Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 13, the CFPB announced a plan to review its regulations under Section 610 of the Regulatory Flexibility Act (RFA), which specifies that agencies should review certain rules within 10 years of their publication, consider the rules’ effect on small businesses, and invite public comment on each rule undergoing the review. The announcement notes that RFA requires an agency to consider multiple factors when reviewing a rule, including (i) whether there is a continued need for the rule; (ii) the complexity of the rule; (iii) whether the rule overlaps, duplicates, or conflicts with federal, state, or other rules; and (iv) the degree to which factors, such as technology and economic conditions, have changed the relevant market since the rule was evaluated. Comments will be due within 60 days of the plan’s publication in the Federal Register.
The CFPB also announced that its first RFA review will be of the 2009 Overdraft Rule (Rule), which was originally issued by the Federal Reserve Board and limits the ability of financial institutions to assess overdraft fees for ATM and one-time debit card transactions that overdraw consumers’ accounts. The Bureau is seeking public comment on the economic impact of the Rule on small entities, including requesting feedback on topics such as (i) the impacts of the reporting, recordkeeping, and other compliance requirements of the Rule; and (ii) how the Bureau could reduce the costs associated with the Rule for small entities. Comments on the economic impact of the Rule will be due within 45 days of publication in the Federal Register.
On April 25, the CFPB issued a Request for Information (RFI) on two aspects of the Remittance Rule, which took effect in 2013, and requires financial companies handling international money transfers, or remittance transfers, to disclose to individuals transferring money information about the exact exchange rate, fees, and the amount expected to be delivered. The RFI seeks feedback on (i) whether to propose changing the number of remittance transfers a provider must make to be governed by the rule, as well as the possible introduction of a small financial institution exception; and (ii) a possible extension of a temporary exemption to the Rule set to expire July 21, 2020, that allows certain insured institutions to estimate exchange rates and certain fees they are required to disclose (the RFI states that the EFTA section 9191 expressly limits the length of the temporary exemption and does not authorize the CFPB to extend the term beyond the July 21 expiration date unless Congress changes the law). The RFI also seeks feedback on the Rule’s scope of coverage, including whether the Bureau should change a safe harbor threshold that allows persons providing 100 or fewer remittance transfers in the previous and current calendar year to be outside of the Rule’s coverage. Additionally, the RFI includes a consideration of issues discussed in the Bureau’s assessment of the Rule, which examined if the Rule had been effective in achieving its goals. Comments on the RFI are due 60 days after publication in the Federal Register.
Separately, on April 24, the CFPB released a revised assessment report of its Remittance Rule to “correct an understatement of the dollar volume of remittance transfers by banks in the original report,” which increases the share of the remittance dollars transferred by banks. The Bureau notes that the correction does not affect the report’s conclusions. (See previous InfoBytes coverage of the October 2018 assessment report here.)
On February 21, the Conference of State Bank Supervisors (CSBS) issued a request for information (RFI) on issues related to state money transmission and payments regulation as state regulators begin coordinating model legislation for all 50 states to adopt in whole or in part. CSBS’ RFI is based upon recommendations made by the Fintech Industry Advisory Panel (a part of CSBS’ Vision 2020 previously covered by InfoBytes here) and seeks feedback on several areas of law and regulation to help states create harmonized definitions and interpretations on a national level. According to the Advisory Panel, “despite the general similarity of state money transmission laws, each state defines and interprets money transmission and its exemptions differently.” The RFI solicits comments framed towards outlined policy standards and risks on the following issues:
(i) The scope of covered money transmission activities and applicable exemptions; (ii) the change in control process, including the personal vetting requirements for individuals deemed new control persons; (iii) prudential regulations—in particular, permissible investment, net worth, and surety bond requirements; (iv) supervision processes; and (v) coordination—in particular, how states can ensure the areas outlined above are implemented consistently without state-by-state policy diversion or needless duplication of effort.
Comments on the RFI are due April 20 and will be made publically available here.
On February 11, a bipartisan group of 29 state Attorneys General, the District of Columbia Attorney General, and an official from the Hawaii Office of Consumer Protection, responded to the FTC’s request for comment on whether the agency should make changes to its identity theft detection rules (the Red Flags Rule and the Card Issuers Rule), which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. (Covered by InfoBytes here.)
In their response, the Attorneys General urge the FTC not to repeal the Rules, arguing that it “would place consumers at greater risk of identity theft, especially consumers in states that have not enacted” laws that complement the Rules. Instead, the response letter requests the FTC modify the Rules to “ensure their continued relevance” and “keep pace with the ingenuity of identity thieves.” The suggestions include: (i) that notices of changes to email addresses and cell phone numbers be sent to both the prior and updated addresses and phone numbers, an expansion of the current use of mailing addresses; (ii) the encouragement of more current forms of authentication, including multi-factor authentication, to replace examples which imply that knowledge-based authentication by itself is sufficient; and (iii) the addition of new suspicious activity examples related to the use of an account, such as a covered account accessed by unknown devices or IP addresses, an unauthorized user unsuccessfully trying to guess account passwords through multiple attempts, and attempts by foreign IP addresses to access multiple accounts in a close period of time.
On January 31, the CFPB published a request for information (RFI) on the consumer credit card market. Section 502 of the Credit Card Accountability and Responsibility Disclosure Act (CARD Act) of 2009 requires the Bureau to conduct a review of the consumer credit card market every two years and to seek public comment to assist in that review. While the Bureau seeks feedback on all aspects of the consumer credit card market, the RFI specifically seeks comments related to, among other things, (i) the terms of credit card agreements and the practices, such as collection efforts, of credit card issuers; (ii) the effectiveness of disclosures related to rates, fees, and other cost terms; (iii) prevalence of unfair, deceptive, or abusive acts or practices in the market; and (iv) credit card product innovation. Comments must be received by May 1, 2019.
On January 22, a coalition of 14 state Attorneys General submitted a comment letter responding to the FDIC’s Request for Information (RFI) on small-dollar lending. (See previous InfoBytes coverage on the RFI here.) According to the letter, while the coalition welcomes the FDIC’s interest in encouraging FDIC-supervised financial institutions to offer responsibly underwritten and prudently structured small-dollar credit products that are economically viable and address consumer credit needs, the coalition simultaneously raises several legal risks affecting state-chartered banks seeking to enter this space.
- Banks face challenges when entering into relationships with “fringe lenders,” specifically with respect to the potential evasion of state restrictions related to state usury laws, “rent-a-bank” lending, and tribal sovereign immunity. The coalition recommends that the FDIC discourage banks from entering into such relationships.
- State-chartered banks are still subject to state unfair or deceptive acts or practices laws and state-law unconscionability claims. The coalition recommends that the FDIC encourage banks to evaluate consumers’ ability to repay, factoring in conditions such as consumers’ monthly expenses, their ability to repay a loan’s entire balance without re-borrowing, and their “capacity to absorb an unanticipated financial event. . .and, nonetheless, still be able to meet the payments as they become due.” The coalition recommends that the FDIC include the factors banks should consider before extending small-dollar loans to consumers in any guidance that it issues.
On December 4, the FTC released a request for public comment on whether the agency should make changes to its identity theft detection rules—the Red Flags Rule and the Card Issuers Rule—which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. The FTC is seeking comment as part of its systematic review of all of its regulations and guides. According to the FTC, consumer complaints relating to identity theft represented the third largest category of consumer complaints made to the FTC through the first three quarters of 2018 and the second largest category in 2017. The FTC is seeking comment on all aspects of the two rules, but also poses specific questions for commenters to address, such as (i) whether there is a continuing need for the specific provisions of the rules; (ii) what significant costs have the rules imposed on consumers and businesses; and (iii) whether there are any types of creditors that are not currently covered by the Red Flags Rule but should be covered. The request for comment is due to be published in the Federal Register shortly, and comments must be received by February 11, 2019.
On November 14, the FDIC issued a request for information (RFI) seeking public comment on ways it can encourage FDIC-supervised financial institutions to offer “responsible, prudently underwritten small-dollar credit products that are economically viable and address the credit needs of bank customers.” In the RFI’s release, FDIC Chairman Jelena McWilliams pointed to studies showing that “[c]onsumers benefit when small-dollar credit products are available from banks” and requested “the public to use the RFI process to tell [the FDIC] how to ensure that consumers can obtain small dollar credit from banking institutions in a responsible manner.” The RFI seeks information related to the “full spectrum of issues” related to banks offering small-dollar credit, including regulatory and non-regulatory obstacles for banks, as well as actions the FDIC could take to assist banks in serving the small-dollar market. In addition to general feedback, the RFI includes a list of suggested topics and questions for commenters to address. Comments will be due 60 days after publication in the Federal Register.
Recently, the OCC and the CFPB have also made efforts to encourage banks to meet the small-dollar credit needs of consumers. In May, the OCC issued Bulletin 2018-14 encouraging banks to offer responsible short-term, small-dollar installment loans with typical maturities between two and 12 months (covered by InfoBytes here). In addition to applauding the OCC’s Bulletin, the CFPB announced it expects to publish proposed rules reconsidering the ability-to-repay provisions of the rule covering Payday, Vehicle Title, and Certain High-Cost Installment Loans in January 2019 (covered by InfoBytes here).
On October 1, the FDIC released a request for information (RFI) on “FDIC Communication and Transparency.” The agency is seeking comments and information on how the agency can make its “communication with insured depository institutions (IDIs) more effective, streamlined, and clear [, including] . . . maximiz[ing] efficiency and minimiz[ing] burden associated with obtaining information on FDIC laws, regulations, policies, and other materials relevant to IDIs.” The RFI requests feedback on all types of communication from the FDIC, including (i) regulations, policies, procedures, and guidance; (ii) news and updates; (iii) industry data, educational materials, and outreach; and (iv) general and direct communications, such as email subscriptions, in-person meetings, and compliance reviews. In addition to general feedback, the RFI includes a list of suggested topics and questions for commenters to address.
Comments must be received by December 4.
On September 25, the CFPB released a report on the Bureau’s data governance program, including what data the Bureau collects, from where the data is sourced, and how the data is used and reused within the Bureau. The report emphasizes that data informs a large portion of the Bureau’s work, including rule writing, supervision, enforcement, consumer education, and market monitoring. The report details the more than 188 data collections from public sources, government agencies, commercial vendors, financial institutions, and consumers that the Bureau has undertaken to date. In connection with the report, the Bureau issued a request for information (RFI) seeking feedback on the Bureau’s data governance program and data use. Specifically, the RFI requests comments on, among other things, (i) the overall effectiveness and efficiency of the Bureau’s data collections; (ii) privacy issues related to the Bureau’s data collection practices; (iii) ways the Bureau should or should not reuse data collected for one purpose to inform other work; and (iv) ways the Bureau could make data reporting less burdensome. Comments must be received by December 27.
- Buckley Webcast: Hot topics in debt collection — An analysis of recent federal FDCPA litigation
- Jonice Gray Tucker to discuss "How to succeed in law school" at the SEO Law DC Panel Discussions
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Henry Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates an Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference