InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
House Financial Services Committee urges banking regulators to reconsider aspects of Basel III “Endgame” proposal
On March 5, the Chairman of the House Financial Services Committee, Patrick McHenry (NC-10), along with all Republican members released a letter to Federal Reserve Chairman Jerome Powell, Acting Comptroller of the Currency Michael Hsu, and FDIC Chairman Martin Gruenberg recommending they each withdraw from the Basel III “Endgame” proposal and identify better objectives with justifications. The Republican members indicated that the proposal received an “unprecedented number of comment letters,” with more than 97 percent receiving a call for withdrawal, re-proposal, or general concern with the proposal’s elements. Further, the letter pointed out that the agency chairs themselves recognized there was an issue, as shown by the agencies’ comment period extension by more than 45 days. While the members noted a strong desire to change the capital rules for financial institutions, they also expressed frustration with the lack of transparency regarding the whole process: “There has been little clarity . . . with Congress or the American people as to when or how the agencies will release the information collected from the banks or seek comment[.]” The Committee’s letter concluded by stating how the proposal is flawed and called for greater clarity on how agencies plan to account for public comments.
CFPB blog post tackles mortgage closing costs, seeks consumer feedback
On March 8, the CFPB published a blog post seeking consumer input on experiences with the closing process of consumer mortgages, and in particular, closing costs. The blog post posited that closing costs significantly impact a borrower’s financial commitment and, potentially, monthly payments and identified a “noticeable increase” in closing costs, with median total loan expenses on home purchase loans increasing by 21.8 percent between 2021 and 2022. In particular, the Bureau singled out title insurance fees and credit reporting fees. It labeled title insurance as a fee that borrowers are charged and for which they have no control over the cost, alleging that “the amount that borrowers pay for lender’s title insurance is often much greater than the risk.” With respect to credit reports, the Bureau remarked that the highly concentrated industry dictates the price of credit reports, citing anecdotal evidence of cost increases of 25 to 400 percent.
The blog post also indicated that borrowers with smaller mortgages, including those with lower incomes, first-time homebuyers, and individuals residing in Black and Hispanic communities, are often disproportionately affected by closing costs, because they are typically fixed costs and do not change based on the size of the loan. The Bureau requested that consumers provide input on their experience with mortgage or closing costs, signaling that it will continue to analyze and if necessary “issue rules and guidance to improve competition, choice, and affordability.”
Department of Energy discontinues crypto mining survey following a settlement agreement
On March 1, a cryptocurrency company (plaintiff) and the U.S. Department of Energy submitted a settlement agreement to the U.S. District Court for the Western District of Texas to discontinue an emergency crypto mining survey once approved by the Office of Management and Budget.
According to the settlement agreement, the Department of Energy initiated an emergency three-year collection of a Cryptocurrency Mining Facilities Survey in January, which the plaintiff claimed did not comply with various statutory and regulatory requirements for the emergency collection of information. Following the court’s approval of the plaintiff’s temporary restraining order, which protected plaintiffs from completing the survey issued by the Department of Energy and protected any information they may have already submitted, the Department of Energy discontinued its emergency collection, and said it will proceed through notice-and-comment procedures for approval of any collection of information covering such data. As a result of the discontinuation of the emergency collection request, no entity or person is required to respond to the survey.
As part of the settlement agreement, the Department of Energy will destroy any information it had already received from survey responses. In addition to a $2,199.45 payment for the plaintiffs’ litigation expenses, the Department of Energy also agreed to publish a new Federal Register notice of a proposed collection of information and withdraw its original notice.
New York State bill requires disclosure of beneficial owners of limited liability companies
On March 1, a newly enacted bill from New York State, S8059, (the “Act”) was signed by the governor and amended New York State law governing limited liability companies by mandating New York LLCs to file beneficial ownership information with the New York Department of State. The Act set a deadline for new LLCs to file the required ownership information within 30 days of their establishment; for existing LLCs, the bill required them to comply with the new requirements by January 1, 2026. The Act demanded that exempt companies, defined as LLCs or foreign LLCs not otherwise defined as a reporting company that met a condition for exemption in 31 U.S.C. §5336(a)(11)(B), electronically declared their statuses and the basis for their exemptions shortly after formation. It further imposed an annual requirement on all limited liability companies to update or confirm their ownership or exempt status. Additionally, access to the beneficial ownership reports was restricted to law enforcement under certain conditions. The Act enforced compliance with the requirements by imposing up to $500 daily fines for late submissions, the possibility of companies being marked as delinquent, and the threat of dissolution for persistent non-compliance.
7th Circuit says plaintiffs should have produced evidence to prove concrete injury
On February 29, the U.S. Court of Appeals for the Seventh Circuit decided that while an interruption of self-employment can cause a concrete loss for a plaintiff to sue, that loss must be established by evidence at summary judgment. The loss in question involved a consumer debt in arrears sold by a bank to a debt collection agency. Two individual plaintiffs owing the underlying debt sued the debt collection agency under 15 U.S.C. §1692e of the FDCPA when the debt collection agency attempted to collect on the debt owed without relaying that the bank had not verified the balance of the debt. The judge opined that rather than claiming they had incurred any concrete loss (e.g., a loss of income, payment of funds, etc.), plaintiffs instead filed an affidavit to state that the debt had “interrupted my self-employment” because they were focused on thinking about the debt and spent time working through records to confirm the debt owed. The judge agreed with the plaintiffs’ claim that debt collection efforts can very well cause a delay in receiving self-employment income, which is a “form of loss”; however, the judge also held that plaintiffs must show evidence of injury at the summary judgment stage, as this is the “put up or shut up” stage in litigation. Ultimately, the plaintiffs failed to show any evidence that debt collection efforts caused them concrete harm, other than interrupting a productive day of work.
Ginnie Mae now requires issuers to disclose cybersecurity incidents within 48 hours
On March 4, the President of Ginnie Mae released All Participants Memorandum (APM) 24-02, which set forth a new requirement applicable to all issuers, including issuers that subservice loans for others. The memo mandated that all approved issuers must notify Ginnie Mae of any significant cybersecurity incident within 48 hours of detection. Ginnie Mae defined a “Cyber Incident” as “an event that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constituted a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies and has the potential to directly or indirectly impact the Issuer’s ability to meet its obligations under the terms of the Guaranty Agreement.” If a Cyber Incident has occurred, issuers must it report to Ginnie Mae via a specified email address and must include (i) the date and time of the incident, (ii) a summary of the incident, and (iii) points of contact responsible for coordinating any follow-up questions regarding the incident. These requirements are also now reflected in Chapter 03, Part 18 of the Mortgage-Backed Securities Guide, 5500.3, REV-1.
CFPB lowers most credit card late fees to $8, amending Regulation Z
On March 5, the CFPB announced a final rule that will amend TILA Regulation Z and lower the typical credit card late fees from $30 to $8. According to the final rule, the CFPB determined that the Regulation Z §1026.52(b) $30 discretionary safe harbor for fees (for card issuers that together with their affiliates have at least one million open credit card accounts, i.e., “larger card issuers”) is too high, and therefore “are not consistent with TILA’s statutory requirement that such fees be reasonable [for a] violation.”
For larger card issuers, the final rule will repeal the current safe harbor threshold amount and adopt a late fee safe harbor dollar amount of $8. It also will eliminate late fees for a higher safe harbor dollar amount for repeat violations that occur during the same billing cycle or in one of the next six billing cycles. Larger card issuers will still be able to charge fees above the safe harbor threshold for late fees if they can prove the higher fee is necessary to cover their actual collection costs.
With respect to late fees imposed by larger card issuers, the provision on annual adjustments for the safe harbor dollar amounts (to reflect changes in the consumer price index) will not apply to the $8 safe harbor amount for those late fees. For card issuers that together with their affiliates have fewer than one million open credit card accounts for the entire preceding calendar year (“smaller card issuers”), the safe harbors revised pursuant to the annual adjustments will continue to apply to the late fees imposed by them. The final rule also amended comments and sample forms in Appendix G to revise current examples of late fee amounts to be consistent with the $8 safe harbor amount. Card issuers that meet or exceed the one million open credit card account thresholds, transforming them into larger card issuers, will have 60 days to comply with the requirements of the rule.
Regarding annual adjustments for safe harbor threshold amounts, the rule will adjust safe harbor threshold amounts in §§1026.52(b)(1)(ii)(A) and (B) to $32, and $43 for repeat violations that will occur during the same billing cycle or in one of the next six billing cycles. These two revised threshold amounts will apply to penalty fees other than late fees for all card issuers, as well as late fees imposed by smaller card issuers. The CFPB’s final rule will go into effect 60 days after publication in the Federal Register.
The final rule was highlighted in the White House’s Fact Sheet entitled, “President Biden Announces New Actions to Lower Costs for Americans by Fighting Corporate Rip-Offs,” which announced a new “Strike Force on Unfair and Illegal Pricing” co-chaired by the DOJ and the FTC to strengthen interagency efforts to combat high prices through anti-competitive, unfair, deceptive, or fraudulent business practices.
SBA unveils enhanced Lender Match tool to connect small businesses with lenders
On March 4, the SBA announced the launch of an online tool for small businesses to connect to capital through the SBA’s network of nearly 1,000 approved banks and private lenders. This Lender Match tool was designed to provide users with a more effective and user-friendly interface, including a mobile-friendly interface that allows small business entrepreneurs and enterprises seeking to grow businesses to more easily identify and compare potential lenders. The tool also included fraud-screening measures to ensure a smoother process for both parties. Small businesses that are unable to find a match through the tool will be directed to the SBA’s local advisors for additional support in becoming “capital-ready.” The SBA hopes to facilitate more connections for entrepreneurs looking for various financing options through the enhanced Lender Match platform including microloans and growth capital with competitive terms.
OCC releases February CRA evaluations for 31 banks, one “Needs to Improve”
On March 1, the OCC released its Community Reinvestment Act (CRA) performance evaluations for last February. The OCC evaluated 31 national banks and federal savings associations under four ratings: Outstanding, Satisfactory, Needs to Improve, and Substantial Noncompliance. Of the 31 evaluations reported by the OCC, only one entity holds the lowest rating, a small bank in Indiana, which was rated “Needs to Improve.” Most entities were rated “Satisfactory,” and six entities were rated “Outstanding.” In an OCC FAQ regarding the implementation of the CRA, the OCC detailed how it evaluates and rates financial institutions by reviewing both the institution itself (such as its capacity, constraints, business strategies, competitors, and peers) and the community the institution it serves (such as its demographics, economic data, lending, investment, and service opportunities).
NIST releases cybersecurity framework 2.0 with tailored guidance
On February 26, the National Institute of Standards and Technology (NIST) finalized its Cybersecurity Framework (CSF), a document on guidance for reducing cybersecurity risk. After releasing the draft proposal last August for Cybersecurity Framework Version 2.0 which was updated to help organizations understand and reduce cybersecurity risks (covered by InfoBytes here), and considering public comments, NIST “expanded the CSF’s core guidance and developed related resources to provide different audiences with tailored pathways into the CSF and make the framework easier to put into action.”
According to NIST’s press release, the revised framework acknowledges that organizations will approach the CSF with different requirements and levels of proficiency in cybersecurity tool implementation. Novice users would benefit from the experiences of others and choose relevant implementation examples and quick-start guides tailored for specific user categories, including small businesses, enterprise risk managers, and organizations focused on securing supply chains. “NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users… and feedback from the community will be crucial.”