Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California AG, former FTC chairs argue about federal privacy law preemption during Senate committee hearing
On September 23, the Senate Committee on Commerce, Science, and Transportation held a hearing titled, “Revisiting the Need for Federal Data Privacy Legislation.” The hearing examined the current state of consumer data privacy and legislative efforts to provide baseline data protections for American consumers, and examined the lessons learned from the EU’s Global Data Protection Regulation (GDPR) and recently enacted state privacy laws. Witnesses included a number of former chairs and commissioners of the FTC, along with California Attorney General Xavier Becerra.
Becerra discussed the California Consumer Privacy Act (CCPA), which sets forth various requirements for businesses that collect, transfer, or sell a consumer’s personal information, and provides California residents several rights, including the right to know what data companies have collected on them and the right to ask to delete data or opt-out of its sale. (See continuing InfoBytes coverage on the CCPA here.) Concerning future federal privacy legislation, Becerra stressed that any such legislation should not preempt the work happening at the state level, and he urged the Committee “to favor legislation that sets a federal privacy-protection floor rather than a ceiling,” in order to allow states the opportunity to provide tailored protections for their residents. Becerra also stressed that the ideal federal legal framework would “recognize that privacy protections must keep pace with innovation,” and further addressed the need for a meaningful enforcement regime that respects the work undertaken by the states.
Former FTC chairs Jon Leibowitz and Maureen Ohlhausen, however, argued (see here and here) in favor of federal preemption. They suggested that a single national comprehensive privacy standard would be stronger and more comprehensive than existing regimes such as the CCPA and GDPR, and could better serve consumers even if it replaces state regulations. Both stressed that preempting state laws should not mean weakening protections for consumers. Moreover, both Leibowitz and Ohlhausen emphasized that federal privacy legislation should be technology- and industry-neutral, with rigorous standards backed by tough enforcement. Leibowitz also urged Congress to provide the FTC with the ability to impose civil penalties on violators for first-time offenses, and recommended that the FTC be granted the primary authority to administer the law and be given continued authority to provide redress directly to consumers. Former chair William Kovacic presented a different approach, which would establish a domestic privacy network to promote cooperation and coordination between federal and state privacy regulators to improve policy formation.
Other topics covered in the hearing included Chairman Roger Wicker’s (R-MS) recently introduced bill (S. 4626), known as the SAFE DATA Act, which would require businesses to be more transparent about their data collection, processing, and transfer activities, and give consumers more choices and control over their data. Among other things, the bill would preempt privacy laws in California and other states, except in regard to data breaches, and would not include a private right of action allowing consumers to sue over privacy violations.
On September 23, the FDIC issued FIL-92-2020 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Alabama affected by Hurricane Sally starting on September 14. In the guidance, the FDIC notes that, in supervising institutions affected by the hurricane, the FDIC will consider the unusual circumstances those institutions face. The guidance suggests that institutions work with impacted borrowers to, among other things, (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are “done in a manner consistent with sound banking practices.” Additionally, the FDIC notes that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The FDIC states it will also consider relief from certain reporting and publishing requirements.
On September 21, the OCC announced settlements with three former senior executives of a national bank for their roles in the bank’s incentive compensation sales practices. According to consent orders (see here and here), the OCC alleged that two of the individuals either “knew or should have known” about the sales misconduct problem and its root cause, but allegedly failed to, among other things, appropriately consider concerns about the “unreasonably high sales goals” and the associated risks of incentivizing sales of secondary deposit products. The third individual—previously in charge of identifying human resource risks—allegedly approved incentive compensation plans that overly incentivized sales and failed to respond to or escalate information received about unreasonable sales goals. In addition to paying civil money penalties, the individuals—who did not admit or deny wrongdoing—have each agreed to cooperate with the OCC in any investigation, litigation, or administrative proceeding related to sales misconduct at the bank.
As previously covered by InfoBytes, in January, the OCC reached settlements with three other former senior executives in January for their alleged roles in the bank’s sales practices misconduct, and issued notices of charges against five others.
On September 21, the OCC released Interpretive Letter 1172, stating that national banks may hold stablecoin in reserve accounts as a service to bank customers and may engage in activity incidental to receiving the deposits. According to the OCC, issuers of stablecoins—a type of cryptocurrency backed by an asset such as a fiat currency—have a desire to place assets in reserve accounts with national banks to “provide assurance that the issuer has sufficient assets backing the stablecoin in situations where there is a hosted wallet.” Hosted wallet, as defined by the OCC, is “an account-based software program for storing cryptographic keys controlled by an identifiable third party.” Because national banks are authorized to receive deposits and provide “permissible banking services to any lawful business they choose,” they may provide these services to issuers of stablecoins, as long as they comply with applicable laws and regulations. (In Interpretive Letter 1170, the OCC approved the holding of cryptocurrency on behalf of customers, covered by InfoBytes here.) Specifically, the OCC noted that national banks should ensure that deposit activities comply with the Bank Secrecy Act and anti-money laundering regulations. Moreover, a national bank must also “identify and verify the beneficial owners of legal entity customers opening accounts.” Lastly, the OCC emphasized that stablecoin reserves “could entail significant liquidity risks,” and national banks may consider entering into contractual agreements with stablecoin issuers to “verify and ensure that the deposit balances held by the bank for the issuer are always equal to or greater than the number of outstanding stablecoins issued by the issuer.” This guidance does not apply to stablecoin transactions involving un-hosted wallets.
On September 22, the FTC announced a $1.04 million settlement with a supplement marketer and its two officers (collectively, “defendants”), resolving allegations that the defendants engaged in deceptive sales and billing practices, in violation of the Restore Online Shoppers’ Confidence Act (ROSCA), the Telemarketing Sales Rule (TSR), and a previous court order. Previously, in 2016, the marketer entered into a settlement with the FTC covering allegations that the company engaged in negative option marketing by enrolling consumers in a membership program that billed up to $79.99 monthly unless the consumers canceled within an 18-day trial period. The 2016 settlement barred the company from, among other things, (i) obtaining consumers’ billing information without first disclosing they would be charged, that the charge would increase after a certain period, or that the charge would be reoccurring; (ii) obtaining payment from consumers without express written authorization; and (iii) failing to provide a simple way for consumers to cancel.
According to the FTC’s new complaint, from 2016 to 2019, the defendants violated the previous consent order, ROSCA, and TSR by failing to clearly and conspicuously disclose that in order to cancel, consumers must contact the company “at least one day before the end of the advertised Free Trial Period to avoid being charged for the monthly membership program.” The agreed-upon proposed contempt order requires the defendants to pay nearly $1.04 million to be used for equitable relief, including consumer redress.
On September 22, the FTC and the Ohio attorney general announced several proposed stipulated final orders against a Voice over Internet Protocol (VoIP) service provider, along with an affiliated company, the VoIP service provider’s former CEO and president, and a number of other subsidiaries and individuals, to settle allegations concerning their facilitation of a credit card interest rate reduction scheme. This marks the FTC’s first consumer protection case against a VoIP service provider. According to the FTC and the AG, the VoIP service provider provided one of the defendants with the ability to place illegal robocalls in order to market “phony credit card interest rate reduction services.” Both of these defendants were controlled by the VoIP service provider’s former CEO who was also named in the lawsuit. In addition, the defendant that placed the illegal calls, along with four additional defendants, are accused of managing the overseas call centers and other components used in the credit card interest rate reduction scheme.
One of the settlements will prohibit the former CEO, along with two corporations under his control, from (i) participating in any telemarketing in the U.S.; (ii) marketing any debt relief products or services; and (iii) making misrepresentations when selling or marketing any products or services. These defendants will collectively be subject to a $7.5 million judgment, which is mostly suspended due to their inability to pay.
The settlement with the VoIP service provider and the affiliated company will require a payment of $1.95 million. The VoIP service provider and its U.S.-based subsidiaries will also be prohibited from hiring the former CEO or any of his immediate family members, as well as from hiring two of the other defendants. These defendants will also be required to follow client screening and monitoring provisions, and are prohibited from providing VoIP and related services to clients who pay with stored value cards or cryptocurrency, or to clients who do not maintain public-facing websites or a social media presence. Additionally, the defendants will be required to block calls that may appear to come from certain suspicious phone numbers, block calls that use spoofing technology, and terminate certain high-risk relationships.
The settlements (see here, here, and here) reached with the defendant that placed the illegal calls and four additional defendants include prohibitions similar to those issued against the former CEO, and will require the payment of a total combined judgment of $10.3 million, which will be largely suspended due to their inability to pay.
All settlements are subject to court approval.
On September 21, the CFPB announced a settlement with a California-based auto-loan servicer to resolve allegations that the company engaged in unfair practices with respect to its Loss Damage Waiver (LDW) product, in violation of the Consumer Financial Protection Act. The CFPB alleged that the company engaged in unfair practices by charging certain borrowers for LDW coverage, but then failed to provide the coverage. Specifically, the LDW agreement allowed the company to suspend coverage if borrowers became 10-days delinquent on their auto loans. The company, however, continued to charge borrowers LDW premiums even though coverage was no longer being provided. The Bureau also alleged that the company assessed LDW claim-related fees that were not disclosed in the LDW contract, which the borrowers were not contractually obligated to pay.
Under the terms of the consent order, the company is required to pay more than $1.3 million in consumer redress to approximately 4,000 impacted consumers, as well as a $100,000 civil money penalty. The order also prohibits the company from “failing to provide consumers with LDW coverage, collateral protection insurance, or similar products or services for which [the company] has charged consumers” or from “charging consumers fees that are not authorized by its LDW contracts.”
On September 21, Ginnie Mae issued All Participant Memorandum 20-12, which states that Ginnie Mae will stop accepting the delivery of single-family forward adjustable rate mortgage (ARM) loans, dated on or after January 1, 2021, with any interest term based on LIBOR, for securitization in any pool. Additionally, any adjustable rate reverse mortgages (HECMs) will be ineligible for securitization into any HMBS pool that relies on LIBOR if not securitized as of January 1, 2021, “without regard to their date of origination or the date in which the corresponding FHA case number was assigned.” Participations associated with HECM loans backing HMBS will continue to be eligible without restriction, so long as the issuance date is on or before December 1.
On September 22, the IRS released Announcement 2020-12 notifying lenders that they should not report the amount of qualifying loan forgiveness for covered loans to qualifying small businesses made under the Paycheck Protection Program (PPP).The IRS code generally requires lenders to file a Form 1099-C for any discharge of indebtedness of at least $600. However, the IRS’ announcement specifies that when a portion or all of the principal is forgiven under the requirements of Section 1106 of the CARES Act, lenders, for federal income tax purposes only, should not “file a Form 1099-C information return with the IRS or provide a payee statement to the eligible recipient under section 6050P of the Code as a result of the qualifying forgiveness.”
On September 18, the FDIC issued FIL-91-2020 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Oregon affected by wildfires that began on September 7. In the guidance, the FDIC writes that, in supervising institutions affected by the wildfires, it will consider the unusual circumstances those institutions face. The guidance suggests that institutions work with impacted borrowers to, among other things, (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are “done in a manner consistent with sound banking practices.” Additionally, the FDIC notes that institutions may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The FDIC will also consider relief from certain reporting and publishing requirements.
Separately, on September 17, HUD announced disaster assistance available to certain counties impacted by the Oregon wildfires, providing foreclosure relief and other assistance to affected homeowners. Specifically, HUD is providing an automatic 90-day moratorium on foreclosures of FHA-insured home mortgages for covered properties and is making FHA insurance available to those victims whose homes were destroyed or severely damaged. Additionally, HUD’s Section 203(k) loan program will allow individuals who have lost homes to finance the purchase of a house, or refinance an existing house and the costs of repair, through a single mortgage. The program will also allow homeowners with damaged property to finance the rehabilitation of existing single-family homes.
- Daniel P. Stipano to discuss "High standards: Best practices for banking marijuana-related businesses" at the ACAMS AML & Anti-Financial Crime Conference
- Daniel P. Stipano to discuss "Wait wait ... do tell me! Where the panelists answer to you" at the ACAMS AML & Anti-Financial Crime Conference
- Matthew P. Previn and Walter E. Zalenski to discuss "Is valid when made ... valid?" at the Women in Housing & Finance Partner Series webinar
- Warren W. Traiger and Caroline K. Eisner to discuss "CRA modernization and the OCC final rule" at CBA Live
- Daniel R. Alonso to discuss "Transnational corruption: A chat with former U.S. federal prosecutors in New York" at Marval Live Talks
- Sherry-Maria Safchuk and Lauren Frank to discuss "New CFPB interpretation on UDAAP" at a California Mortgage Bankers Association Mortgage Quality and Compliance Committee webinar
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- H Joshua Kotin to discuss "Mortgage servicing in a recession: Early intervention, loss mitigation and more" at the NAFCU Virtual Regulatory Compliance Seminar
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute