InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC clarifies impact of sanctions on humanitarian assistance and trade
On June 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet for “Provision of Humanitarian Assistance and Trade to Combat COVID-19.” The Fact Sheet, among other things, highlights Treasury’s humanitarian-related or other general licenses (GL) issued to support people impacted by Covid-19 across Iran, Venezuela, North Korea, Syria, Cuba, and Russia. Relatedly, OFAC issued Iran-related GL N-2, Venezuela-related GL 39B, and Syria-related GL 21B to authorize transactions and activities related to the prevention, diagnosis, or treatment of Covid-19, as well as several amended FAQs.
FCC launches Privacy and Data Protection Task Force
On June 14, FCC Chairwoman Jessica Rosenworcel announced the establishment of the Commission’s new Privacy and Data Protection Task Force. According to the announcement, the task force will coordinate efforts across the FCC on rulemaking, enforcement, and public awareness needs in the privacy and data protection sectors. These coordinated measures, Rosenworcel said, are intended to protect against and respond to data breaches involving telecommunications providers and those related to cyber intrusions. Measures will also address supply chain vulnerabilities involving third-party vendors that service regulated communications providers. Speaking to the Center for Democracy and Technology Forum on Data Privacy, Rosenworcel commented that data monetization is big business and that “market incentives to keep our data and slice and dice it to inform commercial activity are enormous” and only increasing. She provided examples of data aggregators selling individual geolocation data and said this demonstrates how information can be monetized. Rosenworcel further explained that the task force will also provide input on Commission efforts to modernize the FCC’s data breach rules. As previously covered by InfoBytes, the FCC issued a notice of proposed rulemaking in January to launch a formal proceeding for strengthening the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information.
Texas enacts digital services bill to protect minors
On June 13, the Texas governor signed HB 18 to enact the Securing Children Online through Parental Empowerment (SCOPE) Act. The Act will require digital service providers to register a person’s age and, if the user is determined to be a minor (younger than 18 years of age), the provider is required to: (i) limit the collection of personal identifying information (PII) to what is reasonably necessary to provide the service; (ii) limit use of PII to the purpose for which it was collected; (iii) prevent the user from engaging in financial transactions through the digital service; (iv) prevent the user’s PII from being shared, disclosed, or sold; (v) not use the digital service to collect precise geolocation data on the user; or (vi) not use the digital service for targeted advertising. Digital service providers are also required to create tools for parents to control their minor children’s accounts and privacy settings and should reasonably attempt to limit advertising and algorithms that direct minors to harmful content.
SCOPE applies only to those who provide a digital service that enables minor users to socially interact with other users on the digital service and create, post, or share content. SCOPE outlines numerous exemptions, including exemptions for financial institutions, certain covered entities governed by the Health Insurance Portability and Accountability Act, certain persons subject to the Family Educational Rights and Privacy Act, and certain affiliates or subsidiaries of an internet service provider.
While the Act explicitly prohibits its use as a basis for a private right of action, it does grant the state attorney general exclusive authority to enforce the law (a violation of the Act is considered a deceptive act or practice). The Act takes effect September 1, 2024.
OCC warns banks to “guard against complacency” in risk management
On June 14, the OCC released its Semiannual Risk Perspective for Spring 2023, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The agency reported that the overall strength of the federal banking system is sound but warned banks to remain diligent and maintain effective risk management practices over critical functions in order to withstand current and future economic and financial challenges.
The OCC highlighted liquidity, operational, credit, and compliance risk as key risk themes in the report. Observations include: (i) in response to recent bank failures and investment portfolio depreciation, liquidity levels have been strengthened; (ii) credit risk remains moderate, however in certain commercial real estate segments, signs of stress are increasing (high inflation and rising interest rates are also causing credit conditions to deteriorate); (iii) operational risk, including persistent cyber threats, is elevated, while opportunities and risks are created by banks’ increased use of third parties and the digitalization of banking products and service; and (iv) compliance risk remains heightened as banks continue to navigate a dynamic environment where compliance management systems try to keep pace with evolving products, services, and delivery channel offerings.
The report also discussed challenges banks face when trying to manage climate-related financial risks, as well as the importance of investing and aligning technology with banks’ business goals. Acting Comptroller of the Currency Michael Hsu urged banks “to ‘be on the balls of their feet’ with regards to risk management” and “guard against complacency.”
CFTC shuts down illegal trading platform
The U.S. District Court for the Northern District of California recently granted the CFTC’s motion for default judgment in an action accusing a decentralized autonomous organization of violating the Commodity Exchange Act (CEA) by operating an illegal trading platform and unlawfully acting as a futures commission merchant. (See also CFTC press release here.) The CFTC maintained that the organization’s platform and its blockchain-based software “protocol” enables users to engage in retail commodity transactions but does not provide protections or other requirements mandated under the statute. In addition to unlawfully offering leveraged and margined retail commodity transactions outside of a registered exchange, the organization is charged with failing to comply with Bank Secrecy Act obligations applicable to future commission merchants, including implementing a customer information program or conducting know your customer procedures. The default judgment requires the organization to shutter its website and remove its content from the internet, and orders permanent trading and registration bans. The organization also must pay a $643,542 civil money penalty and is enjoined from future violations of the CEA.
FTC says bank impersonation is most-reported text message scam
On June 8, the FTC reported that consumers lost $330 million to text message scams in 2022, which is double the amount reported in 2021. The FTC’s recent Consumer Protection Data Spotlight found that the top five text message scams, accounting for over 40 percent of the 1,000 randomly sampled text frauds in 2022, are often impersonating well-known businesses. The data spotlight names copycat bank fraud prevention alerts, bogus “little gifts,” fake package delivery problems, phony job offers, and fake online-shopping account fraud prevention messages as the top five text message scams. With text message scam open rates at 98 percent and email scam open rates at 20 percent, scammers use the speed and cost effectiveness of text messages to their advantage, the FTC reported.
CFPB releases regulatory agenda
The Office of Information and Regulatory Affairs recently released the CFPB’s spring 2023 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. In January, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.” (Covered by InfoBytes here.)
- Insufficient funds fees. The Bureau is considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- Amendments to FIRREA concerning automated valuation models. On June 1, the Bureau issued a joint notice of proposed rulemaking (NPRM) with the Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations to implement quality control standards mandated by the Dodd-Frank Act concerning automated valuation models used by mortgage originators and secondary market issuers. (Covered by InfoBytes here.) Previously, the Bureau released a Small Business Regulatory Enforcement Fairness Act (SBREFA) outline and report in February and May 2022 respectively. (Covered by InfoBytes here.)
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the SBREFA and the issuance of a final report examining the impact of the Bureau’s proposals to address consumers’ personal financial data rights. (Covered by InfoBytes here.) Proposed rulemaking may be issued in October.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an NPRM last month to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The proposed effective date is at least one year after the final rule is published in the Federal Register (“but no earlier than the October 1 which follows by at least six months Federal Register publication”), with the possibility of a further extension to ensure compliance with a TILA timing requirement.
- Supervision of Larger Participants in Consumer Payment Markets. The Bureau is considering whether to engage in pre-rulemaking activity next month to define larger participants in consumer payment markets and further the scope of the agency’s nonbank supervision program.
- Nonbank registration. The Bureau announced its intention to identify repeat financial law offenders by establishing a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
- Terms and conditions registry for supervised nonbanks. At the beginning of the year, the Bureau issued an NPRM that would create a public registry of terms and conditions used in non-negotiable, “take it or leave it” nonbank form contracts that “claim to waive or limit consumer rights and protections.” Under the proposal, supervised nonbank companies would be required to report annually to the Bureau on their use of standard-form contract terms that “seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce or exercise their rights” and would appear in a publicly accessible registry. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
- Credit card penalty fees. The Bureau issued an NPRM in February to solicit public feedback on proposed changes to credit card late fees and late payments and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. A final rule may be issued later this year.
- LIBOR transition. In April, the Bureau issued an interim final rule, amending Regulation Z, which implements TILA, to update various provisions related to the LIBOR transition. Effective May 15, the interim final rule further addresses LIBOR’s sunset on June 30, by incorporating references to the SOFR-based replacement—the Fed-selected benchmark replacement for the 12-month LIBOR index—into Regulation Z. (Covered by InfoBytes here.)
Chopra testifies at congressional hearings
On June 13, CFPB Director Rohit Chopra testified before the Senate Banking Committee to discuss the Bureau’s most recent semi-annual report to Congress. Covering the period beginning April 1, 2022 and ending September 30, 2022, the semi-annual report addressed a wide range of issues, including the adoption of significant rules and orders, supervisory and enforcement actions, and actions taken by states relating to federal consumer financial law. The report also stated the Bureau received approximately 1.237 million consumer complaints, for which roughly 75 percent pertained to credit or consumer reporting. With respect to the Bureau’s mandated objectives, Chopra’s prepared statement highlighted rulemaking progress on several topics, including small business lending data collection and PACE lending. He also emphasized the agency’s heightened focus on supervising nonbank financial firms and reiterated that the Bureau will continue to shift its enforcement focus from small businesses to repeat offenders.
Committee Chair Sherrod Brown (D-OH) praised Chopra’s leadership in his opening statement, highlighting actions taken by the Bureau since Chopra’s last hearing appearance and disagreeing with the U.S. Court of Appeals for the Fifth Circuit’s decision that the agency’s funding authority violates the Constitution’s Appropriations Clause and the separation of powers. However, Ranking Member Tim Scott (R-SC) argued that Chopra “has created uncertainty in the marketplace by attempting to regulate through speeches and blog posts under the guise of ‘clarifying guidance,’” and continues to mislabel payment incentives as “junk fees” or “illegal fees.” Scott also took issue with the Bureau’s small business lending rule and asked why the agency should be trusted to collect a large amount of lending data when the agency itself experienced a data breach when an employee transferred sensitive consumer data to a personal email account without authorization.
During the hearing, Chopra addressed concerns accusing him of bypassing regulatory review by issuing policy changes through agency guidance and press announcements. “The things we hear from small firms is they really want to know how existing law applies,” Chopra said. “We have so many changes in technology, and these small firms don’t have the ability to hire so many lawyers[,] [s]o I’ve actually continued a practice of my predecessor, Director Kraninger to issue these advisory opinions and other guidance documents. They do not create any new obligations. They simply restate what the existing laws are.”
Chopra also answered questions relating to the Bureau’s proposal to limit credit card late fees and, among other things, adjust the safe harbor dollar amount for late fees to $8 for any missed payment (issuers are currently able to charge late fees of up to $41). (Covered by InfoBytes here.) Chopra explained that the proposed rule still allows recovery of costs but said the agency is trying to make the process “more rigorous and make sure it reflects market realities.” “[I]ssuers tell us is that they don’t want to profit off of late fees,” Chopra added. “That's exactly the goal here, because the law says those penalty fees are supposed to be reasonable and proportional. We’re trying to make it more clear about the way we can do that, while also making the market more competitive.”
Republican senators expressed concerns with the proposal during the hearing, with Scott commenting that no one wants to pay the late fee, but that “the truth of the matter is that fee is going to be paid just in a different form. . . .whether it’s through increased interest rates or increased cost of products, it doesn’t go away.” Senator Elizabeth Warren (D-MA) countered that “if there’s an $8 cap on credit card late fees, unless the banks can show that their costs are higher, in which case they can charge more, all that will happen, as best I can tell is that the banks will have slightly lower profit margins.”
Chopra faced similar question during a hearing held the next day before the House Financial Services Committee. Among the topics, committee members raised questions relating to technology risks presented by artificial intelligence and how existing law applies to machine learning. Chopra was also accused of overseeing an unconstitutional agency and flouting the notice-and-comment rulemaking process. Also discussed during the hearing was a recently introduced joint resolution to nullify the Bureau’s small business lending rule. (Covered by InfoBytes here.) Representative Roger Williams (R-TX) stressed that community banks are “concerned that the complicated reporting requirements will tie up loan officers and increase compliance costs plus compliance officers, which will be passed down to the consumer.”
Hsu discusses significance of consumer trust in banking
On June 8, acting Comptroller of Currency Michael J. Hsu discussed the significance of consumer trust in banking, and announced the OCC is considering designing and releasing an annual survey to measure the extent of consumer trust in banking. (See OCC’s request for comments on its proposed annual trust survey.) Hsu noted that public trust in banking is imperative to a good relationship with the communities served and to ensure consumers do not rely on risky means for storing funds. Distrust also presents risks for banks, Hsu said, explaining that “banks that have material fairness and compliance deficiencies may face stiff civil money penalties, restrictions on growth, and sustained reputational damage, limiting their capacities to make loans.” Hsu’s focus on trust in the banking system is also inspired by the threatening impact of unfairness and a lack of inclusivity. Therefore, in addition to the survey, the OCC is focusing on methods of consumer protection to underpin public trust in banks. Efforts include strengthening and modernizing the Community Reinvestment Act to create more lending opportunities to those in low- and moderate-income areas, reforming overdrafts by issuing guidance on overdraft protection programs, and addressing bias in the appraisal of homes by issuing a proposed rule to implement quality control standards for automated valuation models.
CFPB says it wants to simplify rules on mortgage servicing
On June 15, CFPB Director Rohit Chopra said the Bureau is considering whether to streamline mortgage servicing rules. Last September, the Bureau requested input from the public on mortgage refinance and forbearance standards and sought feedback on ways to reduce risks for borrowers who experience disruptions in their ability to make mortgage payments. (Covered by InfoBytes here.) Specifically, the Bureau sought ways to: (i) “facilitate mortgage refinances for consumers who would benefit from refinancing, especially consumers with smaller loan balances”; and (ii) “reduce risks for consumers who experience disruptions in their financial situation that could interfere with their ability to remain current on their mortgage payments.”
Chopra flagged several issues raised by commenters, including that borrowers seeking loss mitigation options can face a “paperwork treadmill” that disadvantages both homeowners and mortgage servicers. Commenters also reported that borrowers often incur servicing fees and experience negative credit reporting when waiting for servicers to review their options, Chopra said, explaining that even after a loss mitigation option has been implemented, these penalties can continue to negatively impact borrowers (such as preventing loan modifications and other interventions designed to allow borrowers to keep their homes).
Chopra said the Bureau intends to use the feedback to propose ways to streamline servicing standards but noted that the agency “will propose streamlining only if it would promote greater agility on the part of mortgage servicers in responding to future economic shocks while also continuing to ensure they meet their obligations for assisting borrowers promptly and fairly.”