InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Student loan servicer and trust could pay more than $5M in enforcement action with CFPB
On May 6, the CFPB filed a complaint against a Pennsylvania-based student loan servicer and 15 student loan trusts for alleged failure to properly respond to various borrower requests in violation of the CFPA. The complaint alleged thousands of borrower requests went unanswered from 2015 to 2021. Many of these requests allegedly sought forms of payment relief including: (i) co-signer release; (ii) extension of forbearance or deferment; (iii) loan settlement or forgiveness; (iv) Servicemember Civil Relief Act benefits; and (v) other forms of payment or interest rate reduction.
The CFPB also released two proposed stipulated final judgment orders for the trusts and the servicer to resolve the claims. If agreed upon by the court, the trusts and servicer will have to pay civil money penalties of $400,000 and $1.75 million, respectively, in addition to providing close to $3 million in compensation to impacted consumers. Additionally, the orders required non-monetary relief, such as the approval of outstanding borrower applications, the rectification of credit reports, the suspension of debt collection efforts, and the implementation of a functional process.
FHFA shares ‘lessons learned’ from evaluating exposure to climate-related risks
On May 1, the FHFA released a report covering the “lessons learned” from its review of the Climate Scenario Analysis (CSA) which was used by financial institutions and regulators to evaluate exposure to climate-related risk. Climate-related risk can be categorized in two ways: (i) physical risk which is damage to property, land, and infrastructure due to severe weather and environmental changes; and (ii) transition risk that results from policy and technological shifts towards a low-carbon economy.
In its preliminary CSA exercises, the FHFA made the following key observations:
- Data and Methodology Limitations: There were data limitations and methodological shortcomings as current tools depend on incomplete data.
- Modeling Assumptions: Results were significantly impacted by modeling assumptions.
- Challenges with Existing Credit Models: Current credit loss models were constrained while incorporating climate risks.
- Predictive Inaccuracy: The tools used to estimate the historical relationship between climate-related events and financial impacts may not be representative of future financial impacts.
The FHFA concluded that these findings indicated the CSA a complex process with room for enhancement and that no single risk assessment can fully capture the breadth of potential impacts from climate-related physical and transition risks.
HUD guidance on AI to prevent housing discrimination
On April 29, the Office of Fair Housing and Equal Opportunity of HUD issued two guidance documents concerning the use of artificial intelligence (AI) in housing-related practices, specifically in tenant screening and housing advertising. The guidance came in response to Biden's Executive Order to address potential biases in automated systems within the housing sector (covered by InfoBytes here).
HUD emphasizes the need for transparency and fairness when housing providers and screening companies use AI-assisted tenant screening processes. The tenant screening guidance recommended best practices for housing providers and screening companies to prevent discrimination based on race, color, national origin, religion, sex, disability, and familial status. The HUD guidance provided the following six “Guiding Principles for Non-Discriminatory Screenings”: (i) choose relevant screen criteria; (ii) use only accurate records; (iii) follow the applicable screening policy; (iv) be transparent with applicants; (v) allow applicants to challenge negative information; and (vi) design and test complex models for Fair Housing compliance.
Regarding housing advertising, HUD’s guidance warned advertisers and online platforms about the risks of using targeted advertising tools that could violate the Fair Housing Act by denying consumers information about housing opportunities or targeting individuals based on their protected characteristics. To reduce the risk of violating the Fair Housing Act, HUD recommended that advertisers should: (i) utilize advertising platforms that are taking steps to manage the risk of discriminatory delivery of housing-related ads; (ii) ensure the advertisements related to housing are accurately identified to the platform; (iii) analyze the composition of audience datasets; and (iv) monitor outcomes of advertising campaigns to identify and mitigate discriminatory outcomes. Advertising platforms are recommended to: (i) ensure that housing-related ads are run in a separate process designed to avoid discrimination; (ii) avoid providing targeting options for housing-related ads that describe or are related to FHA-protected characteristics; (iii) conduct regular end-to-end testing of advertising systems; (iv) proactively identify and adopt less discriminatory alternatives for AI models and algorithmic systems; (v) ensure that algorithms are similarly predictive; (vi) ensure that ad delivery systems are not resulting in differential charges on the basis of protected characteristic; and (vii) document, retain, or publicly release in-depth information about ad targeting functions and internal auditing.
CFPB reports that complex pricing leads to higher consumer costs
On April 30, the CFPB published a report titled Price Complexity in Laboratory Markets indicating that consumers may pay higher prices for products with complex pricing structures. The report drew on experiments conducted in “simple markets,” where participants engaged in transactions as buyers and sellers. According to the report, these experiments revealed that when product prices were divided into several sub-parts, making them more complicated, participants generally paid more compared to products with a single, comprehensive price.
The study involved participants acting in the roles of buyers and sellers, with transactions involving products priced either as a lump sum or split into eight or 16 separate charges. According to the report, the results showed that in situations with more fragmented pricing, the average selling price increased and buyers found it more challenging to compare prices between sellers. For products with 16 separate charges, the Bureau reported that sellers’ total asking price was typically 60 percent higher than products with one price. In a second experiment, the CFPB investigated the effects of increased competition on market outcomes, finding that increased competition “generally improved, but did not eliminate, the negative effects of price complexity.” The Bureau noted that the findings of this research align with existing studies and evidence suggesting that alleged "junk fees" can lead to higher overall prices than those typically found in a fair and competitive market.
CFPB releases report on costs of HSAs
On May 1, the CFPB released a report on health savings accounts (HSAs). The CFPB reported that consumers owned 36 million HSAs in 2023, and these HSAs held over $116 billion in assets – a 500 percent increase over the past decade. The CFPB believed this growth was likely due to HSAs’ tax-advantage status. According to the CFPB, HSAs differ from other healthcare spending accounts in ways that can “present increased costs, primarily in the form of fees and low interest rates.” The CFPB reported, for example, that suppliers of HSAs charged various fees, including monthly maintenance fees, paper statement fees, outbound transfer fees, and account closure fees. In the report, the CFPB indicated that the three largest HSA suppliers charge monthly fees at or around $4. Some suppliers reportedly did not make these fee schedules available publicly, and the fee responsibility varied between the company and the individual. On switching costs, one company charged a $20 outbound transfer fee for moving funds to a different HSA account. On closing costs, some companies charged a $25 account closure fee. The CFPB believed these “exit fees” were uncommon in deposit accounts. There were also delays in the transfer of funds from two to eight weeks. On other fees, the CFPB found some suppliers charge paper statement fees and ATM transaction fees.
CFPB Director, Rohit Chopra, released a statement with the Bureau’s report. In it, Director Chopra described the “captive consumer” model where consumers are often given an HSA automatically that better meets the needs of the employer than those of the consumer.
3rd Circuit finds appellant does not have FDCPA standing where only injury was confusion
On April 26, the U.S. Court of Appeals for the Third Circuit held that an appellant who sued a debt collector for allegedly violating the FDCPA did not have standing to bring her claim because she “failed to plead a concrete injury” under Article III. The appellant received a debt collection letter that failed to explicitly state if the money was owed to the original creditor or the current creditor and then filed a putative class action alleging a violation of the FDCPA. The appellant asserted that the uncertainty caused her confusion, but failed to allege that she suffered any other harm as a result of the confusion and uncertainty. Relying on precedent, the Third Circuit found that while an intangible harm such as confusion or uncertainty could qualify as a cognizable injury, it must still “bear a ‘close relationship’ to an injury ‘traditionally recognized as providing a basis for a lawsuit in American courts[.]’” Failing to do so, the court ruled that the appellant did not reach the threshold for establishing Article III injury. Therefore, the Third Circuit vacated the judgment of the district court (a dismissal for failure to state a claim) and remanded the case with instructions to dismiss the complaint.
FDIC closes Philadelphia-based bank and receives it for another bank
On April 26, the FDIC announced that the Pennsylvania Department of Banking and Securities had closed a Philadelphia-based bank and appointed the FDIC as receiver, noting that this is the first bank to “fail” this year and the first closure of a bank since November 2023. The FDIC reported that as of the end of January, the closed bank had $6 billion in total assets and $4 billion in total deposits. The FDIC entered into an agreement with a different bank from Lancaster, Pennsylvania whereby that bank will assume substantially all deposits and assets of the closed bank. All 32 branches of the failed bank became branches of the assuming bank, and customers of the failed bank became customers of the assuming bank. The FDIC estimated that the bank failure will cost the Deposit Insurance Fund $667 million.
HUD announces FFRMS final rule
Recently, HUD announced a final rule to implement the Federal Flood Risk Management Standard to “protect communities from flood risk, heavy storms, increased frequency of severe weather events and disasters, changes in development patterns, and erosion.” The final rule will enact the FFRMS as mandated by Executive Order 13690 by amending two HUD regulations: (i) Part 55, Floodplain Management and Protection of Wetlands; and (ii) Part 200, Minimum Property Standards. Among other things, the final rule will raise the elevations and flood proofing requirements of properties in flood-prone areas that use federal funds for new construction or are financed through HUD’s grant or subsidy programs. The revisions to Minimum Property Standards specifically target Federal Housing Administration-insured new constructions located within the 100-year floodplain. The final rule becomes effective on May 23.
FTC finalizes new rule on health data breach notification requirements
On April 26, the FTC released a final rule that will amend its Health Breach Notification Rule to require vendors of health apps and related entities not covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify affected individuals, the FTC, and in some cases, the media of a health data breach. The NPRM was published in May 2023 (covered by InfoBytes here). The final rule will apply to breaches of unsecured personally identifiable health data and, among other things, clarify that a “breach of security” to include “an authorized acquisition of unsecured [personal health record] identifiable health information that occurs as a result of a data security breach or unauthorized disclosure.” Further, the final rule will define a “[personal health record’s] identifiable health information” to cover health diagnoses, medications, health information tracked on applications or websites, or emergent health data to adopt health apps and privacy and data security risks collected by these technologies.
Under the rule, the FTC will require each vendor who discovered it was the target of a security breach of personal health record identifiable health information to notify each U.S. resident whose information was compromised during the security breach, notify the FTC, and, in cases where 500 or more residents are confirmed or reasonably believed to have been affected by the breach, to notify “prominent media outlets” no later than 60 days after the discovery of the breach (with an exception for law enforcement concerns). The rule will go into effect 60 days after the date of publication in the Federal Register.
Department of Commerce announces new actions related to Executive Order on AI
On April 29, the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce released several announcements regarding the progress on President Biden's Executive Order on AI (covered by InfoBytes here). NIST released four draft publications aimed at enhancing AI systems' safety, security, and trustworthiness.
The four draft publications include: (i) NIST AI 600-1 that offers a Generative AI Profile to help organizations identify and manage risks associated with generative AI; (ii) NIST SP 800-218A to expand on the Secure Software Development Framework (SSDF) and address concerns about malicious training data affecting AI systems, as well as provide potential risks and strategies for handling training data, including recommendations for analyzing data for signs of poisoning, bias, homogeneity, and tampering; (iii) NIST AI 100-4 that proposes technical methods to improve the transparency of AI-created or “synthetic” content; and (iv) NIST AI 100-5 which will outline a plan to encourage the global development of AI-related technical standards and seek feedback on areas for AI standardization, including methods for tracking the origin of digital content and shared practices for AI system testing and evaluation. Additionally, NIST is launching challenges to create methods for distinguishing between human and AI-generated content. Public comments on these initial drafts will be due by June 2.