Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB revises its supervisory appeals process

    Federal Issues

    On February 16, the CFPB issued a procedural rule updating its process for financial institutions that appeal the Bureau’s supervisory findings. The CFPB examined financial institutions to ensure they followed federal consumer financial law. After an examination or targeted review, supervised entities may appeal their compliance rating or any other findings.

    First, the procedural rule expanded the pool of potential members for the appeals committee within the CFPB. Now, any CFPB manager with relevant expertise who did not participate in the original matter being appealed can be considered, rather than previously only managers from the Supervision department. The CFPB’s General Counsel will assign three CFPB managers and legal counsel to advise them. Second, the revised process introduced a new option for resolving appeals—in addition to upholding or rescinding the original finding, matters can now be remanded back to supervision staff for further consideration, potentially resulting in a modified finding. The Bureau also recommended in its procedural rule that entities engage in “open dialogue” with supervisory staff to discuss their preliminary findings to attempt to resolve disputes before an examination is final.

    Third, institutions now can appeal any compliance rating issued to them, not just negative ratings, as was the case previously. Fourth, the updated process included additional clarifications and specifies that it applied to pending appeals at the time of its publication. 

    Federal Issues CFPB Agency Rule-Making & Guidance Bank Supervision

  • FTC proposes two actions to combat AI impersonation fraud

    Agency Rule-Making & Guidance

    On February 15, the FTC announced its supplemental notice of proposed rulemaking relating to the protection of consumers from impersonation fraud, especially from any impersonations of government entities. The first action from the FTC was a final rule that prohibited the impersonation of government, business, and their officials or agents in interstate commerce. The second action was a notice seeking public comment on a supplemental proposed rulemaking that would revise the first action and add a prohibition on, and penalties for, the impersonation of individuals for entities who provide goods and services (with the knowledge or reason to know that those goods or services will be used in impersonations) that are unlawful. In tandem, these actions sought to prohibit the impersonation of government and business officials.

    The FTC notes that these two actions come from “surging complaints” on impersonation fraud, specifically from artificial intelligence-generated deep fakes. The final rule will expand the remedies and provide monetary relief, whereas the FTC stated this rule will provide a “shorter, faster and more efficient path” for injured consumers to recover money. The rule would enable the FTC to seek monetary relief from scammers that use government seals or business logos, spoof government and business emails, and impersonate a government official or falsely imply a business affiliation.

    Agency Rule-Making & Guidance FTC Artificial Intelligence Fraud NPR

  • FCC adopts rule on robocalls and robotexts, includes NPR on TCPA applicability

    Agency Rule-Making & Guidance

    On February 15, the FCC adopted a rule to protect consumers from robocalls and robotexts. According to the rule, robocallers and robotexters must honor do-not-call and consent revocation requests within 10 business days from receipt. In addition, the rule will allow consumers to revoke consent under the TCPA through any unreasonable means and will clarify that the TCPA would not be violated when a one-time text message is sent confirming a consumer’s request that no further text messages be sent if the confirmation text only confirms the opt-out request and does not include marketing information.

    The new rule clarified that revocation of consent can be made via automated methods such as interactive voice responses, key press activation on robocalls, responding with “stop” or similar messages to text messages, or using designated website or phone numbers provided by the caller all will constitute reasonable means to revoke consent. If a called party uses any of these designated methods to revoke consent, it will be considered definitively revoked, and future robocalls and robotexts from that caller must cease. The caller cannot claim that the use of such a mechanism by the called party is unreasonable. Any revocation request made through these specified means will be considered “absolute proof” of the called party's reasonable intent to revoke consent. Furthermore, when a consumer uses a method other than those discussed in the rule to revoke consent, “doing so creates a rebuttable presumption that the consumer has revoked consent when the called party satisfies their obligation to produce evidence that such a request has been made, absent evidence to the contrary.”

    The Commission also included a notice of proposed rulemaking, seeking comment on “whether the TCPA applies to robocalls and robotexts from wireless providers to their own subscribers and whether consumers should have the ability to revoke consent and stop such communications.” The rule will go into effect 30 days after publication in the Federal Register, except for certain amendments that will not be effective until six months following OMB review. 

    Agency Rule-Making & Guidance Federal Issues NPR TCPA FCC Robocalls Opt-Out Consumer Protection

  • FCC ruling determines AI calls are subject to TCPA regulations

    Federal Issues

    On February 8, the FCC announced the unanimous adoption of a declaratory ruling that recognizes calls made with AI-generated voices are “artificial” under the Telephone Consumer Protection Act (TCPA). The declaratory ruling notes that the TCPA prohibits initiating “any telephone call to any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party” unless certain exceptions apply. The TCPA also prohibited “any non-emergency call made using an automatic telephone dialing system or an artificial or prerecorded voice to certain specified categories of telephone numbers including emergency lines and wireless numbers.”

    The ruling, effective immediately, deemed voice cloning and similar AI technologies to be artificial voice messages under the TCPA, subject to its regulations. Therefore, prior express consent from the called party is required before making such calls. Additionally, callers using AI technology must provide identification and disclosure information and offer opt-out methods for telemarketing calls.

    This ruling provided State Attorneys General nationwide with additional resources to pursue perpetrators responsible for these robocalls. This action followed the Commission’s November proposed inquiry for how AI could impact unwanted robocalls and texts (announcement covered by InfoBytes here).

    Federal Issues Agency Rule-Making & Guidance Artificial Intelligence FCC TCPA Consumer Protection

  • California DFPI proposes new regulations under the Debt Collection Licensing Act

    State Issues

    On February 9, the California Department of Financial Protection and Innovation (DFPI) published a proposed rule to adopt new regulations under the Debt Collection Licensing Act (DCLA). Under the DCLA, a debt collector licensee is required to pay the DFPI Commissioner its “pro rata share of all costs and expenses incurred in the administration” of the DCLA, which is calculated in part based on the licensee’s “net proceeds generated by California debtor accounts,” but the term “net proceeds” was not defined in the statute. The proposed rule defines “net proceeds generated by California debtor accounts” to mean “the amount retained by a debt collector from its California debt collection activity.” The proposed rule also specifies the formulas used in calculating the net proceeds depending on the party, including a debt buyer, purchaser of debt that has not been charged off or in default, third-party collector, and first-party collector.

    Additionally, the proposed rule requires licensees to file an annual report with the DFPI and specifies the information required in the annual report, including (i) the number of California debtor accounts collected on in the previous year; (ii) the number of California debtor accounts in the licensee’s portfolio as of December 31 of the preceding year; and (iii) the number and dollar amount of California debtor accounts for which collection was attempted, but not successfully collected or resolved during the previous year. Comments to the proposed rule must be submitted by March 27.

    State Issues California Agency Rule-Making & Guidance Debt Collection Licensing Act

  • Federal Reserve releases January SLOOS report on bank lending practices from Q4 2023

    On February 5, the Federal Reserve Board released the results from their January 2024 Senior Loan Officer Opinion Survey (SLOOS) on bank lending practices. The SLOOS addressed changes in standards, terms, and the demand over bank loans over the past three months (i.e., Q4 of 2023). The SLOOS’s topics included commercial and industrial lending, commercial and residential real estate lending, and consumer lending. The SLOOS included questions on banks’ expectations for changes in lending standards, borrower demand and asset quality over 2024. 

    The SLOOS provided specific findings for each of its topics. On loans to businesses, banks generally reported tighter standards and weaker demand for commercial and industrial loans, as well as all commercial real estate loan categories. Demand weakened for all residential real estate loans. On loans to households, banks generally reported tighter lending standards for residential real estate loans, but the standards were unchanged for government-sponsored enterprise-eligible residential mortgages. For home equity lines of credit, banks reported tighter standards and weaker demand; this falls in line with credit card, auto, and other consumer loans, generally. Last, on the banks’ 2024 expectations, they expect lending standards to remain unchanged for commercial and industrial loans, and residential real estate loans, but to tighten further for commercial real estate, credit card, and auto loans. Banks also reported that they expect demands for loans to strengthen, but loan quality to weaken, across all categories. The SLOOS includes 67 pages of data gleaned from its questions. 

    Bank Regulatory Federal Issues Loans Banking Agency Rule-Making & Guidance

  • FCC Chairwoman proposes making all AI-generated robocalls “illegal” to help State Attorneys General

    Agency Rule-Making & Guidance

    On January 31, FCC Chairwoman, Jessica Rosenworcel, released a statement proposing that the FCC “recognize calls made with AI-generated voices are ‘artificial’ voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal.” Specifically, the FCC’s proposal would make voice cloning technology used in robocall scams illegal, which has been used to impersonate celebrities, political candidates, and even close family members. Chairwoman Rosenworcel stated, “No matter what celebrity or politician you favor… it is possible we could all be a target of these faked calls… That’s why the FCC is taking steps to recognize this emerging technology as illegal… giving our partners at State Attorneys General offices… new tools they can use to crack down on these scams and protect customers.”

    This action comes after the FCC released a Notice of Inquiry last month where the FCC received comments from 26 State Attorneys General to understand how the FCC can better protect consumers from AI-generated telemarking, as covered by InfoBytes here. This is not the first time the FCC has targeted robocallers: as previously covered by InfoBytes in October 2023, the FCC proposed an inquiry into how AI is used to create unwanted robocalls and texts; in September 2023, the FCC updated its rules to curb robocalls under the Voice over Internet Protocol, covered here.

    Agency Rule-Making & Guidance FCC TCPA Artificial Intelligence Robocalls State Attorney General

  • OCC issues proposed rule for bank merger approvals

    Agency Rule-Making & Guidance

    On January 29, the OCC announced a proposed rule for bank merger approvals under the Bank Merger Act (BMA). The OCC proposed changes to 12 CFR 5.33 to reflect its view that a business combination is a significant corporate transaction.

    The OCC suggested two key changes to its business combination regulation (12 CFR 5.33). First, it proposed removing the expedited review procedures outlined in § 5.33(i). Currently, this provision automatically approves certain filings after the 15th day following the close of the comment period, but the OCC believes that no business combinations subject to § 5.33 should be approved solely based on elapsed time. Additionally, the OCC suggests removing paragraph (d)(3), as it pertains to defining applications eligible for expedited review. Second, the OCC proposes the removal of § 5.33(j), which outlines four scenarios allowing an applicant to use the OCC's streamlined business combination application instead of the full Interagency Bank Merger Act Application. The streamlined application seeks information on similar topics, but only requires detailed information if the applicant answers affirmatively to specific yes-or-no questions. Currently, a transaction eligible for the streamlined application also qualifies for expedited review, a feature the OCC is proposing to eliminate. Additionally, a new policy statement (proposed as Appendix A to 12 CFR part 5, subpart C) is introduced to provide clarity and guidance on general principles used by the OCC in reviewing applications under the BMA. The policy statement also covers considerations for financial stability, resources, prospects, and convenience and needs factors. Criteria for deciding whether to hold a public meeting on a BMA application were also outlined.

    Comments from the public are due 60 days from the date of publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues Bank Regulatory OCC Bank Mergers Bank Merger Act

  • FFIEC publishes proposed extension of reporting obligations

    Agency Rule-Making & Guidance

    On January 26, the Federal Financial Institutions Examination Council (FFIEC) approved the OCC, Fed, and FDIC’s publication for public comment of a proposal to extend several information collection items for three years. As previously covered by InfoBytes, the FFIEC last month put forth a similar three-year proposal on FFIEC 002 which affected the three Call Reports (FFIEC 031, 041, and 051). While this proposal includes those same four items, it adds two more: the Regulatory Capital Reporting for Institutions Subject to the Advanced Capital Adequacy Framework (FFIEC 101), and the Market Risk Regulatory Report for Institutions Subject to the Market Risk Capital Rule (FFIEC 102). The proposed changes include a new confidential report (FFIEC 102a) titled the Market Risk Regulatory Report that would “collect information necessary for the agencies to evaluate [an]… institution’s implementation of the market risk rule and validate a [bank’s] internal models used in preparing the FFIEC 102.” The revisions are related to the agencies’ capital rule proposal published on September 18, 2023. Comments are requested by March 25, 2024, and the revisions are planned to be effective as of September 30, 2025.

    Agency Rule-Making & Guidance Federal Issues FFIEC OCC Federal Reserve Call Report FDIC

  • SEC rejects petition to amend the “no admit/no deny policy”


    On January 30, the SEC rejected a nonprofit’s 2018 rulemaking petition that requested an amendment to Rule 202.5(e) under Commission Rule of Procedure 192(a), which outlines the terms for the Commission's acceptance of settlements in enforcement actions. Specifically, the rule prohibits settlements imposing sanctions if a defendant can publicly deny the Commission's allegations.

    The rejection letter emphasizes the SEC’s authority to investigate securities law violations and initiate enforcement actions, saying that considering the request “could undermine confidence in the Commission’s enforcement program.” The SEC highlights its reliance on consent judgments and the contractual nature of settlements, as well as the potential implications of the proposed amendment on the SEC’s settlement process, adding that “it could undermine confidence in the Commission’s enforcement program.” SEC Chair Gary Gensler said in a statement supporting the decision that “a settlement that allows the denial of wrongdoing undermines the value provided by the recitation of the facts, and it muddies the message to the public.”

    The Commission has decided not to amend Rule 202.5(e), affirming that the rule is a valid exercise of its authority in pursuing enforcement actions and settling cases. The policy allows the SEC to retain the option of seeking legal remedies if a defendant publicly denies allegations after settling. The letter also emphasizes that the constitutional and statutory arguments presented in the petition lack merit and conflict with established legal precedent regarding the waiver of rights in civil settlements. The Commission underscores the importance of the “no-deny” provision in preserving its ability to challenge public denials in court and rejects the notion that settling defendants can later deny allegations without consequence. 

    Securities Securities Exchange Commission Enforcement Agency Rule-Making & Guidance Settlement


Upcoming Events