Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB limits examiner term limits to five years after concurring with OIG recommendations

    On February 26, the Office of Inspector General for the CFPB (OIG) released a report entitled, “The CFPB Can Enhance Certain Practices to Mitigate the Risk of Conflicts of Interest for Division of Supervision, Enforcement and Fair Lending Employees.” The report found that the CFPB’s Office of Supervision Examinations (OSE) does not have a formal policy that requires bank examiners to rotate assignments in a specified time frame, which increases potential conflicts of interest. The OSE examines banks to check for compliance failures in federal consumer financial law and is based out of four regional offices: New York (Northeast), Atlanta (Southeast), Chicago (Midwest), and San Francisco (West). The OIG argued that a formal policy adopted by the OSE would more effectively monitor examiner rotations, promoting “objectivity, cross-training, and broader expertise” and reducing the risk of regulatory capture – or subjecting the same regulated entity to the same examiner and subsequently risking independence and objectivity of exams. The OIG’s report posited two recommendations: (i) that the CFPB implement a formal examiner rotation policy; and (ii) that the CFPB track and document assignments for examiners and its members.

    The OIG found that while some OSE offices have informal examiner rotation policies in place, there is no global system in place to track examiner assignments to ensure regular rotation. For example, OSE’s Northeast and West regional offices have written policies that require certain staff members to rotate every five years. However, the Southeast and Midwest offices do not have any written policies in place and stated having a “natural” turnover process based on needs and availability, among others.

    The CFPB concurred with both OIG recommendations, stating that it will limit the time for lead examiners and field managers to five years and develop a tool for tracking these assignments.

    Bank Regulatory CFPB OIG Enforcement Examination

  • FHFA announces updates for implementation of GSE credit score requirements

    Federal Issues

    On February 29, FHFA announced updates related to the implementation of new credit score requirements for single-family loans acquired by Freddie Mac and Fannie Mae (GSEs). As previously covered by InfoBytes, FHFA released a two-phase plan for soliciting stakeholder input on the agency’s proposed process for updating credit score requirements. The new process, called the FICO 10T model, will, among other things, require two credit reports (a “bi-merge” credit report) from the national consumer reporting agencies, rather than the traditional three (covered by InfoBytes here). After considering stakeholder input, FHFA expects to transition from the Classic FICO credit score model to the bi-merge credit reporting requirement in Q1 2025. The GSEs will also move up the publication of VantageScore 4.0 historical data to Q3 2024 “to better support market participants” and provide pertinent historical data before the transition. FHFA will provide more details on the timing for FICO 10T implementation once this initial process is complete.

    Federal Issues Freddie Mac Fannie Mae GSEs Credit Scores Consumer Finance Agency Rule-Making & Guidance

  • CFPB warns lead generators, digital comparison-shopping tool operators of potential CFPA violations

    Federal Issues

    On February 29, the CFPB issued a circular to law enforcement agencies and regulators explaining how operators of digital comparison-shopping tools or lead generators can potentially violate the CFPA’s prohibition on abusive acts or practices by steering consumers towards options that best serve the operator or the lead generator. The circular further discussed “how law enforcement agencies and regulators can evaluate operators of comparison-shopping tools… to manipulate results” to appease consumer preferences.

    The Bureau explained that while consumers often use these tools to research, compare, and select financial products, some intermediaries also functioned as lead generators that sold consumer information to lenders. These intermediaries may have received compensation, the CFPB said, often termed as “bounties,” from financial providers for preferential treatment or lead generation. The circular recognized that operators of these tools may have engaged in commercial arrangements with financial providers and may have received compensation based on user actions or bids.

    The CFPB stated that both digital comparison-shopping tool operators and lead generators can qualify as “covered persons” under CFPA section 1031(d)(2)(C) which prohibits them from engaging in unfair, deceptive, or abusive acts or practices, particularly those that “take unreasonable advantage” of consumers so they may act in the “covered person’s” best interests. The circular outlined elements of CFPA Section 1031(d)(2)(C) and applied the elements including reasonable reliance by consumers on covered entities to act in their interests, to an evaluation of the operator or lead generator activities. Notably, the circular warned that reasonable consumer reliance could be created based on the representations of the tool operator or lead generator, as well as implicit or explicit communications. Further, the Bureau added that steering consumers towards certain products or providers for the financial benefit of the operator or lead generator, rather than consumer interest, constituted unreasonable advantage-taking.

    Finally, the circular included a non-exhaustive list of examples of preferencing or steering arrangements and advised law enforcement agencies and regulators to scrutinize bounty or bidding schemes and decision-making processes to identify abusive conduct.

     

    Federal Issues CFPB Lead Generation CFPA Enforcement Consumer Protection Abusive Deceptive Unfair

  • White House orders DOJ and CFPB to better protect citizens’ sensitive personal data

    Privacy, Cyber Risk & Data Security

    On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”

    A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.

    Privacy, Cyber Risk & Data Security Federal Issues Department of Justice CFPB Executive Order Department of Homeland Security White House Big Data China Russia Iran North Korea Cuba Venezuela

  • U.S. Attorney General taps professor to lead new technology-focused roles

    Fintech

    On February 22, the U.S. Attorney General, Merrick B. Garland, announced that he tapped Jonathan Mayer to head the DOJ’s first Chief Science and Technology Advisory and Chief Artificial Intelligence (AI) Officer roles. The roles are housed in the DOJ’s Office of Legal Policy which is developing a team of technical and policy experts in technology-related areas important to the Department’s responsibilities. These topics include cybersecurity and AI with the aim to advise leadership and collaborate with other components across the Department and with federal partners on cutting-edge technological issues. As the first Chief Science and Technology Advisor, Mayer will contribute technical expertise on cybersecurity, AI, and emergent technology matters.

    The Chief AI Officer role was created pursuant to a presidential executive order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. In this role, Mayer will work on intra-departmental and cross-agency efforts on AI and adjacent issues, and he will also lead the Justice Department’s newly established Emerging Technology Board, which coordinates and governs AI and other emerging technologies across the Department.

    Mayer has a PhD in computer science from Stanford University and a J.D. from Stanford Law School. Mayer is an assistant professor at Princeton University’s Department of Computer Science and School of Public and International Affairs where his research is focused on the intersection of technology, policy, and law with an emphasis in criminal procedure, national security, and consumer protection.

    Fintech Department of Justice Artificial Intelligence

  • Financial Stability Board’s letter addresses financial topics for upcoming G20 meeting

    Fintech

    On February 20, the Financial Stability Board (FSB) released a letter from its Chair, Klaas Knot, to the G20 Finance Ministers and Central Bank Governors ahead of the February 28-29 G20 meeting, setting up the agenda for maintaining global financial stability. The FSB is an organization made up of senior financial officials from G20 countries as well as international financial organizations including the International Monetary Fund, the World Bank, and the European Central Bank. The letter addressed financial system vulnerabilities, including the takeaways from the March 2023 banking crisis, nonbank financial intermediation (NBFI), digitalization of finance, climate change effects, and cross-border payment efficiency.

    On the first topic, the letter highlighted lessons wrought by the March 2023 banking crisis; the FSB advocated the need for public-sector backstop funding mechanisms, and more analytical work on interest rate and liquidity risk to explore vulnerabilities. On NBFI, the letter noted a structural vulnerability in asset management as the “potential mismatch between the liquidity of fund investments and daily redemption of fund units in open-ended funds[.]” On digital innovation, the letter urges the G20 to closely monitor any risks to financial stability, including crypto, tokens, and artificial intelligence. On climate change, the FSB plans to further analyze climate-related financial risks to financial stability. Last, on cross-border payments, the G20 Cross-border Payments Roadmap goal is to make cross-border payments “faster, cheaper, and more transparent and inclusive” while keeping their integrity and maintaining the “safety of the system.” The letter noted that FSB has collaborated with AML experts in both the public and private sectors to “increase the efficiency of payments systems and further enhance their integrity and safety.”

     

    Fintech Financial Stability Board G20 Of Interest to Non-US Persons Cross Border Activities Climate-Related Financial Risks

  • Pennsylvania Attorney General settles with data collection company for failing to disclose data use

    Courts

    On February 22, the Attorney General for the State of Pennsylvania, Michelle A. Henry, announced a settlement with a company for selling consumers’ data information without clearly notifying those consumers pursuant to the Unfair Trade Practices and Consumer Protection Law and the Telemarketer Registration Act (TRA) and required the defendant pay $25,000 in monetary relief. The defendant operated various websites that collected consumers’ personal information with offers of free samples or payments for online surveys. The Pennsylvania AG alleged the defendant failed to properly disclose to consumers that the purpose of collecting their data was for lead generation, made misrepresentations regarding free samples and brand affiliations, and failed to obtain necessary consumer requests and agreements.

    As part of the settlement, the Pennsylvania AG required the defendant to provide certain disclosures, including the collection of consumer data is for lead generation, consumer information may be sold to third parties, and defendant functions as an aggregator of promotional offerings. The settlement further enjoined the defendant from making certain misrepresentations to consumers. There were also orders related to telemarketing practices and consumer usage data, including a requirement that defendant not “use, sell, transfer or share any [c]onsumer [d]ata obtained from Pennsylvania consumers[.]”

    Courts Pennsylvania State Attorney General Data Collection / Aggregation Telemarketing

  • FDIC orders bank to plan termination of relationships with “significant” fintech partners

    Recently, the FDIC released a consent order against a Tennessee bank as part of its release of January Enforcement Decisions and Orders. The FDIC stated that within sixty days of the effective date of the consent order, the bank must “submit a general contingency plan to the Regional Director… [on] how the [b]ank will administer an effective and orderly termination with significant third-party FinTech partners,” as part of its Third-Party Risk Management program for the bank. The Program must assess and manage the risks posed by all fintech firms associated with the bank. It will include policies related to due diligence and risk assessment criteria that are appropriate to the products and services provided by the fintech partner. The bank must also engage an independent firm for completion of a comprehensive Banking-as-a-Service Risk Assessment Report.

    The bank further consented, without admitting or denying any charges of unsafe or unsound banking practices, to board supervision of the bank’s management and approval of the bank’s policies and objectives, qualified management, the Regional Director’s prior consent for new or expanded lines of business that would result in an annual 10 percent growth in total assets or liabilities, and a comprehensive strategic plan.

     

    Bank Regulatory FDIC Consent Order Fintech Risk Management Enforcement

  • Fed’s Bowman speaks on current trends in banking regulation

    On February 27, Michelle Bowman, a member of the Federal Reserve Board of Governors, gave a speech reflecting on the state of the broader U.S. economy and banking regulation in Tampa, Florida. Bowman highlighted the need for the Fed to focus on “efficiency in how we deliver on our safety and soundness goals.” On capital reform, Bowman noted that since the closure of the comment period for the Basel III “Endgame” reforms, the federal banking agencies have been reviewing the feedback and identifying areas of concern: she hopes that the agencies will take this opportunity to revise the proposal in a way that addresses the concerns raised by the public. After voicing her non-support for the recently adopted Community Reinvestment Act (CRA) final rule, Bowman shared that while the new rule provided some positive changes, the changes are still “unnecessarily complex, overly prescriptive,” and have greater costs than benefits.  Bowman highlighted that the final rule treats a wide range of community banks with more than $2 billion in assets as “large banks, and would have resulted in a “nearly tenfold increase in banks with a ‘Need to Improve’ CRA rating” if applied to the period from 2018 to 2020. On Regulation II and debit card interchange fees, Bowman noted that the comment period has been extended until May 12, adding that the proposed permanent decrease in debit card interchange fees will have “consequences for banks of all sizes.” Bowman ended with discussion on bank mergers, climate change, and liquidity.

    Bank Regulatory Federal Reserve Federal Issues CRA Discount Window Basel

  • VA issues circular to address loan holder fees on assuming a VA-guaranteed loan

    Federal Issues

    On February 26, the Department of Veterans Affairs published a circular to address assumption fees, specifically permitting a loan holder to charge an additional assumption-related fee based on the location of the relevant property when the assumption of a VA-guaranteed loan closes. This additional fee is in addition to the previously permitted assumption fees which must be less than $300 for loan holders with maximum authority or $250 for loan holders without automatic authority. The VA set the amount of the additional assumption fee allowed in Exhibit A to the circular, which can be found here.

    Federal Issues Department of Veterans Affairs

Pages

Upcoming Events