InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC settles with bankrupt crypto company and bans asset management
On October 12, the FTC announced it has reached a settlement with a bankrupt crypto company, which will permanently ban the company from managing consumer assets. According to the federal court complaint, the FTC alleged that from at least 2018, respondent attracted customers by promising their deposits would be secure, but when the company failed, consumers lost access to significant assets, resulting in over $1 billion in cryptocurrency asset losses. The FTC alleges violations of the FTC Act and the Gramm-Leach-Bliley Act's prohibition on obtaining financial information through false statements. Respondent allegedly misled consumers by claiming their assets were safe on the platform, stating that "YOUR USD IS FDIC INSURED." However, respondent is not a bank and the deposits were not eligible for FDIC insurance. The FTC complaint also alleged that the FDIC does not insure cryptocurrency assets, and consumers' cash deposits were placed in an account held by respondent at a traditional bank. Consumers' funds were protected only if that bank failed, but their cryptocurrency was not protected at all.
The proposed settlement with respondent and its affiliates permanently bans them from offering, marketing, or promoting any product or service related to depositing, exchanging, investing, or withdrawing assets. Respondent and its affiliates have agreed to a judgment of $1.65 billion, which will be suspended to allow the bankrupt company to return its remaining assets to consumers through bankruptcy proceedings. The proposed settlement also prohibits respondent and its affiliates from managing consumer assets, misrepresenting product benefits, making false representations to obtain financial information, and disclosing nonpublic personal information without consent.
The FTC also announced that it is filing a lawsuit against the respondent’s CEO for making false claims that consumer accounts were FDIC-insured. Respondent’s CEO has not agreed to a settlement, and the FTC's case against him will proceed in federal court. “In a parallel action, on October 12, the Commodity Futures Trading Commission separately charged [respondent’s CEO] with fraud and registration failures,” the FTC added.
HUD expands access to mortgages with ADUs
On October 16, HUD introduced a new policy that aims to make it easier for borrowers to finance Accessory Dwelling Units (ADUs) in their primary residences. ADUs are small living units built inside, attached to, or on the same property as, the main home. This policy change allows lenders to consider ADU rental income when assessing a borrower's eligibility for an FHA mortgage.
The new policies provide:
- Income Flexibility: Borrowers with limited incomes can use 75% of their estimated ADU rental income to qualify for an FHA-insured mortgage for properties with existing ADUs.
- New ADUs: For new ADUs that borrowers plan to attach to an existing structure, such as a garage or basement conversion, 50% of the estimated rental income can be used for qualification under FHA's Standard 203(k) Rehabilitation Mortgage Insurance Program.
- Appraisal Requirements: The policy includes ADU-specific appraisal guidelines to accurately assess the market value of properties with ADUs, making it easier for appraisers to report on ADU characteristics and expected rental generation.
- New Construction: The policy also allows FHA mortgages to finance new homes built with ADUs, expanding ADU production beyond the rehabilitation of existing structures.
The White House concurrently released a statement on the policy, noting that it is allowing rental income from ADUs to qualify for FHA-insured mortgages. HUD added that FHA-approved lenders can start offering borrowers mortgages on properties with ADUs under the new policies effective immediately.
California enacts law to extend commercial financing cost disclosure requirement
On October 7, the California governor signed SB 33 to, among other things, continue to require covered providers offering commercial loans to disclose the total cost of financing expressed as an annualized rate indefinitely. Existing law currently required this disclosure only until January 1, 2024.
SB 33 is effective January 1, 2024.
California enacts new data broker regulations
The California governor recently signed SB 362 (the “Act”), which will impose regulations on data brokers by allowing consumers to request the deletion of their personal data that was collected. The Act will allow the California Privacy Protection Agency (CPPA) to create an “accessible deletion mechanism” to make a streamlined method for consumers to delete their collected information available by January 1, 2026.
Among other amendments, businesses that meet the definition of a data broker will be required to register every year with the CPPA, instead of with the attorney general. Additionally, the Act requires data brokers to provide more information during its yearly registration, including: (i) if they collect the personal information of minors; (ii) if the data broker collects consumers’ precise geolocation; (iii) if they collect consumers’ reproductive health care data; (iv) “[b]eginning January 1, 2029, whether the data broker has undergone an audit as described in subdivision (e) of Section 1798.99.86, and, if so, the most recent year that the data broker has submitted a report resulting from the audit and any related materials to the California Privacy Protection Agency”; and (v) a link on its website with details on how consumers may delete their personal information, correct inaccurate personal information, learn what personal information is collected and how it is being used, learn how to opt out of the sale or sharing of personal information, learn how to access their collected personal information, and learn how to limit the use and disclosure of their sensitive personal information. Moreover, administrative fines for violations of the Act, payable to the CPPA, have increased from $100 to $200, and data brokers that fail to delete information for each deletion request face a penalty of $200 per day the information is not deleted.
The Act further requires that data brokers submit a yearly report of the number of requests received for consumer information deletion, and the number of requests denied. The yearly report must also include the median and mean number of days in which the data broker responded to those requests.
California enacts two privacy bills AB 1194 and AB 947
On October 8, the California governor signed two bills, AB 947 amending the California Consumer Privacy Act of 2018, and AB 1194 amending the California Privacy Rights Act (CPRA) of 2020. AB 947 amends the definition of “sensitive personal information” to include any personal information that reveals a consumer’s citizenship or immigration status. AB 1194 will ensure that when a consumer’s personal information relates to “accessing, procuring, or searching for services regarding contraception, pregnancy care, and perinatal care, including, but not limited to, abortion services,” business are obligated to comply with CPRA, except in cases where the information is in an aggregated, deidentified form and is not sold or shared. CRPA already empowers consumers to request the deletion of their personal information, with some exceptions to accommodate a business's obligations to adhere to federal, state, or local laws, fulfill court orders, respond to subpoenas for information, or cooperate with government agencies in emergency situations involving potential risks to a person's life or physical well-being.
AB 947 is effective January 1, 2024 and AB 1194 is effective July 1, 2024.
FDIC seeks comments on proposed and stricter governance guidelines for regional banks
On October 11, the FDIC published a request for comment on proposed corporate governance and risk management guidelines that would apply to all insured state nonmember banks, state-licensed insured branches of foreign banks, and insured state savings associations that are subject to Section 39 of the Federal Deposit Insurance Act (FDI Act), with total consolidated assets of $10 billion or more on or after the effective date of the final guidelines.
The proposed guidelines cover board of director’s obligations, composition, duties, and committee structure that must be met to meet the standard of good corporate governance. The proposed guidelines state that the board will ultimately be responsible for the affairs of the covered institution and each individual member must abide by certain legal duties. Under the proposed guidelines, the board of directors must, among other things: (i) evaluate and approve a strategic plan covering at least a three-year period; (ii) establish policies and procedures by which the covered institution operates; (iii) establish a code of ethics covering legal requirements, such as insider information, disclosure, and self-dealing; (iv) provide active oversight of management; (v) exercise independent judgement; and (vi) select and appoint qualified executive officers. Additionally, the board will be required to maintain a majority of independent directors on the board and should consider diversity of demographic representation, opinion, experience, and ownership level when choosing its board members. The proposed guidelines would also require that the board have an audit committee, a compensation committee, a trust committee (if the covered institution has trust powers), and a risk committee.
Comments must be received by the FDIC by December 11, 2023.
Chopra foreshadows expanding oversight over digital payments
On October 6, CFPB Director Rohit Chopra spoke at a digital payments event where he described the risks posed by private digital currencies and digital payments systems and provided steps that would increase the CFPB oversight so as to help protect consumers from these risks.
Chopra stated that from a consumer regulator’s perspective, it is important to safeguard against the risks of private currencies issued by nonbanks, which include the potential for sudden devaluation of the digital currency, intrusive data surveillance, censorship, private regulations that favor the issuer’s commercial interests, challenges with error resolution, and consumer fraud.
Further, Chopra shared what he believes are warranted steps to ensure that private digital dollars and payments systems do not harm consumers:
- The CFPB will issue supplemental orders to certain large technology platforms to acquire more data and information to better ascertain their business practices, especially with respect to the use of sensitive personal data and any issuance of private currencies.
- To reduce the harms of errors, hacks, and unauthorized transfers, the Bureau will explore providing additional guidance on the applicability of the Electronic Fund Transfer Act with respect to private digital dollars and other virtual currencies for consumer and retail use.
- The CFPB will use appropriate authorities to conduct supervisory examinations of nonbanks operating consumer payment platforms, including the authority over service providers to large depository institutions and the authority over large participants, which would subject nonbanks meeting a particular size threshold to CFPB supervision.
- The Bureau will publish a proposed rule regarding personal financial data rights pursuant to Section 1033 of the Consumer Financial Protection Act, which will seek to accelerate America’s shift to open, competitive, and decentralized banking, while also seeking to safeguard against misuse of personal financial data.
Additionally, Chopra stated the Financial Stability Oversight Council should consider exercising its authority under Title VIII of the Dodd-Frank Act to designate activity as, or as likely to become, a systemically important payment, clearing, or settlement activity so as to provide other agencies with critical oversight and tools to ensure that a stablecoin is actually stable.
Congressional Democrats urge White House to make AI principles mandatory
On October 12, a coalition of more than two dozen Democratic senators and House members urged President Biden to make any anticipated executive order on how the federal government handles artificial intelligence (AI) technology binding on the federal government and those who receive federal funds, and not a mere statement of principles. “By turning the AI Bill of Rights from a non-binding statement of principles into federal policy, your administration would send a clear message to both private actors and federal regulators: AI systems must be developed with guardrails,” the Democrat’s letter states. Additionally, these legislators asked the president to incorporate the White House Blueprint for an AI Bill of Rights, a voluntary roadmap that identifies five principles intended to guide both the government’s and private companies’ design, use and deployment of automated systems fueled by AI (covered by InfoBytes here).
CFPB reports decline in NSF fees by depository financial institutions, saving consumers billions
On October 11, the CFPB’s Offices of Consumer Populations and Markets announced that through its analysis of a number of depository financial institutions it had determined that the imposition of non-sufficient fund (NSF) fee by these entities were on the decline, saving an estimated $2 billion annually for consumers going forward. Specifically, the CFPB determined that “[n]early two-thirds of banks with over $10 billion in assets have eliminated NSF fees,” “[n]early three-fourths of the banks that earned the most in overdraft/NSF fee revenue in 2021, including 27 of the top 30 earners, have eliminated NSF fees” and “[a]mong credit unions with over $10 billion in assets, 16 of 20 continue to charge NSF fees, including four of the five largest.” It was ultimately determined larger banks have been more likely to eliminate NSF fees. Based on the CFPB’s estimates, for banks “with over $10 billion in assets, 97% of NSF fee revenue has been eliminated.”
Automotive management company settles with DOJ to resolve False Claims Act allegations
On October 11, an automotive management company settled claims by the Department of Justice alleging that the company had violated the False Claims Act by knowingly providing false information in support of its Paycheck Protection Program (PPP) loan forgiveness application.
According to the DOJ’s allegations, the automotive management company certified it was a small business with fewer than 500 employees when in fact it shared common operational control with dozens of automobile dealerships with more than 3,000 employees in total.