Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 8, the OCC announced in the Federal Register that it is soliciting comments on a proposal to rescind its 2020 Community Reinvestment Act Rule and to replace it with rules based largely on those adopted jointly by the Federal banking agencies in 1995, as amended. As previously covered by a Buckley Special Alert, the final rule, issued in May 2020, provides for at least a 27-month transition period for compliance based on a bank’s size and business mode, among other things. According to the OCC, the proposal, “would align the OCC’s CRA rules with the current Board of Governors of the Federal Reserve System and Federal Deposit Insurance Corporation rules and thereby facilitate the on-going interagency work to modernize the CRA regulatory framework and create consistency for all insured depository institutions.” Since many aspects of the CRA 2020 rule remain in transition and have not been implemented, the OCC anticipates that the proposed rule will have a limited impact on national banks and savings associations. According to Acting Comptroller Michael J. Hsu, the issuance “is an important step toward strengthening and modernizing the CRA,” and that the agency “is committed to working with the Federal Reserve and FDIC on a future joint rulemaking.” According to the OCC, the proposed rules would apply to all national banks and all federal and state savings associations. Comments are due by October 29.
On September 1, the Federal Reserve Board adopted a proposal to extend the recordkeeping and disclosure requirements associated with the TILA, implemented by Regulation Z for three years, with revision. While Dodd-Frank transferred rule-writing authority for Fed-supervision institutions under Regulation Z to the CFPB, the Fed is taking action to “minimize burden on small entities through tailored supervision, including through a risk-focused consumer compliance supervision program and an examination frequency policy that provides for lengthened time between examinations for institutions with a lower risk profile.” As previously covered by InfoBytes, the Board proposed in April to revise FR Z (OMB No. 7100-0199) to: (i) include burden connected to disclosure requirements in “rules issued by the Bureau since the Board’s last Paperwork Reduction Act (PRA) submission, as well as for one information collection for which the Bureau estimates burden” but the Board formerly did not; (ii) break out and clarify “burden estimates” that were formerly consolidated; and (iii) eliminate burden associated with some requirements due to the Bureau accounting for burden for the entire industry, or because the burden is now deemed a part of an institution’s usual and customary business practices. The revisions will be implemented as proposed and are effective immediately.
On September 8, the FTC announced it approved final revisions to rules that would implement parts of the FCRA in line with the Dodd-Frank Act. As previously covered by InfoBytes, the agency sought comment on the proposed rule changes in 2020. In separate notices, the FTC approved largely technical, non-substantive changes, clarifying five FCRA rules enforced by the FTC, which apply only to motor vehicle dealers. The changes affect the following rules:
- Address Discrepancy Rule, which requires users of consumer reports to implement policies and procedures for, among other things, handling notices of address discrepancy received from a nationwide consumer reporting agency (CRA) and furnishing an address for a consumer that a “user has reasonably confirmed as accurate to the CRA from whom it received the notice.”
- Affiliate Marketing Rule, which provides consumers the right to restrict a person from using certain information received from an affiliate to make solicitations.
- Furnisher Rule, which requires entities to implement policies and procedures regarding the accuracy and integrity of the consumer information they provide to a CRA.
- Pre-screen Opt-Out Notice Rule, which outlines requirements for those who use consumer reports to make unsolicited credit or insurance offers to consumers.
- Risk-Based Pricing Rule, which requires that persons who use information from a consumer report to offer less favorable terms are required to provide a risk-based pricing notice to consumers about the use of such data.
On September 1, the CFPB released a notice of proposed rulemaking (NPRM) and request for public comment on a proposed rule to implement Section 1071 of the Dodd-Frank Act, which requires the agency to collect and disclose data on lending to women and minority-owned small businesses. The NPRM would create a new subpart B to existing Regulation B, the implementing regulation for ECOA, in order to increase transparency in the lending marketplace. Covered financial institutions would be required to collect and report to the Bureau a broad set of data points relating to applications for several small business credit products with the stated goal of facilitating the enforcement of fair lending laws and enabling the identification of business and community development needs and opportunities for women-owned, minority-owned, and other small businesses.
The NPRM defines a covered “financial institution” as an entity that meets a specific origination threshold where at least 25 “covered credit transactions” are originated to small businesses in each of the two preceding calendar years. A “covered credit transaction” under the NPRM would include transactions that meet the definition of business credit under Regulation B, as well as loans, lines of credit, credit cards, merchant cash advances, credit transactions for agricultural purposes, and transactions covered by HMDA. The definition of a small business would be one that had less than $5 million in gross annual revenue for the preceding fiscal year. Additionally, the NPRM defines a “covered application” as “an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested.” Data points that covered financial institutions would be required to collect on a calendar-year basis to be reported by June 1 of the following year are also provided.
The Bureau proposes that an eventual final rule would become effective 90 days after publication in the Federal Register; however, compliance would not be required until approximately 18 months after publication. Additionally, the Bureau proposes certain transitional provisions that would allow covered financial institutions to begin collecting data prior to the compliance date and would permit covered financial institutions to “use either the two calendar years immediately preceding the effective date or the second and third years preceding the compliance date to determine coverage.” (See also the Bureau’s summary on the NPRM here.) Comments on the NPRM will be received for 90 days following publication in the Federal Register.
“This data will be used to support business and community development and foster fair lending,” acting Director Dave Uejio noted in a statement following the announcement of the NPRM. He added that the “rule is about providing greater transparency into which small businesses get credit and which ones do not.”
A Buckley Special Alert is forthcoming.
On August 31, the U.S. District Court for the Western District of Texas granted summary judgment in favor of the CFPB in an action filed by two trade groups challenging the payment provisions of the Bureau’s 2017 final rule covering “Payday, Vehicle Title, and Certain High-Cost Installment Loans” (2017 Rule), but stayed the August 19, 2019 compliance date for 286 days after final judgment as requested by the plaintiffs. As previously covered by InfoBytes, the plaintiffs challenged the 2017 Rule’s payment provisions’ compliance date and asked the court to set aside the 2017 Rule and the Bureau’s ratification of the payment provisions of the 2017 Rule as unconstitutional and in violation of the Administrative Procedures Act.
In granting summary judgment to the Bureau, the court ruled that the ratification “was valid and cured the constitutional injury caused by the 2017 Rule’s approval by an improperly appointed official.” Among other things, the court also concluded that the payment provisions, as a matter of law, “are consistent with the Bureau’s statutory authority and are not arbitrary and capricious,” and that the Bureau properly considered the costs and benefits of such payment provisions. However, in granting the plaintiffs’ request for a longer stay, the court stated it was persuaded by the plaintiffs’ arguments “that they should receive the full benefit of the temporary stay and that a more substantial compliance date allows time for appeal,” consistent with the fact that the “stay was requested with 445 days left until the implementation deadline, and it was entered with 286 days remaining.”
On August 31, the U.S. Treasury Department announced a request for information (RFI) seeking public comments on the Federal Insurance Office’s (FIO) future work related to the insurance sector and climate-related financial risks. The RFI is in response to an executive order issued by President Biden in May, which instructed financial regulators to take steps to mitigate, among other things, climate-related risk related to the financial system (covered by InfoBytes here). Among other things, the FIO will focus on the following initial climate-related priorities: (i) “assessing climate-related issues or gaps in the supervision and regulation of insurers, including their potential impacts on U.S. financial stability”; (ii) “assessing the potential for major disruptions of private insurance coverage in U.S. markets that are particularly vulnerable to climate change impacts, as well as facilitating mitigation and resilience for disasters”; and (iii) “increasing FIO’s engagement on climate-related issues and leveraging the insurance sector’s ability to help achieve climate-related goals.” Responses will help FIO monitor and assess the implications of climate-related financial risks for the insurance sector, and help FIO better understand how to collect “high-quality, reliable, and consistent data” required to accomplish FIO’s objectives.
On September 1, the CFPB published a proposal in the Federal Register to withdraw its proposed rule that would have extended the effective date of its final rules amending Regulation F, which implements the FDCPA. As previously covered by InfoBytes, in April, the Bureau proposed delaying the effective date by 60 days to provide affected parties additional time to comply due to the ongoing Covid-19 pandemic. However, the Bureau determined that an extension is unnecessary and will publish a formal notice in the Federal Register, withdrawing the April notice of proposed rulemaking (covered by InfoBytes here). According to the Bureau, industry comments generally did not support an extension, and “[m]ost industry commenters stated that, despite the pandemic, they would be prepared to comply with the Debt Collection Final Rules by November 30, 2021.”
On August 27, the SEC announced a request for information and public comments regarding the use of digital engagement practices by broker-dealers and investment advisers, such as behavioral prompts, differential marketing, game-like features (gamification), and other design elements or features designed to engage with retail investors on digital platforms, as well as analytical and technological tools and methods (collectively “digital engagement practices” or “DEPs”). The SEC issued the request to better understand the market practices related to firms' use of DEPs and intends “to learn what conflicts of interest may arise from optimization practices and whether those optimization practices affect the determination of whether DEPs are making a recommendation or providing investment advice.” The request is also intended to provide a forum for market participants to provide their perspectives regarding the use of DEPs, including the potential benefits that DEPs provide to retail investors, and protection concerns related to potential investors. The request will assist in the Commission's assessment of existing regulations and consideration regarding whether regulatory action may be required to continue the Commission's mission. A statement by SEC Chair Gary Gensler noted that though “new technologies can bring us greater access and product choice, they also raise questions as to whether we as investors are appropriately protected when we trade and get financial advice.” The public comment period for the request will remain open for 30 days after publication in the Federal Register.
On August 27, the FDIC, OCC, and Federal Reserve Board released a guide as part of its efforts to promote and support the adoption of new technologies by financial institutions. (See also FIL-59-2021 and OCC Bulletin 2021-40.) The Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks is intended to help community banks conduct due diligence when considering relationships with prospective fintech companies. Among other things, the guide addresses six key due diligence topics for community banks to consider, including (i) business experience, strategic goals, and qualifications; (ii) financial conditions and market information; (iii) legal and regulatory compliance; (iv) risk management policies, processes, and controls; (v) information security programs; and (vi) operational resilience, such as business continuity planning, incident response, service level agreements, and reliance on subcontractors. The guide also provides practical sources of information that may be useful when evaluating fintech companies. The agencies note that use of the guide, which is consistent with the FDIC’s Guidance for Managing Third-Party Risk, is voluntary and that the guide does not anticipate all types of fintech relationships and risks. Consistent with risk-based programs, a community bank may tailor how it uses the information “based on specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activity. . . offered by the fintech company.”
On August 23, the CFPB filed its sixth status report in the U.S. District Court for the Northern District of California as required under a stipulated settlement reached in February 2020 with a group of plaintiffs, including the California Reinvestment Coalition. The settlement (covered by InfoBytes here) resolved a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to women and minority-owned small businesses. The newest status report follows a July court order, which requires the Bureau to issue a notice of proposed rulemaking on small business lending data by September 30 (covered by InfoBytes here). Among other things, the Bureau notes in its status report that it expects to meet the September deadline and that it “is continuing to work on the significant legal and policy issues that must be resolved to implement the Section 1071 regulations.”
Find continuing Section 1071 coverage here.
- Buckley Webcast: Best practices for incident-response planning in a dangerous and regulated world
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- APPROVED Webcast: California debt collection license requirement: Overview and analysis
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek