InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Treasury highlights strategy to advance racial equity
On October 25, the U.S. Treasury Department released a blog post that highlights how the Department is focusing on advancing racial equity. Among other things, the blog noted that this focus has informed the Treasury’s decision to establish “a dedicated Office of Recovery Programs and has flowed through the policy and operational decisions [it has] made to implement the historic American Rescue Plan.” According to the blog, the Office of Recovery Programs addresses urgent needs and makes lasting investments to mitigate long-term disparities by making equity a foundational priority in the delivery of the program, which has improved the circumstances of vulnerable households and created opportunities for small businesses, cities, and states. In addition, Treasury announced the appointment of Janis Bowdler to be the Department’s first Counselor for Racial Equity. The blog also noted that Treasury’s “efforts go beyond [Treasury’s] diverse, dedicated political appointees,” because Treasury is “also deeply committed to improving diversity and inclusion among the broader career Treasury workforce, where we acknowledge much more work remains to be done.”
FHA proposes changes to defect taxonomy for loan servicing
On October 28, FHA requested stakeholder review and feedback on a draft update to Appendix 8.0 – FHA Defect Taxonomy for its Single Family Housing Policy Handbook 4000.1. The updated draft appendix includes, among other things, (i) six new defect areas to incorporate loan-level servicing reviews (servicer operations, account administration, delinquent and default servicing, loss mitigation processing, home retention, and home disposition); (ii) severity tier descriptions explaining the process used for determining whether defects require corrective servicing action or a different response “based on the impact of non-compliance on FHA, the property, or both”; and (iii) and expanded, servicing-specific remedies for violations. As previously covered by InfoBytes, FHA issued an update to Section III of the handbook, which streamlined many standard mortgage servicing operational requirements and incorporated FHA actions taken to support borrowers experiencing Covid-19-related financial hardships. The proposed defect taxonomy updates are intended to increase transparency into FHA’s servicing loan review process and provide clarity on how FHA will hold servicers accountable for loan-level compliance. Comments are due December 27.
CFPB releases education ombudsman’s annual report
On October 26, the CFPB Private Education Loan Ombudsman published its annual report on consumer complaints submitted between September 1, 2020 and August 31, 2021. The report is based on approximately 5,300 complaints received by the Bureau regarding federal and private student loans. Of these complaints, roughly 900 were related to debt collection, while approximately 730 mentioned Covid-19. The Bureau’s press release noted that the overall decrease in both federal and private student loan complaints may be attributed to the CARES Act relief measures and administrative extensions that were extended through January 31, 2022. The Bureau stated, however, that the pandemic exacerbated socio-economic and racial disparities in the student lending space and caused heightened risk of borrower harm, particularly to vulnerable populations. Additionally, the Bureau warned that the risk of borrower harm may also increase as more than 32 million borrowers with federal loans resume payments in the first quarter of 2022, and, because four of nine federal student loan servicers have or will soon stop servicing federal student loans, over 16 million borrowers will transfer to different servicers. Findings in the report included topics related to student loan complaint trends, debt collection complaints, and supervisory findings related to student loan servicers, etc.
The report also advised policymakers to consider several recommendations, including: (i) considering metrics for sharing risks shouldered by borrowers with schools that fail to provide meaningful paths to repayment; (ii) accelerating efforts to incorporate qualitative and quantitative metrics to protect consumers into future federal student loan servicing contracts; (iii) requiring detailed disclosures provided with every student loan disbursement; (iv) considering various loan forgiveness programs; (v) examining return to repayment and servicer transitions; and (vi) identifying and prosecuting data aggregators and payment processors, as well as student loan debt relief scammers.
FTC says ISPs provide limited protections for consumer data
On October 21, the FTC reported that internet service providers (ISPs) are able to gather and share large pools of sensitive consumer data while providing limited privacy protections. According to an FTC staff report, ISPs’ data collection and use practices allow them to monitor and record their customers’ every online move, granting them the ability to collect large amounts of information without their customers’ knowledge. The FTC launched the internet privacy study in 2019 under Section 6(b) of the FTC Act and analyzed information from six major ISPs, which comprise roughly 98 percent of the mobile internet market. Three advertising affiliates associated with the ISPs were also asked to provide information on their data collection and use practices. The report found, among other things, that ISPs typically collect and share more customer information than is necessary to provide ISP services. According to the report, some ISPs collected personal information to market products and services, serve targeted ads on behalf of third parties, or share insights into customers’ behaviors with other businesses. The report also found that customers are often placed into categories by “race, ethnicity, sexual orientation, economic status, political affiliations, or religious beliefs,” and that ISPs often share real-time location data with third parties.
Additionally, the report found that while several ISPs tell customers their personal information will not be sold, the companies’ privacy notices obscure other ways personal data can be used, transferred, or monetized by other parties, and “often bury[] such disclosures in the fine print of their privacy policies.” The report further explained that many customers are often confused about how to opt-out of or limit ISPs’ data collection, adding that while several ISPs promise to retain data only for as long as needed for a business reason, the definition of what constitutes a “business reason” varies widely.
Chair Lina M. Khan issued separate remarks, emphasizing that the report’s finding are “striking” and “underscore deficiencies of the ‘notice-and-consent’ framework for privacy, especially in markets where users face highly limited choices among service providers.”
FTC settles with companies involved with alleged deceptive investment training company
On October 21, the FTC announced a proposed settlement with the funder and servicer (collectively, “defendants”) of payment plans utilized by consumers to pay for investment “trainings” from a professional trader education company (company). Under the proposed settlement, the funder is required to offer debt forgiveness to company consumers who have debt held by the funder. According to the complaint, the defendants allegedly violated the FTC Act by, among other things, facilitating the company’s deceptive scheme by underwriting, funding, and servicing its retail installment contracts. According to the announcement, in September 2020, the FTC settled with the company and, as part of that settlement, the company was required to offer debt forgiveness to consumers who owed it money. The settlement, however, did not cover consumers whose debt was held by the funder. The funder is also required to give these consumers notice of the offer of debt forgiveness and allow 45 days to request forgiveness from the funder. Additionally, the proposed settlement requires the defendants to utilize adequate due diligence when screening prospective covered clients, monitor covered clients, and investigate consumer complaints.
District Court preliminarily approves $85 million class action privacy settlement
On October 21, the U.S. District Court for the Northern District of California preliminarily approved an $85 million class action settlement to resolve privacy and data security allegations against a video conferencing provider. Class members claimed the company violated several California laws, including invasion of privacy, the “unlawful” and “unfair” prongs under the Unfair Competition Law, implied covenant of good faith and fair dealing, and unjust enrichment, among others. According to class members, the company unlawfully shared their personal data with unauthorized third parties, failed to prevent unwanted and unauthorized meeting disruptions, and misrepresented the strength of its end-to-end encryption measures. The court’s preliminary approval certified a nationwide settlement class of individuals who, between March 30, 2016 and the settlement date, “registered, used, opened or downloaded the [company’s] [m]eetings [a]pplication.” Under the terms of the preliminarily approved settlement, the company will establish an $85 million non-reversionary cash fund to pay valid claims, and will make several major changes to its practices to “improve meeting security, bolster privacy disclosures, and safeguard consumer data.” Among other things, the company will “provide in-meeting notifications to make it easier for users to understand who can see, save and share [their] information and content by alerting users when a meeting host or another participant uses a third-party application during a meeting.” Additionally, the company must educate users about available security features, and ensure its privacy statement discloses the ability of users to share user data with third parties through integrated third-party software, record meetings, and/or transcribe meetings.
NCUA approves expansion of CUSO lending rights
On October 21, the National Credit Union Administration Board approved a final rule by a 2-1 vote to expand the range of permissible activities and services that credit union service organizations (CUSOs) may engage in. Under the final rule, CUSOs will be allowed to originate, purchase, sell, and hold any type of loan a federal credit union is permitted to, including auto and payday loans. The final rule also provides the Board “additional flexibility to approve permissible CUSO activities and services outside of notice and comment rulemaking.” NCUA Vice Chairman Kyle Hauptman stated the rule “gives credit unions the tools to compete more effectively in the digital marketplace.” However, NCUA Chairman Todd Harper opposed the final rule, warning that because NCUA “lacks the third-party vendor authorities that the other federal banking agencies and several state regulators have, the NCUA has no power to supervise CUSOs for compliance with federal consumer financial protection laws and regulations and compliance with prudential standards like concentration limits, maximum loan-to-value ratios, and minimum capital levels.” The final rule takes effect 30 days after publication in the Federal Register.
OCC updates Payment Systems booklet
On October 21, the OCC issued Bulletin 2021-49 announcing the revision of the Payment Systems booklet of the Comptroller’s Handbook. The booklet rescinds the Payment Systems and Funds Transfer Activities booklet of the Comptroller’s Handbook (March 1990); the Office of Thrift Supervision Examination Handbook section 580, the Payments Systems Risk (January 1994); banking Circular 235, International Payments Systems Risks (May 10, 1989); and OCC Bulletin 1996-48, Stored Value Card Systems: Information for Bankers and Examiners (September 3, 1996). Among other things, the revised booklet: (i) provides information on payment systems, types of payments, risks associated with payment systems, and associated risk management practices; (ii) highlights the requirements of 12 CFR 7.1026 on payment systems memberships; and (iii) includes expanded examination procedures and “supplemental procedures for deeper review of certain payment activities.”
OCC issues semi-annual Interest Rate Risk Statistics Report
On October 20, the OCC published the fall 2021 edition of the Interest Rate Risk Statistics Report. The report presents interest rate risk data gathered during examinations of OCC-supervised midsize and community banks and federal savings associations with reported data by asset size, charter type, and minority depository institutions. The OCC’s supervisory process for the fall 2021 report reviewed banks’ reported data from September 30, 2019 to June 30, 2021, including exposures, risk limits, and non-maturity deposit assumptions. The OCC notes that the statistics presented within the report “are for informational purposes only and do not represent OCC-suggested limits or exposures.”
District Court approves order permanently banning defendants from making robocalls
On October 21, the U.S. District Court for the Middle District of Florida issued an order approving a permanent injunction and $6.4 million civil money penalty against the remaining participants in a cruise line telemarketing operation allegedly aimed at marketing free cruise packages to consumers. In January, the FTC filed a complaint against the defendants (two individuals and five companies they controlled, including the cruise line) for their alleged involvement in the telemarketing operation. As previously covered by InfoBytes, the complaint asserted violations of the FTC Act and the Telemarketing Sales Rule. The same day the complaint was filed, the FTC announced that it had entered into two settlement agreements—one with a call center and two individuals, and one with an additional individual—for their roles in the telemarketing operation. The court’s October order follows a recent FTC announcement (covered by InfoBytes here), indicating it had reached an agreement with the defendants who neither admitted nor denied the allegations. The court’s order requires the individual defendants to cooperate with any future FTC investigations and to disclose “the contents of their auto-dialed, telemarketing, or pre-recorded telephone communications and records or other information pertaining to [the] autodialed, telemarketing, or pre-recorded telephone communications.” The order also suspends the $6.4 million civil money penalty after the two individual defendants each pay $50,000 to the Treasury Department.