InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC sanctions additional persons in Bosnia and Herzegovina
On March 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against three individuals in Bosnia and Herzegovina (BiH), pursuant to Executive Orders 14033 or 14059. The designations build on other sanctions measures taken in the region (covered by InfoBytes here) and “collectively underscore the United States’ willingness to hold accountable those who are undermining democratic institutions and furthering their agendas for political and personal gain, at the expense of peace, stability, and progress in the Western Balkans,” OFAC explained. Specifically, the sanctions target the director general for BiH’s Intelligence Security Agency, a BiH national who headed an agency responsible for obstructing or threatening the implementation of the Dayton Peace Agreement, and a significant Balkans narcotics trafficker.
As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” OFAC further noted that “transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt,” which “include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person, or the receipt of any contribution or provision of funds, goods, or services from any such person.” OFAC warned financial institutions and other persons that should they engage in certain transactions or activities with the sanctioned individuals they may expose themselves to sanctions or be subject to an enforcement action.
New York AG continues crackdown on unregistered crypto trading platforms
On March 9, the New York attorney general filed a petition in state court against a virtual currency trading platform (respondent) for allegedly failing to registeras a securities and commodities broker-dealer and falsely representing itself as a cryptocurrency exchange. The respondent’s website and mobile application enable investors to buy and sell cryptocurrency, including certain popular virtual currencies that are allegedly securities and commodities. The AG noted that this is one of the first times a regulator is making a claim in court that one of the largest cryptocurrencies available in the market is a security. According to the announcement, this cryptocurrency “is a speculative asset that relies on the efforts of third-party developers in order to provide profit to the holders.” As such, the respondent was required to register before selling the crypto assets, the AG said, further maintaining that the respondent also sells unregistered securities in the form of a lending and staking product. According to the AG, securities and commodities brokers are required to register with the state, which the respondent allegedly failed to do. Additionally, the respondent claimed to be an exchange but failed to appropriately register with the SEC as a national securities exchange or be designated by the CFTC as required under New York law. Nor did the respondent comply with a subpoena requesting additional information about its crypto-asset trading activities in the state, the AG said, noting that the respondent has already been found to be operating in multiple jurisdictions without proper licensure. The state seeks a court order (i) preventing the respondent from misrepresenting that it is an exchange; (ii) banning the respondent from operating in the state; and (iii) directing the respondent to undertake measures to prevent access to its mobile application, website, and services from within New York.
Last month the AG filed a similar petition against another virtual currency trading platform alleging similar violations (covered by InfoBytes here).
District Court: Failure to investigate duplicate reporting dispute could violate the FCRA
On March 10, the U.S. District Court for the Southern District of Illinois ruled a defendant credit union failed to properly report an individual’s debt to a consumer reporting agency or investigate his dispute. Plaintiff obtained a credit card from the defendant but fell behind on his payments. After his account was later sent to a third-party collection agency, the plaintiff obtained a copy of his credit report where he noticed that his credit card debt was listed twice—once as a “individual” and “revolving” account with a balance of $10,145, and another time as an “open” collections account with a different balance. Plaintiff sent identical dispute letters to the three major credit reporting agencies (CRAs), acknowledging the delinquent credit card but expressing confusion as to why the account was listed twice. He submitted additional similar disputes with the CRAs, claiming that the error caused him to be denied the opportunity to rent an apartment and made it difficult for him to obtain a mortgage. During discovery, two corporate witnesses testified on behalf of the defendant—one of whom is responsible for reviewing consumer credit disputes and verified the information being reported was accurate. A second witness also testified that while the defendant understood that the plaintiff was alleging inaccuracies due to the debt being reported twice, it chose to focus its investigation on verifying that the information in the plaintiff’s credit report matched the information in its internal system.
In denying the defendant’s motion for summary judgment, the court noted that while the U.S. Court of Appeals for the Seventh Circuit “has not decided whether double-reporting of a single debt on a credit report is an FCRA violation, district courts across the country have found that whether the practice is misleading and violates the FCRA is an issue of fact.” The court explained that an issue of fact exists as to whether double reporting the debt created a misleading impression that the plaintiff has two separate debts totaling $22,000 rather than a single debt of roughly $10,000. Moreover, even though the plaintiff’s dispute contained the message “duplicate,” the defendant did not address this issue nor did it request that a change be made to the plaintiff’s credit report. “A jury could reasonably conclude [] that [defendant’s] investigation was inadequate under the FCRA,” the court wrote. “[W]hether [defendant’s] investigation or protocol may qualify as a willful violation giving rise to statutory or punitive damages is an issue for a jury as well.”
DOJ, CFPB: Lenders that rely on discriminatory appraisals violate the FHA and ECOA
On March 13, the DOJ and CFPB filed a statement of interest saying that a “lender violates both the [Fair Housing Act (FHA)] and ECOA if it relies on an appraisal that it knows or should know to be discriminatory.” (See also CFPB blog post here.) Pointing out that the case raises important legal questions regarding the issue of appraisal bias, the agencies explained that the DOJ has enforcement authority under both the FHA and ECOA, and the Bureau has authority to interpret and issue rules under ECOA and enforce the statute’s requirements.
The case, which is currently pending in the U.S. District Court for the District of Maryland, concerns whether an appraiser, a real estate appraisal company, and an online mortgage lender (collectively, “defendants”) violated federal and state law by undervaluing plaintiffs’ home on the basis of race and denying a mortgage refinancing application based on the appraisal. Plaintiffs, who are Black, claimed their home was appraised for a lower amount on the basis of race, and maintained that the lender denied their loan even after being told the appraisal was discriminatory. Additionally, plaintiffs claimed that after they replaced family photos with pictures of white people and had a white colleague meet a new appraiser, that appraiser appraised the house for $750,000—a nearly 60 percent increase despite there not being any significant improvements made to the house or meaningful appreciation in the value of comparable homes in the market.
The defendant appraiser filed a counterclaim against the plaintiffs providing technical arguments for why he valued the home at $472,000, including that the property next door was listed for $500,000, but was later reduced to $475,000, only 10 days after he completed the appraisal. He further claimed that the second appraisal failed to include that property as a comparison and relied on home sales that had not happened as of the time of the first appraisal. The lender argued that it should not be held liable because it was relying on a third-party appraiser and that “it can be liable only if it took discriminatory actions that were entirely separate from [the appraiser’s].”
While the statement does not address the issue of vicarious liability, the DOJ and CFPB asserted that lenders can be held liable under the FHA and ECOA for relying on discriminatory appraisals. They explained that it is “well-established that a lender is liable if it relies on an appraisal that it knows or should know to be discriminatory.” The statement also provided that for disparate treatment claims under the FHA and ECOA, “plaintiffs need only plead facts that plausibly allege discriminatory intent.” The agencies also argued that a violation of Section 3617 of the FHA (which includes “a prohibition against retaliating in response to the exercise of fair housing rights”) “does not require a ‘predicate violation’ of the FHA.
Fed to launch FedNow in July
On March 15, the Federal Reserve Board announced a July launch date for its FedNow Service. (Covered by a Special Alert here.) Beginning the first week of April, the Fed will start formally certifying participants, with early adopters completing a customer testing and certification program in preparation for sending live transactions through the system. The certification process “encompasses a comprehensive testing curriculum with defined expectations for operational readiness and network experience,” the Fed explained. “We couldn’t be more excited about the forthcoming FedNow launch, which will enable every participating financial institution, the smallest to the largest and from all corners of the country, to offer a modern instant payment solution,” said Ken Montgomery, First Vice President of the Federal Reserve Bank of Boston and FedNow program executive. “With the launch drawing near, we urge financial institutions and their industry partners to move full steam ahead with preparations to join the FedNow Service,” Montgomery added.
In addition to certifying early adopters for the July launch, the Fed said it will continue to engage with financial institutions and service providers to complete the testing and certification program throughout 2023 and beyond. FedNow “will launch with a robust set of core clearing and settlement functionality and value-added features,” the agency said, explaining that “[m]ore features and enhancements will be added in future releases to continue supporting safety, resiliency and innovation in the industry as the FedNow network expands in the coming years.”
Fed governor says transparency is key for promoting innovation in the banking system
On March 14, Federal Reserve Governor Michelle W. Bowman presented thoughts on innovation trends within the U.S. financial system during a conference held by the Independent Community Bankers of America. Bowman commented that innovation has always been a priority for banks of all sizes and business models, and that regulators—often accused of “being hostile to innovation” within the regulated financial system—are continually trying to learn and adapt to new technologies, which often introduce new risks and vulnerabilities. In order to address these challenges, which are often amplified for community banks, Bowman said banks must be prepared to make improvements to risk management, cybersecurity, and consumer compliance measures, and regulators—playing a complementary role—must ensure rules are clear and transparent. She further stressed that “[i]t is absolutely critical that innovation not distract banks and regulators from the traditional risks that are omnipresent in the business of banking, particularly credit, liquidity, concentration, and interest rate risk.” Noting that these types of risks are present in all bank business models, Bowman said they “can be especially acute for banks engaging in novel activities or exposed to new markets, including crypto-assets.”
Explaining that transparency is important for promoting a safe, sound, and fair banking system, particularly when it comes to innovation, Bowman stated that insufficient clarity or transparency or disproportionately burdensome regulations may “cause new products and services to migrate to the shadow banking system.” Bowman went on to discuss ways bank regulation and supervision can support responsible innovation, and highlighted unique challenges facing smaller banks, as well as key actions taken by regulators to date relating to crypto assets, third-party risk management, cybersecurity, Community Reinvestment Act reform, bank mergers, and overdraft fees, among others.
SEC proposes new cybersecurity requirements
On March 15, a divided SEC issued several proposed amendments to the agency’s cybersecurity-related rules.
The first is a proposed rule that would implement cybersecurity requirements for participants in the securities market, including broker-dealers, clearing agencies, and major security-based swap participants, among others. (See also SEC press release and fact sheet.) Among other things, the proposed rule would require all market entities to establish, maintain, and enforce written policies and procedures that are reasonably designed to address cybersecurity risks. Market participants would also be required to review the design and effectiveness of their cybersecurity policies and procedures at least once a year, and immediately provide the SEC written electronic notice of a significant cybersecurity incident should the participant have a reasonable basis to conclude that the incident had occurred or is occurring. Certain market entities would also be required to make public disclosures addressing cybersecurity risks and significant cybersecurity incidents to improve transparency. The SEC explained that the “interconnectedness of [m]arket [e]ntities increases the risk that a significant cybersecurity incident can simultaneously impact multiple [m]arket [e]tities causing systemic harm to the U.S. securities markets.”
The second proposed rule would amend Regulation S-P to enhance the protection of customer information and provide a federal minimum standard for data breach notifications. Regulation S-P requires broker-dealers, investment companies, and registered investment advisers to implement written policies and procedures for safeguarding customer records and information. The regulation also imposes requirements for proper disposal of consumer report information, implements privacy notice and opt-out provisions, and requires covered institutions to tell customers how their financial information is used. (See also SEC press release and fact sheet.) Under the proposed rule, covered institutions would be required to adopt an incident response program to address unauthorized access or use of customer information. Covered institutions would also be required to notify customers affected by certain types of data breaches that may expose them to identity theft or other harm by providing “notice as soon as soon as practicable, but not later than 30 days after the covered institution becomes aware that an incident involving unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred.” The proposed rule would also “extend the protections of the safeguards and disposal rules to both nonpublic personal information that a covered institution collects about its own customers and to nonpublic personal information that a covered institution receives about customers of other financial institutions.” Modifications to provisions related to registered transfer agents are also proposed.
Comments on both proposed rules are due 60 days after publication in the Federal Register.
Additionally, the SEC announced it has reopened the comment period on proposed cybersecurity risk management rules and amendments for registered investment advisers and funds. Under the proposed rules, advisers and funds would be required to adopt and implement written policies and procedures reasonably designed to address cybersecurity risks that could harm advisory clients and fund investors. The proposed rules also laid out additional requirements relating to the disclosure of cybersecurity risks and significant cybersecurity incidents as well as filing and recordkeeping. (Covered by InfoBytes here.) The SEC reopened the comment period for an additional 60 days.
In voting against the proposed rules, Commission Hester M. Pierce questioned, among other things, whether the amendments would create overlapping requirements for financial firms subject to state data breach laws that have customer notification provisions, some of which conflict with the SEC’s proposals. Commissioner Mark T. Uyeda also raised concerns as to how the three proposals interact with each other. He cautioned that the “lack of an integrated regulatory structure may even weaken cybersecurity protection by diverting attention to satisfy multiple overlapping regulatory regimes rather than focusing on the real threat of cyber intrusions and other malfeasance.”
FHFA delays effective date of DTI ratio-based fee
On March 15, FHFA delayed the implementation of a new debt-to-income ratio-based fee to August 1, in order to ensure lenders have sufficient time to prepare. In January, FHFA made several changes relating to upfront fees for certain borrowers with debt-to-income (DTI) ratios above 40 percent. The updated and recalibrated pricing grids also include the upfront fee eliminations announced last October to increase pricing support for purchase borrowers limited by income or by wealth, FHFA said. The agency made the decision to delay the effective date by three months based on feedback from mortgage industry stakeholders who raised concerns about the operational challenges of implementing the DTI ratio-based fee. FHFA also confirmed that “lenders will not be subject to post-purchase price adjustments related to this DTI ratio-based fee for loans acquired by [Fannie Mae and Freddie Mac] between August 1, 2023, and December 31, 2023.” The agency explained that this temporary exception “will not alter any other quality control review decisions by [Fannie Mae and Freddie Mac].”
CFPB scrutinizes discharged private student loan billing and collection practices
On March 16, the CFPB released a compliance bulletin discussing student loan servicers’ practice of collecting on private student loans discharged in bankruptcy. The bulletin also notified regulated entities on how the Bureau intends to exercise its enforcement and supervisory authorities on this issue. Bulletin 2023-01: Unfair Billing and Collection Practices After Bankruptcy Discharges of Certain Student Loan Debts addressed the treatment of certain private student loans following bankruptcy discharge. The Bureau explained that in order to secure a discharge of a qualified education loan in bankruptcy, a borrower must demonstrate that the loan would impose an undue hardship if not discharged. Loans that do not meet this qualification (“non-qualified student loans”) can be discharged under standard bankruptcy discharge orders, the Bureau said.
Bureau examiners found, however, that several servicers failed to determine whether a borrower’s loan was qualified or non-qualified. As a result, non-qualified student loans were returned to repayment after a bankruptcy concluded, wherein servicers continued to bill and collect payments on the loans even through the borrower was released from this debt through the bankruptcy discharge. According to the Bureau, many borrowers, when faced with collection activities in violation of a bankruptcy court order, continued to make payments on debts they no longer owed.
The Bureau explained that servicers who collected on student loans that were discharged by a bankruptcy court violate the prohibition on unfair, deceptive, or abusive acts or practices under the Consumer Financial Protection Act. The bulletin described unfair practices observed by examiners, such as servicers relying entirely on loan holders to distinguish among the loans and not ensuring that such holders had in fact done so. The bulletin also provided examples of student loans that are eligible for standard bankruptcy discharge, including loans made to students attending schools that are ineligible for federal student aid and loans made to students attending school less than half time. Bureau examiners instructed servicers to immediately stop collecting on discharged loans and take remedial action, including conducting a multi-year lookback and issuing refunds to affected borrowers.
CFPB issues 2023 HMDA institutional and transactional coverage charts
On March 15, the CFPB released the 2023 HMDA institutional and transactional coverage charts. The charts update the reporting thresholds for transactions that involve a closed-end mortgage loan, pursuant to an order issued last September by the U.S. District Court for the District of Columbia in National Community Reinvestment Coalition v. CFPB. (Covered by InfoBytes here.) As previously covered by InfoBytes, in 2020 the CFPB issued a final rule, which amended Regulation C and permanently increased the reporting threshold from the origination of at least 25 closed-end mortgage loans in each of the two preceding calendar years to 100, and permanently increased the threshold for collecting and reporting data about open-end lines of credit from the origination of 100 lines of credit in each of the two preceding calendar years to 200.
The 2023 HMDA Institutional Coverage Chart outlines criteria for determining whether an institution is covered by Regulation C. Additionally, the 2023 HMDA Transactional Coverage Chart explains that under HMDA/Regulation C, a transaction is reportable only if it is an application for, an origination of, or a purchase of a covered loan. The chart explains how to determine whether a transaction involves a covered loan and whether it meets the applicable loan-volume thresholds.