InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases May enforcement actions
On June 30, the FDIC released a list of administrative enforcement actions taken against banks and individuals in May. The FDIC made public four orders including “two orders of prohibition, one consent order and combined personal consent order, and one to order to pay a civil money penalty.” Included is a cease and desist/consent order against a New York-based bank related to alleged deficiencies and weaknesses in the bank’s anti-money laundering/countering the financing of terrorism program (AML/CFT Program), among other things. Also, among other things, the FDIC required that the bank must ensure it has designated individual(s) with qualifications, who can ensure the bank’s compliance with the AML/CFT Program.
Mortgage lender to pay $23.7 million to settle FCA allegations
On June 29, the DOJ announced a $23.75 million settlement with a South Carolina-based mortgage lender to resolve alleged False Claims Act (FCA) violations related to its origination and underwriting of mortgages insured by the Federal Housing Administration (FHA). According to the DOJ, two former employees filed a lawsuit under the FCA’s whistleblower provisions alleging the lender failed to maintain quality control programs for preventing and correcting underwriting deficiencies. As part of the settlement, the lender admitted that it certified loans that did not meet the applicable requirements for FHA mortgage insurance and VA home loan guarantees. The lender also acknowledged that these loans would not have been insured or guaranteed by the agencies were it not for the submission of false certificates. While the conduct began in July 2008, the DOJ recognized that the lender has taken significant measures to stop the violations, both before and after being told of the investigation, and gave the lender credit for doing so. Under the terms of the settlement, the lender will pay $23.75 million to the U.S., with the whistleblowers receiving a total of $4.04 million of the settlement proceeds.
FinCEN updates jurisdictions with AML/CFT/CPF deficiencies
On June 29, FinCEN announced that the Financial Action Task Force (FATF) issued a public statement updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”
FinCEN’s announcement also informed members that FATF added Cameroon, Croatia, and Vietnam it its list to the list of Jurisdictions Under Increased Monitoring and advised jurisdictions to apply enhanced due diligence proportionate to the risks. FATF did not remove any jurisdictions from the list. Additionally, the announcement suggests that money service businesses refer to FinCEN’s Guidance on compliance obligations to employ adequate measures against money laundering and the financing of terrorism posed by their foreign relationships. Also noted in the announcement is that the list of high-risk jurisdictions subject to a call for action, remains the same. FinCEN reminded in the announcement that U.S. financial institutions are still broadly prohibited from engaging in transactions or dealings with Iran, and they should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”
OFAC sanctions Mexico-based human smuggling organization
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced sanctions pursuant to Executive Order 13581 against a human smuggling organization, and several individuals and entities in its support network. OFAC claimed the Mexico-based organization, Hernandez Salas transnational criminal organization (TCO), earns billions of dollars per year smuggling and creating false documentation for migrants. The leader of the TCO has been sanctioned, among four other supporters. OFAC reported that the individuals are currently incarcerated in Mexico and awaiting extradition to the U.S. for trial before a federal grand jury. Also sanctioned are two Mexican hotels that have taken part in the TCO’s smuggling operations. OFAC noted that the sanctions were pursued in close collaboration with Mexico’s Financial Intelligence Unit.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
NCUA annual report to Congress covers cybersecurity
On June 28, the NCUA released its annual report on cybersecurity and credit union system resilience to the House and Senate banking committees. The report outlines measures the agency has taken to strengthen cybersecurity within the credit union system, outlines significant risks and challenges facing the financial system due to the NCUA’s lack of authority over third-party vendors, and addresses current and emerging threats. Explaining that cybersecurity is one of the NCUA’s top supervisory priorities with cyberattacks being a top-tier risk under the agency’s enterprise risk management program, the report discusses ways the NCUA continues to enhance the cybersecurity resilience of federally insured credit unions (FICUs). Measures include continually improving the agency’s examination program, providing training and support, and implementing a final rule in February, which requires FICUs to report any cyberattacks that disrupt its business operations, vital member services, or a member information system as soon as possible (and no later than 72 hours) after the FICU’s “reasonable belief that it has experienced a cyberattack.” The final rule takes effect September 1. (Covered by InfoBytes here.) The report also raises concerns regarding the NCUA’s lack of authority over third-party vendors that provide services to FICUs. Calling this a “regulatory blind spot” with the potential to create significant risks and challenges, the agency stresses that one of its top requests to Congress is to restore the authority that permits the agency to examine third-party vendors.
Court delays enforcement of California privacy regulations
The Superior Court for the County of Sacramento adopted a ruling during a hearing held June 30, granting the California Chamber of Commerce’s (Chamber of Commerce) request to enjoin the California Privacy Protection Agency (CPPA) from enforcing its California Privacy Rights Act (CPRA) regulations until March 2024. Enforcement of the CPRA regulations was set to begin July 1.
The approved regulations (which were finalized in March and took effect immediately) update existing California Consumer Privacy Act regulations to harmonize them with amendments adopted by voter initiative under the CPRA in November 2020. (Covered by InfoBytes here.) In February of this year, the CPPA acknowledged that it had not finalized regulations regarding cybersecurity audits, risk assessments, and automated decision-making technology and posted a preliminary request for comments to inform this rulemaking. (Covered by InfoBytes here.) The June 30 ruling referred to a public statement issued by the CPPA, in which the agency explained that enforcement of those three areas would not commence until after the applicable regulations are finalized. However, the CPPA stated it intended to “enforce the law in the other twelve areas as soon as July 1.”
In March, the Chamber of Commerce filed a lawsuit in state court seeking a one-year delay of enforcement for the new regulations. The Chamber of Commerce argued that the CPPA had finalized its regulations in March 2023 (rather than the statutorily-mandated completion date of July 1, 2022), and as a result businesses were not provided the required one-year period to come into compliance before the CPPA begins enforcement. The CPPA countered that the text of the statute “is not so straightforward as to confer a mandatory promulgation deadline of July 1, 2022, nor did the voters intend for impacted business to have a 12-month grace period between the [CPPA’s] adoption of all final regulations and their enforcement.”
The court disagreed, finding that the CPPA’s failure “to timely pass final regulations” as required by the CPRA “is sufficient to grant the Petition.” The court stated that because the CPRA required the CPPA to pass final regulations by July 1, 2022, with enforcement beginning one year later, “voters intended there to be a gap between the passing of final regulations and enforcement of those regulations.” The court added that it was “not persuaded” by the CPPA’s argument “that it may ignore one date while enforcing the other.” However, staying enforcement of all the regulations for one year until after the last of the CPRA regulations have been finalized would “thwart the voters’ intent.” In striking a balance, the court stayed the CPPA’s enforcement of the regulations that became final on March 29 and said the agency may begin enforcing those regulations on March 29, 2024. The court also held that any new regulations issued by the CPPA will be stayed for one year after they are implemented. The court declined to mandate any specific date by which the CPPA must finalize the outstanding regulations.
Connecticut amends requirements for small lenders
On June 29, SB 1033 (the “Act) was enacted in Connecticut to amend the banking statutes. The Act, among other things, (i) redefines “small loan”; (ii) redefines “APR” to be calculated based on the Military Lending Act and include the cost of ancillary products among other fees as part of the “finance charge”; (iii) requires more people to obtain small loan licenses; (iv) requires that certain small loans are worth $5,000-$50,000, which is intended to capture larger loans particularly for student borrowers who may enter into income sharing agreements; (v) prohibits small loans from providing for an advance exceeding an unpaid principal of $50,000; and (vi) eliminates a requirement that certain people demonstrate an ability to supervise mortgage servicing offices in person. The Act also includes new licensing provisions, adding that any person who acts as an agent or service provider for a person who is exempt from licensure requires licensure if (i) they have a predominant economic interest in a small loan; (ii) they facilitate and hold the right to purchase the small loan, receivables or interest in the small loan; or (iii) the person is a lender who structured the loan to evade provisions in the Act. If the facts and circumstances deem the person a lender, they must be licensed under the Act.
New Hampshire amends rules for interest on escrow accounts
On June 20, New Hampshire enacted HB 520 (the “Act”) to amend provisions relating to escrow accounts maintained by licensed nondepository mortgage bankers, brokers, and servicers. The Act amends guidelines surrounding interest payments to escrow accounts maintained for the payment of taxes or insurance premiums related to loans on single family homes in New Hampshire and property secured by real estate mortgages. For both (single family homes and property) accounts, payments must be at a rate no less than the National Deposit Rate for Savings Accounts. Further, interest payments during the six-month period beginning on April 1 of each year, must be no less than the FDIC published rate in January of the same year, whereas interest payments during the six-month period beginning on October 1 of each year, must be no less than the FDIC published rate in July of the same year.
The Act was effective upon its passage.
Supreme Court blocks student debt relief program
On June 30, the U.S. Supreme Court issued a 6-3 decision in Biden v. Nebraska, striking down the Department of Education’s (DOE) student loan debt relief program (announced in August and covered by InfoBytes here) that would have provided between $10,000 and $20,000 in debt cancellation to certain qualifying federal student loan borrowers making under $125,000 a year.
The Biden administration appealed an injunction entered by the U.S. Court of Appeals for the Eighth Circuit that temporarily prohibited the Secretary of Education from discharging any federal loans under the agency’s program. (Covered by InfoBytes here.) Arguing that the universal injunction was overbroad, the administration contended that the six states lack standing because the debt relief plan “does not require respondents to do anything, forbid them from doing anything, or harm them in any other way.” Moreover, the secretary was acting within the bounds of the Higher Education Relief Opportunities for Students Act of 2003 (HEROES Act) when he put together the debt relief plan, the administration claimed.
In considering whether the secretary has authority under the HEROES Act “to depart from the existing provisions of the Education Act and establish a student loan forgiveness program that will cancel about $430 billion in debt principal and affect nearly all borrowers,” the Court majority (opinion delivered by Chief Justice Roberts, in which Justices Thomas, Alito, Gorsuch, Kavanaugh, and Barrett joined) held that at least one state, Missouri, had Article III standing to challenge the program because it would cost the Missouri Higher Education Loan Authority (MOHELA), a nonprofit government corporation created by the state to participate in the student loan market, roughly $44 million a year in fees. “The harm to MOHELA in the performance of its public function is necessarily a direct injury to Missouri itself,” the Court wrote.
The Court also ruled in favor of the respondents on the merits, noting that the text of the HEROES Act does not authorize the secretary’s loan forgiveness plan. While the statute allows the Secretary to “waive or modify” existing statutory or regulatory provisions applicable to student financial assistance programs under the Education Act in connection with a war or other military operation or national emergency, it does not permit the Secretary to rewrite that statute, the Court explained, adding that the “modifications” challenged in this case create a “novel and fundamentally different loan forgiveness program.” As such, the Court concluded that “the HEROES Act provides no authorization for the [s]ecretary’s plan when examined using the ordinary tools of statutory interpretation—let alone ‘clear congressional authorization’ for such a program.”
In dissent, three of the justices argued that the majority’s overreach applies to standing as well as to the merits. The states have no personal stake in the loan forgiveness program, the justices argued, calling them “classic ideological plaintiffs.” While the HEROES Act bounds the secretary’s authority, “within that bounded area, Congress gave discretion to the [s]ecretary” by providing that he “could ‘waive or modify any statutory or regulatory provision’ applying to federal student-loan programs, including provisions relating to loan repayment and forgiveness. And in so doing, he could replace the old provisions with new ‘terms and conditions,”’ the justices wrote, adding that the secretary could provide whatever relief needed that he deemed most appropriate.
The Court also handed down a decision in Department of Education v. Brown, ruling that the Court lacks jurisdiction to address the merits of the case as the respondents lacked Article III standing because they failed to establish that any injury they may have suffered from not having their loans forgiven is fairly traceable to the program. Respondents in this case are individuals whose loans are ineligible for debt forgiveness under the plan. The respondents challenged whether the student debt relief program violated the Administrative Procedure Act’s notice-and-comment rulemaking procedures as they were not given the opportunity to provide feedback. (Covered by InfoBytes here.)
President Biden expressed his disappointment following the rulings, but announced new actions are forthcoming to provide debt relief to student borrowers. (See DOE fact sheet here.) The first is a rulemaking initiative “aimed at opening an alternative path to debt relief for as many working and middle-class borrowers as possible, using the Secretary’s authority under the Higher Education Act.” The administration also announced an income-driven repayment plan—the Saving on a Valuable Education (SAVE) plan—which will, among other things, cut borrowers’ monthly payments in half (from 10 to 5 percent of discretionary income) and forgive loan balances after 10 years of payments rather than 20 years for borrowers with original loan balances of $12,000 or less.
Agencies put out policy on CRE workouts
On June 29, the FDIC, OCC, Federal Reserve Board, and NCUA, in consultation with state bank and credit union regulators, jointly issued a final policy statement addressing prudential commercial real estate loan accommodations and workouts for borrowers experiencing financial difficulty. The policy statement applies to all supervised financial institutions and supersedes previous guidance issued in 2009. Building on existing supervisory guidance, the policy statement advises financial institutions “to work prudently and constructively with creditworthy borrowers during times of financial stress.” The policy statement (i) updates interagency supervisory guidance on commercial real estate loan workouts; (ii) adds a new section on short-term loan accommodations (for purposes of the policy statement, “an accommodation includes any agreement to defer one or more payments, make a partial payment, forbear any delinquent amounts, modify a loan or contract, or provide other assistance or relief to a borrower who is experiencing a financial challenge”); (iii) addresses relevant accounting standard changes on estimating loan losses; and (iv) provides updated examples on how to classify and account for loans modified or affected by loan accommodations or loan workout activity. The policy statement takes effect upon publication in the Federal Register.