InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFSA says CFPB funding violates Constitution
On July 3, the Community Financial Services Association of America (CFSA) and the Consumer Service Alliance of Texas filed their brief with the U.S. Supreme Court, urging the high court that the CFPB’s independent funding structure is “unprecedented and must be stopped before it spreads without limit.” Respondents asked the Court to affirm the U.S. Court of Appeals for the Fifth Circuit’s decision in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the appellate court found that the Bureau’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here). The 5th Circuit’s decision also vacated the agency’s Payday Lending Rule on the premise that it was promulgated at a time when the Bureau was receiving unconstitutional funding.
The Bureau expanded on why it believes the 5th Circuit erred in its holding in its opening brief filed with the Court in May (covered by InfoBytes here), and explained that even if there were some constitutional flaw in the statute creating the agency’s funding mechanism, the 5th Circuit should have looked for some cure to allow the remainder of the funding mechanism to stand independently instead of presuming the funding mechanism created under Section 5497(a)-(c) was entirely invalid. Vacatur of the agency’s past actions was not an appropriate remedy and is inconsistent with historical practice, the Bureau stressed.
In their brief, the respondents challenged the Bureau’s arguments, writing that the “unconstitutionality of the CFPB’s funding scheme is confirmed by both its unprecedented nature and lack of any limiting principle. Whether viewed with an eye toward the past or the future, the threat to separated powers and individual liberty is easy to see.” Disagreeing with the Bureau’s position that the Constitution gives Congress wide discretion to exempt agencies from annual appropriations and that independent funding is not uncommon for a financial regulator, the respondents stated that Congress gave up its appropriations power to the Bureau “without any temporal limit.” The respondents further took the position that the Bureau “can continue to set its own funding ‘forever’” unless both chambers agree and can persuade or override the president. Moreover, because the Federal Reserve Board is required to transfer “the amount determined by the Director to be reasonably necessary to carry out the [CFPB’s] authorities, . . . it ‘foreclose[s] the application of any meaningful judicial standard of review.’”
The respondents also argued that the Bureau’s funding structure is clearly distinguishable from other assessment-funded agencies in that these financial regulators are held to “some level of political accountability” since “they must consider the risk of losing funding if entities exit their regulatory sphere due to imprudent regulation.” Additionally, the respondents claimed that the fundamental flaws in the funding statute cannot be severed, reasoning, among other things, that courts “cannot ‘re-write Congress’s work’” and are not able to replace the Bureau’s self-funding discretion with either a specific sum or assessments from regulated parties.
With respect to the vacatur of the Payday Lending Rule and the potential for unintended consequences, the respondents urged the Court to affirm the 5th Circuit’s rejection of the rule, claiming it was unlawfully promulgated since a valid appropriation was a necessary condition to its rulemaking. “Lacking any viable legal argument, the Bureau resorts to fear-mongering about ‘significant disruption’ if all ‘the CFPB’s past actions’ are vacated,” the respondents wrote, claiming the Bureau “grossly exaggerates the effects and implications of setting aside this Rule.” According to the respondents, the Bureau does not claim that any harm would result from setting aside the rule, especially since no one has “reasonably relied” on the rule as it has been stayed and never went into effect. As to other rules issued by the agency, the respondents countered that Congress could “legislatively ratify” some or all of the agency’s existing rules and that only “‘timely’ claims can lead to relief” in past adjudications. Additionally, the respondents noted that many of the Bureau’s rules were issued outside the six-year limitations period prescribed in 28 U.S.C. § 2401(a). This includes a substantial portion of its rules related to mortgage-related disclosure. Even for challenges filed within the time limit, courts can apply equitable defenses such as “laches” to deny retrospective relief and prevent disruption or inequity, the respondents said.
CFPB launches medical-debt inquiry with HHS and Treasury
On July 7, the CFPB, Department of Health and Human Services, and the Treasury Department announced they are looking into high-cost specialty financial products such as medical credit cards and installment loans used by patients to pay for health care. These products, the agencies explained, were once primarily used to pay for medical treatments not traditionally covered by health insurance but may now be more widely used even when medical care may be covered by insurance or financial assistance. The agencies released a request for information (RFI) seeking feedback on a range of topics, including costs associated with medical payment products, how prevalent the products are, health care providers’ incentives to offer these products to patients, and whether patients fully understand the risks and consequences associated with medical payment products.
Specifically, the agencies are soliciting comments “on whether these products may allow health care providers to operate outside of a broad range of patient and consumer protections.” Feedback is also requested on whether use of these products is contributing to health care cost inflation, displacing hospitals’ provision of financial assistance, causing patients to pay inaccurate or inflated medical bills, increasing the amount patients must pay due to financing costs, or otherwise contributing to consumer harm, including through downstream credit reporting and debt collection practices. The agencies also want to know if using these products is creating disparities across different demographic groups, as well as policy options to protect consumers from harm.
The agencies commented that the RFI will assist in their understanding of consumer harms and financial challenges caused by specialty medical payment products and will serve to guide next steps, including future Bureau actions focusing on credit origination, debt collection, and credit reporting practices of the financial companies that originate and service these products.
Comments on the RFI are due within 60 days of publication in the Federal Register.
Additionally, the Bureau is hosting a hearing on July 11 to address medical billing and collection concerns with a focus on medical payment products.
FTC proposal would ban deceptive reviews
On June 30, the FTC introduced a proposed rule to combat deceptive review practices and ensure consumer protection in light of the impact and progression of technology and artificial intelligence. The rule seeks to prohibit the creation and sale of fake consumer reviews, prevent review hijacking, and restrict the manipulation of reviews through incentives. Under the proposed rule, businesses would be prohibited from creating or selling reviews by individuals who do not exist or lack real experience with the product or service. Additionally, the proposed rule prohibits businesses from providing compensation or incentives in exchange for consumer reviews expressing specific sentiments, whether positive or negative. To enhance transparency and integrity, the proposed rule also includes provisions related to insider reviews and testimonials. It also emphasizes the importance of transparency by requiring disclosure of relationships in insider reviews and testimonials. Under these provisions, officers and managers of companies would be required to disclose their relationships when writing reviews or testimonials about their products or services. Businesses would also be obligated to disclose relationships in testimonials written by insiders. Moreover, the FTC's proposed rule targets businesses that create or control websites claiming to provide impartial opinions about a particular category of products or services, including their offerings. Further, it prohibits businesses from using unjustified legal threats, intimidation, or false accusations to prevent or remove negative consumer reviews. This provision aims to preserve the independence and authenticity of consumer reviews, preventing businesses from manipulating public perception through controlled review websites. Considering the widespread influence of social media, the rule would prohibit businesses from selling or buying fake followers or views.
The FTC is currently seeking public comments on the proposed rule.
Highlights from the CFPB’s 2022 fair lending report
On June 29, the CFPB issued its annual fair lending report to Congress which outlines the Bureau’s efforts in 2022 to fulfill its fair lending mandate. Much of the Bureau’s work in 2022 was directed towards unlawful discrimination in the home appraisal industry and addressing redlining. According to the report, the CFPB also honed its efforts on factors that influence fair access to credit which included insight into factors affecting consumers’ credit profiles. The report highlights one fair lending enforcement action from 2022, where the CFPB and DOJ filed a joint complaint and proposed consent order against a company for allegedly violating ECOA, Regulation B, and the CFPA by discouraging prospective applicants from applying for credit. Notably, the Bureau notes that under section 704 of ECOA, it must refer any cases with instances of a creditor being believed to have engaged in a “pattern or practice of lending discrimination” to the DOJ. According to the report, the FDIC, NCUA, Federal Reserve Board, and CFPB collectively made 23 such referrals to the DOJ in 2022, a 91 percent increase from 2020. Five of the 23 matters were sent by the CFPB, four of which involved alleged racial discrimination in redlining, and one involving alleged discrimination in underwriting based on receipt of public assistance income. The report also discusses the CFPB’s risk-based prioritization process that resulted in initiatives concerning small business lending, policies and procedures on exclusions in underwriting, and the use of artificial intelligence. Moving forward, the Bureau will continue its collaborative approach with other agencies and prioritize areas such as combating bias in home appraisals, redlining, and the use of advanced technologies in financial services. Additionally, the report states that by focusing on restorative outcomes, comprehensive remedies, and equal economic opportunities, the CFPB aims to create a fair, equitable, and nondiscriminatory credit market for consumers.
FDIC releases May enforcement actions
On June 30, the FDIC released a list of administrative enforcement actions taken against banks and individuals in May. The FDIC made public four orders including “two orders of prohibition, one consent order and combined personal consent order, and one to order to pay a civil money penalty.” Included is a cease and desist/consent order against a New York-based bank related to alleged deficiencies and weaknesses in the bank’s anti-money laundering/countering the financing of terrorism program (AML/CFT Program), among other things. Also, among other things, the FDIC required that the bank must ensure it has designated individual(s) with qualifications, who can ensure the bank’s compliance with the AML/CFT Program.
Mortgage lender to pay $23.7 million to settle FCA allegations
On June 29, the DOJ announced a $23.75 million settlement with a South Carolina-based mortgage lender to resolve alleged False Claims Act (FCA) violations related to its origination and underwriting of mortgages insured by the Federal Housing Administration (FHA). According to the DOJ, two former employees filed a lawsuit under the FCA’s whistleblower provisions alleging the lender failed to maintain quality control programs for preventing and correcting underwriting deficiencies. As part of the settlement, the lender admitted that it certified loans that did not meet the applicable requirements for FHA mortgage insurance and VA home loan guarantees. The lender also acknowledged that these loans would not have been insured or guaranteed by the agencies were it not for the submission of false certificates. While the conduct began in July 2008, the DOJ recognized that the lender has taken significant measures to stop the violations, both before and after being told of the investigation, and gave the lender credit for doing so. Under the terms of the settlement, the lender will pay $23.75 million to the U.S., with the whistleblowers receiving a total of $4.04 million of the settlement proceeds.
FinCEN updates jurisdictions with AML/CFT/CPF deficiencies
On June 29, FinCEN announced that the Financial Action Task Force (FATF) issued a public statement updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”
FinCEN’s announcement also informed members that FATF added Cameroon, Croatia, and Vietnam it its list to the list of Jurisdictions Under Increased Monitoring and advised jurisdictions to apply enhanced due diligence proportionate to the risks. FATF did not remove any jurisdictions from the list. Additionally, the announcement suggests that money service businesses refer to FinCEN’s Guidance on compliance obligations to employ adequate measures against money laundering and the financing of terrorism posed by their foreign relationships. Also noted in the announcement is that the list of high-risk jurisdictions subject to a call for action, remains the same. FinCEN reminded in the announcement that U.S. financial institutions are still broadly prohibited from engaging in transactions or dealings with Iran, and they should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”
OFAC sanctions Mexico-based human smuggling organization
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced sanctions pursuant to Executive Order 13581 against a human smuggling organization, and several individuals and entities in its support network. OFAC claimed the Mexico-based organization, Hernandez Salas transnational criminal organization (TCO), earns billions of dollars per year smuggling and creating false documentation for migrants. The leader of the TCO has been sanctioned, among four other supporters. OFAC reported that the individuals are currently incarcerated in Mexico and awaiting extradition to the U.S. for trial before a federal grand jury. Also sanctioned are two Mexican hotels that have taken part in the TCO’s smuggling operations. OFAC noted that the sanctions were pursued in close collaboration with Mexico’s Financial Intelligence Unit.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
NCUA annual report to Congress covers cybersecurity
On June 28, the NCUA released its annual report on cybersecurity and credit union system resilience to the House and Senate banking committees. The report outlines measures the agency has taken to strengthen cybersecurity within the credit union system, outlines significant risks and challenges facing the financial system due to the NCUA’s lack of authority over third-party vendors, and addresses current and emerging threats. Explaining that cybersecurity is one of the NCUA’s top supervisory priorities with cyberattacks being a top-tier risk under the agency’s enterprise risk management program, the report discusses ways the NCUA continues to enhance the cybersecurity resilience of federally insured credit unions (FICUs). Measures include continually improving the agency’s examination program, providing training and support, and implementing a final rule in February, which requires FICUs to report any cyberattacks that disrupt its business operations, vital member services, or a member information system as soon as possible (and no later than 72 hours) after the FICU’s “reasonable belief that it has experienced a cyberattack.” The final rule takes effect September 1. (Covered by InfoBytes here.) The report also raises concerns regarding the NCUA’s lack of authority over third-party vendors that provide services to FICUs. Calling this a “regulatory blind spot” with the potential to create significant risks and challenges, the agency stresses that one of its top requests to Congress is to restore the authority that permits the agency to examine third-party vendors.
Court delays enforcement of California privacy regulations
The Superior Court for the County of Sacramento adopted a ruling during a hearing held June 30, granting the California Chamber of Commerce’s (Chamber of Commerce) request to enjoin the California Privacy Protection Agency (CPPA) from enforcing its California Privacy Rights Act (CPRA) regulations until March 2024. Enforcement of the CPRA regulations was set to begin July 1.
The approved regulations (which were finalized in March and took effect immediately) update existing California Consumer Privacy Act regulations to harmonize them with amendments adopted by voter initiative under the CPRA in November 2020. (Covered by InfoBytes here.) In February of this year, the CPPA acknowledged that it had not finalized regulations regarding cybersecurity audits, risk assessments, and automated decision-making technology and posted a preliminary request for comments to inform this rulemaking. (Covered by InfoBytes here.) The June 30 ruling referred to a public statement issued by the CPPA, in which the agency explained that enforcement of those three areas would not commence until after the applicable regulations are finalized. However, the CPPA stated it intended to “enforce the law in the other twelve areas as soon as July 1.”
In March, the Chamber of Commerce filed a lawsuit in state court seeking a one-year delay of enforcement for the new regulations. The Chamber of Commerce argued that the CPPA had finalized its regulations in March 2023 (rather than the statutorily-mandated completion date of July 1, 2022), and as a result businesses were not provided the required one-year period to come into compliance before the CPPA begins enforcement. The CPPA countered that the text of the statute “is not so straightforward as to confer a mandatory promulgation deadline of July 1, 2022, nor did the voters intend for impacted business to have a 12-month grace period between the [CPPA’s] adoption of all final regulations and their enforcement.”
The court disagreed, finding that the CPPA’s failure “to timely pass final regulations” as required by the CPRA “is sufficient to grant the Petition.” The court stated that because the CPRA required the CPPA to pass final regulations by July 1, 2022, with enforcement beginning one year later, “voters intended there to be a gap between the passing of final regulations and enforcement of those regulations.” The court added that it was “not persuaded” by the CPPA’s argument “that it may ignore one date while enforcing the other.” However, staying enforcement of all the regulations for one year until after the last of the CPRA regulations have been finalized would “thwart the voters’ intent.” In striking a balance, the court stayed the CPPA’s enforcement of the regulations that became final on March 29 and said the agency may begin enforcing those regulations on March 29, 2024. The court also held that any new regulations issued by the CPPA will be stayed for one year after they are implemented. The court declined to mandate any specific date by which the CPPA must finalize the outstanding regulations.