty Fund.
Rep. McHenry introduces draft privacy legislation based on GLBA
On June 23, House Financial Services Ranking Member Patrick McHenry (R-NC) released a discussion draft of new federal legislation intended to modernize financial data privacy laws and provide consumers more control over the collection and use of their personal information. (See overview of the discussion draft here.) The draft bill seeks to build on the Gramm-Leach-Bliley Act (GLBA) to better align financial data protection law with evolving technologies that have innovated the financial system and the way in which consumers interact with financial institutions, including nonbank institutions. “Technology has fundamentally changed the way consumers participate in our financial system—increasing access and inclusion. It has also increased the amount of sensitive data shared with service providers. Our privacy laws—especially as they relate to financial data—must keep up,” McHenry said, emphasizing the importance of finding a way to “secure Americans’ privacy without strangling innovation.”
Among other things, the draft bill:
- Requires notice of collection activities. The GLBA currently requires that consumers be provided notice when their information is being disclosed to third parties. The draft bill updates this requirement to require financial institutions to provide notice when consumers’ nonpublic personal information is being collected.
- Recognizes the burden on small institutions. The draft bill stipulates that agencies shall consider compliance costs imposed on smaller financial institutions when promulgating rules.
- Amends the definition of a “financial institution.” The draft bill will update the definition to cover data aggregators in addition to financial institutions engaged in financial activities as described in 4(k) of the Bank Holding Company Act of 1956.
- Expands the definition of non-public information. The draft bill expands the definition of “personally identifiable financial information” to include “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.” Publicly available information is not included in this definition. The definition of “consumer account credentials” will mean “nonpublic information (including a username, password, or an answer to a security question) that enables the consumer to access an account of the consumer at a financial institution.”
- Provides consumers access to data. The draft bill provides that financial institutions must, upon an authorized request from a consumer, disclose the data held, entities with which the financial institution shares consumer data, and a list of entities from whom the financial institution has received a consumer’s non-public personal information.
- Allows consumers to stop the collection and disclosure of their data. When a financial institution is required to terminate the collection and/or sharing of a consumer’s nonpublic personal information, the draft bill provides that a financial institution must notify third parties that data sharing is terminated and must require the third parties to also terminate collection and disclosure. Additionally, upon request from a consumer, the financial institution must delete any nonpublic personal information in its possession, and if required by law to retain the data, the financial institution may only use the data for that purpose.
- Minimizes data collection. The draft bill requires that financial institutions notify consumers of their data collection practices in their privacy policies, including the categories collected, how the information is collected, and the purposes for the collection. Consumers must be allowed an opportunity to opt-out of the collection of their data if not necessary for the provision of the product or service by that entity.
- Provides informed choice and transparency. Under the draft bill, privacy terms and conditions must be transparent and easily understandable. The draft bill requires the disclosure of a financial institution’s privacy policies in a manner that provides consumers meaningful understanding of what data is being collected, the manner in which the data is collected, the purposes for which the data will be used, the right to opt-out, who has access to the data, how an entity is using the data, where the data will be shared, the data retention policies of the entity, the consumer’s termination rights, and the rights associated with that data for uses inconsistent with stated purpose, among others.
- Stipulates liability for unauthorized access. The draft bill states that “[i]f the nonpublic personal information of a consumer is obtained from a financial institution (either due to a data breach or in any other manner) and used to make unauthorized access of the consumer’s account, the financial institution shall be liable to the consumer for the full amount of any damages resulting from such unauthorized access.’’
- Requires preemption. The draft bill will preempt state privacy laws to create a national standard.
The draft bill was introduced days after the House Subcommittee on Consumer Protection and Commerce heard testimony from consumer advocates and industry representatives on the recently proposed bipartisan American Data Privacy and Protection Act (covered by a Buckley Special Alert here).