Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
The CFPB recently issued its semi-annual report to Congress covering the Bureau’s work for the period beginning October 1, 2022 and ending March 31, 2023. The report, which is required by Dodd-Frank, includes, (i) a list of significant rules and orders (including final rules, proposed rules, pre-rule materials, and upcoming plans and initiatives); (ii) an analysis of consumer complaints, (iii) lists of public supervisory and enforcement actions, (iv) assessments of actions by state regulators and attorneys generals related to consumer financial law; (v) assessment of fair lending enforcement and rulemaking; and (vi) an analysis of efforts to increase workforce and contracting diversity.
On November 16, the DOJ and DOE announced a successful first year of their new student loan bankruptcy discharge process during 2022. The discharge process extinguishes a borrower’s obligation to pay back either some or all of a student loan in bankruptcy based on undue hardship. The DOJ cites two previous standards used by bankruptcy courts to determine if a borrower’s repayment would cause an undue hardship: the Brunner and Totality Tests. The DOJ’s guidance simplified the current standards to enhance “consistency and equity in the handling of these cases” and applies in both Burner and Totality Test jurisdictions. The guide permits a court to grant a discharge if three conditions are satisfied: (i) “the debtor presently lacks an ability to pay the loan”; (ii) “the debtor’s inability to pay the loan is likely to persist in the future”; and (iii) “the debtor has acted in good faith in attempting to repay the loan.”
The DOJ reported the success of their new guidance with several findings: (i) there were 632 cases filed in the first 10 months of the new process, a significant increase from recent years; (ii) this process was used by 97 percent of all borrowers; (iii) 99 percent of borrowers received either full or partial discharges; and (iv) two bankruptcy courts adopted this process. The DOJ is optimistic that some or all these trends will continue.
FSOC approves analytic framework for financial stability risks and guidance on nonbank financial company determinations
On November 3, the Financial Stability Oversight Council (FSOC) announced that it unanimously voted to issue the final versions of a new analytic framework regarding financial stability risks, in addition to updated interpretive guidance on the council’s nonbank designation guidance. The analytic framework indicates vulnerable points that commonly contribute to financial stability risks, and it explains how FSOC may address the risks, including interagency coordination, recommendations to regulators, or the designation of certain entities. The nonbank designation guidance establishes how the council determines whether a given nonbank should be under the Fed’s supervision and prudential standards under Section 113 of Dodd-Frank. In April, FSOC released the proposed analytic framework and the proposed nonbank designation guidance (as covered by InfoBytes here) and opened a comment period on the proposals.
FSOC adopted key changes in consideration of public comments on the proposed framework, including (i) clarifications to the interpretation of “threat to financial stability”; (ii) more examples of quantitative metrics considered in its analysis; (iii) expanded discussion of transmission channels; and (iv) additional emphasis on FSOC’s engagement with state and federal financial regulatory agencies regarding risk. Comments directed at the interpretive guidance were addressed, and some changes are reflected in the framework. Both CFPB Director Rohit Chopra and OCC Acting Comptroller Michael J. Hsu issued statements supporting the issuance of the interpretive guidance and the framework. Chopra commented that FSOC’s actions to evaluate whether any “shadow bank” meets the statutory threshold for enhanced oversight are essential in preventing potential threats to financial stability. Hsu also noted the significance of leveraging Dodd-Frank's tools for “monitoring and mitigating risks to U.S. financial stability.”
The analytic framework will be effective upon publication in the Federal Register, and the nonbank designations guidance will be effective 60 days after publication in the Federal Register.
On October 24, the Fed, FDIC, and OCC issued an interagency announcement regarding the modernization of their rules under the Community Reinvestment Act (CRA), a law enacted in 1977 to encourage banks to help meet the credit needs of their communities, especially low- and moderate-income (LMI) neighborhoods, in a safe and sound manner. The new rule overhauls the existing regulatory scheme that was first implemented in the mid-1990s.
For banks with assets of at least $2 billion (Large Banks), the final rule adds a new category of assessment area to the existing facility based assessment area (FBAA). Large Banks that do more than 20 percent of their CRA-related lending outside their FBAAs will have that lending evaluated in retail lending assessment areas, i.e., MSAs or states where it originated at least 150 closed-end home mortgage loans or 400 small business loans in both of the previous two years. All Large Banks will be subject to two new lending and two new community development tests, with lending and community development activities each counting for half a bank’s overall CRA rating. Banks with assets between $600 million and $2 billion will be subject to a new lending test. Large Banks with assets greater than $10 billion will also have special reporting requirements.
Additionally, the rule (i) implements a standardized scoring system for performance ratings; (ii) revises community development definitions and creates a list of community development activities eligible for CRA consideration, regardless of location; (iii) permits regulators to evaluate “impact and responsiveness factors” of community development activities; (iii) continues to make strategic plans available as an alternative option for evaluation; (iv) revises the definition of limited purpose bank so that it includes both existing limited purpose and wholesale banks and subjects those banks to a new community development financing test; and (v) considers online banking in the bank’s evaluations.
Most of the rule’s requirements will be effective January 1, 2026. The remaining requirements, including the data reporting requirements, will apply on January 1, 2027.
On October 24, CSBS released tips for licensees to prepare for NMLS renewal. As previously covered by InfoBytes, NMLS announced it will be rolling out a new version of its mortgage call report which will include new requirements for many licensees. Kelly O'Sullivan, the chair of the NMLS Policy Committee and deputy commissioner of the Montana Division of Banking and Financial Institutions, advises licensees to proactively update their information in NMLS and make use of available training and resources to address their queries before the renewal period begins. This is particularly crucial for those individuals who typically only engage with NMLS during the license renewal phase.
CSBS recommended five essential tips for licensees:
- Licensees should log into NMLS and thoroughly review and update their profile record to ensure accuracy;
- Licensees should reset their NMLS password in advance to have a current password ready for accessing NMLS when needed;
- Licensees should provide and maintain a current email address to receive essential updates from NMLS during the renewal process;
- Licensees should review state-specific renewal requirements, as state agencies typically begin publishing details, including deadlines and fees, in September;
- Licensees are encouraged to take advantage of the free, on-demand renewal training resources provided by CSBS to become familiar with the renewal process.
On October 6, CFPB Director Rohit Chopra spoke at a digital payments event where he described the risks posed by private digital currencies and digital payments systems and provided steps that would increase the CFPB oversight so as to help protect consumers from these risks.
Chopra stated that from a consumer regulator’s perspective, it is important to safeguard against the risks of private currencies issued by nonbanks, which include the potential for sudden devaluation of the digital currency, intrusive data surveillance, censorship, private regulations that favor the issuer’s commercial interests, challenges with error resolution, and consumer fraud.
Further, Chopra shared what he believes are warranted steps to ensure that private digital dollars and payments systems do not harm consumers:
- The CFPB will issue supplemental orders to certain large technology platforms to acquire more data and information to better ascertain their business practices, especially with respect to the use of sensitive personal data and any issuance of private currencies.
- To reduce the harms of errors, hacks, and unauthorized transfers, the Bureau will explore providing additional guidance on the applicability of the Electronic Fund Transfer Act with respect to private digital dollars and other virtual currencies for consumer and retail use.
- The CFPB will use appropriate authorities to conduct supervisory examinations of nonbanks operating consumer payment platforms, including the authority over service providers to large depository institutions and the authority over large participants, which would subject nonbanks meeting a particular size threshold to CFPB supervision.
- The Bureau will publish a proposed rule regarding personal financial data rights pursuant to Section 1033 of the Consumer Financial Protection Act, which will seek to accelerate America’s shift to open, competitive, and decentralized banking, while also seeking to safeguard against misuse of personal financial data.
Additionally, Chopra stated the Financial Stability Oversight Council should consider exercising its authority under Title VIII of the Dodd-Frank Act to designate activity as, or as likely to become, a systemically important payment, clearing, or settlement activity so as to provide other agencies with critical oversight and tools to ensure that a stablecoin is actually stable.
On October 6, the Fed approved a final rule to implement a rule establishing capital requirements for insurers it supervises. The final rule includes the Building Block Approach (BBA) framework, which is a regulatory framework for assessing capital requirements for insurance companies, tailored to their specific risks by leveraging state-based requirements. It sets a minimum standard comparable to the 8 percent minimum total capital ratio for insured depository institutions (IDIs).
Specifically, the rule requires a Fed-supervised insurance organization (SIO) to aggregate the available capital and required capital of its top-tier company with its subsidiaries to determine whether the aggregate ratio meets the Board’s minimum requirement and “capital conservation buffer.” Among other things, the final rule gives SIOs two options to show compliance with Section 171(b) of Dodd-Frank: (i) demonstrate that it meets, on a fully consolidated basis, the minimum risk-based capital requirements that apply to IDIs; or (ii) demonstrate that it meets the minimum IDI risk-based capital requirements on a partially consolidated basis, excluding the assets and liabilities of certain subsidiary insurers. Should SIOs choose the second option, there are two possible treatments for unconsolidated insurance subsidiaries: (i) “a deduction from qualifying capital of the aggregate amount of the outstanding equity investment in the subsidiary, including retained earnings”; or (ii) “inclusion of the net investment in the subsidiary as an asset subject to a risk weight of 400 percent, consistent with the current treatment of certain equity exposures under the regulatory capital rules applicable to IDIs.”
Governor Michelle Bowman commented that although she supports the final rule, she cannot support the delegation of authority to staff within the current package. Concerned that the package grants broad authority to staff to make various determinations regarding the rule’s application, Bowman argues that the Board should have the opportunity to review specific cases where such authority would be exercised and suggests that it would be more appropriate to establish clear guidelines for the use of delegated authority in the context of actual determinations.
The Fed noted that the final rule is “substantially similar” to the 2019 proposed rule. The final rule is effective on January 1, 2024.
On September 28, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2024. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) asset and liability management; (ii) credit; (iii) allowances for credit losses; (iv) cybersecurity; (v) operations; (vi) digital ledger technology activities; (vii) change in management; (viii) payments; (ix) Bank Secrecy Act/AML compliance; (x) consumer compliance; (xi) Community Reinvestment Act; (xii) fair lending; and (xiii) climate-related financial risks.
Two of the top areas of focus are asset and liability management and credit risk. In its operating plan the OCC says that “Examiners should determine whether banks are managing interest rate and liquidity risks through use of effective asset and liability risk management policies and practices, including stress testing across a sufficient range of scenarios, sensitivity analyses of key model assumptions and liquidity sources, and appropriate contingency planning.” With respect to credit risk, the OCC says that “Examiners should evaluate banks’ stress testing of adverse economic scenarios and potential implications to capital” and “focus on concentrations risk management, including for vulnerable commercial real estate and other higher-risk portfolios, risk rating accuracy, portfolios of highest growth, and new products.”
The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.
On September 6, California Governor Gavin Newsom signed an Executive Order (E.O.) instructing state agencies to evaluate how generative artificial intelligence (GenAI) may impact the State and its residents. Specifically, the E.O. requires certain state agencies to provide a report to the Governor which will examine “the most significant, potentially beneficial uses” of GenAI tools by the state. The report must also discuss “the potential risks to individuals, communities, and government and state government workers” from GenAI tools. Certain California agencies, including the Department of Technology, must perform a “risk analysis of potential threats to and vulnerabilities of California’s critical energy infrastructure by the use of GenAI.” The E.O. also requires that the State issue “general guidelines for public sector procurement, uses, and required training for use of GenAI,” and consider pilots of GenAI projects to be tested in “sandboxes.” Lastly, the E.O. directs the State to pursue a formal partnership with certain California higher education institutions to study the impacts of GenAI and support its safe growth.
On July 26, the CFPB released its Summer 2023 issue of Supervisory Highlights, which covers enforcement actions in areas such as auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday lending and remittances from June 2022 through March 2023. The Bureau noted significant findings regarding unfair, deceptive, and abusive acts or practices and findings across many consumer financial products, as well as new examinations on nonbanks.
- Auto Origination: The CFPB examined auto finance origination practices of several institutions and found deceptive marketing of auto loans. For example, loan advertisements showcased cars larger and newer than the products for which actual loan offers were available, which misled consumers.
- Auto Servicing: The Bureau’s examiners identified unfair and abusive practices at auto servicers related to charging interest on inflated loan balances resulting from fraudulent inclusion of non-existent options. It also found that servicers collected interest on the artificially inflated amounts without refunding consumers for the excess interest paid. Examiners further reported that auto servicers engaged in unfair and abusive practices by canceling automatic payments without sufficient notice, leading to missed payments and late fee assessments. Additionally, some servicers allegedly engaged in cross-collateralization, requiring consumers to pay other unrelated debts to redeem their repossessed vehicles.
- Consumer Reporting: The Bureau’s examiners found that consumer reporting companies failed to maintain proper procedures to limit furnishing reports to individuals with permissible purposes. They also found that furnishers violated regulations by not reviewing and updating policies, neglecting reasonable investigations of direct disputes, and failing to notify consumers of frivolous disputes or provide accurate address disclosures for consumer notices.
- Debt Collection: The CFPB's examinations of debt collectors (large depository institutions, nonbanks that are larger participants in the consumer debt collection market, and nonbanks that are service providers to certain covered persons) uncovered violations of the FDCPA and CFPA, such as unlawful attempts to collect medical debt and deceptive representations about interest payments.
- Deposits: The CFPB's examinations of financial institutions revealed unfair acts or practices related to the assessment of both nonsufficient funds and line of credit transfer fees on the same transaction. The Bureau reported that this practice resulted in double fees being charged for denied transactions.
- Fair Lending: Recent examinations through the CFPB's fair lending supervision program found violations of ECOA and Regulation B, including pricing discrimination in granting pricing exceptions based on competitive offers and discriminatory lending restrictions related to criminal history and public assistance income.
- Information Technology: Bureau examiners found that certain institutions engaged in unfair acts by lacking adequate information technology security controls, leading to cyberattacks and fraudulent withdrawals from thousands of consumer accounts, causing substantial harm to consumers.
- Mortgage Origination: Examiners found that certain institutions violated Regulation Z by differentiating loan originator compensation based on product types and failing to accurately reflect the terms of the legal obligation on loan disclosures.
- Mortgage Servicing: Examiners identified UDAAP and regulatory violations at mortgage servicers, including violations related to loss mitigation timing, misrepresenting loss mitigation application response times, continuity of contact procedures, Spanish-language acknowledgment notices, and failure to provide critical loss mitigation information. Additionally, some servicers reportedly failed to credit payments sent to prior servicers after a transfer and did not maintain policies to identify missing information after a transfer.
- Payday Lending: The CFPB identified unfair, deceptive, and abusive acts or practices, including unreasonable limitations on collection communications, false collection threats, unauthorized wage deductions, misrepresentations regarding debt payment impact, and failure to comply with the Military Lending Act. The report also highlighted that lenders reportedly failed to retain evidence of compliance with disclosure requirements under Regulation Z. In response, the Bureau directed lenders to cease deceptive practices, revise contract language, and update compliance procedures to ensure regulatory compliance.
- Remittances: The CFPB evaluated both depository and non-depository institutions for compliance with the EFTA and its Regulation E, including the Remittance Rule. Examiners found that some institutions failed to develop written policies and procedures to ensure compliance with the Remittance Rule's error resolution requirements, using inadequate substitutes or policies without proper implementation.