Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB issues Summer ’23 supervisory highlights

    Federal Issues

    On July 26, the CFPB released its Summer 2023 issue of Supervisory Highlights, which covers enforcement actions in areas such as auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday lending and remittances from June 2022 through March 2023. The Bureau noted significant findings regarding unfair, deceptive, and abusive acts or practices and findings across many consumer financial products, as well as new examinations on nonbanks.

    • Auto Origination: The CFPB examined auto finance origination practices of several institutions and found deceptive marketing of auto loans. For example, loan advertisements showcased cars larger and newer than the products for which actual loan offers were available, which misled consumers.
    • Auto Servicing: The Bureau’s examiners identified unfair and abusive practices at auto servicers related to charging interest on inflated loan balances resulting from fraudulent inclusion of non-existent options. It also found that servicers collected interest on the artificially inflated amounts without refunding consumers for the excess interest paid. Examiners further reported that auto servicers engaged in unfair and abusive practices by canceling automatic payments without sufficient notice, leading to missed payments and late fee assessments. Additionally, some servicers allegedly engaged in cross-collateralization, requiring consumers to pay other unrelated debts to redeem their repossessed vehicles.
    • Consumer Reporting: The Bureau’s examiners found that consumer reporting companies failed to maintain proper procedures to limit furnishing reports to individuals with permissible purposes. They also found that furnishers violated regulations by not reviewing and updating policies, neglecting reasonable investigations of direct disputes, and failing to notify consumers of frivolous disputes or provide accurate address disclosures for consumer notices.
    • Debt Collection: The CFPB's examinations of debt collectors (large depository institutions, nonbanks that are larger participants in the consumer debt collection market, and nonbanks that are service providers to certain covered persons) uncovered violations of the FDCPA and CFPA, such as unlawful attempts to collect medical debt and deceptive representations about interest payments.
    • Deposits: The CFPB's examinations of financial institutions revealed unfair acts or practices related to the assessment of both nonsufficient funds and line of credit transfer fees on the same transaction. The Bureau reported that this practice resulted in double fees being charged for denied transactions.
    • Fair Lending: Recent examinations through the CFPB's fair lending supervision program found violations of ECOA and Regulation B, including pricing discrimination in granting pricing exceptions based on competitive offers and discriminatory lending restrictions related to criminal history and public assistance income.
    • Information Technology: Bureau examiners found that certain institutions engaged in unfair acts by lacking adequate information technology security controls, leading to cyberattacks and fraudulent withdrawals from thousands of consumer accounts, causing substantial harm to consumers.
    • Mortgage Origination: Examiners found that certain institutions violated Regulation Z by differentiating loan originator compensation based on product types and failing to accurately reflect the terms of the legal obligation on loan disclosures.
    • Mortgage Servicing: Examiners identified UDAAP and regulatory violations at mortgage servicers, including violations related to loss mitigation timing, misrepresenting loss mitigation application response times, continuity of contact procedures, Spanish-language acknowledgment notices, and failure to provide critical loss mitigation information. Additionally, some servicers reportedly failed to credit payments sent to prior servicers after a transfer and did not maintain policies to identify missing information after a transfer.
    • Payday Lending: The CFPB identified unfair, deceptive, and abusive acts or practices, including unreasonable limitations on collection communications, false collection threats, unauthorized wage deductions, misrepresentations regarding debt payment impact, and failure to comply with the Military Lending Act. The report also highlighted that lenders reportedly failed to retain evidence of compliance with disclosure requirements under Regulation Z. In response, the Bureau directed lenders to cease deceptive practices, revise contract language, and update compliance procedures to ensure regulatory compliance.
    • Remittances: The CFPB evaluated both depository and non-depository institutions for compliance with the EFTA and its Regulation E, including the Remittance Rule. Examiners found that some institutions failed to develop written policies and procedures to ensure compliance with the Remittance Rule's error resolution requirements, using inadequate substitutes or policies without proper implementation.

    Federal Issues CFPB Consumer Finance Consumer Protection Auto Lending Examination Mortgages Mortgage Servicing Mortgage Origination Supervision Nonbank UDAAP FDCPA CFPA ECOA Regulation Z Payday Lending EFTA Unfair Deceptive Abusive

  • FSB finalizes crypto framework

    Federal Issues

    On July 17, the Financial Stability Board (FSB) released its global regulatory framework for promoting comprehensive, international consistency of regulatory and supervisory approaches for crypto-asset activities and stablecoins, while also supporting responsible innovations potentially brought by technological changes. Based on the principle of “same activity, same risk, same regulation,” FSB’s framework consists of two distinct sets of recommendations. The first set of recommendations focuses on regulating, supervising, and overseeing crypto-asset activities and markets at a high level. The recommendations establish a global regulatory baseline for promoting a framework that is technology-neutral and focuses on underlying activities and risks (FSB notes that some jurisdictions may choose to take more restrictive regulatory measures). The second set provides revised high-level recommendations specifically for the regulation, supervision, and oversight of “global stablecoin” arrangements. The recommendations also seek to promote consistent and effective regulation, supervision and oversight of global stablecoin arrangements across jurisdictions to address potential financial stability risks posed at both the domestic and international level, while further “supporting responsible innovation and providing sufficient flexibility for jurisdictions to implement domestic approaches.”

    The final recommendations “take account of lessons from events of the past year in crypto-asset markets, as well as feedback received during the public consultation of the FSB’s proposals,” the announcement said, noting that central bank digital currencies are not subject to these recommendations. The FSB and sectoral standard-setting bodies (SSBs) will continue to coordinate work to promote the development of a comprehensive and coherent global regulatory framework that is appropriate for the risks associated with crypto-asset market activities, including providing more detailed guidance through SSBs and monitoring and public reporting.

    Federal Issues Digital Assets Financial Stability Board Supervision Cryptocurrency CBDC Of Interest to Non-US Persons Fintech

  • Highlights from the CFPB’s 2022 fair lending report

    Federal Issues

    On June 29, the CFPB issued its annual fair lending report to Congress which outlines the Bureau’s efforts in 2022 to fulfill its fair lending mandate. Much of the Bureau’s work in 2022 was directed towards unlawful discrimination in the home appraisal industry and addressing redlining. According to the report, the CFPB also honed its efforts on factors that influence fair access to credit which included insight into factors affecting consumers’ credit profiles. The report highlights one fair lending enforcement action from 2022, where the CFPB and DOJ filed a joint complaint and proposed consent order against a company for allegedly violating ECOA, Regulation B, and the CFPA by discouraging prospective applicants from applying for credit. Notably, the Bureau notes that under section 704 of ECOA, it must refer any cases with instances of a creditor being believed to have engaged in a “pattern or practice of lending discrimination” to the DOJ. According to the report, the FDIC, NCUA, Federal Reserve Board, and CFPB collectively made 23 such referrals to the DOJ in 2022, a 91 percent increase from 2020. Five of the 23 matters were sent by the CFPB, four of which involved alleged racial discrimination in redlining, and one involving alleged discrimination in underwriting based on receipt of public assistance income. The report also discusses the CFPB’s risk-based prioritization process that resulted in initiatives concerning small business lending, policies and procedures on exclusions in underwriting, and the use of artificial intelligence. Moving forward, the Bureau will continue its collaborative approach with other agencies and prioritize areas such as combating bias in home appraisals, redlining, and the use of advanced technologies in financial services. Additionally, the report states that by focusing on restorative outcomes, comprehensive remedies, and equal economic opportunities, the CFPB aims to create a fair, equitable, and nondiscriminatory credit market for consumers.

    Federal Issues CFPB Fair Lending DOJ ECOA Enforcement Consumer Finance Redlining Artificial Intelligence Supervision

  • Bowman skeptical about higher capital requirements

    On June 25, Federal Reserve Governor Michelle W. Bowman expressed skepticism about calls for higher capital requirements following a string of recent bank failures, warning that stricter capital standards could hinder bank lending and diminish competition. In prepared remarks delivered during a global financial seminar held in Salzburg, Austria, Bowman said that while efforts have been taken to understand what went wrong, which have revealed “some uncomfortable realities about the lead-up to the bank failures,” the majority of the work was prepared internally by Fed supervision staff “relying on a limited number of unattributed source interviews, and completed on an expedited timeframe with a limited scope.” She commented that a necessary next step would be to engage an independent third party to analyze what factors and circumstances contributed to the recent bank failures. Independent reviews, Bowman said, “should play an important role in informing the future path of supervision and regulation.”

    Bowman further stressed that banks are currently better capitalized and more closely supervised than before the 2008 financial crisis. The banking system is strong and resilient, Bowman said, which “begs the question—what are the justifications for higher capital requirements?” Instead, regulators should consider whether examiners are armed with the appropriate tools and support to identify material risks and demand prompt remediation. “Increasing capital requirements simply does not get at this underlying concern about the effectiveness of supervision,” she said. She commented that if regulators think about what tools are most effective and efficient in addressing shortcomings, they will find ways to improve supervision, revise liquidity requirements, or improve banks’ preparedness to access liquidity. Bowman cautioned that while “higher capital implies greater resiliency,” this resiliency comes at the cost of decreased credit availability and higher cost of credit in normal times, which “can have broad impacts on banks, the broader financial system, and the economy.” Rising bank capital requirements, Bowman added, may also “exacerbate the competitive dynamics that result in advantages to non-bank competitors and push additional financial activity out of the regulated banking system.”

    Bank Regulatory Federal Issues Federal Reserve Supervision

  • OCC updates cybersecurity exam procedures

    On June 26, the OCC issued Bulletin 2023-22 announcing recent updates to the agency’s approach to cybersecurity assessment procedures. The Cybersecurity Supervision Work Program (CSW) provides high-level examination objectives and procedures aligned with the National Institute of Standards and Technology Cybersecurity Framework (NIST-CFS) and is part of the agency’s risk-based bank information technology supervision process. The CSW is intended to provide examiners an effective approach for identifying cybersecurity risks in supervised banks.

    According to an overview provided by the OCC, the CSW “provides examiners with a common framework and terminology in discussions with bank management” and is structured according to the following NIST-CSF functions: identify, protect, detect, respond, and recover (as well as related categories and subcategories). The OCC also developed an additional function, Specialty Areas, to address areas of risk that may be part of OCC cybersecurity assessments, where applicable. Examiners will use these procedures to supplement those outlined in the “Community Bank Supervision,” “Large Bank Supervision,” and “Federal Branches and Agencies Supervision” booklets of the Comptroller’s Handbook, the FFIEC’s Information Technology Examination Handbook booklets, and other related supervisory guidance.

    The OCC encourages supervised banks to use standardized approaches to assess and improve cybersecurity preparedness. Banks may choose from a variety of standardized tools and available frameworks, and should use the agency’s CSW cross-references table for further guidance. No new regulatory expectations are established with the issuance of the CSW.

    Bank Regulatory Federal Issues Privacy, Cyber Risk & Data Security OCC Supervision Examination NIST

  • FDIC revises NSF guidance

    On June 16, the FDIC updated its Supervisory Guidance on Multiple Re-Presentment NSF Fees to clarify its supervisory approach for addressing violations of law. This new guidance, FIL-32-2023, updates FIL-40-2022 (originally issued last August and covered by InfoBytes here), which warned supervised financial institutions that charging customers multiple non-sufficient funds (NSF) fees on re-presented unpaid transactions may increase regulatory scrutiny and litigation risk. The FDIC noted that since the issuance of FIL-40-2022, the agency has received additional data relating to the amount of consumer harm associated with NSF fees at particular institutions, as well as information regarding extensive, ongoing challenges institutions face to accurately identify re-presented transactions. Consequently, the FDIC made changes to its supervisory guidance to specify that it “does not intended to request an institution to conduct a lookback review absent a likelihood of substantial consumer harm.”

    Bank Regulatory Federal Issues FDIC Supervision NSF Fees Consumer Finance Compliance

  • McHenry objects to FSOC’s proposed designation framework

    Agency Rule-Making & Guidance

    On June 15, House Financial Services Committee Chairman Patrick McHenry sent a letter to Treasury Secretary Janet Yellen urging the Financial Stability Oversight Council (FSOC), which Yellen chairs, to “revisit” its proposals on nonbank financial firm risks. As previously covered by InfoBytes, in April, FSOC released a proposed analytic framework for financial stability risks to provide greater public transparency on how it identifies, assesses, and addresses potential risks “regardless of whether the risk stems from activities or firms.” The same day, FSOC also released for public comment proposed interpretive guidance relating to procedures for designating systemically important nonbank financial companies for Federal Reserve supervision and enhanced prudential standards.

    McHenry’s letter raised concerns with FSOC’s decision to evaluate risks based on an entity’s size and not its activities. According to McHenry, FSOC’s April proposals will essentially undo changes it made in 2019, which incorporated principles considering a financial institution’s systematic risk rather than merely its size. In his announcement accompanying the letter, McHenry elaborated on his concerns, stating that “allowing FSOC to extend its supervisory reach beyond prudential institutions to nonbank entities in this way could pose significant regulatory consequences for our financial system.” McHenry claimed these institutions may engage in different activities, thus presenting different risks, and said the proposals do not take this into account. McHenry also argued that expanding the Fed’s oversight jurisdiction is not a “panacea for financial stability.”

    Agency Rule-Making & Guidance Federal Issues FSOC Department of Treasury Nonbank House Financial Services Committee Supervision

  • CFPB releases regulatory agenda

    Agency Rule-Making & Guidance

    The Office of Information and Regulatory Affairs recently released the CFPB’s spring 2023 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:

    • Overdraft fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges.
    • FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. In January, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.” (Covered by InfoBytes here.)
    • Insufficient funds fees. The Bureau is considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
    • Amendments to FIRREA concerning automated valuation models. On June 1, the Bureau issued a joint notice of proposed rulemaking (NPRM) with the Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations to implement quality control standards mandated by the Dodd-Frank Act concerning automated valuation models used by mortgage originators and secondary market issuers. (Covered by InfoBytes here.) Previously, the Bureau released a Small Business Regulatory Enforcement Fairness Act (SBREFA) outline and report in February and May 2022 respectively. (Covered by InfoBytes here.)
    • Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the SBREFA and the issuance of a final report examining the impact of the Bureau’s proposals to address consumers’ personal financial data rights. (Covered by InfoBytes here.) Proposed rulemaking may be issued in October.
    • Property Assessed Clean Energy (PACE) financing. The Bureau issued an NPRM last month to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The proposed effective date is at least one year after the final rule is published in the Federal Register (“but no earlier than the October 1 which follows by at least six months Federal Register publication”), with the possibility of a further extension to ensure compliance with a TILA timing requirement.
    • Supervision of Larger Participants in Consumer Payment Markets. The Bureau is considering whether to engage in pre-rulemaking activity next month to define larger participants in consumer payment markets and further the scope of the agency’s nonbank supervision program.
    • Nonbank registration. The Bureau announced its intention to identify repeat financial law offenders by establishing a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
    • Terms and conditions registry for supervised nonbanks. At the beginning of the year, the Bureau issued an NPRM that would create a public registry of terms and conditions used in non-negotiable, “take it or leave it” nonbank form contracts that “claim to waive or limit consumer rights and protections.” Under the proposal, supervised nonbank companies would be required to report annually to the Bureau on their use of standard-form contract terms that “seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce or exercise their rights” and would appear in a publicly accessible registry. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
    • Credit card penalty fees. The Bureau issued an NPRM in February to solicit public feedback on proposed changes to credit card late fees and late payments and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. A final rule may be issued later this year.
    • LIBOR transition. In April, the Bureau issued an interim final rule, amending Regulation Z, which implements TILA, to update various provisions related to the LIBOR transition. Effective May 15, the interim final rule further addresses LIBOR’s sunset on June 30, by incorporating references to the SOFR-based replacement—the Fed-selected benchmark replacement for the 12-month LIBOR index—into Regulation Z. (Covered by InfoBytes here.)

    Agency Rule-Making & Guidance Federal Issues CFPB Fintech Payments Dodd-Frank Overdraft FCRA Consumer Reporting Agency NSF Fees FIRREA AVMs Section 1033 PACE Nonbank Supervision Credit Cards LIBOR Consumer Finance

  • Agencies finalize guidance on managing third parties

    Federal Issues

    On June 6, the OCC, Federal Reserve Board, and FDIC issued interagency guidance to aid banking organizations in managing risks related to third-party relationships, including relationships with financial technology-focused entities. (See also FDIC FIL-29-2023 and Federal Reserve Board memo here.) The joint guidance, final as of June 6, replaces each agency’s existing general guidance on third-party risk management and is directed to all supervised banking organizations. Designed to streamline government guidance on mitigating risks when working with third parties, the final guidance establishes principles for banking organizations to consider when implementing risks management practices. Banking organizations are advised to consider and account for the level of risk, complexity, and size of the institution, as well as the nature of the third-party relationship, when conducting sound risk management.

    After considering public comments received on proposed guidance issued in July 2021 (covered by InfoBytes here), the final guidance provides directions and expectations for oversight at all stages in the life cycle of a third-party relationship, including topics relating to planning, due diligence and third-party selection, contract negotiations, ongoing monitoring, and termination. Guidance on conducting independent reviews, maintaining documentation, and reporting is also included. The agencies advised banking organizations, particularly community banks, to review illustrative examples to help align risk management practices with the scope and risk profile of their third-party relationships. Additionally, banking organizations should maintain a complete inventory of their third-party relationships, identify higher-risk and critical activities, periodically conduct reviews to determine whether risks have changed over time, and update risk management practices accordingly, the agencies said.

    The final guidance emphasizes that the agencies will review a banking organization’s third-party risk management practices as part of the standard supervisory process. When assessing whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations, examiners will, among other things, (i) evaluate a banking organization’s ability to oversee and manage third party relationships; (ii) assess the effects of those relationships on a banking organization’s risk profile and operational performance; (iii) perform transaction testing to evaluate whether activities performed by a third party comply with applicable laws and regulations; (iv) conduct conversations relating to any identified material risks and deficiencies with senior management and board of directors; (v) review how a banking organization remediates any deficiencies; and (vi) consider supervisory findings when rating a banking organization.

    The agencies stressed that they may take corrective measures, including enforcement actions, to address identified violations or unsafe or unsound banking practices by the banking organization or its third party. The agencies further announced that they plan to immediately engage with community banks and will develop additional resources in the future to help these organizations manage relevant third-party risks.

    Federal Issues Agency Rule-Making & Guidance Third-Party Risk Management Risk Management Vendor Management FDIC Federal Reserve OCC Supervision

  • OCC’s new enforcement policy targets banks with “persistent weaknesses”

    On May 25, the OCC announced revisions to its Policies and Procedures Manual (PPM) for bank enforcement actions. According to OCC Bulletin 2023-16, the recently revised version of PPM 5310-3 replaces and rescinds a version issued in November 2018 (covered by InfoBytes here), and now includes “Appendix C: Actions Against Banks With Persistent Weaknesses” to provide increased transparency and clarity on how the OCC determines whether a bank has persistent weaknesses and how the agency considers what actions may be needed to address these issues. The OCC explained that “persistent weaknesses” may include “composite or management component ratings that are 3 or worse, or three or more weak or insufficient quality of risk management assessments, for more than three years; failure by the bank to adopt, implement, and adhere to all the corrective actions required by a formal enforcement action in a timely manner; or multiple enforcement actions against the bank executed or outstanding during a three-year period.”

    Possible actions taken against a bank that exhibits persistent weaknesses may include additional requirements and restrictions, such as requirements that a bank improve “composite or component ratings or quality of risk management assessments,” as well as restrictions on the bank’s growth, business activities, or payments of dividends. A bank may also be required “to take affirmative actions, including making or increasing investments targeted to aspects of its operations or acquiring or holding additional capital or liquidity.”

    “Should a bank fail to correct its persistent weaknesses in response to prior enforcement actions or other measures . . . the OCC will consider further action to require the bank to remediate the weaknesses,” the agency said. “Such action could require the bank to simplify or reduce its operations, including that the bank reduce its asset size, divest subsidiaries or business lines, or exit from one or more markets of operation.” PPM 5310-3 also incorporates additional clarifications and updates legal and regulatory citations.

    The same day, the OCC issued updates to its “Liquidity” booklet of the Comptroller’s Handbook used by examiners when assessing the quantity of a bank’s liquidity risk and the quality of its liquidity risk management. The booklet replaces an August 2021 version and reflects changes in regulations, makes clarifying edits, and addresses OCC issuances published since the last update.

    Bank Regulatory Federal Issues OCC Enforcement Supervision Comptroller's Handbook Examination Risk Management

Pages

Upcoming Events