Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB issues Summer ’23 supervisory highlights

    Federal Issues

    On July 26, the CFPB released its Summer 2023 issue of Supervisory Highlights, which covers enforcement actions in areas such as auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday lending and remittances from June 2022 through March 2023. The Bureau noted significant findings regarding unfair, deceptive, and abusive acts or practices and findings across many consumer financial products, as well as new examinations on nonbanks.

    • Auto Origination: The CFPB examined auto finance origination practices of several institutions and found deceptive marketing of auto loans. For example, loan advertisements showcased cars larger and newer than the products for which actual loan offers were available, which misled consumers.
    • Auto Servicing: The Bureau’s examiners identified unfair and abusive practices at auto servicers related to charging interest on inflated loan balances resulting from fraudulent inclusion of non-existent options. It also found that servicers collected interest on the artificially inflated amounts without refunding consumers for the excess interest paid. Examiners further reported that auto servicers engaged in unfair and abusive practices by canceling automatic payments without sufficient notice, leading to missed payments and late fee assessments. Additionally, some servicers allegedly engaged in cross-collateralization, requiring consumers to pay other unrelated debts to redeem their repossessed vehicles.
    • Consumer Reporting: The Bureau’s examiners found that consumer reporting companies failed to maintain proper procedures to limit furnishing reports to individuals with permissible purposes. They also found that furnishers violated regulations by not reviewing and updating policies, neglecting reasonable investigations of direct disputes, and failing to notify consumers of frivolous disputes or provide accurate address disclosures for consumer notices.
    • Debt Collection: The CFPB's examinations of debt collectors (large depository institutions, nonbanks that are larger participants in the consumer debt collection market, and nonbanks that are service providers to certain covered persons) uncovered violations of the FDCPA and CFPA, such as unlawful attempts to collect medical debt and deceptive representations about interest payments.
    • Deposits: The CFPB's examinations of financial institutions revealed unfair acts or practices related to the assessment of both nonsufficient funds and line of credit transfer fees on the same transaction. The Bureau reported that this practice resulted in double fees being charged for denied transactions.
    • Fair Lending: Recent examinations through the CFPB's fair lending supervision program found violations of ECOA and Regulation B, including pricing discrimination in granting pricing exceptions based on competitive offers and discriminatory lending restrictions related to criminal history and public assistance income.
    • Information Technology: Bureau examiners found that certain institutions engaged in unfair acts by lacking adequate information technology security controls, leading to cyberattacks and fraudulent withdrawals from thousands of consumer accounts, causing substantial harm to consumers.
    • Mortgage Origination: Examiners found that certain institutions violated Regulation Z by differentiating loan originator compensation based on product types and failing to accurately reflect the terms of the legal obligation on loan disclosures.
    • Mortgage Servicing: Examiners identified UDAAP and regulatory violations at mortgage servicers, including violations related to loss mitigation timing, misrepresenting loss mitigation application response times, continuity of contact procedures, Spanish-language acknowledgment notices, and failure to provide critical loss mitigation information. Additionally, some servicers reportedly failed to credit payments sent to prior servicers after a transfer and did not maintain policies to identify missing information after a transfer.
    • Payday Lending: The CFPB identified unfair, deceptive, and abusive acts or practices, including unreasonable limitations on collection communications, false collection threats, unauthorized wage deductions, misrepresentations regarding debt payment impact, and failure to comply with the Military Lending Act. The report also highlighted that lenders reportedly failed to retain evidence of compliance with disclosure requirements under Regulation Z. In response, the Bureau directed lenders to cease deceptive practices, revise contract language, and update compliance procedures to ensure regulatory compliance.
    • Remittances: The CFPB evaluated both depository and non-depository institutions for compliance with the EFTA and its Regulation E, including the Remittance Rule. Examiners found that some institutions failed to develop written policies and procedures to ensure compliance with the Remittance Rule's error resolution requirements, using inadequate substitutes or policies without proper implementation.

    Federal Issues CFPB Consumer Finance Consumer Protection Auto Lending Examination Mortgages Mortgage Servicing Mortgage Origination Supervision Nonbank UDAAP FDCPA CFPA ECOA Regulation Z Payday Lending EFTA Unfair Deceptive Abusive

  • CFPB, FTC to conduct inquiry into high housing costs for renters

    Federal Issues

    On July 25, CFPB Director Rohit Chopra shared prepared remarks for the Community Table on a White House Blueprint for a Renters Bill of Rights to address high housing costs for renters. Chopra raised concerns about corporate investors imposing high rents and charging renters with what the director described as “junk fees and other aggressive tactics.” He mentioned that corporate investor owners, including private equity firms, are more likely to evict tenants, even when controlling for other factors, and that corporate investor ownership of rental units has risen to over 45 percent. Chopra also emphasized the growing use of artificial intelligence and social scoring in the rental process, stating that such changes can lead to rent hikes and denials of housing due to an algorithm's definition of "high-quality tenants." The remarks suggested that tenants are not being given appropriate opportunity to correct inaccurate information in their background checks, despite the legal requirement for companies to inform consumers when using such information for adverse rental decisions. The speech also stressed the CFPB's commitment to identifying inaccurate AI and illegal practices that lead to misleading data and clarified that name-only matching, a common but illegal practice in screening, can result in inaccurate information, disproportionately affecting individuals with common last names. To address these issues, Chopra announced a joint inquiry with the FTC, to collect feedback from the public about their experiences with tenant screening.

    Federal Issues CFPB FTC Consumer Finance Artificial Intelligence Landlords

  • Agencies propose new capital requirements for biggest banks

    On July 27, the FDIC’s Board of Directors unveiled proposed interagency amendments to the regulatory capital requirements for the largest and most complex banks in the United States. The notice of proposed rulemaking (NPRM), issued jointly by the FDIC, OCC, and the Federal Reserve Board (and passed by an FDIC Board vote of 3-2 and a Fed vote of 4-2), would revise capital requirements for large banking organizations with at least $100 billion in assets, as well as certain banking organizations with significant trading activity. (See also FDIC fact sheet here.) The proposed changes would implement the final components of the Basel III agreement—recent changes made to international capital standards issued by the Basel Committee on Banking Supervision—as well as modifications made in response to recent bank failures in March, the agencies said.

    Specifically, the NPRM would implement standardized approaches for market risk and credit valuation adjustment risk by amending the way banks calculate their risk-weighted assets. According to FDIC FIL-38-2023, the new “expanded risk-based approach” would incorporate a standardized approach for credit risk and operational risk, a revised internal models-based approach, a new standardized measure for market risk, and a new revised approach for credit valuation adjustment. Banks subject to Category III and IV standards would also be required “to calculate their regulatory capital in the same manner as banking organizations subject to Category I and II standards, including the treatment of accumulated other comprehensive income, capital deductions, and rules for minority interest.” Additionally, the supplementary leverage ratio and the countercyclical capital buffer would be applied to banks subject to Category IV standards.

    The agencies said the proposed modifications are intended to:

    • Better reflect banks’ underlying risks;
    • Increase transparency and consistency by revising the capital framework in four main areas: credit, market, operational, and credit valuation adjustment risk;
    • Strengthen the banking system, by applying consistent capital requirements across large banks by requiring institutions to (i) include unrealized gains and losses from certain securities in capital ratios; (ii) comply with the supplementary leverage ratio requirement; and (iii) comply with the countercyclical capital buffer, if activated.

    The agencies predict that these changes will “result in an aggregate 16 percent increase in common equity tier 1 capital requirements for affected bank holding companies, with the increase principally affecting the largest and most complex banks.” The impact would vary by bank based on activities and risk profiles, the agencies stated, noting that most banks currently have enough capital to meet the proposed requirements. The NPRM would not amend capital requirements for smaller, less complex banks or for community banks. The agencies propose a three-year phased-in transition process beginning July 1, 2025, to provide banks sufficient time to accommodate the changes and minimize potentially adverse impacts. The changes would be fully phased in on July 1, 2028.

    Separately, the Fed also issued an NPRM on a proposal that would modify certain provisions relating to the calculation of the capital surcharge for the largest and most complex banks in order to “better align the surcharge to each bank’s systemic risk profile. . .by measuring a bank’s systemic importance averaged over the entire year, instead of only at the year-end value.”

    Comments on both NPRMs are due November 30.

    FDIC Chairman Martin Gruenberg stressed that “[e]nhanced resilience of the banking sector supports more stable lending through the economic cycle and diminishes the likelihood of financial crises and their associated costs.” Also voting in favor of the NPRM was CFPB Chairman and FDIC Board Member Rohit Chopra who expressed interest in feedback from the public on ways to simplify the methodologies used to calculate the requirements. Acting Comptroller of the Currency Michael also voted in favor and encouraged commenters “to include assumptions about capital distributions and competition from banks and other financial institutions in their analyses of the impacts of the proposal on lending and economic growth.”

    Voting against the new standards, FDIC Vice Chairman Travis Hill argued that while he supports strong capital requirements, he has several “concerns with the impact of excessive gold plating of international standards.” He stressed that the “proposal rejects the notion of capital neutrality and takes a starkly different path, ‘gold plating’ the new Basel standard in a number of ways and dramatically increasing capital requirements for banks with certain business models.”

    Bank Regulatory Agency Rule-Making & Guidance Federal Issues Federal Reserve FDIC OCC Capital Requirements Compliance Basel Committee

  • OCC releases recent enforcement actions

    On July 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Among the enforcement actions is a formal agreement with a California-based bank to update its BSA/AML compliance program. According to the agreement, the OCC identified deficiencies and violations relating to the bank’s compliance with BSA/AML laws and regulations. Among other things, the bank agreed to establish a compliance committee and revise its adherence to appropriate policies and procedures for collecting customer due diligence “when opening new accounts, when renewing or modifying existing accounts for customers, and when the [b]ank obtains event-driven information indicating that it needs to obtain updated customer due diligence information.” The bank also agreed to institute an “enhanced written risk-based program of internal controls and processes” to ensure an appropriate review of BSA/AML suspicious activity.

    Bank Regulatory Federal Issues OCC Enforcement Compliance Bank Secrecy Act Anti-Money Laundering Customer Due Diligence

  • 11th Circuit changes course, says one text message sufficient for TCPA standing

    Courts

    On July 24, the full U.S. Court of Appeals for the Eleventh Circuit unanimously held that a plaintiff who receives a single, unwanted text message has standing to sue the sender of the message under the TCPA. The decision departs from precedent set by the same court in 2019, in which it determined in a different case that receiving one unsolicited text message is not enough of a concrete injury to establish standing under the statute. (Covered by InfoBytes here.) Plaintiff filed a putative class action against a web-hosting company alleging the defendant violated the TCPA by using a prohibited autodialer to send promotional calls and text messages selling services and products. The settlement agreement reached between the parties also resolved claims brought against the defendant by parties in two other actions.

    During settlement discussions, the district court cited the aforementioned 2019 11th Circuit decision and asked the parties to brief how their case, which includes individuals who received only one text message, was distinguishable from the 2019 action. The district court ultimately ruled that class members who only received one text message “lacked a viable claim” in the 11th Circuit under the 2019 precedent, but noted that because the case involves a nationwide settlement, “those class members ‘do have a viable claim in their respective Circuit.’” An objector to the settlement appealed the ruling on various grounds to the 11th Circuit, which dismissed the appeal for lack of jurisdiction and held that the class definition did not meet Article III standing requirements, as it included individuals who received a single text message. Plaintiff moved for rehearing en banc, asking the 11th Circuit to reevaluate the 2019 precedent and to clarify the elements necessary to pursue a TCPA claim.

    Reviewing de novo the threshold jurisdiction question of whether plaintiffs have standing to sue, the 11th Circuit said that “the harm that underlies a lawsuit for the common-law claim of intrusion upon seclusion” shares a “close relationship” with a “traditional harm.” The appellate court explained that because “[b]oth harms reflect an intrusion into the peace and quiet in a realm that is private and personal[,] [a] plaintiff who receives an unwanted, illegal text message suffers a concrete injury. Because [plaintiff] has endured a concrete injury, we remand this matter to the panel to consider the rest of the appeal.” Recognizing that a single unsolicited text message may not be considered “highly offensive to the ordinary reasonable man” it “is nonetheless offensive to some degree to a reasonable person.” The 11th Circuit also referred to seven other circuit courts that “have declined to consider the degree of offensiveness required to state a claim for intrusion upon seclusion at common law,” and have instead chosen to conclude that “receiving either one or two unwanted texts or phone calls resembles the kind of harm associated with intrusion upon seclusion.” Moreover, the 11th Circuit noted that Congress is given authority under the Constitution “to decide what degree of harm is enough so long as that harm is similar in kind to a traditional harm,” which is “exactly what Congress did in the TCPA when it provided a cause of action to redress the harm that unwanted telemarketing texts and phone calls cause.”

    Courts Appellate Eleventh Circuit TCPA Class Action Autodialer

  • District Court says bank discrimination suit can proceed

    Courts

    On July 21, the U.S. District Court for the Western District of Michigan denied a bank’s motion to dismiss plaintiff’s allegations that she was discriminated against on the basis of race when her account was frozen due to a purported suspicious deposit. Plaintiff, an African-American woman, sued the bank claiming violations of both federal and state anti-discrimination laws after she was allegedly questioned by bank employees about the authenticity of a check she tried to deposit in the amount of $27,616, which was money she received from a legal settlement. Plaintiff claimed that the bank maintained the check was fraudulent and soon afterward froze her account and deactivated her debit card. Plaintiff further stated that her debit card remained frozen even after her attorney explained the legal settlement to the bank and her check was cleared. Claiming the bank’s treatment was racially discriminatory, plaintiff maintained that because bank “employees assumed that her ‘having money must be evidence of fraud or wrongdoing,’” she suffered financial hardships and “significant emotional and physical distress.” The bank argued that plaintiff failed to state a claim because she has not shown a connection between the bank’s actions and her race and claimed the bank employees were acting to prevent fraud.

    The court disagreed, ruling that due to the bank’s alleged actions and the fact that plaintiff’s account was frozen in violation of its own policies, discriminatory intent is plausible. The court noted that “most significantly,” plaintiff’s account remained frozen for eight days after the check cleared and the possibility of fraud was discounted. The court reasoned that defendant failed to explain why its fraud-prevention policies would justify keeping an account frozen after a check has been cleared. “[A] defendant’s hostile treatment of a plaintiff can allow for an inference of discriminatory intent even if the defendant’s actions lack a direct connection to race,” the court wrote, noting that fraud prevention does not fully explain all of the bank’s actions, which “went beyond” simply conveying suspicion about a potentially fraudulent check or freezing plaintiff’s account.

    Courts State Issues Michigan Discrimination Consumer Finance

  • EU-U.S. release statement on Joint Financial Regulatory Forum

    Federal Issues

    On July 20, participants in the U.S.-EU Joint Financial Regulatory Forum, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, issued a joint statement regarding the ongoing dialogue that took place from June 27-28, noting that the matters discussed during the forum focused on six themes: “(1) market developments and financial stability risks; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism (AML/CFT); (4) sustainable finance and climate-related financial risks; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”

    Participants acknowledged that the financial sector in both the EU and the U.S. is exposed to risk due to ongoing inflationary pressures, uncertainties in the global economic outlook, and geopolitical tensions as a result of Russia’s war on Ukraine. During discussions, participants emphasized the significance of strong bank prudential standards, effective resolution frameworks, and robust supervision practices. They also stressed the importance of international cooperation and continued dialogue to monitor vulnerabilities and strengthen the resilience of the financial system. Participants took note of recent developments relating to, among other things, recent bank failures, digital finance, the crypto-asset market, and the potential adoption of central bank digital currencies.

    Federal Issues Bank Regulatory Financial Crimes Digital Assets Of Interest to Non-US Persons EU Department of Treasury Federal Reserve CFTC FDIC SEC OCC Anti-Money Laundering Combating the Financing of Terrorism

  • FDIC highlights inaccurate reporting of uninsured deposits by IDIs

    On July 24, the FDIC released a letter reporting that some insured depository institutions (IDIs) are not accurately reporting their estimated uninsured deposits as per the instructions on the Call Report. According to the letter, some IDIs are wrongly decreasing the reported amount based on the collateralization of uninsured deposits, even though the presence of collateral does not affect the portion covered by federal deposit insurance. The FDIC also noted that by excluding intercompany deposit balances of their subsidiaries, some IDIs are incorrectly reducing the reported amount of deposits on Schedule RC-O. The FDIC stated that “in reporting uninsured deposits, if an IDI has deposit accounts with balances in excess of the federal deposit insurance limit that it has collateralized by pledging assets…the IDI should make a reasonable estimate of the portion of these deposits that is uninsured using the data available from its information systems.” IDIs should refer to the general instructions for Call Reports on how to accurately submit data. The FDIC recommended that IDIs that have incorrectly reported uninsured deposits make appropriate changes to the data and submit a revised data file to the Central Data Repository.

    Bank Regulatory Federal Issues FDIC Depository Institution Call Report Deposit Insurance

  • Fed officially launches FedNow instant payment service

    On July 20, the Federal Reserve Board launched its FedNow service for instant payments. Banks and credit unions of any size can sign up and use the tool to instantly transfer money for their customers at any time of day on any day of the year, the Fed said. As previously covered by InfoBytes, the Fed began formally certifying participants to use the service in April. Early adopters completed a customer testing and certification program in preparation for sending live transactions through the system. In addition to these early adopting banks and credit unions (and the Treasury Department’s Bureau of Fiscal Service), 16 service providers are also ready to support payment processing for participants. Once fully available, “instant payments will provide substantial benefits for consumers and businesses, such as when rapid access to funds is useful, or when just-in-time payments help manage cash flows in bank accounts,” the Fed explained. The Fed expects that customers of FedNow participants will eventually be able to use a financial institution’s mobile app, website, and other interfaces to send instant payments quickly and securely. As an interbank payment system, FedNow will operate alongside other Fed payment services, including Fedwire and FedACH.

    Bank Regulatory Federal Issues Federal Reserve FedNow Payments

  • FTC, HHS say tracking technology may impermissibly disclose personal health data

    Privacy, Cyber Risk & Data Security

    On July 20, the FTC and U.S. Department of Health and Human Services for Civil Rights issued a joint letter cautioning hospitals and telehealth providers of the risks related to the use of online tracking technologies within their systems that may impermissibly disclose consumers’ personal data to third parties. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said “when consumers visit a hospital’s website or seek telehealth services, they should not have to worry that their most private and sensitive health information may be disclosed to advertisers and other unnamed, hidden third parties.” According to the letter, recent research has highlighted concerns about the use of technology to track users’ online activities and sensitive data including, health conditions, diagnoses, medications, medical treatments, frequency of visits to health care professionals, and where an individual seeks medical treatment. The FTC warned that the impermissible disclosures of personal data can result in identity theft, financial loss, discrimination, and more. The letter included a reminder that under the FTC Act and the FTC Health Breach Notification Rule, even if they are not covered by HIPAA, hospitals and telehealth providers remain obligated to protect against impermissible disclosures of personal health information.

    Privacy, Cyber Risk & Data Security Federal Issues FTC FTC Act Consumer Protection Health Breach Notification Rule Department of Health and Human Services

Pages

Upcoming Events