InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB publishes fall 2021 rulemaking agenda
On December 13, the Office of Information And Regulatory Affairs released the CFPB’s fall 2021 rulemaking agenda. According to a Bureau announcement, the information released represents regulatory matters the Bureau plans to pursue during the period from November 2, 2021 to October 31, 2022. Additionally, the Bureau stated that the latest agenda reflects continued rulemakings intended to further its consumer financial protection mission and help advance the country’s economic recovery from the Covid-19 pandemic. Promoting racial and economic equity and supporting underserved and marginalized communities’ access to fair and affordable credit continue to be Bureau priorities.
Key rulemaking initiatives include:
- Small Business Rulemaking. This fall, the Bureau issued its long-awaited proposed rule (NPRM) for Section 1071 regulations, which would require a broad swath of lenders to collect data on loans they make to small businesses, including information about the loans themselves, the characteristics of the borrower, and demographic information regarding the borrower’s principal owners. (Covered by a Buckley Special Alert.) The NPRM comment period goes through January 6, 2022, after which point the Bureau will review comments as it moves to develop a final rule. Find continuing Section 1071 coverage here.
- Consumer Access to Financial Records. The Bureau noted that it is working on rulemaking to implement Section 1033 of Dodd-Frank in order to address the availability of electronic consumer financial account data. The Bureau is currently reviewing comments received in response to an Advance Notice of Proposed Rulemaking (ANPR) issued fall 2020 regarding consumer data access (covered by InfoBytes here). Additionally, the Bureau stated it is monitoring the market to consider potential next steps, “including whether a Small Business Review Panel is required pursuant to the Regulatory Flexibility Act.”
- Property Assessed Clean Energy (PACE) Financing. As previously covered by InfoBytes, the Bureau published an ANPR in March 2019 seeking feedback on the unique features of PACE financing and the general implications of regulating PACE financing under TILA (as required by Section 307 of the Economic Growth, Regulatory Relief, and Consumer Protection Act, which amended TILA to mandate that the Bureau issue certain regulations relating to PACE financing). The Bureau noted that it continues “to engage with stakeholders and collect information for the rulemaking, including by pursuing quantitative data on the effect of PACE on consumers’ financial outcomes.”
- Automated Valuation Models (AVM). Interagency rulemaking is currently being pursued by the Bureau, Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations for AVM quality control standards as required by Dodd-Frank amendments to FIRREA. The standards are designed to, among other things, “ensure a high level of confidence in the estimates produced by the valuation models, protect against the manipulation of data, seek to avoid conflicts of interest, require random sample testing and reviews,” and account for any other appropriate factors. An NPRM is anticipated for June 2022.
- Amendments to Regulation Z to Facilitate LIBOR Transition. As previously covered by InfoBytes, the Bureau issued a final rule on December 7 to facilitate the transition from LIBOR for consumer financial products, including “adjustable-rate mortgages, credit cards, student loans, reverse mortgages, [and] home equity lines of credit,” among others. The final rule amended Regulation Z, which implements TILA, to generally address LIBOR’s eventual cessation for most U.S. dollar settings in June 2023, and establish requirements for how creditors must select replacement indices for existing LIBOR-linked consumer loans. The final rule generally takes effect April 1, 2022.
- Reviewing Existing Regulations. The Bureau noted in its announcement that it decided to conduct an assessment of a rule implementing HMDA (most of which took effect January 2018), and referred to a notice and request for comments issued last month (covered by InfoBytes here), which solicited public comments on its plans to assess the effectiveness of the HMDA Rule. Additionally, the Bureau stated that it finished a review of Regulation Z rules implementing the Credit Card Accountability Responsibility and Disclosure Act of 2009, and that “[a]fter considering the statutory review factors and public comments,” it “determined that the CARD Act rules should continue without change.”
Notably, there are 14 rulemaking activities that are listed as inactive on the fall 2021 agenda, including rulemakings on overdraft services, consumer reporting, student loan servicing, Regulation E modernization, abusive acts and practices, loan originator compensation, and TILA/RESPA mortgage disclosure integration.
FTC settles with debt collectors
On December 13, the FTC announced a settlement with several South Carolina-based debt collection companies and an individual (collectively, "defendants") for allegedly engaging in fraudulent debt collection practices. The FTC filed a complaint against the defendants alleging that they violated the FTC Act and the FDCPA by, among other things: (i) using robocalls to leave deceptive messages; (ii) falsely representing that an individual is an attorney or is in communication with an attorney; (iii) “falsely claiming or implying that nonpayment of a debt will result in the arrest or imprisonment of a person”; (iv) threatening to take unlawful legal action; and (v) making false representations or using deceptive means to collect or attempt to collect a debt. The action was taken as part of the FTC’s “Operation Corrupt Collector”—a nationwide enforcement and outreach effort established by the FTC, CFPB, and more than 50 federal and state law enforcement partners to target illegal debt collection practices (covered by InfoBytes here). The effort previously resulted in settlements with two other debt collectors, which included permanent bars from the industry.
Under the terms of the settlement, in addition to being permanently banned from participating in debt collection and debt brokering activities, the defendants will also be prohibited from making misrepresentations to consumers, including (i) whether consumers are legally obligated to pay defendants; (ii) whether defendants are attorneys or affiliated with a law firm; (iii) the terms of any refund policy; and (iv) any material facts concerning products or services. The order also requires the defendants to surrender the contents of numerous bank and investment accounts, including property and the value of certain assets. An approximately $12 million monetary judgment will be partially suspended upon completion of asset transfers from all financial institutions holding accounts in the defendants’ names.
OCC launches DC REACh
On December 13, the OCC announced the launch of DC REACh , which expands the OCC’s Project REACh (Roundtable for Economic Access and Change) efforts to Washington, D.C. As previously covered by InfoBytes, in 2020, the OCC launched this initiative to promote greater financial inclusion of underserved populations. According to the OCC, Project REACh brings together leaders from the banking industry, national civil rights organizations, and various businesses and technology organizations who will identify and reduce barriers to accessing capital and credit. The OCC further noted that DC REACh “will organize and initiate formal efforts to promote greater access to affordable homeownership, enhance small business financing, and expand access to credit for economically disadvantaged and underserved communities in Washington, D.C.” According to remarks by acting Comptroller of the Currency Michael J. Hsu at the launch of DC REACh, the OCC “will be working with local community leaders and financial institutions to build paths towards entrepreneurship and affordable homeownership for District residents.”
CFPB releases EFTA FAQs
On December 13, the CFPB released updated Electronic Fund Transfers FAQs, which pertain to compliance with the Electronic Fund Transfer Act (EFTA) and Subpart A to Regulation E. The updated topics include transaction coverage, financial institution coverage, error resolution, and unauthorized EFT error resolution. Highlights from the updated FAQs include:
- Person-to-person (P2P) payments can be unauthorized electronic transfers under Regulation E.
- “[A] ‘pass-through’ payment transfers funds from the consumer’s account held by an external financial institution to another person’s account held by an external financial institution,” which is “initiated through a financial institution that does not hold a consumer’s account, for example, a non-bank P2P provider.”
- “Regulation E section 1005.2(i) defines financial institution under EFTA and Regulation E to include banks, savings associations, credit unions, and: any other person that directly or indirectly holds an account belonging to a consumer, or any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.”
- “Any P2P payment provider that meets the definition of a financial institution, as discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, is a financial institution under Regulation E.” Therefore, “if a P2P payment provider directly or indirectly holds an account belonging to a consumer, they are considered a financial institution under Regulation E.”
- The transfer is considered to be an unauthorized EFT under Regulation E if a consumer’s account is obtained from a third party through fraudulent means (hacking), and a hacker utilizes that information to make an unauthorized electronic transfer from the consumer’s account.
- “Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act…. Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”
Fed reiterates supervisory guidance on risk management
On December 10, the Federal Reserve Board announced SR Letter 21-19, which reiterates the Fed’s supervisory expectations for large banks’ risk management practices related to investment funds. The letter applies to institutions supervised by the Fed that have large derivatives portfolios and relationships with investment funds, and follows a review by the Fed of the high-profile default and failure of one investment firm, which resulted in losses of more than $10 billion for several large banks. Among other things, the Fed warned firms that poor communication frameworks and inadequate risk management functions hinder their potential to identify and address risk, and that “[r]isk management and control functions should have the experience and stature to effectively control risks associated with investment funds.”
The Fed also reminded firms that, consistent with the guidance in Interagency Supervisory Guidance on Counterparty Credit Risk Management, they should: (i) “[r]eceive adequate information with appropriate frequency to understand the risks of the investment fund, including position and counterparty concentrations, and either reconsider the relationship or set sufficiently conservative terms for the relationship if the client does not meet appropriate levels of transparency; (ii) “[e]nsure the risk-management and governance approach applied to the investment fund is capable of identifying the fund's risk initially and monitoring it throughout the relationship, and ensure applicable areas of the firm – including the business line and the oversight function – are aware of the risk their investment fund clients pose to the firm and have tools to manage that risk”; and (iii) “[e]nsure that margin practices remain appropriate to the fund's risk profile as it evolves, avoiding inflexible and risk-insensitive margin terms or extended close-out periods with their investment fund clients.”
OFAC and State Dept. announce additional corruption, human rights abuse sanctions
On December 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13818 targeting 15 individuals and entities connected to corruption and serious human rights abuse in several countries across Central America, Africa, and Europe under the Global Magnitsky Human Rights Accountability Act. OFAC noted that the designations were announced on International Anti-Corruption Day to “reinforce the priority placed upon curbing corruption through strategic and regulatory action at the Summit for Democracy.” As a result of the sanctions, all property and interests in property belonging to the sanctioned entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC noted that its regulations generally prohibit U.S. persons from participating in transactions with these persons, which include “the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person or the receipt of any contribution or provision of funds, goods or services from any such person.” In a complementary action, the U.S. Department of State also announced visa restrictions under Section 7031(c) of the Department of State, Foreign Operations, and Related Programs Appropriations Act, which targeted several corrupt officials and their immediate family members, making them ineligible to enter the U.S.
FSB requests feedback on data frameworks affecting cross-border payments
Recently, the Financial Stability Board (FSB) issued a survey requesting stakeholder feedback on “how existing national and regional data frameworks interact with and affect the functioning, regulation and supervision of cross-border payment arrangements,” in addition to feedback on issues concerning the cross-border use of these data frameworks by national authorities and the private sector. Data frameworks within the survey’s scope include those concerning data access; data privacy, security, or storage; requirements for data retention; and multilateral or bilateral trade agreements covering the use and sharing of data across borders. Among other things, the survey seeks information on (i) ways data-specific national and regional data frameworks affect the costs and speed of delivering payments, as well as access and transparency; (ii) potential barriers to cross-border data use; (iii) areas of improvement for overcoming barriers in data frameworks; (iv) whether one jurisdiction’s data framework can impact the provision or supervision of cross-border payments services offered in other jurisdictions; and (v) whether there are particular payment corridors (especially related to emerging markets) that face specific challenges related to data frameworks. The survey also requests information on the implementation of international standards from the FSB and other standard-setting bodies, “if not included as part of formal, domestic data frameworks,” and “[o]ther international efforts, arrangements, or agreements that jurisdictions may implement in their domestic data frameworks or that may affect cross-border data flows.” The survey will close on January 14, 2022.
NYDFS addresses use of cyber assessment framework in risk assessment process
On December 9, NYDFS updated its FAQs regarding 23 NYCRR Part 500, which established cybersecurity requirements for banks, insurance companies, and other financial services institutions. (See InfoBytes coverage on 23 NYCRR Part 500 here.) New FAQ 41 addressed whether covered entities should use a cyber assessment framework as part of their risk assessment process as required by Sections 500.9 and 500.2(b). NYDFS clarified that while it “does not require a specific standard or framework for use in the risk assessment process," it expects covered entities “to implement a framework and methodology that best suits their risk and operations.” Commonly employed frameworks cited by NYDFS include the FFIEC Cyber Assessment Tool, the CRI Profile, and the NIST Cybersecurity Framework.
California sentences student loan debt relief scammers
On December 6, the California attorney general announced the sentencing of four individuals involved in a student loan assistance scam and related computer crimes. According to the AG, the individuals’ now-defunct company presented “itself as a legitimate source of help and feigned association with the U.S. Department of Education (ED) in order to gain the trust of distressed student loan borrowers and access their personal information.” Company employees “were directed to access and disrupt student loan borrower account data, as well as create new student borrower accounts while posing as the borrowers,” which violated the state’s computer crime laws the AG stated. Borrowers were convinced to pay fees of up to $1,300 in monthly payments in order to participate in the company’s loan payment reduction programs, which offered loan deferment and income-driven repayment. However, many of the borrowers were unaware that these payment reduction programs were already offered free of charge by the Department of Education. Moreover, borrowers did not know that their monthly payments were not a subscription service or applied towards their federal student loans, but were rather payments on a high interest loan. The AG contended that borrowers were purportedly required to continue making these payments even if they attempted to cancel the company’s services, and that “to facilitate the scam, the defendants used the Federal Student Aid website to illegally access student borrower records housed in computer systems belonging to ED.” In additional to their sentences of up to 180 days in prison, community service and probation, the individuals were ordered to pay restitution to harmed borrowers.
District Court: Debt collectors may rely on information supplied by credit card issuer
On December 2, the U.S. District Court for the District of Oregon granted defendants’ motion for summary judgment in an FDCPA action over an alleged disputed debt, ruling that defendants are allowed to rely on information supplied by a credit card issuer that a “debt owned has been verified and is owed.” The plaintiff opened a credit card in 2015 and stopped making payments on the card in June 2018. After she stopped making payments, the plaintiff sent notices of dispute to the credit card issuer contesting, among other things, whether the issuer owned the account, and received correspondence back from the issuer with information about where disputes about the debt should be directed. The issuer also explained that based on an investigation into her account, the issuer believed the account to be valid. Several months later, the defendants sent a demand letter on behalf of the issuer to the plaintiff using the address associated with the account, and later filed a collection lawsuit in state court seeking judgment to recover the unpaid balance.
The plaintiff sued, accusing the defendants of violating Sections 1692e(2)(A), 1692e(5), and 1692e(10) of the FDCPA when they initiated the collections action. Among other claims, the plaintiff argued that she never received the demand letter. She also contended that the defendants should have known about the disputes. The court, however, agreed with the magistrate judge’s final orders and judgment, which ruled that it is not a requirement of the FDCPA for the defendants to confirm that a notice was received as a condition of filing the state court action. According to the court, the plaintiff identified no evidence that mail sent to the address used by the defendants was returned as undeliverable. The court also agreed that the plaintiff’s notices of dispute “did not challenge that she opened the account or was responsible for the charges,” and that the defendants submitted bank statements showing that the plaintiff made payments on the account.