Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 25, the CFPB announced a Request for Information (RFI) on the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act), consistent with the requirements of Section 610 of the Regulatory Flexibility Act (RFA), which specifies that agencies should review certain rules within 10 years of their publication to consider the rules’ effect on small businesses. Specifically, the Bureau is seeking comments from stakeholders on the economic impact of the CARD Act on small entities and whether regulations should be adjusted to address those impacts. Additionally, the RFI seeks information, pursuant to section 502(a) of the CARD Act, related to the consumer credit card market. Among other things, the Bureau requests stakeholders comment on (i) the terms of credit card agreements; (ii) the effectiveness of credit card disclosures; (iii) the cost and availability of credit cards; and (iv) credit card product innovation.
Comments on the RFI will be due 60 days after publication in the Federal Register.
On November 20, the CFPB issued a request for information (RFI) regarding the TILA-RESPA Integrated Disclosures Rule (TRID Rule) assessment, which is required by Section 1022(d) of the Dodd-Frank Act. Section 1022(d) requires the Bureau to conduct an assessment of each “significant rule or order” no later than five years after its effective date. The Bureau issued the TRID Rule in November 2013, and the rule took effect on October 3, 2015. In addition to comments received on this RFI, the Bureau notes that it is also considering the approximately 63 comments already received regarding the TRID Rule from the 2018 series of RFIs issued on the adopted regulations and new rulemakings, as well as the inherited regulations (covered by InfoBytes here and here).
The RFI seeks public feedback on any information relevant to assessing the effectiveness of the TRID Rule, including (i) comments on the feasibility and effectiveness of the assessment plan; (ii) recommendations to improve the assessment plan; (iii) data and information about the benefits, costs, and effectiveness of the TRID Rule; and (iv) recommendations for modifying, expanding, or eliminating the TRID Rule.
Comments must be received within 60 days of publication in the Federal Register.
On November 7, the FCC released a public notice seeking comment on a petition filed by a financial institution requesting a declaratory ruling on whether a company can send a follow-up clarification text message in response to an opt-out message from a consumer without violating the TCPA. More specifically, in connection with informational texts that the consumer previously consented to receive, the institution desires to “discern the scope of that opt-out,” because “[s]ome customers want to opt-out of all texts; others merely want to opt-out of the specific category of text message alert they received most recently.” The institution notes it filed the petition “in an abundance of caution” in light of the highly technical nature of TCPA compliance, and that it believes the FCC’s 2012 ruling in SoundBite Communications, Inc. Petition for Expedited Declaratory Ruling is clear that a sender may clarify in an opt-out confirmation message the scope of the consumer’s request without violating the TCPA as long as the message does not contain marketing or promotional content or seek to encourage or persuade the recipient to reconsider the opt-out.
Comments on the FCC’s public notice are due by December 9, with reply comments by December 24.
On September 18, the CFPB announced changes to its Consumer Complaint Database (CCDB), stating that it would continue the publication of consumer complaints, data fields, and narrative descriptions. As previously covered by InfoBytes, in March 2018, the Bureau issued a Request for Information (RFI) seeking feedback on potential changes that could be implemented to the Bureau’s public reporting of consumer complaint information, including the data fields provided in the CCDB. In June 2018, then-acting Director, Mick Mulvaney, noted the Bureau was in the process of reviewing whether or not the CCDB would continue to be publicly available (covered by InfoBytes here.) The Bureau noted that it received nearly 26,000 comments from a wide array of stakeholders in response to the RFI and after considering all input, the decision was made to continue the “publication of complaints with enhanced data and context that will benefit consumers and users of the database while addressing many of the concerns raised.” Specifically, the CCDB will now (i) more prominently acknowledge that the CCDB is not a statistical sample of consumers’ experiences in the marketplace; (ii) highlight the availability of answers to common financial questions to help inform consumers before they submit a complaint; and (iii) highlight consumers’ ability to contact the financial institution directly. Additionally, in the coming months the Bureau plans to, among other things, explore the expansion of a company’s ability to respond publicly to individual complaints in the database and look for additional ways to put complaint data in context, such as incorporating product or service market share and company size.
On September 18, the CFPB published a notice in the Federal Register seeking comments on the use of Tech Sprints—forums which gather “regulators, technologists, financial institutions, and subject matter experts from key stakeholders for several days to work together to develop innovative solutions to clearly-identified challenges”—as a means to encourage regulatory innovation and collaborate with stakeholders on forming solutions to regulatory compliance challenges. The Bureau notes that Tech Sprints have been successfully used by the U.K.’s Financial Conduct Authority, which has organized seven Tech Sprints since 2016, resulting in a pilot project on digital regulatory reporting. The Bureau is interested in using Tech Sprints to, among other things: (i) leverage cloud solutions and other developments that may reduce or modify the need for regulated entities to transfer data to the Bureau; (ii) continue to innovate the HMDA data submission process; (iii) identify new technologies and approaches that can be used by the Bureau to provide more cost-effective oversight of supervised entities; and (iv) reduce other unwarranted regulatory compliance burdens. Comments must be received by November 8.
On July 23, Ginnie Mae published a Request for Input (RFI) seeking feedback on its plan to monitor and support the sustainability of the Ginnie Mae mortgage-backed securities (MBS) market, by developing a stress test framework for its non-bank issuer base. The RFI notes that, after reviewing two approaches to the stress test framework, Ginnie Mae elected to adopt a framework that forecasts an issuer’s financial performance over the next eight quarters under a base and adverse scenario. The framework would provide the following outputs: (i) a balance sheet, income statement and cashflow statement; (ii) a “Projected Issuer Risk Grade” (Ginnie Mae’s proprietary risk rating method); (iii) projected issuer compliance with Ginnie Mae and Government Sponsored Enterprise net worth, liquidity and capitalization requirements; (iv) projected compliance with common warehouse covenants; and (v) projected risk of insolvency. The RFI provides significant details on the framework, including details regarding the various structural components that will form its basis. The RFI lists four specific topics that responders may provide input on and requests that responders expand on the topics as appropriate to address related questions or implications. Comments must be submitted by August 31.
On May 13, the CFPB announced a plan to review its regulations under Section 610 of the Regulatory Flexibility Act (RFA), which specifies that agencies should review certain rules within 10 years of their publication, consider the rules’ effect on small businesses, and invite public comment on each rule undergoing the review. The announcement notes that RFA requires an agency to consider multiple factors when reviewing a rule, including (i) whether there is a continued need for the rule; (ii) the complexity of the rule; (iii) whether the rule overlaps, duplicates, or conflicts with federal, state, or other rules; and (iv) the degree to which factors, such as technology and economic conditions, have changed the relevant market since the rule was evaluated. Comments will be due within 60 days of the plan’s publication in the Federal Register.
The CFPB also announced that its first RFA review will be of the 2009 Overdraft Rule (Rule), which was originally issued by the Federal Reserve Board and limits the ability of financial institutions to assess overdraft fees for ATM and one-time debit card transactions that overdraw consumers’ accounts. The Bureau is seeking public comment on the economic impact of the Rule on small entities, including requesting feedback on topics such as (i) the impacts of the reporting, recordkeeping, and other compliance requirements of the Rule; and (ii) how the Bureau could reduce the costs associated with the Rule for small entities. Comments on the economic impact of the Rule will be due within 45 days of publication in the Federal Register.
On April 25, the CFPB issued a Request for Information (RFI) on two aspects of the Remittance Rule, which took effect in 2013, and requires financial companies handling international money transfers, or remittance transfers, to disclose to individuals transferring money information about the exact exchange rate, fees, and the amount expected to be delivered. The RFI seeks feedback on (i) whether to propose changing the number of remittance transfers a provider must make to be governed by the rule, as well as the possible introduction of a small financial institution exception; and (ii) a possible extension of a temporary exemption to the Rule set to expire July 21, 2020, that allows certain insured institutions to estimate exchange rates and certain fees they are required to disclose (the RFI states that the EFTA section 919 expressly limits the length of the temporary exemption and does not authorize the CFPB to extend the term beyond the July 21 expiration date unless Congress changes the law). The RFI also seeks feedback on the Rule’s scope of coverage, including whether the Bureau should change a safe harbor threshold that allows persons providing 100 or fewer remittance transfers in the previous and current calendar year to be outside of the Rule’s coverage. Additionally, the RFI includes a consideration of issues discussed in the Bureau’s assessment of the Rule, which examined if the Rule had been effective in achieving its goals. Comments on the RFI are due 60 days after publication in the Federal Register.
Separately, on April 24, the CFPB released a revised assessment report of its Remittance Rule to “correct an understatement of the dollar volume of remittance transfers by banks in the original report,” which increases the share of the remittance dollars transferred by banks. The Bureau notes that the correction does not affect the report’s conclusions. (See previous InfoBytes coverage of the October 2018 assessment report here.)
On February 21, the Conference of State Bank Supervisors (CSBS) issued a request for information (RFI) on issues related to state money transmission and payments regulation as state regulators begin coordinating model legislation for all 50 states to adopt in whole or in part. CSBS’ RFI is based upon recommendations made by the Fintech Industry Advisory Panel (a part of CSBS’ Vision 2020 previously covered by InfoBytes here) and seeks feedback on several areas of law and regulation to help states create harmonized definitions and interpretations on a national level. According to the Advisory Panel, “despite the general similarity of state money transmission laws, each state defines and interprets money transmission and its exemptions differently.” The RFI solicits comments framed towards outlined policy standards and risks on the following issues:
(i) The scope of covered money transmission activities and applicable exemptions; (ii) the change in control process, including the personal vetting requirements for individuals deemed new control persons; (iii) prudential regulations—in particular, permissible investment, net worth, and surety bond requirements; (iv) supervision processes; and (v) coordination—in particular, how states can ensure the areas outlined above are implemented consistently without state-by-state policy diversion or needless duplication of effort.
Comments on the RFI are due April 20 and will be made publicly available here.
On February 11, a bipartisan group of 29 state Attorneys General, the District of Columbia Attorney General, and an official from the Hawaii Office of Consumer Protection, responded to the FTC’s request for comment on whether the agency should make changes to its identity theft detection rules (the Red Flags Rule and the Card Issuers Rule), which require financial institutions and creditors to take certain actions to detect signs of identity theft affecting their customers. (Covered by InfoBytes here.)
In their response, the Attorneys General urge the FTC not to repeal the Rules, arguing that it “would place consumers at greater risk of identity theft, especially consumers in states that have not enacted” laws that complement the Rules. Instead, the response letter requests the FTC modify the Rules to “ensure their continued relevance” and “keep pace with the ingenuity of identity thieves.” The suggestions include: (i) that notices of changes to email addresses and cell phone numbers be sent to both the prior and updated addresses and phone numbers, an expansion of the current use of mailing addresses; (ii) the encouragement of more current forms of authentication, including multi-factor authentication, to replace examples which imply that knowledge-based authentication by itself is sufficient; and (iii) the addition of new suspicious activity examples related to the use of an account, such as a covered account accessed by unknown devices or IP addresses, an unauthorized user unsuccessfully trying to guess account passwords through multiple attempts, and attempts by foreign IP addresses to access multiple accounts in a close period of time.
- H Joshua Kotin to discuss "Being fair, responsible, & profitable" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- Kathryn L. Ryan to discuss "NMLS mortgage call report – Where’s NMLS 2.0?" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Jeffrey P. Naimon to discuss "2021 - A new beginning/what's to come" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- H Joshua Kotin to discuss "Mortgage servicing in a recession: Early intervention, loss mitigation and more" at the NAFCU Virtual Regulatory Compliance Seminar
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "Cyber security, incident response, crisis management" at the Legal & Diversity Summit
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "BSA/AML - Covid impact and regulatory/guidance roundup" at an NAFCU webinar