InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB issues advisory opinion on special purpose credit programs
On December 21, the CFPB issued an advisory opinion addressing ECOA’s implementing regulation, Regulation B, as it applies to certain aspects of special purpose credit programs (SPCPs). The CFPB issued the advisory opinion in response to feedback from the Bureau’s request for information (RFI) covering ECOA and Regulation B issued in July (covered by InfoBytes here). The Bureau notes that, while Regulation B provides creditors guidance for developing SPCPs that comply with ECOA, stakeholders were interested in additional guidance to ensure the development of compliant SPCPs. To address this, the advisory opinion clarifies (i) the content that a for-profit organization must include in an SPCP written plan, including details regarding the class of persons designed to benefit from the program and the procedures for extending credit pursuant to the program; and (ii) the type of research and data that may be appropriate to inform a for-profit organization’s determination that a SPCP would benefit a certain class of people, which can include external sources such as HMDA data.
For more details on the CFPB’s advisory opinion program, please see InfoBytes coverage here.
Agencies release annual CRA asset-size threshold adjustments
On December 17, the Federal Reserve Board and the FDIC announced the joint annual adjustments to CRA asset-size thresholds used to define small and intermediate small banks, which are subject to streamlined CRA evaluations and not subject to the reporting requirements applicable to large banks unless they choose to be evaluated as one. A “small” bank is defined as an institution that, as of December 31 of either of the prior two calendar years, had less than $1.322 billion in assets. An “intermediate small” bank is defined as an institution that, as of December 31 of both of the prior two calendar years, had at least $330 million in assets, and as of December 31 of either of the past two calendar years, had less than $1.322 billion in assets. This joint final rule became effective on January 1.
The OCC did not join in this announcement. As previously covered by a Buckley Special Alert, on May 20, the OCC announced the final rule to modernize the regulatory framework implementing the CRA. Its new CRA rule defines a small bank as an institution with $600 million or less in assets in four of the last five calendar quarters and an intermediate small bank as having $2.5 billion or less in assets in four of the last five calendar quarters.
OCC clarifies Dodd-Frank preemption standards
On December 18, the OCC released a letter clarifying the agency’s interpretation of preemption standards and requirements codified by Dodd-Frank in 12 U.S.C. § 25b. The letter notes that section 25b codifies three standards pursuant to which federal law may preempt state consumer financial law, focusing on the procedural requirements for OCC “preemption determinations,” which are “affirmative conclusion[s] by the OCC that federal law preempts a state consumer financial law” made under the Barnett standard in section 25b. The letter explains that a “preemption determination” is “limited to a regulation or order issued by the OCC that concludes that a state consumer financial law is preempted pursuant to the Barnett standard,” and does not include “[a]n OCC action that has only indirect or incidental effects on a state consumer financial law,” or when the OCC “concludes that (1) a state consumer financial law is preempted pursuant to the discriminatory effect or other federal law standards or (2) a state law other than a state consumer financial law is preempted.” The letter addresses the OCC’s authority to make preemption determinations by regulation or on a “case-by-case basis,” including the circumstances under which CFPB consultation is required, the substantial evidence standard, and the requirement to publish preemption determinations. It clarifies that the section 25b periodic review requirement applies to any OCC conclusion that a state consumer law is preempted, which is not limited to determinations made under the Barnett standard. The interpretive letter also confirms that section 25b does not affect OCC interpretations of the authority to charge interest under 12 U.S.C. § 85, addresses the level of deference the OCC is afforded with respect to its interpretations, and describes the agency’s framework for complying with the standards and requirements for preemption determinations.
CFPB finalizes debt collection disclosure rules
On December 18, the CFPB issued a final rule amending Regulation F, which implements the Fair Debt Collection Practices Act, clarifying the information debt collectors must provide to consumers at the outset of collection communications and providing a model validation notice containing such information. (See also the Bureau’s Executive Summary.) The final rule also prohibits debt collectors from bringing or threatening to bring legal action against a consumer to collect time-barred debt, and requires debt collectors to take certain actions before furnishing information about a consumer’s debt to a consumer reporting agencies (CRA). Among other things, the final rule addresses the following:
- Validation notice. The final rule clarifies that debt collectors may provide “clear and conspicuous” debt validation notices in writing or electronically when commencing debt collection communications. Validation notices must include a statement indicating that the communication is from a debt collector, along with additional information such as itemization-related information, the current amount of debt, consumer protection information, and information for consumers who may choose to dispute the debt or take other actions. The final rule also outlines optional content that debt collectors may choose to include while retaining the safe harbor for using the model notice, provided that “the optional content is no more prominent than the required content.” The final rule also revises the definition of “consumer” used in a separate final rule issued by the Bureau at the end of October (covered by InfoBytes here). The December final rule’s definition now includes both living and deceased consumers.
- Safe harbor for model validation notices. Debt collectors who choose to use the model validation notice are in compliance with the final rule’s content requirements. Additionally, the use of a model validation notice would not be considered a violation of the prohibition on conduct that “overshadows” a consumer’s rights during the validation period. The final rule outlines additional safe harbors, and provides examples where a safe harbor generally will not apply. Notably, the safe harbor does not cover validation notice delivery methods and timing requirements.
- Translations. Debt collectors who choose to provide validation notices in other languages must also include an English-language notice in the same communication.
- Credit reporting. The final rule requires debt collectors to either speak to a consumer in person, send an email or letter, or try to speak with a consumer by telephone before furnishing any information to a CRA. Communications sent via email or letter will require a 14 day waiting period to allow for a “reasonable period of time” to receive a notice of undeliverability.
- Time-barred debt. The final rule prohibits debt collectors from suing or threatening to sue consumers when attempting to collect time-barred debt. Proofs of claim filed in connection with a bankruptcy proceeding are not included in this prohibition.
The final rule takes effect November 30, 2021.
More information from Buckley on the details of the newest debt collection final rule will be available soon.
Agencies proposes SAR filing exemptions
On December 15, the FDIC issued a proposed rule (with accompanying Financial Institution Letter FIL-114-2020), which would amend the agency’s Suspicious Activity Report (SAR) regulation to permit additional, case-by-case, exemptions from SAR filing requirements. The proposed rule would allow the FDIC, in conjunction with the Financial Crimes Enforcement Network (FinCEN), to grant supervised institutions exemptions to SAR filing requirements when developing “innovative solutions to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.” The FDIC would seek FinCEN’s concurrence with an exemption when the exemption request involves the filing of a SAR for potential money laundering, violations of the BSA, or other unusual activity covered by FinCEN’s SAR regulation. The proposal allows the FDIC to grant the exemption for a specified time period and allows the FDIC to extend or revoke the exemption if circumstances change. The proposal is intended to reduce the regulatory burden on supervised financial institutions that are likely to leverage existing or future technologies to report suspicious activity in a different and innovative manner. Comments on the proposed rule must be submitted within 30 days of publication in the Federal Register.
The OCC also issued a proposal that would similarly allow the OCC to issue exemptions from SAR filing requirements to support national banks or federal savings associations developing innovative solutions intended to meet BSA requirements more efficiently and effectively.
FDIC finalizes industrial bank rules
On December 15, the FDIC approved a final rule (with accompanying fact sheet) that requires certain conditions and commitments for approval or non-objection to certain filings involving industrial banks and industrial loan companies (collectively, “industrial banks”), such as deposit insurance, change in bank control, and merger filings. The final rule is substantially similar to the proposed rule issued by the FDIC in March (covered by InfoBytes here) and applies to industrial banks whose parent company is not subject to consolidated supervision by the Federal Reserve Board. Specifically, the FDIC is now requiring a covered parent company to enter into written agreements with the FDIC and the industrial bank to: (i) address the company’s relationship with the industrial bank; (ii) require capital and liquidity support from the parent company to the industrial bank; and (iii) establish appropriate recordkeeping and reporting requirements. Additionally, the final rule requires prospective covered companies to agree to a minimum of eight commitments, which, for the most part, the FDIC has previously required as a condition of granting deposit insurance to industrial banks.
The final rule makes four substantive changes to the proposal: (i) requiring compliance from covered entities on or after the effective date of the rule rather than only after; (ii) requiring additional reporting regarding systems for protecting the security, confidentiality, and integrity of consumer and nonpublic personal information; (iii) increasing the threshold limiting the parent company’s representation on the board of the subsidiary industrial bank from 25 percent to less than 50 percent; and (iv) modifying the restrictions on appointments of directors and executives to apply only during the first three years of becoming a subsidiary of a covered parent company.
The final rule is effective April 1, 2021.
CFPB report anticipates data collection on small-business lending
On December 15, the CFPB released a report detailing the results of the panel convened pursuant to the Small Business Regulatory Enforcement Fairness Act (SBREFA), which discussed the Bureau’s pending rulemaking to implement Section 1071 Dodd-Frank Act. Section 1071 requires the Bureau to engage in a rulemaking to collect and disclose data on lending to both women-owned and minority-owned small businesses. In September, the Bureau released a detailed outline describing the proposals under consideration for Section 1071 implementation, including factors such as scope, covered lenders, covered products, data points, and privacy (details covered by InfoBytes here). The October panel was comprised of a representative from the Bureau, the Chief Counsel for Advocacy of the Small Business Administration, and a representative from the Office of Information and Regulatory Affairs in the Office of Management and Budget. The panel consulted with small entity representatives (SERs)—those who would likely be directly affected by the Section 1071 rulemaking—to discuss the economic impacts of compliance with the outline’s proposals, as well as regulatory alternatives to the proposals.
The report includes, among other things, the feedback and recommendations made by the SERs, and the findings and recommendations of the panel. Generally, the SERs were supportive of the proposal with “many expressly support[ing] broad coverage of both financial institutions and products in the 1071 rulemaking.” The SERs backed data transparency and simple regulations but expressed significant concern that the rulemaking would cause smaller financial institutions to “incur disproportionate compliance cost compared to large [financial institutions]” and would ultimately either decrease lending or increase costs for small businesses. The SERs also recommended that the Bureau take into account different types of financial institutions operating in the small business lending market, including non-depository institutions. The report also details specific recommendations by the panel, including that the Bureau issue compliance materials in connection with the rulemaking and consider providing sample disclosure language related to the collection of race, sex, and ethnicity information for principal owners as well as women-owned and minority-owned business status.
Agencies propose computer-security incident notification rule
On December 18, the FDIC, Federal Reserve Board, and the OCC (collectively, “agencies”) issued a joint notice of proposed rulemaking (NPRM), which would require supervised banking organizations to promptly notify their primary regulator within 36 hours of becoming aware that a “‘computer-security incident” that rises to the level of a ‘notification incident’” has occurred. Additionally, the NPRM would require bank service providers “to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.” According to the agencies, these “notification incidents” are significant computer-security incidents that have the potential to “jeopardize the viability of the operations of an individual banking organization,” and may impact the safety and soundness of stability of the banking organization, leading to a disruption in the delivery of bank products and services, among other things. The agencies stress, however, that the required notice is intended to serve as an early alert and not as an assessment of the incident. According to a statement released by FDIC Chairman Jelena McWilliams, only computer-security incidents that meet the definition of a “notification incident” must be reported—a figure which is estimated to be roughly 150 incidents a year, according to a review of supervisory data and suspicious activity reports.
Comments on the NPRM are due 90 days after publication in the Federal Register.
FDIC approves final brokered deposits rule, clarifies fintech partnerships
On December 15, the FDIC approved a final rule, which creates a new framework for brokered deposits by, among other things, establishing bright-line standards for determining the definition of a “deposit broker,” as well as a methodology for “analyzing whether deposits made through deposit arrangements qualify as brokered deposits, including those between insured depository institutions (IDIs) and third parties, such as financial technology companies.” Also released are two fact sheets on brokered deposits and interest rate restrictions (see here and here). The final rule follows a notice of proposed rulemaking issued last December (covered by InfoBytes here), which sought feedback on ways the agency could improve its brokered deposit regulation to ensure the “classification of a deposit as brokered appropriately reflects changes in the banking system, including banks’ use of new technologies to engage and interact with their customers.” The final rule also establishes a series of exceptions that will allow banks and their partners to determine whether they can avoid restrictions on brokered deposits, and will establish a process for entities to apply for a “primary purpose exception” if its relationship with an outside entity supplying deposits does not meet one of the final rule’s “designated exceptions.” Further, the FDIC noted that brokered deposit restrictions will not apply to banks that enter into exclusive deposit placement arrangements, such as those seen often between fintech companies and a partner bank, because, according to a statement released by FDIC Chairman Jelena McWilliams, “[e]ntities who place deposits with only one bank are less likely to present the types of funding stability risks that may arise when deposit brokers place deposits at a range of banks.” Further, the final rule amends the methodology for calculating the interest rate restrictions applicable to less than well capitalized IDIs, and changes the methodology for calculating the national rate and national rate cap for specific deposit products.
Acting Comptroller of the Currency Brian P. Brooks issued a statement in support of the final rule: “These improvements to the brokered-deposit rule help promote greater access to financial services by supporting fintech and bank partnerships and allowing a wider array of services to be available in the market, especially for unbanked and underbanked Americans for whom the easier user interface of fintech apps is a gateway to the mainstream financial system.”
FinCEN clarifies financial crime information sharing program
On December 10, FinCEN Director Kenneth A. Blanco spoke at the Financial Crimes Enforcement Conference hosted by the American Bankers Association and American Bar Association to discuss the importance of information sharing in identifying, reporting, and preventing financial crime. Specifically, Blanco addressed recently updated guidance designed to provide additional clarity on FinCEN’s information sharing program under Section 314(b) of the USA PATRIOT Act, which provides financial institutions “the ability to share information with one another, under a safe harbor provision that offers protections from civil liability, in order to better identify and report potential money laundering or terrorist financing.”
FinCEN provided three main clarifications:
- While financial institutions may share information about suspected terrorist financing or money laundering, they “do not need to have specific information that these activities directly relate to proceeds of [a specified unlawful activity (SUA)], or to have identified specific laundered proceeds of an SUA.” FinCEN also stated that a conclusive determination that an activity is suspicious does not need to be made in order for a financial institution to benefit from the statutory safe harbor. Furthermore, information may be shared “even if the activities do not constitute a ‘transaction,’” such as “an attempted transaction, or an attempt to induce others engage in a transaction.” FinCEN added that there is no limitation under Section 314(b) on the sharing of personally identifiable information and no restrictions on the type of information shared or how the information can be shared, including verbally.
- “An entity that is not itself a financial institution under the Bank Secrecy Act [(BSA)] may form and operate an association of financial institutions whose members share information under Section 314(b),” FinCEN noted, adding that this includes compliance service providers.
- An unincorporated association of financial institutions governed by a contract between its members “may engage in information sharing under Section 314(b).”
In prepared remarks, Blanco reiterated, among other things, that companies should be specific in describing the activity they see in their suspicious activity reports (SAR), and discussed FinCEN’s Advance Notice of Proposed Rulemaking issued in September (covered by InfoBytes here), which solicited comments on questions concerning potential regulatory amendments under the BSA. Blanco also highlighted recent FinCEN’s advisories and guidance related to Covid-19 fraud (covered by InfoBytes here, here, and here) and encouraged the audience to review the agency’s dedicated Covid-19 webpage.