InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB announces meetings for small business lending data reporting
On August 8, the CFPB announced that it is hosting two events to discuss the technical implementation required to prepare for the Bureau’s Small Business Lending Data Collection Rulemaking, which is a requirement under Section 1071 of the Dodd-Frank Act. According to the Bureau, the meetings will be geared toward in-house bank technologists or providers that provide compliance software to banks. Among other things, the meetings will: (i) share how the Bureau builds regulatory compliance technology systems; (ii) discuss possible approaches to authentication and application programming interfaces; and (iii) review technical data submission standards, edits and validations. The Bureau stated that the meetings “will not discuss or seek input on the merits or potential outcome of any ongoing rulemakings or take questions pertaining to the substance of such rulemakings.” According to the CFPB’s spring rulemaking agenda that was released earlier this summer, a final rule is expected in March 2023 (covered by InfoBytes here).
Minnesota fines debt collector for violating earlier consent order
Recently, the Minnesota Department of Commerce issued a consent order assessing $20,000 in fines to a debt collector accused of violating a 2020 consent order. The state previously entered into a consent order with the debt collector, in which it agreed to cease and desist from violating the FDCPA and state law after it was found to have, among other things, commingled funds and allowed agents to work from unlicensed branch locations. The state later found that the debt collector allegedly continued to violate state and federal law by collecting on payday loans from unlicensed lenders and failing to provide meaningful disclosures on telephone calls or register several of its agents as debt collectors in the state. As a result, the state ordered the debt collector to pay the stayed portion of the 2020 fine ($19,000), as well as a $25,000 civil penalty of which $24,000 is stayed. If the stay has not been lifted by December 31, 2025, the remaining portion of the civil penalty will be vacated provided the debt collector does not commit any further violations.
District Court grants final approval to forgive $6 billion in student loans
On November 15, the U.S. District Court for the Northern District of California granted final approval to a class action settlement to forgive certain federal student loan borrower debt. According to the motion for preliminary approval, the plaintiffs are federal student loan borrowers who filed borrower defense (BD) applications with the Department of Education, requesting that the Department discharge their federal student loans because of misconduct committed by their schools. They brought the case to challenge the Department’s delay in making decisions on BD applications. The motion noted that the plaintiffs alleged, “the Department’s inaction was due to a deliberate and uniform policy abandoning BD decision making, a choice that caused a mounting backlog.” In a supplemental complaint filed after discovery, plaintiffs further alleged that the Department “adopted an unlawful policy that presumptively denied BD applications regardless of their merit, and then, pursuant to this policy, sent tens of thousands of legally insufficient denial notices (the ‘Form Denial Notices’) to borrowers, including some of the Named Plaintiffs.” The class consists of approximately 264,000 people who have a BD application pending as of June 22, 2022. The “automatic relief group” consists of applicants who attended one of more than 150 colleges for which the Department found common evidence of institutional misconduct. The motion also noted “it has determined that every class member whose relevant loan debt is associated with those schools should be provided presumptive relief under the settlement due to strong indicia regarding substantial misconduct by the listed schools, whether credibly alleged or in some instances proven, and the high rate of class members with applications related to the listed schools.” Under the terms of the settlement, $6 billion in loans will be canceled for the borrowers.
Fed announces individual capital requirements for all large banks
On August 4, the Federal Reserve Board announced the individual capital requirements for all large banks, which are in part determined by the Board’s stress test results that provide a risk-sensitive and forward-looking assessment of capital needs. According to the Fed, the total common equity tier 1 (CETI) capital requirement for each bank is made up of several components, including a minimum CET1 capital requirement for all banks of 4.5 percent; a stress capital buffer that is determined from the supervisory stress test results and is at least 2.5 percent; and, if applicable, a capital surcharge for global systemically important banks (G-SIB) of at least 1 percent. The requirements are effective October 1.
Agencies seek comment on renewing FFIEC’s cybersecurity assessment tool
On August 8, the OCC, the Federal Reserve Board, the FDIC, and the NCUA (collectively, “Agencies”) issued a notice in the Federal Register soliciting comments on the renewal of the Federal Financial Institutions Examination Council’s cybersecurity assessment tool. According to the notice, the Agencies are seeking comment on, among other things: (i) “[w]hether the collection of information is necessary for the proper performance of the functions of the agencies, including whether the information has practical utility”; (ii) “[t]he accuracy of the Agencies’ estimates of the burden of the collection of information; (iii) how to “enhance the quality, utility, and clarity of the information to be collected”; and (vi) “minimize[ing] the burden of the collection on respondents.” Comments are due 30 days after publication in the Federal Register.
Biden signs bills providing 10-year SOL on PPP and EIDL fraud
On August 5, President Biden signed the Paycheck Protection Program and Bank Fraud Enforcement Harmonization Act (see H.R. 7352) and the COVID-19 Economic Injury Disaster Loan Fraud Statute of Limitations Act (see H.R. 7334). H.R. 7352 provides a 10-year statute of limitations for fraud by borrowers under the SBA’s Paycheck Protection Program, while H.R. 7334 establishes a 10-year statute of limitations for fraud by borrowers under the SBA’s Covid-19 Economic Injury Disaster Loan programs.
CFPB receives rulemaking petition seeking validation of credit score models for credit unions
Recently, the CFPB received a rulemaking petition seeking validation of credit score models for credit unions. The petition, which seeks “a rule governing the requirement to periodically validate credit scores for all lending or financing entities,” argues that validation is necessary to measure the effectiveness of credit scores being used to measure credit risk. Claiming that general letters of compliance from credit reporting agencies are inadequate, the petitioner explains that these letters do not “address the misapplication of credit scores by banks, credit card issuers, auto financing groups or individual credit unions that are the primary cause of errors and financial exclusion.” According to the petitioner, “[o]nly a statistically valid empirically derived study based on funded and declined loans will resolve many of the issues in consumer lending today.” The petitioner points out that validation reports “provide the information necessary to measure the efficiency of the credit score being used to measure credit risk,” and that “[d]emographic comparisons of funded and declined applicants can also be used to identify if the underwriting guidelines used in the application of credit scores result in acceptable percentages of financial inclusion for minorities or protected consumer groups.”
CFPB highlights risks associated with BNPL products
On August 4, the CFPB released a report highlighting risks associated with new product offerings that the agency claimed blur the line between payments and commerce. The report examined the development of new capabilities—like “super apps,” buy now, pay later (BNPL), and embedded commerce—that have the potential to streamline payments, facilitate commerce, and enhance user experience, but may also create opportunities for companies to aggregate and monetize consumer financial data. With respect to “super apps,” the Bureau warned that these services have “morphed” into a “bank in an app” model, providing a “wide array of financial, payment and commerce functions within a single app.” These financial services super apps may seem to be more convenient than having multiple relationships with different organizations, the Bureau said, but cautioned that using these products may limit consumer product and service choice. “While consumers can opt to use a payment offering outside an app, such super apps create the potential for providers to steer consumers to specific solutions and/or limit access to some products.”
The report also raised concerns about tech firms offering their own lending or BNPL products. The Bureau pointed out that BNPL options, which provide unsecured short-term credit allowing consumers to split purchases into four equal interest-free payments at the point of sale, have “soared in recent years” as a popular alternative to credit cards. The Bureau noted it is “carefully focused on the shift toward real-time payments in the United States,” and is “seeking to mitigate the potential consequences of large technology firms moving into this space.”
The Bureau further stressed it is “carefully monitoring the payments ecosystem as part of a multifaceted effort to promote fair, transparent, and competitive markets for consumer financial services,” and said it is currently working on Dodd-Frank Act rules that would give consumers more control over the personal financial data that they choose to share with finance and payment apps. The Bureau also stated that it is “assessing new models of lending integrated with payments and ecommerce, such as BNPL,” and plans to issue a report on its findings and make a determination as to whether any regulatory interventions are appropriate. Last year, the Bureau issued a series of orders to five companies seeking information regarding the risks and benefits of the BNPL credit model (covered by InfoBytes here).
Special Alert: NYDFS fines trading platform for BSA/AML, transaction monitoring, and cybersecurity lapses
The New York Department of Financial Services and a trading platform on Aug. 1 entered into a consent order to resolve deficiencies identified during a 2019 examination and a subsequent investigation by the department’s enforcement section. The consent order focused on deficiencies related to Bank Secrecy Act and anti-money-laundering compliance, transaction monitoring, cybersecurity, and related New York certifications of compliance. The company will pay a $30 million civil monetary penalty and retain an independent consultant that will assist with remediating the issues highlighted in the order and report to NYDFS on remediation progress.
The consent order has far-reaching implications for all financial services companies that come under the jurisdiction of the NYDFS.
The trading platform is a wholly owned subsidiary of a financial services company that offers U.S.-based retail investors the ability to trade stocks, options, and crypto currency on a commission-free basis through its broker-dealer subsidiary. The trading platform is licensed by the NYDFS to engage in virtual currency and money transmitter businesses in New York. Of primary concern for the NYDFS was the platform’s alleged reliance on its parent company’s compliance and cybersecurity programs through enterprisewide systems that the NYDFS found to be inadequate. Additionally, according to NYDFS, the platform allegedly had few to no qualified personnel or management involved in overseeing those programs, which NYDFS has implicitly indicated cannot be outsourced.
Class certification granted in TCPA suit against satellite provider
On August 1, the U.S. District Court for the Northern District of West Virginia granted a plaintiff’s motion for class certification in an action against a satellite TV company (defendant) for allegedly placing unwanted telemarketing robocalls. According to the order, the plaintiffs alleged that the defendant retained a communications company to sell the defendant’s services and that the communications company purchased a list of leads and phone numbers from a third party to make telemarketing calls. According to the plaintiffs, the communications company failed to scrub the list for numbers on the national do-not-call list and called those numbers in violation of the TCPA. The district court noted that “[t]here are two overriding questions in this case: (1) whether [the communications company] contacted class members listed on the do-not-call registry; and (2) whether [the defendant] is liable for [the communication company’s] actions.” The district court further noted that “[a]ny individual issues or defenses are limited and easily resolved with aggregate data from defendant []." In agreeing with the “plaintiffs’ contention that this is a ‘model case for the application of the class action mechanism,’” the district court certified a nationwide class of nearly 114,000 individuals whose telephone numbers were listed on the do-not-call list and who received more than one telemarketing call within any 12-month period at any time from the communications company to promote the defendant.