InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Texas amends breach notification requirements
On May 27, the Texas governor signed SB 768 to amend the state’s data breach notification statutes. The Act requires entities to notify the attorney general “as soon as practicable” and not later than 30 days after the date a computerized security system breach occurs involving at least 250 Texas residents. The Act now details that notification must be submitted electronically using a form accessible through the attorney general’s website. No substantive changes were made to the required information within the form. The Act is effective September 1.
Minnesota enacts small-dollar consumer lending and money transmitter amendments; Georgia and Nevada also enact money transmission provisions
On May 24, the Minnesota governor signed SF 2744 to amend several state statutes relating to financial institutions, including provisions concerning small-dollar, short-term consumer lending, payday lending, and money transmitter requirements. Changes to the statutes governing consumer small loans and consumer short-term loans amend the definition of “annual percentage rate” (APR) to include “all interest, finance charges, and fees,” as well as the definition of a “consumer short-term loan” to mean a loan with a principal amount or an advance on a credit limit of $1,300 (previously $1,000). The amendments outline certain prohibited actions and also cap the permissible APR on a loan at no more than 50 percent and stipulate that lenders are not permitted to add other charges or payments in connection with these loans. The changes apply to loans originated on or after January 1, 2024. The amendments also make several modifications to provisions relating to payday loans with APRs exceeding 36 percent, including requirements for conducting an ability to repay analysis. These provisions are effective January 1, 2024.
Several new provisions relating to the regulation and licensing of money transmitters are also outlined within the amendments. New definitions and exemptions are provided, as well implementation instructions that provide the state commissioner authority to “enter into agreements or relationships with other government officials or federal and state regulatory agencies and regulatory associations in order to (i) improve efficiencies and reduce regulatory burden by standardizing methods or procedures, and (ii) share resources, records, or related information obtained under this chapter.” The commissioner may also accept licensing, examination, or investigation reports, as well as audit reports, made by other state or federal government agencies. To efficiently minimize regulatory burden, the commissioner is authorized to participate in multistate supervisory processes coordinated through the Conference of State Bank Supervisors (CSBS), the Money Transmitter Regulators Association, and others, for all licensees that hold licenses in the state of Minnesota and other states. Additionally, the commissioner has enforcement, examination, and supervision authority, may adopt implementing regulations, and may recover costs and fees associated with applications, examinations, investigations, and other related actions. The commissioner may also participate in joint examinations or investigations with other states.
With respect to the licensing provisions, the amendments state that a “person is prohibited from engaging in the business of money transmission, or advertising, soliciting, or representing that the person provides money transmission, unless the person is licensed under this chapter” or is a licensee’s authorized delegate or exempt. Licenses are not transferable or assignable. The commissioner may establish relationships or contracts with the Nationwide Multi-State Licensing System and Registry and participate in nationwide protocols for licensing cooperation and coordination among state regulators if the protocols are consistent with the outlined provisions. The amendments also outline numerous licensing application and renewal procedures including net worth and surety bond, as well as permissible investment requirements.
The same day, the Nevada governor signed AB 21 to revise certain provisions relating to the licensing and regulation of money transmitters in the state. The amendments generally revise and repeal various statutory provisions to establish a process for governing persons engaged in the business of money transmission that is modeled after the Model Money Transmission Modernization Act approved by the CSBS. Like Minnesota, the commissioner may participate in multistate supervisory processes and information sharing with other state and federal regulators. The commissioner also has expanded examination and enforcement authority over licensees. The Act is effective July 1.
Additionally, the Georgia governor signed HB 55 earlier in May to amend provisions relating to the licensing of money transmitters (and to merge provisions related to licensing of sellers of payment instruments). The Act addresses licensee requirements and prohibited activities, outlines exemptions, and provides that applications pending as of July 1, “for a seller of payment instruments license shall be deemed to be an application for a money transmitter license as of that date.” Notably, should a license be suspended, revoked, surrendered, or expired, the licensee must, “within five business days, provide documentation to the department demonstrating that the licensee has notified all applicable authorized agents whose names are on record with the department of the suspension, revocation, surrender, or expiration of the license.” The Act is also effective July 1.
Agencies propose new standards for AVMs
On June 1, the CFPB joined the Federal Reserve Board, OCC, FDIC, NCUA, and FHFA in issuing a notice of proposed rulemaking (NPRM) to implement quality control standards mandated by the Dodd-Frank Act concerning automated valuation models (AVMs) used by mortgage originators and secondary market issuers. Specifically, institutions that engage in certain credit decisions or make securitization determinations would be required to adopt quality control standards to ensure a high level of confidence that estimates produced by an AVM are fair and nondiscriminatory. Other requirements would necessitate institutions to protect against data manipulation and avoid conflicts of interest. Institutions would also be required to conduct random sample testing and reviews and comply with applicable nondiscrimination laws. The agencies acknowledged that while advances in AVM technology and data availability may contribute to lower costs and reduce loan cycle times, institutions’ reliance on AMV technology must not be used as an excuse to evade the law.
CFPB Director Rohit Chopra explained that, while AVMs rely on mathematical formulas and number crunching to produce estimates (and are often used to “check” human appraisers or used in place of an appraisal), they can still embed the human biases they are meant to correct. This is due in part to the data fed into the AVMs, the algorithms used within the machines, and biases and blind spots attributed to the individuals who develop the models, Chopra warned, commenting that AVMs can actually “make bias harder to eradicate in home valuations because the algorithms used cloak the biased inputs and design in a false mantle of objectivity.”
Chopra went on to explain that inaccurate or biased algorithms can lead to serious harms to consumers, neighborhoods, and the housing market, and may also impact the tax base. A focus common to all the agencies, Chopra said, is ensuring that automated systems and artificial intelligence modeling technologies are developed and used in accordance with federal laws to avert discriminatory outcomes and prevent negative impacts on consumer financial stability.
Comments on the NPRM are due within 60 days of publication in the Federal Register.
Bank to pay $1 billion to settle investors’ compliance claims
Last month, the U.S. District Court for the Southern District of New York preliminarily approved a securities litigation settlement that would require a national bank to pay $1 billion to resolve class claims that it misrepresented its progress in overhauling its internal controls and compliance processes. The required overhauls relate to consent orders entered between the bank and its regulators in 2018 concerning alleged improper banking practices and corporate oversight deficiencies. The settlement would resolve investors’ claims that the bank’s allegedly misleading statements artificially inflated the price of the bank’s common stock, which declined when additional information was revealed. The bank expressly denies that the lead plaintiffs “have asserted any valid claims,” and denies “any and all allegations of fault, liability, wrongdoing, or damages.” If granted final approval, the bank would be required to pay $1 billion into a fund to be distributed to certain affected investors.
FTC says COPPA does not preempt state privacy claims
The FTC recently filed an amicus brief in a case on appeal before the U.S. Court of Appeals for the Ninth Circuit, arguing that the Children’s Online Privacy Protection Act (COPPA) does not preempt state laws that are consistent with the federal statute’s treatment of regulated activities. The full 9th Circuit is currently reviewing a case brought against a multinational technology company accused of using persistent identifiers to collect children’s data and track their online behavior surreptitiously and without their consent in violation of COPPA and various state laws.
As previously covered by InfoBytes, last December the 9th Circuit reversed and remanded a district court’s decision to dismiss the suit after reviewing whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulation. At the time, the 9th Circuit examined the language of COPPA’s preemption clause, which states that state and local governments cannot impose liability for interstate commercial activities that is “inconsistent with the treatment of those activities or actions” under COPPA. The opinion noted that the 9th Circuit has long held “that a state law damages remedy for conduct already proscribed by federal regulations is not preempted,” and that the statutory term “inconsistent” in the preemption context refers to contradictory state law requirements, or to requirements that stand as obstacles to federal objectives. The opinion further stated that because “the bar on ‘inconsistent’ state laws implicitly preserves ‘consistent’ state substantive laws, it would be nonsensical to assume Congress intended to simultaneously preclude all state remedies for violations of those laws.” As such, the appellate court held that “COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe the same conduct forbidden by, COPPA. Express preemption therefore does not apply to the children’s claims.” The defendant asked the full 9th Circuit to review the ruling. The appellate court in turn asked the FTC for its views on the COPPA preemption issue, specifically with respect to “whether the [COPPA] preemption clause preempts fully stand-alone state-law causes of action by private citizens that concern data-collection activities that also violate COPPA but are not predicated on a claim under COPPA.”
In agreeing with the 9th Circuit that plaintiffs’ claims are not preempted in this case, the FTC argued that nothing in COPPA’s text, purpose, or legislative history supports the sweeping preemption that the defendant claimed. According to the defendant, plaintiffs’ state law claims are inconsistent with COPPA and are therefore preempted “because the claims were brought by plaintiffs who were not authorized to directly enforce COPPA, and would result in monetary remedies under state law that COPPA did not make available through direct enforcement.” Moreover, all state law claims relating to children’s online privacy are inconsistent with COPPA’s framework, including those brought by state enforcers, the defendant maintained. The FTC disagreed, writing that the 9th Circuit properly rejected defendant’s interpretation, which would preempt a wide swath of traditional state laws. Moreover, COPPA’s preemption clause only applies to state laws that are “inconsistent” with COPPA so as not to create “field preemption,” the FTC said, adding that plaintiffs’ claims in this case are consistent with the statute.
OCC’s new enforcement policy targets banks with “persistent weaknesses”
On May 25, the OCC announced revisions to its Policies and Procedures Manual (PPM) for bank enforcement actions. According to OCC Bulletin 2023-16, the recently revised version of PPM 5310-3 replaces and rescinds a version issued in November 2018 (covered by InfoBytes here), and now includes “Appendix C: Actions Against Banks With Persistent Weaknesses” to provide increased transparency and clarity on how the OCC determines whether a bank has persistent weaknesses and how the agency considers what actions may be needed to address these issues. The OCC explained that “persistent weaknesses” may include “composite or management component ratings that are 3 or worse, or three or more weak or insufficient quality of risk management assessments, for more than three years; failure by the bank to adopt, implement, and adhere to all the corrective actions required by a formal enforcement action in a timely manner; or multiple enforcement actions against the bank executed or outstanding during a three-year period.”
Possible actions taken against a bank that exhibits persistent weaknesses may include additional requirements and restrictions, such as requirements that a bank improve “composite or component ratings or quality of risk management assessments,” as well as restrictions on the bank’s growth, business activities, or payments of dividends. A bank may also be required “to take affirmative actions, including making or increasing investments targeted to aspects of its operations or acquiring or holding additional capital or liquidity.”
“Should a bank fail to correct its persistent weaknesses in response to prior enforcement actions or other measures . . . the OCC will consider further action to require the bank to remediate the weaknesses,” the agency said. “Such action could require the bank to simplify or reduce its operations, including that the bank reduce its asset size, divest subsidiaries or business lines, or exit from one or more markets of operation.” PPM 5310-3 also incorporates additional clarifications and updates legal and regulatory citations.
The same day, the OCC issued updates to its “Liquidity” booklet of the Comptroller’s Handbook used by examiners when assessing the quantity of a bank’s liquidity risk and the quality of its liquidity risk management. The booklet replaces an August 2021 version and reflects changes in regulations, makes clarifying edits, and addresses OCC issuances published since the last update.
Hsu discusses progress on reducing unbanked
On May 23, acting Comptroller of the Currency Michael J. Hsu discussed the agency’s commitment to promote a fair and inclusive financial system. During remarks presented at the Bank On National Conference, Hsu observed that while progress has been made to reduce the number of unbanked households in recent years and broadly improve account access, 5.9 million U.S. households remain outside the banking system. Higher unbanked rates are found among consumers with lower incomes and less education, as well as consumers who are young, Black or Hispanic, have disabilities, or are single mothers, Hsu added. He commented that to continue expanding financial access, innovations and adjustments should be made to banks’ screening processes, such as allowing for more forms of identification, streamlining remote account opening, partnering with benefits providers and employers, and training frontline staff to consistently offer Bank On accounts to new customers. “One of the ‘strongly recommended’ features of Bank On certified accounts is the acceptance of alternative forms of identification such as consular identification cards and municipal IDs,” Hsu said. “Bank On also ‘strongly recommends’ that accounts only be denied for customers with past incidences of actual fraud.” Hsu further recommended that banks pay particular attention to how they measure and manage financial crime risks specifically associated with Bank On accounts as account opening processes evolve “so that those who lack traditional forms of identification or fixed addresses and those who cannot physically visit a branch can still open an account.” Hsu warned banks to continue considering risks associated with overdraft protection programs and encouraged banks to explore other measures such as low-cost accounts and lower-cost alternatives for covering overdrafts.
FHA reinstates HAMP loss mitigation for exempted transfers
HUD recently released Mortgage Letter (ML) 2023-11 to update previously issued guidance on loss mitigation options for non-borrowers who acquire a title through an exempted transfer. The provisions apply to all FHA Title II Single Family forward mortgage programs and may be implemented immediately but no later than July 21. Previously, ML 2023-03 (which expanded Covid-19 recovery loss mitigation options) temporarily suspended the use of FHA Home Affordable Modification Program (HAMP) loss mitigation for all borrowers. As a result, mortgagees were no longer able to review non-borrowers who acquired a title through an exempted transfer for FHA-HAMP loss mitigation. With the issuance of ML 2023-11, FHA has reinstated FHA-HAMP loss mitigation to allow mortgagees to review non-borrowers who acquired a title through an exempted transfer and are in default or imminent default.
CFPB says overdraft/NSF revenue has been cut in half
On May 23, the CFPB published another data spotlight reporting on overdraft/non-sufficient fund (NSF) fee trends. Earlier in the month, the Bureau examined low- and moderate-income consumers’ experiences with overdraft programs, finding, among other things, that many consumers were not aware of their financial institution’s overdraft policies and thought protection automatically came with their account, while others were unaware that they could end overdraft protection. (Covered by InfoBytes here.) The newest data spotlight reported that overdraft/NSF revenue for Q4 2022 was down nearly 50 percent as compared to pre-pandemic levels, “suggesting an annual reduction of over $5.5 billion going forward.” According to the Bureau, this translates to average annual savings of more than $150 for households that incur overdraft/NSF fees (with many households being able to save a lot more). Still, even with the noticeable reduction, consumers paid more than $7.7 billion in overdraft/NSF fees in 2022. However, the Bureau noted that combined account maintenance and ATM fees remained flat from 2019 to 2022, suggesting that reporting financial institutions are not increasing other fees to compensate for the reduced revenue.
CFPB looks at mortgage-pricing differences
On May 24, the CFPB reported price dispersion trends in the mortgage industry, finding that borrowers could save at least $100 per month by choosing cheaper lenders. Price dispersion—the difference in interest rates charged by different lenders for the same loan product—is significant in the mortgage market, the Bureau said, following a review of 2021 HMDA data focusing on numbers for the 20 largest-volume lenders for each of the market segments. Examining price dispersion by loan type, including FHA and Department of Veterans Affairs loans, loans backed by Fannie Mae and Freddie Mac, and jumbo loans, the Bureau considered several potential factors contributing to price dispersion such as lender differences, competition, and increased demand. Additionally, the Bureau found that various options provided by lenders may account for different costs and choices made by consumers who may not select the cheapest option due to other factors that outweigh price differences. Data also suggested that competition in the mortgage market does not always translate into lower prices, the Bureau reported, noting that a recent study administered by the Bureau and the FHFA revealed that “most borrowers who recently took out a mortgage responded that they believe they would pay the same price regardless of which lender they choose” and that few borrowers consider more than two options. The data also found that lenders who choose to take on riskier loans may compensate for the risk by charging higher prices.