InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Republicans say regulators are coordinating on de-banking digital assets
On April 26, House Financial Services Committee Chairman Patrick McHenry (R-NC), Digital Assets, Financial Technology and Inclusion Subcommittee Chairman French Hill (R-AR), and Oversight and Investigations Subcommittee Chairman Bill Huizenga (R-MI) sent separate letters to the Federal Reserve Board Chair Jerome Powell, FDIC Chair Martin J. Gruenberg, and acting Comptroller of the Currency Michael J. Hsu seeking information to help the lawmakers determine whether there exists a “coordinated strategy to de-bank the digital asset ecosystem in the United States” and “suppress innovation.”
The text common to each letter pointed to actions taken by the federal prudential regulators as discouraging banks from offering services to digital asset firms. The lawmakers cited OCC guidance issued in 2021 (Interpretive Letter 1179, covered by InfoBytes here), which stated that banks can engage in certain cryptocurrency activities as long as they are able to “demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner” and the banks receive a regulator’s written non-objection. Also discussed were FDIC instructions released in April 2022, which directed banks to promptly notify the agency if they intend to engage in, or are currently engaged in, any digital-asset-related activities, as well as a joint statement issued by the regulators in January that highlighted key risks banks should consider when choosing to engage in cryptocurrency activities. (Covered by InfoBytes here and here.)
Referring to certain recent bank collapses, the lawmakers argued that they do not believe that the underlying problems were caused by digital asset-related customers. The lawmakers requested information related to non-public records and communications between agency employees and supervised banks relating to the aforementioned guidance by May 9.
CFPB examines removal of medical collections from credit reports
On April 26, the CFPB released a data point report estimating that nearly 23 million American consumers will have at least one medical collection removed from their credit reports when all medical collection tradelines under $500 are deleted. Additionally, the Bureau found that the removal will result in approximately 15.6 million people having all medical collections removed. The reporting change occurred as part of an undertaking by the three nationwide consumer reporting companies announced earlier in April. Examining credit reports that occurred between 2012 and 2020, the Bureau studied the impact of this change and noted that on average consumers experienced a 25-point increase in their credit scores in the first quarter following the removal of their last medical collection. The average increase, the report found, was 21 points for consumers with medical collections under $500 compared to 32 points for those with medical collections over $500. The report further discussed the association between the removal of medical collection tradelines and the amount of available credit for revolving and installment accounts, as well as increases in first-lien mortgage inquiries (attributable, the Bureau believes, to consumers working to remove these tradelines as part of applying for mortgage credit).
Treasury announces strategy to address financial institution de-risking
The U.S. Treasury Department recently released its “first of its kind” strategy to address financial institution de-risking. Mandated by the Anti-Money Laundering Act of 2020, the 2023 De-Risking Strategy examines customer categories most often impacted by de-risking and provides findings and policy recommendations to address ongoing problems. Treasury defines de-risking as financial institutions restricting or terminating business relationships indiscriminately with broad classes of customers rather than analyzing and managing specific risks in a targeted manner. The report found that customers most frequently subject to de-risking are small-to-medium-sized money service businesses (MSB) that are often used by immigrant communities to send remittances abroad. Other commonly impacted customer categories include non-profit organizations operating overseas in high-risk jurisdictions and foreign financial institutions with low correspondent banking transaction volumes. De-risking is particularly acute for entities operating in financial environments characterized by significant money laundering/terrorism financing risks, the report notes. Identifying “profitability as the primary factor in financial institutions’ de-risking decisions,” the report found that profitability is influenced by several factors, including the cost to implement anti-money laundering/countering the finance of terrorism (AML/CFT) compliance measures and systems commensurate with customer risk.
The report presents several recommendations for policymakers, such as promoting consistent supervisory expectations and training federal examiners to consider the effects of de-risking, as well as suggesting that financial institutions analyze account termination notices and notice periods for non-profits and MSBs to identify ways to support longer notice periods where possible. Treasury also encourages heightened international cooperation to strengthen foreign jurisdictions’ AML/CFT regimes, and encourages policymakers to continue assessing the risks and opportunities of innovative and emerging technologies for AML/CFT compliance solutions. Treasury may also consider requiring financial institutions to have “reasonably designed and risk-based AML/CFT programs supervised on a risk basis, possibly taking into consideration the effects of financial inclusion.”
OFAC reaches $7.6 million settlement with online digital-asset trading platform
On May 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $7.6 million settlement with a Massachusetts-based online trading and settlement platform to resolve potential civil liability stemming from allegations that the platform allowed customers in sanctioned jurisdictions to engage in digital asset-related transactions. According to OFAC’s web notice, between January 2014 and November 2019, the platform allegedly permitted customers to make more than $15.3 million in trades, deposits, and withdrawals, despite having reason to know that the customers’ locations—based on both Know Your Customer (KYC) information and internet protocol address data—were in jurisdictions subject to comprehensive OFAC sanctions. OFAC noted that although the platform implemented a sanctions compliance program to screen new customers, it did not retroactively screen existing customers, thus allowing these customers to continue to conduct trading activity. While the platform made efforts to identify and restrict accounts with a nexus to certain sanctioned jurisdictions, compliance deficiencies resulted in the platform processing 65,942 online digital asset-related transactions for 232 customers apparently located predominantly in Crimea, but also in Cuba, Iran, Sudan, and Syria.
In arriving at the settlement amount, OFAC considered, among other things, that the platform failed to exercise due caution or care for its sanctions compliance obligations and had reason to know that certain customers were located in sanctioned jurisdictions. Additionally, the settlement amount reflects that the platform did not voluntarily disclose the apparent violations. OFAC also considered several mitigating factors, including that: (i) the platform was a small start-up when most of the apparent violations occurred; (ii) the platform has not received a penalty notice from OFAC in the preceding five years; (iii) the platform cooperated with OFAC during the investigation and undertook numerous remedial measures; and (iv) the volume of apparent violations represented a very small percentage of the total volume of transactions conducted on the platform annually.
Providing context for the settlement, OFAC said the “action highlights that online digital asset companies—like all financial service providers— are responsible for ensuring that they do not engage in transactions prohibited by OFAC sanctions, such as providing services to persons in comprehensively sanctioned jurisdictions. To mitigate such risks, online digital asset companies should develop a tailored, risk-based sanctions compliance program.”
FTC, Pennsylvania ban debt collection operation
On April 26, the FTC and the Commonwealth of Pennsylvania announced that the U.S. District Court for the Eastern District of Pennsylvania recently entered an order permanently banning a debt collection firm and two associated individuals from the industry. The FTC and Pennsylvania sued the defendants in 2020 for their involvement in a telemarketing operation that allegedly misrepresented “no obligation” trial offers to organizations and then enrolled recipients in subscriptions for several hundred dollars without their consent (covered by InfoBytes here). The complaint charged the defendants with violating the FTC Act by, among other things, illegally threatening the organizations if they did not pay for the unordered subscriptions and claimed the debt collection firm handled collections nationwide despite not having a valid corporate registration in any state and only being licensed to collect debt in Washington State. In addition to permanently enjoining the defendants from participating in the debt collection industry (whether directly or through an intermediary), the court order requires the defendants’ continued cooperation as the case proceeds against the other defendants.
CFPB warns debt collectors on “zombie mortgages”
On April 26, the CFPB issued an advisory opinion affirming that the FDCPA and implementing Regulation F prohibit covered debt collectors from suing or threatening to sue to collect time-barred debt. As such, a debt collector who brings or threatens to bring a state court foreclosure action to collect a time-barred mortgage debt may violate federal law, the Bureau said. The agency stated that numerous consumers have filed complaints relating to “zombie second mortgages,” where homeowners, operating under the assumption that a mortgage debt was forgiven or was satisfied long ago by loan modifications or bankruptcy proceedings, are contacted years later by a debt collector threatening foreclosure and demanding payment of the outstanding balance along with interest and fees.
The Bureau explained that, leading up to the 2008 financial crisis, many lenders originated mortgages without considering consumers’ ability to repay the loans. Focusing on “piggyback” mortgages (otherwise known as 80/20 loans, in which consumers took out a first lien loan for 80 percent of the value of the home and a second lien loan for the remaining 20 percent of the home’s valuation), the Bureau stated that most lenders did not pursue payment on the second mortgage but instead sold them off to debt collectors. Years later, some of these debt collectors are demanding repayment of the second mortgage and threatening foreclosure, the Bureau said, adding that for many of the mortgages, the debts have become time barred. The Bureau commented that, in most states, consumers can raise this as an affirmative defense to prevent a debt collector from recovering on the debt using judicial processes such as foreclosure. Additionally, because “Regulation F’s prohibition on suits and threats of suit on time-barred debt is subject to a strict liability standard,” a debt collector that sues or threatens to sue “violates the prohibition ‘even if the debt collector neither knew nor should have known that a debt was time-barred,’” the Bureau said. The advisory opinion clarified that these restrictions apply to covered debt collectors, including individuals and entities seeking to collect defaulted mortgage loans and many of the attorneys that bring foreclosure actions on their behalf.
CFPB Director Rohit Chopra delivered remarks during a field hearing in Brooklyn, New York, in which he emphasized that the Bureau will work with state enforcement agencies to take action against covered debt collectors who break the law. He reminded consumers that they can also sue debt collectors themselves under the FDCPA.
Agencies release statement on LIBOR sunset; CFPB amends Reg Z to reflect transition
On April 26, the CFPB joined the Federal Reserve Board, FDIC, NCUA, and OCC in issuing a joint statement on the completion of the LIBOR transition. (See also FDIC FIL-20-2023 and OCC Bulletin 2023-13.) According to the statement, the use of USD LIBOR panels will end on June 30. The agencies reiterated their expectations that financial institutions with USD LIBOR exposure must “complete their transition of remaining LIBOR contracts as soon as practicable.” Failure to adequately prepare for LIBOR’s discontinuance may undermine financial stability and institutions’ safety and soundness and could create litigation, operational, and consumer protection risks, the agencies stressed, emphasizing that institutions are expected to take all necessary steps to ensure an orderly transition. Examiners will monitor banks’ efforts throughout 2023 to ensure contracts have been transitioned away from LIBOR in a manner that complies with applicable legal requirements. The agencies also reminded institutions that safe-and-sound practices include conducting appropriate due diligence to ensure that replacement alternative rate selections are appropriate for an institution’s products, risk profile, risk management capabilities, customer and funding needs, and operational capabilities. Institutions should also “understand how their chosen reference rate is constructed and be aware of any fragilities associated with that rate and the markets that underlie it,” the agencies advised. Both banks and nonbanks should continue efforts to adequately prepare for LIBOR’s sunset, the Bureau said in its announcement, noting that the agency will continue to help institutions transition affected consumers in an orderly manner.
The Bureau also issued an interim final rule on April 28 amending Regulation Z, which implements TILA, to update various provisions related to the LIBOR transition. The interim final rule updates the Bureau’s 2021 LIBOR Transition Rule (covered by InfoBytes here) to reflect the enactment of the Adjustable Interest Rate Act of 2021 and its implementing regulation promulgated by the Federal Reserve Board (covered by InfoBytes here). Among other things, the interim final rule further addresses LIBOR’s sunset on June 30, by incorporating references to the SOFR-based replacement—the Fed-selected benchmark replacement for the 12-month LIBOR index—into Regulation Z. The interim final rule also (i) makes conforming changes to terminology used to identify LIBOR replacement indices; and (ii) provides an example of a 12-month LIBOR tenor replacement index that meets certain standards within Regulation Z. The Bureau also released a Fast Facts summary of the interim final rule and updated the LIBOR Transition FAQs.
The interim final rule is effective May 15. Comments are due 30 days after publication in the Federal Register.
OCC, FDIC say some overdraft fees may be unfair or deceptive
On April 26, the OCC and FDIC issued supervisory guidance addressing consumer compliance risks associated with bank overdraft practices. (See OCC Bulletin 2023-12 and FDIC FIL-19-2023.) The guidance highlighted certain practices that may result in increased risk exposure, including assessing overdraft fees on “authorize positive, settle negative” (APSN) transactions and assessing representment fees each time a third party resubmits the same item for payment after being returned by a bank for non-sufficient funds. The agencies provided guidance for banks that may help control risks associated with overdraft protection programs and achieve compliance with Dodd-Frank’s UDAAP prohibitions and section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices.
The FDIC’s supervisory guidance expanded on the 2019 Consumer Compliance Supervisory Highlights (covered by InfoBytes here), and warned that APSN overdraft fees present risks of unfairness under both statutes as consumers “cannot reasonably avoid” receiving these fees because they lack “the ability to effectively control payment systems and overdraft processing systems practices.” The FDIC cited the “complicated nature of overdraft processing systems” as another impediment to a consumer’s ability to avoid injury. The FDIC also emphasized that risks of unfairness exist both in “available balance” or “ledger balance” methods of assessing overdraft fees, but cautioned that risks may be “more pronounced” when a bank uses an available balance method. Furthermore, the FDIC warned that disclosures describing how transactions are processed may not mitigate UDAAP and UDAP risk. Banks are encouraged to “ensure customers are not charged overdraft fees for transactions consumers may not anticipate or avoid,” and should take measures to ensure overdraft programs provided by third parties comply with all applicable laws and regulations, as such arrangements may present additional risks if not properly managed, the FDIC explained.
The OCC’s guidance also warned that disclosures may be deceptive under section 5 if they fail to clearly explain that multiple or additional fees may result from multiple presentments of the same transaction. Recognizing that some banks have already implemented changes to their overdraft protection programs, the OCC also acknowledged that “[w]hen supported by appropriate risk management practices, overdraft protection programs may assist some consumers in meeting short-term liquidity and cash-flow needs.” The OCC encouraged banks to explore other options, such as offering low-cost accounts and low-cost alternatives for covering overdrafts, such as overdraft lines of credit and linked accounts.
Texas bankers seek to invalidate CFPB’s small business lending rule
On April 26, plaintiffs, including a Texas banking association, sued the CFPB, challenging the agency’s final rule on the collection of small business lending data. As previously covered by InfoBytes, last month, the Bureau released its final rule implementing Section 1071 of the Dodd-Frank Act, which requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their last fiscal year. According to the Bureau, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing.
The plaintiffs’ goal of invalidating the final rule is premised on the argument that it will drive from the market smaller lenders who are not able to effectively comply with the final rule’s “burdensome and overreaching reporting requirements” and decrease the availability of products to customers, including minority and women-owned small businesses. Plaintiffs argued that the Bureau “took the original three pages of legislation and the 13 reporting data points required by [Dodd-Frank] and turned them into almost 900 pages of rulemaking—a new [f]inal [r]ule that requires banks to develop and implement new software and compliance mechanisms to comply with over 80 reporting requirements that have been exponentially grown by the CFPB since the Act requiring this [r]ule was passed.”
The plaintiffs further pointed to a decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here and a firm article here), as justification for why the final rule should be set aside. The plaintiffs also pointed out certain aspects of the final rule that allegedly violate various requirements of the Administrative Procedure Act, and claimed that a recent data breach involving sensitive information on numerous financial institutions and consumers indicates that the agency is unprepared “to adequately assess the security and privacy impacts of its massive § 1071 data collection on small businesses.” The complaint seeks a court order finding the final rule to have been premised on the same unconstitutional grounds as found in CFSA, preliminary and permanent injunctions to set aside the final rule, and attorney fees and costs.
FinCEN fines trust company $1.5 million for BSA violations
On April 26, FinCEN announced its first enforcement action against a trust company, in which it assessed a $1.5 million civil money penalty against a South Dakota-chartered trust company for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations. According to the consent order, the trust company admitted that it willfully failed to timely and accurately report hundreds of transactions to FinCEN involving suspicious activity by its customers, including transactions with connections to a trade-based money-laundering scheme and several securities fraud schemes. The agency cited the trust company’s “severely underdeveloped” process for identifying and reporting potentially suspicious activity as part of “an overall failure to build a culture of compliance.”
According to FinCEN acting Director Himamauli Das, the trust company “had virtually no process to identify and report suspicious transactions, resulting in it processing over $4 billion in international wires with essentially no controls.” FinCEN said that the trust company should have realized that a large volume of activity from high-risk customers played a role in the closure of numerous correspondent accounts it maintained at other financial institutions, and pointed out that the trust company only began closing accounts flagged during an audit after several forced closures of its own accounts by other financial institutions and after receiving law enforcement inquiries about the accounts referred by the audit. However, at the time, the trust company made no effort to file suspicious activity reports (SARs), FinCEN found, claiming that the trust company processed hundreds of suspicious transactions worth tens of millions of dollars for risky customers that, among other things, appeared to operate in unrelated business sectors. FinCEN added that “personnel with [anti-money laundering (AML)] responsibilities have acknowledged not fully understanding federal SAR filing requirements and that they may have missed important information about some of their riskiest clients as the result of maintaining other, non-AML responsibilities.”
The consent order requires the trust company to hire an independent consultant to review its AML program and transactions from all referenced accounts, as well as any other accounts the trust company maintained for customer referrals, and conduct a SAR lookback review. The trust company is also required to implement recommendations made by the independent consultant and file SARs for any flagged covered transactions. FinCEN recognized the close collaboration and assistance provided by the DOJ and the FBI on this matter.