InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Montana amends mortgage servicing laws
On February 16, the Montana governor signed HB 30, which amends certain provisions of the state’s mortgage laws. Among other things, the act outlines provisions related to financial condition requirements, model state regulatory prudential standards for nonbank mortgage servicers, risk assessments, and licensee reporting requirements. The act also permits remote work provided certain conditions are met, including that a licensee’s employees and independent contractors do not meet with the public in an unlicensed personal residence, business records are not stored at the remote locations, appropriate security measures are put in place to ensure the confidentiality of customer information, and the NMLS record reflects the designation of a properly licensed location as the mortgage loan originator’s official workstation. In addition, the act amends provisions related to the denial of a licensee’s application or renewal, and updates designated manager and branch office licensing requirements to account for the remote location allowance. The act further provides the Department of Administration (acting through the Division of Banking and Financial Institutions) with rulemaking authority for addressing the revocation or suspension of licenses for cause, investigations into alleged violations, and fees, among other things. Additional amendments address the sharing of confidential supervisory information with state and federal financial regulators. Exempt from the act’s requirements are not-for-profit servicers and housing financing agencies, while servicers solely involved in reverse mortgage servicing are exempt from certain portions of the act. Similarly, servicers with 25 or fewer loans, or servicers wholly owned and controlled by one or more state- or federally-regulated depository institutions are also exempt from certain portions of the act. A servicer that is also licensed as an escrow business may apply to waive or adjust certain financial condition requirements. The act is effective July 1.
Treasury official highlights fintech, crypto assets, and cloud services challenges
On February 15, Treasury Assistant Secretary for Financial Institutions Graham Steele delivered remarks before the Exchequer Club of Washington, D.C., during which he discussed the U.S. Treasury Department’s financial institutions agenda on fintech, cryptocurrency, and cloud service providers. Stating that “significant potential exists to harness the underlying technology in fintech, digital assets, and cloud services adoption,” Steele cautioned that there exist common risks across these spaces related to inadequate oversight, excessive concentration, and consumer harms.
With respect to nonbanks and fintech, Steele noted that participation by nonbanks in financial services is a key priority for Treasury. He commented that while nonbanks add diversity and competition pressure to consumer finance markets, they “have largely not been subject to the kind of comprehensive regulation and supervision to which banks are subject,” which has created numerous “risks related to regulatory arbitrage, data privacy and security, bias and discrimination, and consumer protection, among others.” Steele highlighted recent Treasury recommendations primarily focused on using existing authorities held by the federal banking regulators and the CFPB as a way to coordinate supervision of bank-fintech partnerships and credit underwriting models. Another area of concern, Steele noted, are big technology firms—those that generally seek to enter the consumer finance market via relationships with banks and third-party fintech firms, and who avoid prudential regulation, supervision, and risk-management requirements that would apply if they offered banking services. “Big Tech firms may have incentives to leverage their existing commercial relationships, consumer data, and other resources to enter new markets, expand their networks and offerings, and scale rapidly to achieve capabilities that others—including depository institutions—do not have and cannot replicate,” Steele said.
Steele also touched on Treasury’s objectives for crypto assets, in which he referred to several studies examining “the potential financial stability implications of crypto-asset activities” and the risks and opportunities they might present to consumers, investors, and businesses. He also addressed concerns about misleading claims and representations in this space (for example, with respect to the availability of deposit insurance) and noted that there exist several gaps in existing authorities over crypto assets. Finally, Steele discussed a recent Treasury report, which examined potential benefits and challenges associated with the adoption of cloud services technology by financial services firms (covered by InfoBytes here).
FDIC orders entities to stop making fraudulent deposit insurance representations
On February 15, the FDIC sent letters to four entities demanding that they stop making false or misleading representations about FDIC deposit insurance. Letters were sent to a cryptocurrency exchange and to a nonbank financial services provider demanding that the entities cease and desist from making false and misleading statements about FDIC deposit insurance and take immediate corrective action to address these statements. The FDIC also sent letters to two websites ordering them to remove similar false and misleading statements claiming that the crypto exchange and the nonbank financial services provider are FDIC-insured and that FDIC insurance will protect customers’ cryptocurrency or protect customers in the event of the nonbank’s failure. Under the Federal Deposit Insurance Act, persons are prohibited “from representing or implying that an uninsured product is FDIC-insured or from knowingly misrepresenting the extent and manner of deposit insurance.”
CFPB proposes T&C registry for nonbanks
On January 11, the CFPB announced a proposed rule to create a public registry of terms and conditions used in non-negotiable, “take it or leave it” nonbank form contracts that “claim to waive or limit consumer rights and protections.” Under the proposal, supervised nonbank companies would be required to report annually to the Bureau on their use of standard-form contract terms that “seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce or exercise their rights.” The terms and conditions—which would be made publicly available—would include those that address waivers of consumer claims, liability limits, legal action limits, class action bans, arbitration agreements, liquidated damages clauses, as well as other waivers of consumer rights.
The Bureau explained that its proposal is intended to “facilitate public awareness and oversight” about what nonbanks are putting in form contracts. “Some companies slip terms and conditions into their form contracts that try to take away consumer protections, try to limit how consumers exercise their rights, or try to quiet consumer complaints or criticism,” the Bureau stated in its announcement. “[M]ore broadly, the terms and conditions potentially undermine consumer financial protection law.”
The Bureau provided several examples of such terms and conditions, including: (i) unlawful mandatory arbitration agreements that are included in servicemember loan contracts; (ii) credit monitoring service agreements that “undermine credit reporting rights” by prohibiting consumers from pursuing legal action, including class action lawsuits, for FCRA violations; (iii) occurrences where lenders use clauses that waive liability for bank fees that borrowers incur due to repeated payment collection attempts; (iii) mortgage contracts that make “deceptive” use of waivers and limitations that are inconsistent with TILA restrictions; and (v) terms and conditions that try to quiet consumer complaints or criticism.
All supervised nonbanks, including those operating in payday lending, private student loan origination, mortgage lending and servicing, student loan servicing, automobile financing, consumer reporting, consumer debt collection, and international remittances would be subject to the rule. However, the Bureau is proposing certain exemptions for nonbanks with lower levels of receipts. Comments on the proposal are due 30 days after publication in the Federal Register.
“[T]the registry would help regulators and law enforcement more easily detect when companies are offering products and services using prohibited, void, and restricted contract terms described above. This would be especially useful to state and tribal regulators with limited resources to alert or take action against companies violating the law,” CFPB Director Rohit Chopra said in an accompanying statement, adding that the Bureau plans to “use data from the registry to identify supervised nonbanks and the risks their terms and conditions pose, prioritize which firms to examine, and plan the scope of those exams.”
House Financial Services Committee Chairman Patrick McHenry (R-NC) slammed the proposal, saying the “proposed registry of terms and conditions will facilitate the naming and shaming of firms to empower progressive activists. Requiring nonbank financial firms to register publicly with the Bureau is unprecedented—no other industry is required to make public such detailed contract information. The days of Congress giving Director Chopra a free pass for his reckless actions have come to an end.”
The proposed registry follows a proposal announced in December by the Bureau that would create a database of enforcement actions taken against certain nonbank covered entities, which would include all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices. (Covered by InfoBytes here.)
CFPB releases regulatory agenda
Recently, the Office of Information and Regulatory Affairs released the CFPB’s fall 2022 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft and NSF fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges. According to the Bureau, the rules, which were created when Regulation Z was adopted in 1969, have remained largely unchanged despite the fact that the nature of overdraft services has significantly changed over the years. The Bureau is also considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. As previously covered by InfoBytes, on January 3, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA). The outline presents items under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” (Covered by InfoBytes here.) The Bureau anticipates issuing a SBREFA report in February.
- Amendments to FIRREA concerning automated valuation models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by Dodd-Frank to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline and report in February and May 2022 respectively (covered by InfoBytes here), and estimates that the agencies will issue a notice of proposed rulemaking (NPRM) in March.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an advance notice of proposed rulemaking (ANPRM) in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act Section 307 in April.
- Nonbank registration. The Bureau issued an NPRM in December to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) In a separate agenda item, the Bureau states that the NPRM would also require supervised nonbanks to register with the Bureau and provide information about their use of certain terms and conditions in standard-form contracts. The Bureau proposes “to collect information on standard terms used in contracts that are not subject to negotiating or that are not prominently advertised in marketing.”
- Credit card penalty fees. The Bureau issued an ANPRM last June to solicit information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. Calling the current credit card late fees “excessive,” the Bureau stated it intends to review the “immunity provision” to understand how banks that rely on this safe harbor set their fees and to examine whether banks are escaping enforcement scrutiny “if they set fees at a particular level, even if the fees were not necessary to deter a late payment and generated excess profits.” The Bureau is considering comments received on the ANPRM as it develops an NPRM that may be released this month.
- Small business rulemaking. Section 1071 of Dodd-Frank amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. An NPRM was issued in August 2021 (covered by InfoBytes here). The Bureau anticipates issuing a final rule later this month.
FSOC annual report highlights digital asset, cybersecurity, and climate risks
On December 16, the Financial Stability Oversight Council (FSOC or the Council) released its 2022 annual report. The report reviewed financial market developments, identified emerging risks, and offered recommendations to mitigate threats and enhance financial stability. The report noted that “amid heightened geopolitical and economic shocks and inflation, risks to the U.S. economy and financial stability have increased even as the financial system has exhibited resilience.” The report also noted that significant unaddressed vulnerabilities could potentially disrupt institutions’ ability to provide critical financial services, including payment clearings, liquidity provisions, and credit availability to support economic activity. FSOC identified 14 specific financial vulnerabilities and described mitigation measures. Highlights include:
- Nonbank financial intermediation. FSOC expressed support for initiatives taken by the SEC and other agencies to address investment fund risks. The Council encouraged banking agencies to continue monitoring banks’ exposure to nonbank financial institutions, including reviewing how banks manage their exposure to leverage in the nonbank financial sector.
- Digital assets. FSOC emphasized the importance of enforcing existing rules and regulations applicable to the crypto-asset ecosystem, but commented that there are gaps in the regulation of digital asset activities. The Council recommended that legislation be enacted to grant rulemaking authority to the federal banking agencies over crypto-assets that are not securities. The Council said that regulatory arbitrage needs to be addressed as crypto-asset entities offering services similar to those offered by traditional financial institutions do not have to comply with a consistent or comprehensive regulatory framework. FSOC further recommended that “Council members continue to build capacities related to data and the analysis, monitoring, supervision, and regulation of digital asset activities.”
- Climate-related financial risks. FSOC recommended that state and federal agencies should continue to work to advance appropriately tailored supervisory expectations for regulated entities’ climate-related financial risk management practices. The Council encouraged federal banking agencies “to continue to promote consistent, comparable, and decision-useful disclosures that allow investors and financial institutions to consider climate-related financial risks in their investment and lending decisions.”
- Treasury market resilience. FSOC recommended that member agencies review Treasury’s market structure and liquidity challenges, and continue to consider policies “for improving data quality and availability, bolstering the resilience of market intermediation, evaluating expanded central clearing, and enhancing trading venue transparency and oversight.”
- Cybersecurity. FSOC stated it supports partnerships between state and federal agencies and private firms to assess cyber vulnerabilities and improve cyber resilience. Acknowledging the significant strides made by member agencies this year to improve data collection for managing cyber risk, the Council encouraged agencies to continue gathering any additional information needed to monitor and assess cyber-related financial stability risks.
- LIBOR transition. FSOC recommended that firms should “take advantage of any existing contractual terms or opportunities for renegotiation to transition their remaining legacy LIBOR contracts before the publication of USD LIBOR ends.” The Council emphasized that derivatives and capital markets should continue transitioning to the Secured Overnight financing Rate.
CFPB Director Rohit Chopra issued a statement following the report’s release, flagging risks posed by the financial sector’s growing reliance on big tech cloud service providers. “Financial institutions are looking to move more data and core services to the cloud in coming years,” Chopra said. “The operational resilience of these large technology companies could soon have financial stability implications. A material disruption could one day freeze parts of the payments infrastructure or grind other critical services to a halt.” Chopra also commented that FSOC should determine next year whether to grant the agency regulatory authority over stablecoin activities under Dodd-Frank. He noted that “[t]hrough the stablecoin inquiry, it has become clear that nonbank peer-to-peer payments firms serving millions of American consumers could pose similar financial stability risks” as these “funds may not be protected by deposit insurance and the failure of such a firm could lead to millions of American consumers becoming unsecured creditors of the bankruptcy estate, similar to the experience with [a now recently collapsed crypto exchange].”
CFPB proposes registry of nonbank repeat offenders
On December 12, the CFPB announced a proposed rule seeking to identify repeat financial law offenders by establishing a database of enforcement actions taken against certain nonbank covered entities. Specifically, the Bureau proposes to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in the database. Additionally, pursuant to Section 1024(b)(7) of the Consumer Financial Protection Act, the Bureau is also proposing that larger supervised nonbanks be required to submit annual written statements regarding compliance with each underlying order that is signed by an attesting executive with “knowledge of the entity’s relevant systems and procedures for achieving compliance and control over the entity’s compliance efforts.” Excluded from the registry will be insured depository institutions and credit unions, related persons, states, natural persons, and certain other entities.
Explaining that protecting American consumers is a shared effort spanning local, state, and federal authorities, CFPB Director Rohit Chopra stated that currently “readily accessible information is lacking about the identity of orders issued against nonbanks subject either to the CFPB’s market monitoring authority or to its supervisory authority across the various markets for consumer financial products and services.” The creation of a central repository of enforcement actions around the country for use in tracking and mitigating risks posed by repeat offenders and monitoring entities subject to agency and court orders will help the Bureau, the law enforcement community, and the public “limit the harms from repeat offenders,” the Bureau said in its announcement. The Bureau noted that it plans to share the database with other regulators and law enforcement agencies by making the registry public.
Comments on the proposal are due 60 days after publication in the Federal Register. The Bureau said the proposed registry would launch “no earlier than January 2024.”
Barr suggests stress test changes may be coming
On December 1, Federal Reserve Board Vice Chair for Supervision Michael S. Barr signaled changes may be coming to the supervisory stress test standards for large banks, as the Fed evaluates whether the test used to set capital requirements reflects an appropriately wide range of risks. Speaking during an American Enterprise Institute event, Barr commented that the Fed is also “considering the potential for stress testing to be a tool to explore different sources of financial stress and uncover channels for contagion that lead to unanticipated consequences.” He added that the use of “multiple scenarios or adapting the stress test in other ways to better account for the high degree of interconnectedness between banks and other financial entities could allow supervisors and banks to identify those conditions and take action to address them.” Financial stability risks posed by the nonbank sector are also a strong concern for regulators, Barr said, commenting that many of these firms are undercapitalized and engage in high-risk activities. He stressed that the migration of activities from banks to nonbanks should be monitored carefully, and cautioned against lowering bank capital requirements “in a race to the bottom,” particularly since nonbank financial market stress is often directly and indirectly transmitted to the banking system. Banks must have sufficient capital to remain resilient to those stresses, Barr said.
Treasury recommends closer supervision of fintech-bank partnerships
On November 16, the U.S. Treasury Department, in consultation with the White House Competition Council, released a report entitled Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets. The report is a product of President Biden’s July 2021 Executive Order, Promoting Competition in the American Economy, (covered by InfoBytes here), which, among other things, ordered Treasury to submit a report within 270 days on the effects on competition of large technology and other non-bank companies’ entry into the financial services space. Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets is the final report in a series of reports that assesses competition in various aspects of the economy. Among other things, the report found that while concentration among federally insured banks is increasing, new entrant non-bank firms, specifically “fintech” firms, are adding significantly to the number of firms and business models competing in consumer finance markets and appear to be contributing to competitive pressure. In addition to enabling new capabilities, fintech firms are also creating new risks to consumer protection and market integrity, according to the report. The report noted that non-bank firms could “pose risks by engaging in harmful regulatory arbitrage, conducting activities in a manner that inappropriately sidesteps safety and soundness and consumer protection law requirements applicable to an [insured depository institution].”
The report also noted that new entrant non-bank firms or their offerings may pose risks of reliability or fraud issues, in addition to data privacy risks and the potential for new forms of surveillance and discrimination. The report provided recommendations for regulators to encourage fair and responsible competition that benefits consumers and their financial well-being, including: (i) addressing market integrity and safety and soundness concerns by providing a clear and consistently applied supervisory framework for bank-fintech relationships; (ii) protecting consumers by robustly supervising bank-fintech lending relationships for compliance with consumer protection laws and their impact on consumers’ financial well-being; and (iii) encouraging consumer-beneficial innovation by supporting innovations in consumer credit underwriting designed to increase credit visibility, reduce bias, and prudently expand credit to underserved consumers.
CFPB finalizes nonbank supervisory rule
On November 10, the CFPB announced a final rule finalizing changes to a nonbank supervision procedural rule issued in April. As previously covered by InfoBytes, the Bureau announced earlier this year that it was invoking a “dormant authority” under the Dodd-Frank Act to conduct supervisory examinations of fintech firms and other nonbank financial services providers based upon a determination of risk. Specifically, the Bureau said it intends to use a provision under Section 1024 of Dodd-Frank that allows it to examine nonbank financial entities, upon notice and an opportunity to respond, if it has “reasonable cause” to determine that consumer harm is possible. Concurrently, the Bureau issued a request for public comment on an updated version of a procedural rule that implements its statutory authority to supervise nonbanks “whose activities the CFPB has reasonable cause to determine pose risks to consumers,” including potentially unfair, deceptive, or abusive acts or practices. Provisions outlined in the procedural rule would exempt final decisions and orders by the Bureau director from being considered confidential supervisory information, thus allowing the Bureau to publish the decisions on its website. Subject companies would be given an opportunity seven days after a final decision is issued to provide input on what information, if any, should be publicly released, the Bureau said.
After reviewing public comments received on the procedural rule, the Bureau incorporated certain changes to clarify the standard that the agency will apply when deciding what information is appropriate for public release, in whole or in part. The Bureau explained that information falling within Freedom of Information Act Exemptions 4 and 6 (which protect confidential commercial information and personal privacy) will not be published. Additionally, the Bureau said it may also choose to withhold information if the director determines there is other good cause to do so. The final rule also extends the deadline from seven to ten business days for nonbanks to submit input about what information should be released. The final rule will take effect upon publication in the Federal Register.
Notably, the Bureau emphasized that the “amended procedures only relate to the initial decision to extend supervision to a nonbank entity” and “do not affect the confidentiality of any ensuing supervisory examination or any other aspect of the supervisory process.”