Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 24, the FDIC released a list of 14 public enforcement actions taken against banks and individuals in May. These orders consist of “two consent orders, one modification of an 8(e) prohibition order, three orders to pay civil money penalty, three orders of prohibition, two section 19 orders, and one order of prohibition from further participation and order to pay, one order terminating amended supervisory prompt corrective action directive, and one order of termination of insurance.” Included is an order to pay a civil money penalty imposed against a Texas-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank failed “to obtain flood insurance or obtain an adequate amount of insurance coverage, at or before loan origination, for all structures in a flood zone, including multiple structures,” and failed “to force-place flood insurance, after loan origination, when the insurance on buildings securing the loan” was insufficient or nonexistent. The order assessed a $2,000 civil money penalty.
The FDIC also issued a consent order against a Utah-based bank based on alleged unsafe or unsound banking practices relating to the Bank Secrecy Act. The bank neither admitted nor denied the alleged violations but agreed to, among other things, “increase its oversight of the Bank's compliance with the BSA” and “conduct a comprehensive assessment of BSA/AML staffing needs.”
On June 23, the OCC released its Semiannual Risk Perspective for Spring 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that as “banks continue to navigate the operational- and market-related impacts of the pandemic along with substantial government stimulus, current geopolitics have tightened financial conditions and increased downside risk to economic growth.” However, the OCC noted that banks’ financial conditions remain strong and that banks are well-positioned to “deal with the economic headwinds arising from geopolitical events, higher interest rates and increased inflation.”
The OCC highlighted operational, compliance, interest rate, and credit risks as key risk themes in the report. Observations include: (i) operational risk, including evolving cyber risk, is elevated, with an observed increase in attacks on the financial services industry given current geopolitical tensions; (ii) compliance risk remains heightened as banks navigate the current operational environment, regulatory changes, and policy initiatives; and (iii) credit risk remains moderate, with banks facing certain areas of weakness and potential longer-term implications resulting from the Covid-19 pandemic, inflation, and direct and indirect effects of the war in Ukraine. Staffing challenges among banks also present risks, with challenges posed by “strong competition” in the labor market.
The report also discussed the importance of appropriate due diligence of new digital asset products and services. The OCC said that it “continues to engage on an interagency basis to analyze various crypto-asset use cases,” and is looking to “provide further clarity on legal permissibility, as well as safety and soundness and compliance considerations related to crypto-assets” in the banking industry.
The OCC further stated it “will continue to monitor the development of climate-related financial risk management frameworks at large banks,” and reported that “OCC large-bank examination teams will integrate the examination of climate-related financial risk into supervision strategies and continue to engage with bank management to better understand the challenges banks face in this effort, including identifying and collecting appropriate data and developing scenario analysis capabilities and techniques.”
On June 21, the Federal Reserve Board released civil penalty orders against two state banks, both relating to alleged violations of the National Flood Insurance Act (NFIA) and its implementing regulation, Regulation H. The first civil penalty order, against a Minnesota-based bank, assessed a $4,950 penalty for an alleged pattern or practice of violations of Regulation H but does not specify the number or the precise nature of the alleged violations. The second civil penalty order, against an Arkansas-based bank, assessed a $13,950 penalty for an alleged pattern or practice of violations of Regulation H without specifying the number or precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 per violation.
On June 22, the CFPB issued an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses. Under the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act) rules inherited by the CFPB from the Federal Reserve, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. However, the rules provide for a safe harbor limit that allows banks to charge certain fees, adjusted for inflation, regardless of the costs incurred. Calling the current credit card late fees “excessive,” the Bureau stated it intends to review the “immunity provision” to understand how banks that rely on this safe harbor set their fees and to examine whether banks are escaping enforcement scrutiny “if they set fees at a particular level, even if the fees were not necessary to deter a late payment and generated excess profits.”
In 2010, the Federal Reserve Board approved implementing regulations for the CARD Act that allowed credit card issuers to charge a maximum late fee, plus an additional fee for each late payment within the next six billing cycles (subject to an annual inflation adjustment). As the CFPB reported, the safe harbor limits are currently set at $30 and $41 respectively. The CFPB pointed out that in 2020, credit card companies charged $12 billion in late fee penalties. “Credit card late fees are big revenue generators for card issuers. We want to know how the card issuers determine these fees and whether existing rules are undermining the reforms enacted by Congress over a decade ago,” CFPB Director Rohit Chopra said. Chopra issued a separate statement on the same day discussing the current credit card market, questioning whether it is appropriate for card issuers to receive enforcement immunity if they hike the cost of credit card late fees each year by the rate of inflation. “Do the costs to process late payments really increase with inflation? Or is it more reasonable to expect that costs are going down with further advancements in technology every year?” he asked.
Among other things, the ANPRM requests information relevant to certain CARD Act and Regulation Z provisions related to credit card late fees to “determine whether adjustments are needed.” The CFPB’s areas of inquiry include: (i) factors used by card issuers to determine late fee amounts and how the fee relates to the statement balance; (ii) whether revenue goals play a role in card issuers’ determination of late fees; (iii) what the costs and losses associated with late payments are for card issuers; (iv) the deterrent effects of late fees and whether other consequences are imposed when payments are late; (v) methods used by card issuers to facilitate or encourage timely payments such as autopay and notifications; (vi) how late are most cardholders’ late payments; and (vii) card issuers’ annual revenue and expenses related to their domestic consumer credit card operations. The Bureau stated that public input will inform revisions to Regulation Z, which implements the CARD Act and TILA. Comments on the ANPRM are due July 22.
The ANPRM follows a June 17 Bureau blog post announcing the agency’s intention to review a “host of rules” inherited from other agencies such as the FTC and the Federal Reserve, including the CARD Act. (Covered by InfoBytes here.)
On June 21, the FDIC Board of Directors issued a notice of proposed rulemaking to increase deposit insurance assessment rates by 2 basis points for all insured depository institutions to increase the likelihood that the reserve ratio of the Deposit Insurance Fund (DIF) reaches the statutory minimum of 1.35 percent by September 2028, the statutory deadline. In September 2020, the FDIC adopted a DIF restoration plan to restore the reserve ratio to at least 1.35 percent by September 2028. However, according to the press release, insured deposits continued to grow and, as of March 31, the reserve ratio declined by 4 basis points to 1.23 percent. The FDIC also adopted on June 21 an Amended Restoration Plan, incorporating the increase in assessment rates to provide a buffer to ensure that the DIF achieves the 2028 target and accelerate capitalization of the fund toward the long-term 2 percent goal. In a memorandum providing an update on the restoration plan to the Board of Directors, the FDIC stated that “for the industry as a whole, staff estimate that the estimated annual increase in assessments would average 1% of income, which includes an average of 0.9% for small banks and an average of 1% percent for large and highly complex institutions.” The FDIC also released a Fact Sheet on the DIF, which provides information on the amended restoration plan and notice of proposed rulemaking on assessments and revised deposit insurance assessment rate. The FDIC released a statement regarding the DIF Restoration Plan to incorporate a uniform increase in initial base deposit insurance assessment rates of 2 basis points and to accelerate the time for the reserve ratio to reach the statutory minimum, stating that it “would allow the banking industry to remain a source of strength for the economy during a potential future downturn, and would promote public confidence in federal deposit insurance.” CFPB Director Rohit Chopra released a statement expressing his support for the Amended Plan and proposed increase, referring to these as “important short-term actions.” Chopra also expressed support for the Board to, in the long term, “explore a new mechanism to automatically adjust premiums upward and downward based on economic conditions, rather than relying on ad-hoc actions.” Comments are due by August 20.
On June 17, the FDIC announced updates to its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for FDIC examination staff when evaluating financial institutions’ compliance with federal consumer protection laws and regulations. The June update modifies Section VII Unfair, Deceptive, or Abusive Acts or Practices to reflect the FDIC’s existing supervisory authority regarding UDAP and UDAAP under Section 5 of the FTC Act, and Sections 1031 and 1036 of the Dodd-Frank Act, respectively. Among other updates, the new Section VII changes language related to the Equal Credit Opportunity Act and Fair Housing Act to add a reference to Dodd-Frank UDAAP provisions. The updated section provides the following:
ECOA prohibits discrimination in any aspect of a credit transaction against persons on the basis of race, color, religion, national origin, sex, marital status, age (provided the applicant has the capacity to contract), the fact that an applicant’s income derives from any public assistance program, and the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The FHA prohibits creditors involved in residential real estate transactions from discriminating against any person on the basis of race, color, religion, sex, handicap, familial status, or national origin. FTC UDAPs and Dodd-Frank UDAAPs that target or have a disparate impact on consumers in one of these prohibited basis groups may violate the ECOA or the FHA, as well as the FTC Act or the Dodd-Frank Act. Moreover, some state and local laws address discrimination against additional protected classes, e.g., handicap in non-housing transactions, or sexual orientation. Such conduct may also violate the FTC Act or the Dodd-Frank Act.
With respect to the legal standards for “unfair” and “deceptive” under the FTC Act and Dodd-Frank, Section VII notes that these standards are “substantially similar.”
On June 15, the OCC issued a proclamation permitting OCC-regulated institutions, at their discretion, to close offices affected by flooding in Montana “for as long as deemed necessary for bank operation or public safety.” The proclamation directs institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions. According to the 2012 Bulletin, only bank offices directly affected by potentially unsafe conditions should close, and institutions should make every effort to reopen as quickly as possible to address customers’ banking needs.
On June 17, CFPB Director Rohit Chopra announced in a blog post that the agency plans to move away from overly complicated and tailored rules. “Complexity creates unintended loopholes, but it also gives companies the ability to claim there is a loophole with creative lawyering,” Chopra said. The Bureau’s plan to implement simple, durable bright-line guidance and rules will better communicate the agency’s expectations and will provide numerous other benefits, he added.
With regards to traditional rulemaking, the Bureau outlined several priorities, which include focusing on implementing longstanding Congressional directives related to consumer access to financial records, increased transparency in the small business lending marketplace, and quality control standards for automated valuation models under Sections 1033, 1071, and 1473(q) of the Dodd-Frank Act. Additionally, the Bureau stated it will assess whether it should use Congressional authority to register certain nonbank financial companies to identify potential violators of federal consumer financial laws.
Chopra also announced that the Bureau is reviewing a “host of rules” that it inherited from other agencies such as the FTC and the Federal Reserve. “Many of these rules have now been tested in the marketplace for many years and are in need of a fresh look,” Chopra said. Specifically, the Bureau will (i) review rules originated by the Fed under the 2009 Credit CARD Act (including areas related to “enforcement immunity and inflation provisions when imposing penalties on customers”); (ii) review rules inherited from the FTC for implementing the FCRA to identify possible enhancements and changes in business practices; and (iii) review its own Qualified Mortgage Rules to assess aspects of the “seasoning provisions” (covered by a Buckley Special Alert) and explore ways “to spur streamlined modification and refinancing in the mortgage market.”
The Bureau noted that it also plans to increase its interpretation of existing laws through its Advisory Opinion program and will continue to issue Consumer Financial Protection Circulars to provide additional clarity and encourage consistent enforcement of consumer financial laws among government agencies (covered by InfoBytes here and here).
On June 16, the Federal Financial Institutions Examinations Council (FFIEC) released the 2021 HMDA data on mortgage lending transactions at 4,338 covered institutions (a decline from the 4,475 reporting institutions in 2020). Available data products include: (i) the Snapshot National Loan-Level Dataset, which contains national HMDA datasets as of May 1, 2022; (ii) the HMDA Dynamic National Loan-Level Dataset, which is updated on a weekly basis to reflect late submissions and resubmissions; (iii) the Aggregate and Disclosure Reports, which provide summaries on individual institutions and geographies; (vi) the HMDA Data Browser where users can customize tables and download datasets for further analysis; and (v) the Modified Loan/Application Register for filers of 2021 HMDA data.
The 2021 data includes information on 23.3 million home loan applications, of which 21.1 million were closed-end and 1.8 million were open-end. The Snapshot revealed that an additional 350,000 records were from financial institutions making use of the Economic Growth, Regulatory Relief, and Consumer Protection Act’s partial exemptions that did not designate whether the records were closed-end or open-end. Observations from the data relative to the prior year include: (i) the percentage of mortgages originated by non-depository, independent mortgage companies increased, accounting for “63.9 percent of first lien, one- to four-family, site-built, owner-occupied home-purchase loans, up from 60.7 percent in 2020”; (ii) the percentage of closed-end home purchase loans for first lien, one- to four-family, site-built, owner-occupied properties made to Black or African American borrowers increased from 7.3 percent in 2020 to 7.9 percent in 2021, while the share of these loans made to Hispanic-White borrowers increased slightly from 9.1 percent to 9.2 percent and the share made to Asian borrowers jumped from 5.5 percent to 7.1 percent; and (iii) “Black or African American and Hispanic-White applicants experienced denial rates for first lien, one- to four-family, site-built, owner-occupied conventional, closed-end home purchase loans of 15.7 percent and 9.8 percent respectively, while the denial rates for Asian and non-Hispanic-White applicants were 7.5 percent and 5.6 percent respectively.”
On June 8, the OCC issued a notice in the Federal Register seeking comments concerning its information collection titled, ‘‘Bank Secrecy Act/Money Laundering Risk Assessment,’’ also known as the Money Laundering Risk (MLR) System. According to the notice, the MLR System “enhances the ability of examiners and bank management to identify and evaluate Bank Secrecy Act/Money Laundering and Office of Foreign Asset Control (OFAC) sanctions risks associated with banks’ products, services, customers, and locations.” The notice stated that the agency will collect MLR information for OCC supervised community and trust banks, and explained that the annual Risk Summary Form (RSF), which collects data about different products, services, customers, and geographies (PSCs), will include three significant changes in 2022. The changes in the 2022 RSF are: (i) the addition of six new PSCs; (ii) the addition of three new customer types under the money transmitters category; and (iii) the deletion of four existing PSCs. Comments close on August 8.
- Kathryn L. Ryan to host the affiliate members meeting at AARMR’s 2022 Annual Regulatory Conference & Training
- Kathryn L. Ryan and Jedd R. Bellman to discuss “Risk and compliance management: Are you covered?” at a Mortgage Bankers Association webinar
- Melissa Klimkiewicz and Daniel A. Bellovin to discuss “Things to know about flood insurance” at a NAFCU webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Max Bonici will moderate a panel on “Enforcement risk and other regulatory and compliance issues related to crypto and digital assets” at the American Bar Association’s 2022 Annual Meeting
- John R. Coleman to provide a “CFPB Update” at MBA’s 2022 Regulatory Compliance Conference
- Amanda R. Lawrence to discuss “The shifting data privacy and data protection landscape” at MBA’s 2022 Regulatory Compliance Conference
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar