Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 15, acting Comptroller of the Currency Michael J. Hsu spoke before the Exchequer Club to discuss several agency priorities relating to reducing inequality, adapting to digitization, acting on climate change, and guarding against complacency. In prepared remarks, Hsu stressed the importance of safeguarding trust in banking. While he acknowledged the value of strong rules and regulations, Hsu cautioned that rules “are not adaptive to emerging risks” and “cannot perceive and respond to trends and developments that may erode or threaten trust.” He further emphasized that regulators must coordinate efforts to ensure stability and fairness, and pointed to the growth of cryptocurrency and decentralized finance as areas where it is imperative that regulators work together to ensure activities taking place within the banking system or those that are facilitated by banks are trustworthy. “Innovation is important, but safeguarding trust is paramount,” Hsu stressed. Additionally, Hsu noted that “coordination among all financial regulators will also be needed in the future to ensure a level playing field and limit regulatory arbitrage and to keep shadow banking at a safe distance from the regulated financial system. These goals cannot be achieved if the financial regulatory agencies, including state banking supervisors, do not work together. Public trust in bank regulators will rise or fall depending on our ability to do so.”
On September 15, FHFA issued a notice requesting public comment on a proposed rule that would amend the regulatory capital framework for Fannie Mae and Freddie Mac (collectively, “GSEs”). The proposed rule would amend the prescribed leverage buffer amount (PLBA) and the capital treatment of credit risk transfers (CRT) to encourage more distribution of credit risk between the GSEs and private investors. Specifically, FHFA is proposing to: (i) change the fixed PLBA equal to 1.5 percent of a GSE’s adjusted total assets to a dynamic PLBA of 50 percent of the GSE’s stability capital buffer; (ii) “replace the prudential floor of 10 percent on the risk weight assigned to any retained CRT exposure with a prudential floor of 5 percent on the risk weight assigned to any retained CRT exposure”; and (iii) eliminate the requirement that a GSE is required to apply an overall effectiveness adjustment to its retained CRT exposures in line with the framework’s securitization framework. Comments on the proposal must be submitted within 60 days of publication in the Federal Register.
On September 15, the FTC announced significant changes in the agency’s rulemaking process that represent “a significant step to increase public participation and accountability around the work of the FTC.” According to the announcement, the Commission approved changes to the FTC’s “Rules of Practice,” which are “designed to make it easier for members of the public to petition the agency for new rules or changes to existing rules that are administered by the FTC.” The changes, which are a key part in the opening of the FTC’s regulatory processes to public input and scrutiny, is a departure from the previous practice where the Commission did not have an obligation to address petitions for agency action. The updates clarify the information that is required for petition submissions and notes the data that the Commission finds helpful in its review. In addition, the changes require that the Commission publish petitions for rulemaking in the Federal Register and solicit public comment for the same. Finally, under the new rules, the Commission must provide petitioners with a specific point of contact in the agency and must respond to petitioners to communicate its decision regarding the petition. The new changes will also apply to requests by certain parties for special exemption from FTC rules, as well as petitions related to industry guidance issued by the Commission.
On September 15, the FTC warned health apps and connected devices collecting or using consumers’ health information that they must comply with the FTC’s Health Breach Notification Rule (Rule). The Rule requires companies to notify consumers and others if consumers’ health data is breached, and ensures that entities not covered by HIPPA are held accountable in the event of a security breach. Companies that fail to comply with the Rule may be subject to monetary penalties of up to $43,792 per violation per day. The FTC’s policy statement (approved by a 3-2 vote) clarifies the Rule’s scope and puts companies on notice of their reporting obligations. According to the FTC, health apps that are increasingly collecting sensitive and personal data from consumers have a responsibility to ensure the collected data is secured from unauthorized access. However, the FTC expressed concern that there are still few applicable privacy protections. “While this Rule imposes some measure of accountability on tech firms that abuse our personal information, a more fundamental problem is the commodification of sensitive health information, where companies can use this data to feed behavioral ads or power user analytics,” FTC Chair Lina M. Khan stated. “Given the growing prevalence of surveillance-based advertising, the Commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk.”
On September 10, the OCC, Federal Reserve Board, and FDIC extended the comment period on the regulators’ proposed interagency guidance designed to aid banking organizations in managing risks related to third-party relationships, including relationships with fintech-focused entities. The deadline has been extended to October 18 and interested parties may submit comments until the deadline.
As previously covered by InfoBytes, the proposed guidance addresses key components of risk management, such as (i) planning, due diligence and third-party selection; (ii) contract negotiation; (iii) oversight and accountability; (iv) ongoing monitoring; and (v) termination. Coupled with the release of a Federal Reserve Board paper describing community bank and fintech partnerships, as well as interagency guidance to help community banks evaluate fintech relationships (covered by InfoBytes here), the federal bank regulators are demonstrating continued and increased focus on third-party risk management issues.
On September 14, the U.S. Treasury Department and FHFA announced the suspension of certain requirements that were added on January 14 to the Preferred Stock Purchase Agreements (PSPAs) between Treasury and Fannie Mae and Freddie Mac (collectively, “GSEs”). According to the announcement, “FHFA will continue to measure, manage, and monitor the financial and operational risks of the Enterprises to ensure that they operate in a safe and sound manner and consistent with the public interest.” In addition, during the suspension, the FHFA will review the requirements and consider other revisions, and notes that the suspensions “do not affect the [GSEs] ability to build or retain capital.”
On September 8, the FDIC updated its brokered deposits FAQs by adding an FAQ to illustrate an example of when a broker is “proposing deposit allocations” under the “matchmaking” definition. According to the FAQ, if an individual identifies at which banks to place the funds of individual customers of a broker dealer as part of a broker dealer sweep program, the person is “proposing deposit allocations” for purposes of the “matchmaking” definition. The new FAQ explains that this is true even if the broker dealer determines the group of banks, or the order of banks, at which the person can propose placing individual depositor's funds or the maximum amount that can be placed at each bank. In addition, the guidance explains that a person that is “proposing deposit allocations” at, or between, more than one bank, also satisfies the other criteria in the matchmaking definition.
The FDIC also provided a public list of all entities that have submitted public notices for the primary purpose exception as of August 31, 2021. Of the two exceptions that require notice filing, the majority of the filers so far claimed an exception based on “enabling transactions” business relationships whereby 100 percent of depositors’ funds that an agent or nominee places, or assists in placing, at depository institutions are placed into transactional accounts that do not pay any fees, interest, or other remuneration to the depositor.
On September 13, the OCC issued a new Problem Bank Supervision booklet of the Comptroller's Handbook to be used by examiners in connection with the examination and supervision of national banks, federal savings associations, and federal branches and agencies of foreign banking organizations. The booklet—the central reference for the OCC's problem bank supervision policy—describes the OCC’s approach to timely identification and rehabilitation of problem banks and replaces previously-issued guidance. Among other things, the booklet (i) discusses red flags that can indicate a potential problem bank; (ii) details the supervisory and enforcement approaches the OCC can take to rehabilitate a problem bank; (iii) provides a comprehensive discussion of the agency’s authority under 12 CFR 6, “Prompt Corrective Action”; and (iv) explains the process for problem bank resolution, including receivership. The booklet complements other Comptroller’s Handbook booklets as well as topical OCC and interagency issuances. The OCC also notes that the booklet “should be supplemented with appropriate examiner consultation with the supervisory office, subject matter experts, Licensing Division staff, and OCC legal counsel.”
On September 9, the CFPB released the Filing Instructions Guide for HMDA data collected in 2022 that must be reported in 2023. The guide states that there are no significant changes to the submission process and that the required data fields to be collected and reported have not changed. Instructions for quarterly reporting can be found in the Supplemental Quarterly Reporting Guide, which was issued the same day. According to the most recent HMDA reporting guide by the FFIEC, the next HMDA report is due for entities on March 1, 2022.
On September 7, the CFPB acting Director, Dave Uejio, released a statement regarding the decision by the U.S. District Court for the Western District of Texas to uphold the Payment Provisions in the CFPB’s 2017 rule on payday, vehicle title, and certain high-cost installment loans (covered by InfoBytes here). Ueijio hailed the decision as a reaffirmation of the Bureau’s “ability to protect borrowers from unfair and abusive payment practices in the payday lending and other markets covered by the rule.” Uejio then stated that compliance with the rule will become mandatory on June 13, 2022, and that the Bureau “expects lenders to follow the requirements of the payment provisions, consistent with the court’s order.”
- Buckley Webcast: Best practices for incident-response planning in a dangerous and regulated world
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- APPROVED Webcast: California debt collection license requirement: Overview and analysis
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek