Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 19, FinCEN announced a notice of proposed rulemaking (NPRM) that identifies international Convertible Virtual Currency mixing (CVC) as a primary money laundering concern. In its NPRM, FinCEN highlighted the prevalence of illicit actors, including Hamas and Palestinian Islamic Jihad, who use CVC mixing to fund their illegal activity, and how increased transparency can combat their efforts. According to FinCEN, CVC mixing is used to conceal the source, destination, or amount involved in transactions. The proposed rule would require covered financial institutions to collect records of, and report suspicious CVC mixing transactions, as defined, to FinCEN within 30 days of initial detection. The proposed rule would not require covered financial institutions to source additional report information from the transactional counterparty, adding that the information required for the report is similar to information already collected by financial institutions. FinCEN also noted this is its first ever use of its authority under Section 311 of the USA PATRIOT Act.
FinCEN invites comments for the proposed rule, including responses to questions addressing the impact of the proposed rule, definitions, reporting, and recordkeeping. Comments must be received by January 22, 2024, and they can be submitted via instructions found in the announcement.
On October 24, Assistant Secretary for Financial Institutions at the U.S. Department of Treasury Graham Steele delivered remarks at the Gov2Gov Summit to discuss the benefits and risks of artificial intelligence (AI) and machine learning (ML) in the financial services sector.
First, Assistant Secretary Steele discussed the role of cloud computing and cloud service providers (CSPs) in supporting financial institutions’ work, following the Department’s release of a February report which discussed the financial sector’s adoption of cloud services. Assistant Secretary Steele indicated, among other things, that while cloud services can offer more scalable and flexible solutions for financial services institutions to store and manage their data, financial institutions have struggled to understand clearly and implement the cloud services they are purchasing from large, market-dominating CSPs. Assistant Secretary Steele stated that the Department is working toward a model that will allow financial institutions to “unbundle” cloud service packages so that financial institutions can provide more individualized services.
Next, Assistant Secretary Steele discussed the potential advantages and disadvantages of the use of AI among financial institutions, which use AI for tasks including credit underwriting, fraud prevention, and document review. Among the benefits AI offers to financial institutions are reduced costs, improved performance, and the identification of complex relationships. The risks of AI, according to Assistant Secretary Steele, fall into three categories: (i) the design of AI, which can raise discrimination concerns, such as in consumer lending; (ii) how humans implement AI, including the possible overreliance on AI to render financial decisions; and (iii) operational and cyber risks, including the dangers around data quality and security, as AI consumes significant volumes of data.
Last, Assistant Secretary Steele discussed how policymakers are addressing privacy and discrimination concerns with AI. He mentioned the White House’s Blueprint for an AI Bill of Rights, which would require, among other things, regular assessment of algorithms for certain disparities and biases. Assistant Secretary Steele also cited regulatory actions that can address the risks of AI, including a CFPB rulemaking under the FCRA and Federal banking agency guidance on third party risk management.
On October 24, the Fed, FDIC, and OCC issued an interagency announcement regarding the modernization of their rules under the Community Reinvestment Act (CRA), a law enacted in 1977 to encourage banks to help meet the credit needs of their communities, especially low- and moderate-income (LMI) neighborhoods, in a safe and sound manner. The new rule overhauls the existing regulatory scheme that was first implemented in the mid-1990s.
For banks with assets of at least $2 billion (Large Banks), the final rule adds a new category of assessment area to the existing facility based assessment area (FBAA). Large Banks that do more than 20 percent of their CRA-related lending outside their FBAAs will have that lending evaluated in retail lending assessment areas, i.e., MSAs or states where it originated at least 150 closed-end home mortgage loans or 400 small business loans in both of the previous two years. All Large Banks will be subject to two new lending and two new community development tests, with lending and community development activities each counting for half a bank’s overall CRA rating. Banks with assets between $600 million and $2 billion will be subject to a new lending test. Large Banks with assets greater than $10 billion will also have special reporting requirements.
Additionally, the rule (i) implements a standardized scoring system for performance ratings; (ii) revises community development definitions and creates a list of community development activities eligible for CRA consideration, regardless of location; (iii) permits regulators to evaluate “impact and responsiveness factors” of community development activities; (iii) continues to make strategic plans available as an alternative option for evaluation; (iv) revises the definition of limited purpose bank so that it includes both existing limited purpose and wholesale banks and subjects those banks to a new community development financing test; and (v) considers online banking in the bank’s evaluations.
Most of the rule’s requirements will be effective January 1, 2026. The remaining requirements, including the data reporting requirements, will apply on January 1, 2027.
On October 19, the CFPB announced a proposed rule that it said would accelerate a shift toward open banking, would give consumers more control over their financial data, and would offer new protections against companies misusing consumer data. The proposed Personal Financial Data Rights rule activates a dormant provision of law enacted by Congress more than a decade ago, Section 1033 of the Consumer Financial Protection Act. According to the CFPB, the rule would “jumpstart competition” by prohibiting financial institutions from “hoarding” a person’s data and requiring companies to share data with other companies at the consumer’s direction about their use of checking and prepaid accounts, credit cards, and digital wallets. This would allow consumers to access competing products and services while ensuring that their data would be used only for their own preferred purpose. Among other things, the proposed rule would ensure that consumers: (i) can obtain their personal financial data at no cost; (ii) have a legal right to grant third parties access to information associated with their credit card, checking, prepaid, and digital wallet accounts; and (iii) can walk away from bad service. Comments on the proposed rule must be received on or before December 29, 2023.
On October 16, the Federal Housing Finance Agency (FHFA) announced it will revise how Fannie Mae and Freddie Mac (GSE) single-family mortgages are treated for borrowers who have entered Covid-19 forbearance under the GSEs’ representations and warranties framework. Under the revised policies, loans for which borrowers elected Covid-19 forbearance will be treated similarly to loans for which borrowers obtained forbearance due to a natural disaster. The GSEs’ current representations and warranties framework for natural disaster forbearance allows for consideration of the period during which a borrower is in forbearance as part of their demonstrated satisfactory payment history for the initial 36 months after the loan's origination. This framework will now be extended to loans with Covid-19 forbearance. FHFA Director Sandra L. Thompson said, "Servicers went to great lengths to implement forbearance quickly amid a national emergency, and the loans they service should not be subject to greater repurchase risk simply because a borrower was impacted by the pandemic."
The updates will be effective on October 31.
On October 12, the CFPB and DOJ issued a joint statement on fair lending and credit opportunities for noncitizen borrowers. The statement warned that, under the Equal Credit Opportunity Act (ECOA) and its implementing regulations, it is unlawful for lenders to discriminate against credit applicants based on their national origin or race, regardless of their immigration status. In its press release announcing the joint statement, DOJ explained that the statement was prompted by reports of consumers being rejected for credit cards as well as auto, student, and personal loans because of their immigration status, even when they were otherwise qualified to receive the loans. The joint statement explained that, although a creditor may consider an applicant’s immigration status when necessary to ascertain the creditor’s rights regarding repayment, “unnecessary or overbroad reliance on immigration status in the credit decision process, including when that reliance is based on bias, may run afoul of ECOA’s antidiscrimination provisions and could also violate other laws.” Among other things, the agencies cautioned against the overbroad consideration of criteria that may “serve as a proxy for citizenship of immigration status,” such as how long a consumer has had a social security number. Likewise, requiring only certain groups of noncitizens to provide documentation, identification, or in-person applications may also violate ECOA by “harming applicants on the basis of national origin or race.”
On October 11, the CFPB issued an advisory opinion concerning consumers’ requests for information regarding their accounts with large banks and credit unions (financial institutions). According to the Bureau, Section 1034(c) of the Consumer Financial Protection Act (the “law”) requires insured depository institutions that offer consumer financial products or services and that have total assets of more than $10 billion, as well as their affiliates, to “comply in a timely manner with consumer requests for information concerning their accounts for consumer financial products and services, subject to limited exceptions.” The advisory opinion includes the following guidance and interpretations:
- Requirements of the law apply even if a customer does not expressively invoke the law.
- Requirements of the law apply to consumer requests for information including information that appears on periodic statements or in online portals including: (i) the amount of the balance in a deposit account; (ii) the interest rate on a loan or credit card; (iii) individual transactions or payments; (iv) bill payments; (vi) recurring transactions; (vii) terms and conditions; and (viii) fee schedules.
- The term “supporting written documentation” in the law requires financial institutions to provide, upon request, “written documents that will substantiate information provided in response to consumer questions, or that will assist consumers with understanding or verifying information regarding their accounts.”
- Financial institutions must provide account information and documentation that is in their “control” and “possession.” This excludes (i) confidential commercial information; (ii) information collected to prevent fraud or money laundering or detecting or making any report regarding unlawful conduct; (iii) information required by law to be kept as confidential; and (iv) supervisory information and nonpublic information.
- The law does not contain language stating or suggesting that financial institutions cannot impose unreasonable conditions on consumer information, but there is no reason Congress intended for the law to allow financial institutions to do so. Generally, the Bureau believes requiring fees and obstacles that impede a consumer’s ability to access their rights granted by the law is a violation of the provision. A financial institution could violate this law by imposing “excessively long wait times to make a request to a customer service representative, requiring consumers to submit the same request multiple times, requiring consumers to interact with a chatbot that does not understand or adequately respond to consumers’ requests, or directing consumers to obtain information that the institution possesses from a third party instead,” among other things.
- There is no fixed time limit for an institution to respond to a consumer’s request, but the CFPB does not view the timing requirements of this law to differ from the timing requirements of other applicable federal laws or regulations.
- Responses must provide all information requested accurately to be considered compliant.
CFPB Director Rohit Chopra delivered remarks on a press call, in which he emphasized that the Bureau’s investigations have uncovered many examples of junk fee-related misconduct by large financial institutions. He reminded consumers that financial institutions should not charge them excessive fees when trying to manage their finances. “Congress passed a law a decade ago requiring heightened customer service standards," said Chopra. "To date, this law has not been enforced. We are changing that.” Chopra also announced that later this month, the CFPB will propose rules to create more competition in banking to make switching financial institutions for better rates and less junk fees, more accessible.
The CFPB additionally issued the results of its recent oversight inspections of major financial institutions, which resulted in financial institutions refunding $140 million in junk fees, $120 million of which were for “surprise overdraft fees and double-dipping on non-sufficient funds fees.”
On October 11, the FTC released a notice of proposed rulemaking meant to prohibit unfair and deceptive, costly fees, also known as “junk fees.” After announcing its Advance Notice of Proposed Rulemaking last year (covered by InfoBytes here), and after considering more than 12,000 public comments, the FTC determined that some businesses misrepresent overall costs by omitting mandatory fees from advertised prices until consumers are “well into completing the transaction,” and fail to adequately explain the nature and amount of fees. The Commission is seeking another round of comments for its proposed rule, which, for any entity that “offers goods or services” to consumers, would prohibit:
- Offering, displaying, or advertising an amount a consumer may pay without “clearly and conspicuously” disclosing the “total price,” which must be displayed “more prominently than any other pricing information.”
- Misrepresenting “the nature and purpose of any amount a consumer may pay.”
- Disclosing “any other pricing information” besides the total price “more prominently” than disclosures of the total price in an “offer, display, or advertisement.”
The proposed rule would also grant the FTC more robust enforcement authority to seek refunds for harmed consumers and impose monetary penalties of up to $50,120 per violation. The proposed rule also requires businesses to include any mandatory costs for ancillary goods or services in their price disclosures.
The FTC is working alongside the CFPB, OCC, FCC, HUD and the Department of Transportation to develop and implement rules banning junk fees. The CFPB has also issued guidance emphasizing that large banks and credit unions are prohibited from imposing unreasonable obstacles on customers, such as charging excessive fees, for basic information about their accounts. Further, the White House has called on federal agencies “to reduce or eliminate hidden fees, charges, and add-ons for everything from banking services to cable and internet bills to airline and concert tickets.”
The Commission is seeking public input on 37 questions, with comments due 60 days after publication in the Federal Register.
On October 6, the FTC released a data spotlight showing that more scams have originated on social media than on any other method of contact with consumers, accounting for $2.7 billion in consumer losses from 2021 to 2023. The FTC reports that the most frequently reported frauds in 2023 were online shopping scams on social media. However, promotions of fake investment opportunities, mostly those relating to cryptocurrency, on social media had the largest overall monetary losses. The FTC also provided a list of tips for consumers to limit their risks of fraud on social media, including restricting who can contact them on these platforms.
On October 6, the Fed approved a final rule to implement a rule establishing capital requirements for insurers it supervises. The final rule includes the Building Block Approach (BBA) framework, which is a regulatory framework for assessing capital requirements for insurance companies, tailored to their specific risks by leveraging state-based requirements. It sets a minimum standard comparable to the 8 percent minimum total capital ratio for insured depository institutions (IDIs).
Specifically, the rule requires a Fed-supervised insurance organization (SIO) to aggregate the available capital and required capital of its top-tier company with its subsidiaries to determine whether the aggregate ratio meets the Board’s minimum requirement and “capital conservation buffer.” Among other things, the final rule gives SIOs two options to show compliance with Section 171(b) of Dodd-Frank: (i) demonstrate that it meets, on a fully consolidated basis, the minimum risk-based capital requirements that apply to IDIs; or (ii) demonstrate that it meets the minimum IDI risk-based capital requirements on a partially consolidated basis, excluding the assets and liabilities of certain subsidiary insurers. Should SIOs choose the second option, there are two possible treatments for unconsolidated insurance subsidiaries: (i) “a deduction from qualifying capital of the aggregate amount of the outstanding equity investment in the subsidiary, including retained earnings”; or (ii) “inclusion of the net investment in the subsidiary as an asset subject to a risk weight of 400 percent, consistent with the current treatment of certain equity exposures under the regulatory capital rules applicable to IDIs.”
Governor Michelle Bowman commented that although she supports the final rule, she cannot support the delegation of authority to staff within the current package. Concerned that the package grants broad authority to staff to make various determinations regarding the rule’s application, Bowman argues that the Board should have the opportunity to review specific cases where such authority would be exercised and suggests that it would be more appropriate to establish clear guidelines for the use of delegated authority in the context of actual determinations.
The Fed noted that the final rule is “substantially similar” to the 2019 proposed rule. The final rule is effective on January 1, 2024.