InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
EU Parliament becomes first to enact binding law on artificial intelligence
On March 13, the European Parliament of the European Union voted into law the world’s first binding law on artificial intelligence (AI) titled “Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act)” to put forth a flexible coordinated approach regarding the “human and ethical” implications of AI. The stated objectives of this new regulation comprise ensuring that AI systems are safe and respecting the existing laws that protect the fundamental rights of citizens. Further, the act will aim to make sure AI investments are legally sound, enforce AI laws effectively, and develop a single market for AI applications. The European Parliament stated its legal basis for this law is through Article 114 of the Treaty on the Functioning of the European Union.
Following 89 preambles, the law’s Title I sets forth general subject matters: the law will set “harmonised rules” for the market as it will implement more AI systems; it prohibited certain AI systems; created specific requirements for “high-risk” AI systems; created transparency rules regarding emotion-recognition or biometric systems; and created rules on marketing surveillance. Title II prohibited AI practices and Title III covered “high-risk” AI systems. Prohibited AI systems include distorting someone’s behavior or vulnerabilities, evaluating trustworthiness with possibly a social score, or using “real-time” remote biometric identification systems for law enforcement (unless searching for either victims of a crime or missing children, among others). Title III on “high-risk” AI systems defined “high-risk” systems as those that pose fundamental risks to the rights of individuals, specifically to the health and safety of a citizen, among others.
Chopra discusses open banking and standard-setting
On March 13, the Director of the CFPB, Rohit Chopra, delivered prepared remarks at the Financial Data Exchange Global Summit and discussed advancing the U.S. towards open banking. Chopra outlined the current efforts and considerations surrounding the development of industry standards that would help transition consumers with switching financial products. The CFPB had been finalizing rules on Section 1033 of the CFPA which would grant consumers the right to access their financial data and would aim to protect sensitive personal financial information while promoting open banking (covered by InfoBytes here).
Chopra highlighted the importance of creating industry standards for data sharing and communication protocols, drawing parallels with existing standards in electronics and financial services. While the CFPB's proposal acknowledged the role of standards, Chopra noted that it intentionally avoided being overly “prescriptive” to avoid stifling innovation, among other things.
The speech also addressed the potential for anticompetitive behavior in the standard-setting process. Chopra noted historical instances of anticompetitive behavior, a concern that the CFPB had been monitoring closely. The Bureau will be working with the DOJ to prevent such practices.
The Bureau sought to codify what standard-setting organizations must demonstrate to be recognized under the proposed rule, then invite those organizations to begin the process of receiving formal recognition from the CFPB. Based on the comments received on the proposed rule, Chopra expects that by this fall, the final rule will “identify the areas where standards are relevant to the requirements of the final rule.” Chopra also noted the CFPB considered whether standard-setting organizations should be balanced so no entity or group of entities can “dominate[] decision making.” He noted that the Bureau will investigate the makeup of entities’ standard-setting/modification groups and funding structure, warning if an entity’s composition or funding suggests favoritism, then “that will be a problem.” Chopra noted that if the CFPB cannot identify standard-setting organizations, it is prepared to implement more detailed guidance.
Bank regulators respond to bankers’ motion to enjoin CRA final rule
On March 8, the Fed, OCC, and FDIC (the federal banking agencies, or “FBAs”) submitted a brief opposing the plaintiffs’ motion for a preliminary injunction to stop the CRA final rule from going into effect. As previously covered by InfoBytes, a group of trade, banking, and business associations filed a class-action complaint for injunctive relief against the bank regulators’ enforcement of the final rule to implement the CRA before it goes into effect on April 1. The FBAs assert that, in opposing the final rule, the plaintiffs are asking the court to “graft” two exclusions from the CRA’s purpose that are not actually in the statute: first, to exclude geographic areas where a bank conducts retail lending from the scope of the bank’s “entire community”; and second, to exclude a bank’s deposit activities from the assessment on whether a bank is meeting its entire community’s “credit needs.” The banking regulators also argued that the plaintiffs’ motion for preliminary relief should fail because the plaintiffs cannot show irreparable harm, in that they have failed to demonstrate that costs to comply with the CRA final rule, which would not apply until 2026 and 2027, were significant when considered in the context of the bank’s overall finances. Finally, the FBAs argued that the public interest and balance of equities favor allowing the final rule to proceed, as, among other factors, “the rule provides significant regulatory relief and lower compliance costs for smaller institutions by increasing the asset size thresholds that determine which performance tests apply to an institution.”
New Hampshire enshrines a new consumer privacy law
On March 6, the Governor of New Hampshire, Chris Sununu, signed into law a sweeping consumer privacy bill. Under the act, consumers will have the right to confirm if a controller (an individual who controls personal data) is processing their personal data, a right to access that data, as well as correct inaccuracies, obtain a copy, delete, and opt-out of the processing of the data for targeted advertising purposes. The act also imposed limits on collectors, including that a controller shall (i) limit the collection of data to only what is adequate, relevant, and reasonably necessary for the intended purpose; (ii) establish and maintain administrative security practices to protect the confidentiality of consumer personal data; (iii) not process sensitive data without obtaining the consumer’s consent or, if the data concerns a known child, process the data in accordance with COPPA; (iv) provide an easy means for consumers to revoke consent; and (v) not process personal data for targeted advertising purposes without consumer consent. The bill further outlined a processor’s responsibilities and required controllers to conduct a data protection assessment for each action that may present a risk of harm to a consumer. The act will go into effect on January 1, 2025.
New York Attorney General sues over 25 lenders for predatory lending operation
On March 5, New York Attorney General Letitia James released a verified petition against 27 lenders accusing them of a “large-scale, predatory lending” operation in which they allegedly misrepresented themselves in order to issue small businesses short-term loans at “sky-high interest rates” in violation of New York Executive Law §63(12). According to the petition, the 27 lenders (Respondents) have issued “illegal, usurious” and fraudulent loans in the form of Merchant Cash Advances (MCAs), which imposed triple-digit interest rates as high as 820 percent. The NYAG noted such rates are beyond both the maximum civil usury interest rate (16 percent) and the maximum criminal usury interest rate (25 percent). The petition also alleged the Respondents misrepresented their transactions in court, making the court an “unwitting part of their illegal scheme.”
The petition asked the court to permanently enjoin Respondents from committing any further fraudulent or illegal practices, cease all MCA collection payments, and void and rescind all MCAs. The NYAG also will seek and order that the Respondents disgorge all profits and award civil penalties of $5,000 for each fraudulent MCA transaction and $2,000 in costs from each Respondent.
Senator Warren pens letter to banking regulators to check on their regulatory commitments following 2023 bank failures
On March 10, Senator Warren (D-MA) released a letter to Federal Reserve Vice Chair Michael Barr, FDIC Chairman Martin Gruenberg, and Acting Comptroller of the Currency Michael J. Hsu (the bank regulators) seeking information on any progress with their commitments to strengthen bank regulatory standards following the 2023 banking issues. Warren urged the bank regulators to reinstate the rules for banks with assets between $100 and $250 billion, including liquidity requirements and capital stress tests, that were rolled-back with the 2018 enactment of the “Economic Growth, Regulatory Relief, and Consumer Protection Act” (EGRRCPA). She concluded her letter by posing several questions, including asking what efforts the bank regulators are taking to strengthen rules, when these rules are expected to be announced or implemented, how many banks will be subject to these rules, if the implementation process would include a comment period, and if lobbying by large banks against the Basel III capital rule has weakened the bank regulators’ resolve to strengthen rules for banks with more than $100 billion in assets. Sen. Warren has asked for a response by March 25.
Banking associations petition District Court for summary judgment against CFPB’s Final Rule on small business lending
On March 1, several banking associations (plaintiffs) petitioned a district court under a motion for summary judgment in an ongoing case against CFPB’s Final Rule in §1071, claiming that the Final Rule goes beyond the scope of the CFPB’s rulemaking authority. (For rule, see 88 Fed. Reg. 35150 from May 31, 2023). As previously covered by InfoBytes, the Court last ordered granting motions for a preliminary injunction against the CFPB and its small business loan rule. The rule expanded the number of data points to 81 so certain lenders––including women-owned, minority-owned, and small businesses––would be required to disclose to covered financial institutions. The plaintiffs argued that the Final Rule would be a “fruitless attempt to capture the complexity of small business lending” given the number of extraneous data fields and would not fulfill the underlying purpose of the rule set forth by ECOA. That purpose would be to “facilitate enforcement of fair lending laws and enable communities, government entities, and creditors to identify business and community development needs and opportunities for credit for women-owned, minority-owned, and small businesses.”
In their argument, the banking associations alleged that the CFPB had exceeded its statutory authority by requiring the extra data disclosures, that the data would not provide any tangible benefit, and that implementation of the rule is arbitrary and capricious as it ignores the significant costs that will be incurred by requiring lenders to provide such a large amount of extra information. The plaintiffs emphasized that while Congress granted the CFPB the power to add data points to information a lender might be expected to disclose, the CFPB exceeded its authority in adopting the Final Rule and that its only consequence “will be the imposition of a staggering compliance burden on lenders” and ultimately reduce opportunities for small businesses.
FDIC Vice Chair delivers remarks on tokenization
On March 11, FDIC Vice Chairman Travis Hill delivered prepared remarks on “Banking’s Next Chapter? Remarks on Tokenization and Other Issues.” The speech addressed the evolution of money and payment systems, focusing on the recent innovation of tokenizing commercial bank deposits and other assets and liabilities. Hill distinguished tokenization from assets like Bitcoin and Ether: “tokenization involves a representation of ‘real-world assets’ on a distributed ledger, including… commercial bank deposits, government and corporate bonds, money market fund shares, gold and other commodities, and real estate.” Hill highlighted the potential benefits of tokenization, such as improved efficiency in payments and settlements, 24/7/365 operations, programmability, atomic settlement (the settlement, or the act of transferring ownership of an asset from seller to buyer, combining instant and simultaneous settlements) and the creation of an immutable audit trail. He also mentioned that these innovations could streamline complex processes like cross-border transactions and bond issuances, offering notable advantages over traditional banking systems.
The speech also acknowledged challenges and risks associated with tokenization, including technical, operational, and legal uncertainties. Questions remain about the structure of the future financial system, interoperability between different blockchains, and the legal implications of transferring ownership via tokens, Hill added.
Regarding the regulatory approach to digital assets and tokenization, Hill expressed the need for as much clarity as possible, even in areas whether the technology is evolving quickly. For example, Hill noted that “it would be helpful to provide certainty that deposits are deposits, regardless of the technology or recordkeeping deployed, and if there are reasons to distinguish some or all tokenized deposits from traditional deposits for any regulatory, reporting, or other purpose, the FDIC should… explain how and why.”
HUD sued for allegedly failing to refund mortgage insurance premiums for early-terminated FHA-insured mortgages
On March 12, a putative class action complaint was filed against the Department of Housing and Urban Development (HUD) for allegedly denying homeowners their Mortgage Insurance Premium (MIP) refunds upon the early termination of their FHA-insured mortgages. According to the complaint, HUD must refund unearned MIPs, but has refused to refund homeowners by creating “unnecessary bureaucratic hurdles.” The plaintiffs alleged that the OIG had confirmed “the validity of complaints regarding HUD’s handling of MIP refunds.”
Citing HUD regulations, the plaintiffs alleged that when an FHA mortgage is terminated early, within seven years of the purchase of the refinancing of the property, there is an overpayment of the MIP which should be refunded by HUD. According to the plaintiffs it is a “widespread practice” for HUD not to automatically refund MIPs, but instead require a burdensome, lengthy process which hindered the prompt refund of fees in multiple ways. The 2022 OIG report cited by plaintiffs allegedly found, among other things, that HUD did not have adequate controls in place to ensure that refunds were appropriately tracked, monitored, and issued. The plaintiffs alleged that Floridians are owed over $21.7 million in refunds.
The plaintiffs are seeking injunctive and declaratory relief and a return of all unfairly retained refunds “together with damages in the amount of the total earned interest and other investment monies accrued by Defendant with Plaintiff’s and Class Members’ monies.”
Wyoming amends its open banking provisions
On March 8, the Wyoming governor signed HB 145 (the “Act”) related to open banking, making two changes. First, the amendment updated the definition of a “customer” as a natural person or an agent, trustee, or representative acting on behalf of a natural person. Second, and for banks already participating in open banking, the Act limited the release of consumer data to third-party financial service providers to data that is only necessary for the consumer to receive the third-party product or service. The Act will go into effect on July 1.