Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 24, the OCC filed a statement of recent decision in support of its motion for summary judgment in an action brought against the agency by several state attorneys general challenging the OCC’s final rule on “Permissible Interest on Loans that are Sold, Assigned, or Otherwise Transferred” (known also as the valid-when-made rule). The final rule was designed to effectively reverse the U.S. Court of Appeals for the Second Circuit’s 2015 Madden v. Midland Funding decision and provide that “[i]nterest on a loan that is permissible under [12 U.S.C. § 85 for national bank or 12 U.S.C. § 1463(g)(1) for federal thrifts] shall not be affected by the sale, assignment, or other transfer of the loan.” (Covered by a Buckley Special Alert.) The states’ challenge argued that the rule “impermissibly preempts state law,” is “contrary to the plain language” of section 85 (and section 1463(g)(1)), and “contravenes the judgment of Congress,” which declined to extend preemption to non-banks. Moreover, the states contended that the OCC “failed to give meaningful consideration” to the commentary received regarding the rule, essentially enabling “‘rent-a-bank’ schemes.” (Covered by InfoBytes here.) Both parties sought summary judgment, with the OCC arguing that the final rule validly interprets the National Bank Act (NBA) and that not only does the final rule reasonably interpret the “gap” in section 85, it is consistent with section 85’s “purpose of facilitating national banks’ ability to operate their nationwide lending programs.” Moreover, the OCC asserted that 12 U.S.C. § 25b’s preemption standards do not apply to the final rule, because, among other things, the OCC “has not concluded that a state consumer financial law is being preempted.” (Covered by InfoBytes here.)
In its August 24 filing, the OCC brought to the court’s attention a recent order issued by the U.S. District Court for the Western District of Wisconsin. As previously covered by InfoBytes, the Wisconsin court reviewed claims under the FDCPA and the Wisconsin Consumer Act (WCA) against a debt-purchasing company and a law firm hired by the company to recover outstanding debt and purported late fees on the plaintiff’s account in a separate state-court action. Among other things, the court examined whether the state law’s notice and right-to-cure provisions were federally preempted by the NBA, as the original creditor’s rights and duties were assigned to the debt-purchasing company when the account was sold. The court ultimately concluded that the WCA provisions “are inapplicable to national banks by reason of federal preemption,” and, as such, the court found “that a debt collector assigned a debt from a national bank is likewise exempt from those requirements” and was not required to send the plaintiff a right-to-cure letter “as a precondition to accelerating his debt or filing suit against him.”
On August 19, the U.S. Department of Education announced that more than 323,000 student loan borrowers who have a total and permanent disability (TPD) will receive automatic discharges totaling over $5.8 billion. Under the final regulations, applicable borrowers will be identified through an existing data match with the Social Security Administration starting with the September quarterly match to allow “the Department to provide automatic TPD discharges for borrowers who are identified through administrative data matching by removing the requirement for these borrowers to fill out an application before receiving relief.” Borrowers matched with the Department of Veterans Affairs have already been able to take advantage of the TPD discharge data match since 2019. Two additional TPD-related policy items were also announced: (i) the Department will indefinitely extend a previously announced policy to stop asking borrowers to provide earnings information beyond the end of the national emergency (“a process that results in the reinstatement of loans if and when borrowers do not respond”); and (ii) the Department will propose eliminating the currently required three-year income monitoring period during a negotiated rulemaking that will begin in October.
On August 18, the OCC issued a new Model Risk Management booklet as part of the Comptroller’s Handbook’s safety and soundness series. The booklet is used by OCC examiners when examining and supervising national banks, federal savings associations, and federal branches and agencies of foreign banking organizations. Among other things, the new booklet (i) outlines model risk management concepts and general principles; (ii) “informs and educates examiners about sound model risk management practices that should be assessed during an examination”; and (iii) “provides information needed to plan and coordinate examinations on model risk management, identify deficient practices, and conduct appropriate follow-up.” The booklet aligns with principals laid out in OCC Bulletin 2011-12 “Sound Practices for Model Risk Management: Supervisory Guidance on Model Risk Management.”
On August 13, the Financial Industry Regulatory Authority (FINRA) reminded member firms of their supervisory obligations related to outsourcing to third-party vendors. Regulatory Notice 21-29 reiterates that supervisory obligations under FINRA Rule 3110 extend to member firms’ outsourcing of certain “covered activities” and reminds firms that under Regulatory Notice 05-48, “‘outsourcing an activity or function to … [a vendor] does not relieve members of their ultimate responsibility for compliance with all applicable federal securities laws and regulations and [FINRA] and MSRB rules regarding the outsourced activity or function.’” Emphasizing that “member firms have continued to expand the scope and depth of their use of technology and have increasingly leveraged [v]endors to perform risk management functions and to assist in supervising sales and trading activity and customer communications,” FINRA reminds member firms that supervisory systems and associated written supervisory procedures extend to the “outsourced activities or functions” of their vendors. The notice also cites examples of violations uncovered during previous examinations linked to third-party vendors related to data integrity, cybersecurity and technology governance, and books and records requirements. These include instances where firms’ vendors failed to implement technical controls or failed to properly manage customers’ nonpublic information. Member firms are encouraged to take a “risk-based approach” to vendor management and to assess whether their supervisory procedures for third-party vendors are “sufficient to maintain compliance with applicable rules.”
On August 16, the OCC released an annual update to its Bank Accounting Advisory Series (BAAS). Intended to address a variety of accounting topics and promote consistent application of accounting standards and regulatory reporting among OCC-supervised banks, the BAAS reflects updates to accounting standards issued by the Financial Accounting Standards Board through March 31, 2021, related to, among other things, (i) the amortization of premiums on callable debt securities; and (ii) evaluating goodwill impairment triggering events for private companies. The 2021 edition also includes answers to frequently asked questions from industry and bank examiners. Additionally, the OCC notes that the BAAS does not represent OCC rules or regulations but rather “represents the Office of the Chief Accountant’s interpretations of generally accepted accounting principles and regulatory guidance based on the facts and circumstances presented.”
On August 16, the OCC issued Bulletin 2021-38 announcing the updated version of the Liquidity booklet of the Comptroller’s Handbook. The booklet replaces the 2012 version and provides information and examination procedures on liquidity coverage ratio and net stable funding ratio requirements. Among other things, the revised booklet: (i) discusses risks associated with liquidity; (ii) reflects changes in regulations and relevant OCC issuances since 2012; and (iii) clarifies edits on supervisory guidance, sound risk management practices, and legal language.
On August 12, HUD announced a Memorandum of Understanding (MOU) with FHFA regarding fair housing and fair lending coordination. The MOU—a “first-of-its-kind collaborative agreement”—will expire in December 2025, and is intended to enhance enforcement of the Fair Housing Act and the agencies’ oversight of Fannie Mae, Freddie Mac, and the Federal Home Loan Banks. According to HUD, the agencies “anticipate that the MOU will lead to stronger oversight that will help advance vigorous fair housing enforcement that can begin to redress our nation’s history of discriminatory housing practices.”
On August 13, the FDIC issued a notice and request for information (RFI) seeking comments from financial institutions regarding the agency’s supervisory approach to examinations during the Covid-19 pandemic, including on-site and off-site activities, use of technology, and communication methods. Specifically, the RFI seeks input on areas that worked well in the off-site examination context “to inform plans for future examinations, consistent with applicable law and the purpose of examinations.” Areas of interest include identifying (i) examination activities that worked best or were most effective during the off-site approach; (ii) new or emerging technologies that would support additional off-site examination activities (the FDIC noted that leveraging technology has improved efficiency and reduced burdens on financial institutions); and (iii) what improvements, if any, could be made to communication methods used during off-site examinations, including whether the FDIC should continue to use secure mail as an alternative to hardcopy mail to communicate supervisory correspondence. Comments are due October 12.
On August 11, the Federal Financial Institutions Examinations Council (FFIEC) published guidance, on behalf of its members, to provide financial institutions with examples of effective authentication and access risk management principles and practices for customers, employees, and third parties accessing digital banking services and financial institution information systems. Among other things, the guidance: (i) acknowledges significant risks associated with the cybersecurity threat landscape, which reinforces the need for financial institutions to effectively authenticate users and for customers to protect information systems, accounts, and data; (ii) provides examples of effective risk assessment practices, such as inventory of information systems and inventory of digital banking services and customers; and (iii) indicates that single-factor authentication with layered security is inadequate, therefore, multi-factor authentication or controls of equivalent strength with layered security may be more effective.
The guidance replaces the FFIEC-issued Authentication in an Internet Banking Environment (2005) and the Supplement to Authentication in an Internet Banking Environment (2011).
On August 11, FHFA announced that Fannie Mae will consider rental payment history in its risk assessment processes to expand access to credit in a safe and sound manner. According to FHFA, the update to Fannie Mae’s systems will provide future borrowers the benefit of a positive rental payment history to be included in an underwriting decision.
- Buckley Webcast: Best practices for incident-response planning in a dangerous and regulated world
- Jonice Gray Tucker to discuss “Government investigations, and compliance 2021 trends” at the Corporate Counsel Women of Color Career Strategies Conference
- APPROVED Webcast: California debt collection license requirement: Overview and analysis
- Max Bonici to discuss “BSA/AML trends: What to expect with the implementation of the AML Act of 2020” at the American Bar Association Banking Law Fall Meeting
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek