Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 21, the CFPB announced the beginning of its anticipated rulemaking regarding consumer reporting, including a proposal to remove medical bills from credit reports. This announcement builds upon a hearing the CFPB held in July 2023 on medical billing and collections, highlighting its range of negative impact on marginalized communities (covered by InfoBytes here). In the CFPB’s announcement, Director Rohit Chopra emphasized the inconsequential “predictive value” of medical bills in credit reports despite their prevalence in American households, thus the agency's goal is to alleviate the burden on individuals facing medical debt. The Bureau’s press release highlighted components to its outline of proposals and alternatives under consideration, such as (i) prohibiting consumer reporting companies from including medical bills in consumers’ credit reports; (ii) prohibiting creditors from relying on medical bills for underwriting decisions; and (iii) prohibiting debt collectors from leveraging the credit reporting system to pressure consumers into paying their debts. The rule would not prevent creditors from accessing medical bill information, such as validating need for medical forbearances, or evaluating loan applications for paying medical debt.
In addition to the proposed removal of medical debt from consumer reports, the Bureau’s outline includes other notable proposals regarding consumer reports. The Bureau’s proposals include”
- As previously covered by InfoBytes, applying the FCRA to data brokers by altering the FCRA definitions of “consumer report” and “consumer reporting agency”, to “address whether and how the FCRA applies to newer actors and practices in the credit reporting marketplace, including questions such as coverage of data brokers and certain consumer reposting agency practices regarding marketing and advertising.” In particular, the Bureau is also considering a proposal that would provide that data brokers selling “consumer reports” containing consumers’ payment history, income, and criminal records would be considered a consumer reporting agency. The Bureau is also exploring clarifications on when data brokers qualify as consumer reporting agencies and furnish consumer reports.
- Clarifying whether “credit header data” qualifies as a consumer report, which could limit the disclosure or sale of credit header data without valid reasoning.
- Clarifying that certain targeted marketing activities that do not directly share information with a third party nevertheless are subject to the FCRA.
- Proposing a definition of the terms “assembling” and “evaluating” to include intermediaries or vendors that “transmit consumer data electronically between data sources and users.”
- Clarifying whether and when aggregated or anonymized consumer report information constitutes or does not constitute a consumer report. Specifically, the Bureau contemplates providing that a data broker’s sale of particular data points such as “payment history, income, and criminal records” would “generally be a consumer reports, regardless of the purpose for which the data was actually used or collected, or the expectations of that data broker
- Establishing the steps that a company must take to obtain a consumer’s written instructions to a obtain a consumer report.
- Addressing a consumer reporting agency’s obligation under the FCRA to protect consumer reports from a data breach or unauthorized access.
On September 20, the SEC adopted amendments (as set forth in the final rule and as discussed in the fact sheet) to the Investment Companies Act rule that requires investment companies whose names suggest a focus in a particular type of investment to adopt a policy to invest not less than 80 percent of the value of their assets in those investments (the “Names Rule”). The agency said amendments to the Names Rule will enhance its protections by addressing gaps in the current requirements and will “help ensure that a fund’s portfolio aligns with a fund’s name.”
The Names Rule promotes truth-in-advertising by ensuring that a fund whose name accurately suggests a focus on a particular type of investment adopt a policy to align its portfolio to put 80 percent of its assets toward the cause suggested by its name (the “80 percent investment policy”).
The SEC said, “the amendments will enhance the rule’s protections by requiring more funds to adopt an 80 percent investment policy, including funds with names suggesting a focus in investments with particular characteristics, for example, terms such as 'growth' or 'value,' or certain terms that reference a thematic investment focus, such as the incorporation of one or more Environmental, Social, or Governance factors.”
The amendments will expand the requirement to adopt an 80 percent investment policy to more funds, including those with names suggesting a focus in investments with particular characteristics (e.g., “growth” or “value”), or certain terms that reference the incorporation of one or more ESG factors. The amendments will also (i) require that a fund conduct a quarterly review of its portfolio assets’ treatment under its 80 percent investment policy; (ii) establish deadlines for getting back into compliance if a fund departs from its 80 percent investment policy; (iii) enhanced prospectus disclosure requirements to require that terminology used in fund names that suggest an investment focus must be consistent with the plain English meaning or established industry use of such terms.
The amendments will become effective 60 days after publication in the Federal Register. Fund groups with more than $1 billion in assets under management will have two years to comply with the rule. Funds that manage less than $1 billion will be given 30 months to comply with the rule.
On September 20, the SEC announced the approval of its revised Privacy Act rules, which govern the handling of personal information in the federal government. Among other things, the final rule will update, clarify, and streamline the SEC’s Privacy Act Regulations by (i) clarifying the purpose and scope of the regulations; (ii) updating definitions to plainly describe regulation processes; (iii) allowing for electronic methods to verify requesters identities and submit Privacy Act requests; and (iv) providing for a shorter response time to Privacy Act requests. The final rule will also update fee provisions and eliminate unnecessary provisions. The SEC last updated its Privacy Act rules in 2011, and due to the extent of the provisions, the final rule will replace the commission’s current Privacy Act regulations entirely.
The revised rule will take effect 30 days after publication in the Federal Register.
On September 19, Secretary of the Treasury, Janet L. Yellen, discussed Treasury’s efforts to facilitate the net-zero transition, support the momentum of private-sector financial institutions that are already taking into account market demand and supporting the transition, and share emerging best practices around commitments to the transition, through the introduction of its Principles for Net-Zero Financing and Investment.
In discussing the role of private-sector financial institutions in the net-zero transition, Secretary Yellen noted that “more than 650 institutions representing roughly 40 percent of global financial assets have made commitments to support the goal of net-zero greenhouse gas emissions by 2050 or sooner” and “more than 100 U.S. financial institutions have voluntarily done so.” Yellen also emphasized the commitments of research and civil society groups to engage in technical work in support of the principals, as well as monetary support from philanthropic institutions that have pledged $340 million in support of net-zero transition and work related to the Principles.
Secretary Yellen noted that the principles are designed to be flexible to accommodate differences in entity size as well as other factors such as business model, client base, products and services and jurisdictions, but affirmed the importance of net-zero commitments aligning with the goal of limiting the increase in global average temperature to 1.5 degrees Celsius. To that end, the agency recommends that institutions develop transition plans that clearly articulate practices, targets and metrics for reaching their net-zero commitments.
The principles also encourage private-sector financial institutions to support net-zero commitments by providing transition finance to clients that are focused on their own initiatives that align with those of the institutions, and by investing in cutting-edge clean energy technologies.
On September 19, the CFPB issued guidance about legal requirements that creditors must follow when using artificial intelligence and other complex models.
In prior guidance, the agency stated that lenders must provide specific and accurate reasons for adverse actions against consumers. The latest guidance expanded upon that prior guidance to clarify that lenders cannot simply use CFPB sample adverse action forms and checklists when taking adverse actions against consumers, but must explain the reasons for such adverse actions to help improve consumers’ chances for future credit, and protect consumers from illegal discrimination.
In its announcement of the updated guidance, the CFPB discussed the potential that consumers may be denied credit as a result of the increased use of complex, predictive decision-making technologies to analyze large datasets that may include consumer surveillance data or other information that the consumer may not believe is relevant to their finances. The agency confirmed that creditors must disclose the specific reasons for adverse action, even if consumers may be surprised, upset, or angered to learn their credit applications were being graded on data that may not intuitively relate to their finances. According to the guidance, a creditor is not absolved from the requirement to specifically and accurately inform consumers of the reasons for adverse actions because the use of predictive decision-making technologies in their underwriting models makes it difficult to pinpoint the specific reasons for such adverse actions.
On September 18, the CFPB released a final rule revising the dollar amounts for provisions implementing TILA and its amendments that impact loans under the Home Ownership and Equity Protection Act of 1994 (HOEPA) and qualified mortgages (QM). The Bureau is required to make annual adjustments to dollar amounts in certain provisions in Regulation Z, and has based the adjustments on the annual percentage change reflected in the Consumer Price Index for Urban Wage Earners and Clerical Workers (CPI-W) in effect on June 1, 2023. The following thresholds are effective January 1, 2024:
- For HOEPA loans the adjusted total loan amount threshold for high-cost mortgages will be $26,092, and the adjusted points-and-fees dollar trigger for high-cost mortgages will be $1,305;
- For qualified mortgages under the General QM loan definition, the thresholds for the spread between the annual percentage rate and the average prime offer rate will be: “2.25 or more percentage points for a first-lien covered transaction with a loan amount greater than or equal to $130,461; 3.5 or more percentage points for a first-lien covered transaction with a loan amount greater than or equal to $78,277 but less than $130,461; 6.5 or more percentage points for a first-lien covered transaction with a loan amount less than $78,277; 6.5 or more percentage points for a first-lien covered transaction secured by a manufactured home with a loan amount less than $130,461; 3.5 or more percentage points for a subordinate-lien covered transaction with a loan amount greater than or equal to $78,277; or 6.5 or more percentage points for a subordinate-lien covered transaction with a loan amount less than $78,277”; and
- For all QM categories, the adjusted thresholds for total points and fees will be “3 percent of the total loan amount for a loan greater than or equal to $130,461; $3,914 for a loan amount greater than or equal to $78,277 but less than $130,461; 5 percent of the total loan amount for a loan greater than or equal to $26,092 but less than $78,277; $1,305 for a loan amount greater than or equal to $16,308 but less than $26,092; and 8 percent of the total loan amount for a loan amount less than $16,308.”
With respect to credit card annual adjustments, the Bureau noted that its 2024 annual adjustment analysis on the CPI-W in effect on June 1, did not result in an increase to the current minimum interest charge threshold (which requires “creditors to disclose any minimum interest charge exceeding $1.00 that could be imposed during a billing cycle”).
In his recent address at the Better Markets Conference and his address at the Mortgage Collaborative National Conference, CFPB Director Rohit Chopra reflected on lessons from the 2008 financial crisis, discussing the regulatory failures exemplified by mortgage entities’ risky practices and emphasized the post-crisis reforms, including the creation of the CFPB. Chopra highlighted the CFPB's role in implementing crucial mortgage industry standards and its positive impact on borrower protections. He also mentioned the challenges facing the mortgage market today and the legal battles over CFPB rules, touching upon an upcoming Supreme Court case challenging the CFPB's constitutionality and its potential consequences for financial stability, underlining the importance of regulatory rules for financial markets and household finances. Chopra highlighted the CFPB's role in implementing standards for ensuring borrowers' ability to repay through the qualified mortgage and ability-to-repay rule, which granted legal immunity to compliant lenders. As a result of the financial crisis, Congress set requirements related to mortgage data, mortgage servicing, and mortgage lender compensation. Much of the authority that had been held by the OCC, the Fed, and the Office of Thrift Supervision were transferred to the nascent CFPB. In his remarks, Chopra also outlined areas where further action is needed, including open banking, financial data rights, bank mergers, the effectiveness of "living wills" for large financial firms, and the regulation of shadow banks.
On August 29, the FDIC and the Federal Reserve Board issued a joint press release inviting public comment on proposed guidance that serves to toughen requirements for non-G-SIB large bank holding companies’ resolution plans, or “living wills” that set forth strategies for rapid and orderly resolution under bankruptcy in the event of financial distress or failure. The proposed guidance, which includes guidance for both domestic triennial full filers and guidance for foreign triennial full filers, will generally apply to certain bank holding companies and foreign banking associations with between $250 billion and $700 billion in total assets. This guidance is separate from the guidance previously issued to the largest and most complex companies, which is already in place. The guidance (i) is organized around key areas of potential vulnerability, such as capital, liquidity, and operational capabilities; (ii) provides agency expectations for both single point of entry and multiple point of entry strategy needs; and (iii) proposes that foreign banking organizations develop U.S. resolution strategies that complement their global resolution plans. The proposed guidance will be published in the Federal Register, with comments due by November 30, 2023.
Separately on August 29, the FDIC approved a notice of proposed rulemaking to enhance resolution planning for insured depository institutions (IDIs) with at least $100 billion in total assets. The proposed rule would strengthen existing IDI resolution planning requirements under 12 CFR § 360.10 and would require a resolution submission from covered IDIs every two years, with limited filings in between. Covered IDIs would be required to submit comprehensive resolution plans that would “enhance current IDI resolution planning requirements by incorporating useful elements of existing guidance and important lessons learned from past plan reviews and from past large bank resolutions, including those earlier this year.” Additionally, IDIs with total assets of at least $50 billion but less than $100 billion would submit more limited informational filings and would not be required to develop a resolution strategy. Comments on the proposed rule are due by November 30, 2023.
DFPI recently approved the final regulation for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to commercial financial products and services. After considering comments and releasing three rounds of modifications to Sections 1060, 1061, and 1062, the final regulation will, among other things, bring protections to small businesses seeking loans, by (i) defining and prohibiting unfair, deceptive, and abusive acts and practices in the offering or provision of commercial financing to small businesses, nonprofits, and family farms; and (ii) establishing data collection and reporting requirements.
Previous InfoBytes coverage on the (i) initial modifications to the CCFPL proposed regulation can be found here; (ii) the second round of CCFPL modifications proposal is found here; and (iii) the third iteration of the modified CCFPL proposal is located here.
This DFPI regulation was notably finalized on the heels of the CFPB’s finalized Section 1071 rule on small business lending data, which similarly will require financial institutions to collect and provide the Bureau data on lending to small businesses (covered by InfoBytes here)
Sections 1060, 1061, and 1062 will be effective on October 1.
On August 17, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include civil money penalty orders, formal agreements, and prohibition orders, each issued with the consent of the parties. The OCC also announced a termination of an existing enforcement action against a bank. Included in the release is a formal agreement entered into with a Minnesota-based bank on June 27 in connection with OCC findings of alleged unsafe or unsound practices relating to, among other things, consumer compliance and third party risk management. In connection to violations of certain Flood Disaster Protection Act rules, the agreement requires the bank to (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board of directors on a quarterly basis; and (iii) implement a written consumer compliance program. This program must also include procedures and guidance for compliance with all consumer protection laws, rules, and regulations to which the bank should adhere, an independent audit program, a comprehensive training program for bank personnel in the consumer protection laws, rules, and regulations as appropriate, and policies to manage risks in the credit process. It also separately requires revisions to the third-party risk management program addressing due diligence and monitoring of third parties, including monitoring for compliance with consumer protection-related laws and regulations.