InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN announces NPRM for new regulation to combat CVC mixing
On October 19, FinCEN announced a notice of proposed rulemaking (NPRM) that identifies international Convertible Virtual Currency mixing (CVC) as a primary money laundering concern. In its NPRM, FinCEN highlighted the prevalence of illicit actors, including Hamas and Palestinian Islamic Jihad, who use CVC mixing to fund their illegal activity, and how increased transparency can combat their efforts. According to FinCEN, CVC mixing is used to conceal the source, destination, or amount involved in transactions. The proposed rule would require covered financial institutions to collect records of, and report suspicious CVC mixing transactions, as defined, to FinCEN within 30 days of initial detection. The proposed rule would not require covered financial institutions to source additional report information from the transactional counterparty, adding that the information required for the report is similar to information already collected by financial institutions. FinCEN also noted this is its first ever use of its authority under Section 311 of the USA PATRIOT Act.
FinCEN invites comments for the proposed rule, including responses to questions addressing the impact of the proposed rule, definitions, reporting, and recordkeeping. Comments must be received by January 22, 2024, and they can be submitted via instructions found in the announcement.
Treasury official discusses AI and cloud computing at Gov2Gov summit
On October 24, Assistant Secretary for Financial Institutions at the U.S. Department of Treasury Graham Steele delivered remarks at the Gov2Gov Summit to discuss the benefits and risks of artificial intelligence (AI) and machine learning (ML) in the financial services sector.
First, Assistant Secretary Steele discussed the role of cloud computing and cloud service providers (CSPs) in supporting financial institutions’ work, following the Department’s release of a February report which discussed the financial sector’s adoption of cloud services. Assistant Secretary Steele indicated, among other things, that while cloud services can offer more scalable and flexible solutions for financial services institutions to store and manage their data, financial institutions have struggled to understand clearly and implement the cloud services they are purchasing from large, market-dominating CSPs. Assistant Secretary Steele stated that the Department is working toward a model that will allow financial institutions to “unbundle” cloud service packages so that financial institutions can provide more individualized services.
Next, Assistant Secretary Steele discussed the potential advantages and disadvantages of the use of AI among financial institutions, which use AI for tasks including credit underwriting, fraud prevention, and document review. Among the benefits AI offers to financial institutions are reduced costs, improved performance, and the identification of complex relationships. The risks of AI, according to Assistant Secretary Steele, fall into three categories: (i) the design of AI, which can raise discrimination concerns, such as in consumer lending; (ii) how humans implement AI, including the possible overreliance on AI to render financial decisions; and (iii) operational and cyber risks, including the dangers around data quality and security, as AI consumes significant volumes of data.
Last, Assistant Secretary Steele discussed how policymakers are addressing privacy and discrimination concerns with AI. He mentioned the White House’s Blueprint for an AI Bill of Rights, which would require, among other things, regular assessment of algorithms for certain disparities and biases. Assistant Secretary Steele also cited regulatory actions that can address the risks of AI, including a CFPB rulemaking under the FCRA and Federal banking agency guidance on third party risk management.
Agencies issue final rule to modernize Community Reinvestment Act regulations
On October 24, the Fed, FDIC, and OCC issued an interagency announcement regarding the modernization of their rules under the Community Reinvestment Act (CRA), a law enacted in 1977 to encourage banks to help meet the credit needs of their communities, especially low- and moderate-income (LMI) neighborhoods, in a safe and sound manner. The new rule overhauls the existing regulatory scheme that was first implemented in the mid-1990s.
For banks with assets of at least $2 billion (Large Banks), the final rule adds a new category of assessment area to the existing facility based assessment area (FBAA). Large Banks that do more than 20 percent of their CRA-related lending outside their FBAAs will have that lending evaluated in retail lending assessment areas, i.e., MSAs or states where it originated at least 150 closed-end home mortgage loans or 400 small business loans in both of the previous two years. All Large Banks will be subject to two new lending and two new community development tests, with lending and community development activities each counting for half a bank’s overall CRA rating. Banks with assets between $600 million and $2 billion will be subject to a new lending test. Large Banks with assets greater than $10 billion will also have special reporting requirements.
Additionally, the rule (i) implements a standardized scoring system for performance ratings; (ii) revises community development definitions and creates a list of community development activities eligible for CRA consideration, regardless of location; (iii) permits regulators to evaluate “impact and responsiveness factors” of community development activities; (iii) continues to make strategic plans available as an alternative option for evaluation; (iv) revises the definition of limited purpose bank so that it includes both existing limited purpose and wholesale banks and subjects those banks to a new community development financing test; and (v) considers online banking in the bank’s evaluations.
Most of the rule’s requirements will be effective January 1, 2026. The remaining requirements, including the data reporting requirements, will apply on January 1, 2027.
CFPB proposes rule to accelerate a shift toward open banking
On October 19, the CFPB announced a proposed rule that it said would accelerate a shift toward open banking, would give consumers more control over their financial data, and would offer new protections against companies misusing consumer data. The proposed Personal Financial Data Rights rule activates a dormant provision of law enacted by Congress more than a decade ago, Section 1033 of the Consumer Financial Protection Act. According to the CFPB, the rule would “jumpstart competition” by prohibiting financial institutions from “hoarding” a person’s data and requiring companies to share data with other companies at the consumer’s direction about their use of checking and prepaid accounts, credit cards, and digital wallets. This would allow consumers to access competing products and services while ensuring that their data would be used only for their own preferred purpose. Among other things, the proposed rule would ensure that consumers: (i) can obtain their personal financial data at no cost; (ii) have a legal right to grant third parties access to information associated with their credit card, checking, prepaid, and digital wallet accounts; and (iii) can walk away from bad service. Comments on the proposed rule must be received on or before December 29, 2023.
FHFA revises policies for Covid-19 forbearance on GSE mortgages
On October 16, the Federal Housing Finance Agency (FHFA) announced it will revise how Fannie Mae and Freddie Mac (GSE) single-family mortgages are treated for borrowers who have entered Covid-19 forbearance under the GSEs’ representations and warranties framework. Under the revised policies, loans for which borrowers elected Covid-19 forbearance will be treated similarly to loans for which borrowers obtained forbearance due to a natural disaster. The GSEs’ current representations and warranties framework for natural disaster forbearance allows for consideration of the period during which a borrower is in forbearance as part of their demonstrated satisfactory payment history for the initial 36 months after the loan's origination. This framework will now be extended to loans with Covid-19 forbearance. FHFA Director Sandra L. Thompson said, "Servicers went to great lengths to implement forbearance quickly amid a national emergency, and the loans they service should not be subject to greater repurchase risk simply because a borrower was impacted by the pandemic."
The updates will be effective on October 31.
CFPB issues guidance on “excessive” account information fees, returns $140 million to consumers
On October 11, the CFPB issued an advisory opinion concerning consumers’ requests for information regarding their accounts with large banks and credit unions (financial institutions). According to the Bureau, Section 1034(c) of the Consumer Financial Protection Act (the “law”) requires insured depository institutions that offer consumer financial products or services and that have total assets of more than $10 billion, as well as their affiliates, to “comply in a timely manner with consumer requests for information concerning their accounts for consumer financial products and services, subject to limited exceptions.” The advisory opinion includes the following guidance and interpretations:
- Requirements of the law apply even if a customer does not expressively invoke the law.
- Requirements of the law apply to consumer requests for information including information that appears on periodic statements or in online portals including: (i) the amount of the balance in a deposit account; (ii) the interest rate on a loan or credit card; (iii) individual transactions or payments; (iv) bill payments; (vi) recurring transactions; (vii) terms and conditions; and (viii) fee schedules.
- The term “supporting written documentation” in the law requires financial institutions to provide, upon request, “written documents that will substantiate information provided in response to consumer questions, or that will assist consumers with understanding or verifying information regarding their accounts.”
- Financial institutions must provide account information and documentation that is in their “control” and “possession.” This excludes (i) confidential commercial information; (ii) information collected to prevent fraud or money laundering or detecting or making any report regarding unlawful conduct; (iii) information required by law to be kept as confidential; and (iv) supervisory information and nonpublic information.
- The law does not contain language stating or suggesting that financial institutions cannot impose unreasonable conditions on consumer information, but there is no reason Congress intended for the law to allow financial institutions to do so. Generally, the Bureau believes requiring fees and obstacles that impede a consumer’s ability to access their rights granted by the law is a violation of the provision. A financial institution could violate this law by imposing “excessively long wait times to make a request to a customer service representative, requiring consumers to submit the same request multiple times, requiring consumers to interact with a chatbot that does not understand or adequately respond to consumers’ requests, or directing consumers to obtain information that the institution possesses from a third party instead,” among other things.
- There is no fixed time limit for an institution to respond to a consumer’s request, but the CFPB does not view the timing requirements of this law to differ from the timing requirements of other applicable federal laws or regulations.
- Responses must provide all information requested accurately to be considered compliant.
CFPB Director Rohit Chopra delivered remarks on a press call, in which he emphasized that the Bureau’s investigations have uncovered many examples of junk fee-related misconduct by large financial institutions. He reminded consumers that financial institutions should not charge them excessive fees when trying to manage their finances. “Congress passed a law a decade ago requiring heightened customer service standards," said Chopra. "To date, this law has not been enforced. We are changing that.” Chopra also announced that later this month, the CFPB will propose rules to create more competition in banking to make switching financial institutions for better rates and less junk fees, more accessible.
The CFPB additionally issued the results of its recent oversight inspections of major financial institutions, which resulted in financial institutions refunding $140 million in junk fees, $120 million of which were for “surprise overdraft fees and double-dipping on non-sufficient funds fees.”
FTC announces second request for public comment on rule to ban “junk fees”
On October 11, the FTC released a notice of proposed rulemaking meant to prohibit unfair and deceptive, costly fees, also known as “junk fees.” After announcing its Advance Notice of Proposed Rulemaking last year (covered by InfoBytes here), and after considering more than 12,000 public comments, the FTC determined that some businesses misrepresent overall costs by omitting mandatory fees from advertised prices until consumers are “well into completing the transaction,” and fail to adequately explain the nature and amount of fees. The Commission is seeking another round of comments for its proposed rule, which, for any entity that “offers goods or services” to consumers, would prohibit:
- Offering, displaying, or advertising an amount a consumer may pay without “clearly and conspicuously” disclosing the “total price,” which must be displayed “more prominently than any other pricing information.”
- Misrepresenting “the nature and purpose of any amount a consumer may pay.”
- Disclosing “any other pricing information” besides the total price “more prominently” than disclosures of the total price in an “offer, display, or advertisement.”
The proposed rule would also grant the FTC more robust enforcement authority to seek refunds for harmed consumers and impose monetary penalties of up to $50,120 per violation. The proposed rule also requires businesses to include any mandatory costs for ancillary goods or services in their price disclosures.
The FTC is working alongside the CFPB, OCC, FCC, HUD and the Department of Transportation to develop and implement rules banning junk fees. The CFPB has also issued guidance emphasizing that large banks and credit unions are prohibited from imposing unreasonable obstacles on customers, such as charging excessive fees, for basic information about their accounts. Further, the White House has called on federal agencies “to reduce or eliminate hidden fees, charges, and add-ons for everything from banking services to cable and internet bills to airline and concert tickets.”
The Commission is seeking public input on 37 questions, with comments due 60 days after publication in the Federal Register.
FTC data spotlight reveals social media as primary source for scams over other contact methods
On October 6, the FTC released a data spotlight showing that more scams have originated on social media than on any other method of contact with consumers, accounting for $2.7 billion in consumer losses from 2021 to 2023. The FTC reports that the most frequently reported frauds in 2023 were online shopping scams on social media. However, promotions of fake investment opportunities, mostly those relating to cryptocurrency, on social media had the largest overall monetary losses. The FTC also provided a list of tips for consumers to limit their risks of fraud on social media, including restricting who can contact them on these platforms.
Fed finalizes rule establishing capital requirements for supervised insurers
On October 6, the Fed approved a final rule to implement a rule establishing capital requirements for insurers it supervises. The final rule includes the Building Block Approach (BBA) framework, which is a regulatory framework for assessing capital requirements for insurance companies, tailored to their specific risks by leveraging state-based requirements. It sets a minimum standard comparable to the 8 percent minimum total capital ratio for insured depository institutions (IDIs).
Specifically, the rule requires a Fed-supervised insurance organization (SIO) to aggregate the available capital and required capital of its top-tier company with its subsidiaries to determine whether the aggregate ratio meets the Board’s minimum requirement and “capital conservation buffer.” Among other things, the final rule gives SIOs two options to show compliance with Section 171(b) of Dodd-Frank: (i) demonstrate that it meets, on a fully consolidated basis, the minimum risk-based capital requirements that apply to IDIs; or (ii) demonstrate that it meets the minimum IDI risk-based capital requirements on a partially consolidated basis, excluding the assets and liabilities of certain subsidiary insurers. Should SIOs choose the second option, there are two possible treatments for unconsolidated insurance subsidiaries: (i) “a deduction from qualifying capital of the aggregate amount of the outstanding equity investment in the subsidiary, including retained earnings”; or (ii) “inclusion of the net investment in the subsidiary as an asset subject to a risk weight of 400 percent, consistent with the current treatment of certain equity exposures under the regulatory capital rules applicable to IDIs.”
Governor Michelle Bowman commented that although she supports the final rule, she cannot support the delegation of authority to staff within the current package. Concerned that the package grants broad authority to staff to make various determinations regarding the rule’s application, Bowman argues that the Board should have the opportunity to review specific cases where such authority would be exercised and suggests that it would be more appropriate to establish clear guidelines for the use of delegated authority in the context of actual determinations.
The Fed noted that the final rule is “substantially similar” to the 2019 proposed rule. The final rule is effective on January 1, 2024.
NY proposes amendments of debt collector rules
On September 30, the New York City Department of Consumer and Worker Protection (Department) published proposed amendments to its rules relating to debt collectors. The proposed amendments to its 2020 rules, which require debt collectors to inform consumers about language access services, come in response to the CFPB’s 2020 updates to the FDCPA, and the Department’s 2022 public hearing, among other things. The proposed rule (i) repeals a section requiring debt collection agencies to give consumers certain disclosures when collecting on time-barred debt; (ii) requires debt collection agencies to maintain an annual report identifying certain actions taken by the agency in any language; (iii) expands the list of required records to cover compliance with relevant laws and rules, as well as a monthly log of all debt collection-related communications by any medium between the agency and the consumer; and (iv) adds definitions relating to communications with consumers, such as “attempted communication,” “clear and conspicuous,” “covered medical entity,” “limited-content message,” “original creditor” and “originating creditor.”