InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB updates FCRA exam procedures
On February 11, the CFPB issued updates to its Supervision and Examination Manual to include requirements of the FCRA created by the Economic Growth, Regulatory Relief, and Consumer Protection Act. The updates apply to the examination procedures covering consumer reporting, larger participants, and education loans, and aim to reduce instances of consumer compliance law violations by companies that provide consumer financial products and services. According to the CFPB, the larger participants examination procedures provide guidance to examiners covering a number of areas including, among other things, (i) “accuracy of information and furnisher relations”; (ii) “contents of consumer reports”; (iii) “consumer inquiries, complaints, and disputes and the reinvestigation process”; (vi) “consumer alerts and identity theft provisions”; and (v) “other products and services and risks to consumers.” The Bureau’s guidance to examiners on education loan exam procedures concentrates on servicing and origination. Some of the topics included are: (i) “advertising, marketing, and lead generation”; (ii) “customer application, qualification, loan origination, and disbursement”; (iii) “student loan servicing”; (iv) “borrower inquiries and complaints”; and (v) “information sharing and privacy.”
FDIC introduces deposit insurance application for nonbanks
On February 10, the FDIC issued FIL-8-2020, which incorporates Procedures for Deposit Insurance Applications from Applicants that are Not Traditional Community Banks into its Deposit Insurance Application Procedures Manual (manual). In addition to the updating the manual, the agency also issued a handbook, entitled Applying for Deposit Insurance – A Handbook for Organizers of De Novo Institutions (handbook), advising that the updated manual together with the handbook provide comprehensive instructions for completing deposit insurance applications. According to the letter, the updated manual and the handbook contain mostly “technical edits and clarifications” and are meant to “provide transparency and clarity” for applicants. The letter also supplies the definitions of “non-bank” and “non-community bank.”
FinCEN focuses on securities industry BSA/AML information sharing
On February 6, Financial Crimes Enforcement Network (FinCEN) Deputy Director Jamal El-Hindi delivered remarks at the Securities Industry and Financial Markets Association’s 20th Anti-Money Laundering (AML) and Financial Crimes Conference discussing, among other things, the agency’s focus on the Bank Secrecy Act (BSA). Specifically, El-Hindi stressed the importance of information sharing in the BSA context, remarking that the financial sector is “in an evolutionary state” dealing with “new technologies and new payment systems, such as those that involve virtual currency.” He asserted that innovators in the development of cryptocurrencies and messaging systems “cannot turn a blind eye to illicit transactions that they may be fostering,” and noted that FinCEN will regulate these emerging systems in accordance with existing principles that underlie the BSA and AML rules and regulations for the financial sector. El-Hindi encouraged the securities industry to share information, observing that only 14 percent of eligible securities companies are registered to take part in the 314(b) business-to-business information sharing program. He suggested that the industry needs better communication and cooperation to increase the effectiveness of BSA information collection. El-Hindi also discussed how cooperation has helped FinCEN’s cross-agency coordination and enhanced the agency’s rulemaking and guidance—specifically in the establishment of the Customer Due Diligence and Beneficial Ownership rule, but recognized that the lack of information collected regarding the formation of new corporations can frustrate the agency’s risk assessment abilities. To motivate information sharing, El-Hindi emphasized the importance of BSA information financial companies collect, sharing that SARs filings by securities companies have “increased roughly eight-fold” from 2003 to 2019, and that data provided from BSA filings is used frequently by law enforcement and regulators to inform their investigations and examinations and to “identify trends and focus resources.”
Treasury announces anti-terrorist financing plan
On February 6, the U.S. Treasury Department announced the 2020 National Strategy for Combating Terrorist and Other Illicit Financing. The report provides an overview of the anti-money laundering/countering the financing of terrorism (AML/CFT) program in the U.S. and details how the program can be updated to be more efficient and effective. Among other things, the report covers the most noteworthy threats to the financial system such as fraud, drug trafficking, and human trafficking, and highlights that one of the greatest vulnerabilities to the U.S. financial system is a failure to collect beneficial ownership information when new companies are formed or when company ownership changes. The report also focuses on ways to make the AML/CFT framework stronger, including through increased transparency and improved financial institution regulation and supervision. Additionally, the report advocates boosting the AML/CFT operational framework through the use of technologies, expanded data analytics, increased information sharing, and promotion of worldwide standards.
Kraninger testifies at House hearing; final payday rule expected in April
On February 6, CFPB Director Kathy Kraninger testified at a House Financial Services Committee hearing on the CFPB’s Semi-Annual Report to Congress. (Covered by InfoBytes here.) The hearing covered the semi-annual report to Congress on the Bureau’s work from April 1, 2019, through September 30, 2019. In her opening remarks, Committee Chairwoman Maxine Waters argued, among other things, that the Bureau’s recent policy statement on the “abusiveness” standard in supervision and enforcement matters “undercuts” Dodd-Frank’s prohibition on unfair, deceptive, or abusive acts or practices. Waters also challenged Kraninger on her support for the joint notice of proposed rulemaking issued by the OCC and FDIC to strengthen and modernize Community Reinvestment Act regulations (covered by a Buckley Special Alert), arguing that the proposal would lead to disinvestment in communities, while emphasizing that Kraninger’s actions have not demonstrated the Bureau’s responsibility to meaningfully protect consumers. However, in her opening statement and written testimony, Kraninger highlighted several actions recently taken by the Bureau to protect consumers, and emphasized the Bureau’s commitment to preventing harm by “building a culture of compliance throughout the financial system while supporting free and competitive markets that provide for informed consumer choice.”
Additional highlights of Kraninger’s testimony include:
- Memoranda of Understanding (MOU) with the Department of Education (Department). Kraninger discussed the recently announced information sharing agreement (covered by InfoBytes here) between the Bureau and the Department, intended to protect student borrowers by clarifying the roles and responsibilities for each agency and permitting the sharing of student loan complaint data analysis, recommendations, and data analytic tools. Kraninger stated that the MOU will give the Department the same near real-time access to the Bureau’s complaint database enjoyed by other government partners, and also told the Committee that the Bureau and Department are currently discussing a second supervisory MOU.
- Payday, Vehicle Title, and Certain High-Cost Installment Loans. Kraninger told the Committee that a rewrite of the payday lending rule—which will eliminate requirements for lenders to assess a borrower’s ability to repay loans—is expected in April. (Covered by InfoBytes here.) Kraninger noted that the Bureau is currently reviewing an “extensive number of comments” and plans to address a petition on the rule’s payments provision. “[F]inancial institutions have argued that there were some products pulled into that that were, you know, unintended,” she stated. “[W]orking through all of that and. . .moving forward in a way that is transparent in. . .April is what I am planning to do.”
- Ability-to-Repay and Qualified Mortgages (QM). Kraninger discussed the Bureau’s advanced notice of proposed rulemaking that would modify the QM Rule by moving away from the 43 percent debt to income ratio requirement and adopt an alternative such as a pricing threshold to ensure responsible, affordable mortgage credit is available to consumers. (Covered by InfoBytes here.) She stated that the Bureau would welcome legislation from Congress in this area.
- Supervision and Enforcement. Kraninger repeatedly emphasized that supervision is an important tool for the Bureau, and stated in her written testimony that during the reporting period discussed, “the Bureau’s Fair Lending Supervision program initiated 16 supervisory events at financial services institutions under the Bureau’s jurisdiction to determine compliance with federal laws intended to ensure the fair, equitable, and nondiscriminatory access to credit for both individuals and communities, including the Equal Credit Opportunity Act [] and HMDA.” In addition to discussing recent enforcement actions, Kraninger also highlighted three innovation policies: the Trial Disclosure Program Policy, No-Action Letter Policy, and the Compliance Assistance Sandbox Policy. (Covered by InfoBytes here.)
- Military Lending Act (MLA). Kraninger reiterated her position that she does not believe Dodd-Frank gives the Bureau the authority to supervise financial institutions for military lending compliance, and repeated her request for Congress to grant the Bureau clear authority to do so. (Covered by InfoBytes here.) Congressman Barr (R-KY) noted that while he introduced H.R. 442 last month in response to Kraninger’s request, the majority has denied the mark up.
- UDAAP. Kraninger fielded a number of questions on the Bureau’s recent abusiveness policy statement. (Covered by InfoBytes here.) Several Democrats told Kraninger the new policy will put unnecessary constraints on the Bureau’s enforcement powers, while some Republicans said the policy fails to define what constitutes an abusive act or practice. Kraninger informed the Committee that the policy statement is intended to “clarify abusiveness and separate it from deceptive and unfairness because Congress explicitly gave us those three authorities.” Kraninger reiterated that the Bureau will seek monetary relief only when the entity has failed to make a good faith effort to comply, and that “[r]estitution for consumers will be the priority in these cases.” She further emphasized that “in no way should that policy be read to say that we would not bring abusiveness claims.” Congresswoman Maloney (D-NY) argued, however, that a 2016 fine issued against a national bank for allegedly unfair and abusive conduct tied to the bank’s incentive compensation sales practices “would have been substantially lower if the [B]ureau hadn’t charged [the bank] with abus[ive] conduct also.” Kraninger replied that the Bureau could have gotten “the same amount of restitution and other penalties associated with unfairness alone.”
- Constitutionality Challenge. Kraninger reiterated that while she agrees with Seila Law on the Bureau’s single-director leadership structure, she differs on how the matter should be resolved. “Congress obviously provided a clear mission for this agency but there are some questions around. . .this and I want the uncertainty to be resolved,” Kraninger testified. “Congress will have the opportunity to make any changes or respond to that and I think that’s appropriate,” she continued. “I would very much like to see a resolution on this question because it has hampered the CFPB’s ability to carry out its mission, virtually since its inception.” (Continuing InfoBytes coverage on Seila Law LLC v. CFPB here.)
Fed, OCC issue 2020 stress test, capital adequacy scenarios
On February 6, the Federal Reserve Board (Fed) released the hypothetical scenarios banks and supervisors will use to conduct the 2020 Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act stress tests exercises for large bank holding companies and large U.S. operations of foreign firms. This year’s stress tests will evaluate 34 large banks with more than $100 billion in total assets to ensure that these banks have adequate capital and processes to continue lending to households and businesses, even during a severe recession. Both scenarios—baseline and severely adverse—include 28 variables that cover domestic and international economic activity. In addition, banks with large trading operations must also factor in a global market shock component as part of their scenarios. Capital plan and stress testing submissions are due by April 6. The Fed noted that it “continues to work toward having the stress capital buffer in place for this year’s stress tests,” and that “[t]he release of these hypothetical scenarios does not affect that separate rulemaking process.”
In related news, on February 6 the OCC also released its own stress testing scenarios for OCC-supervised institutions.
Representatives hold hearing on “rent-a-bank” schemes
On February 5, the House Financial Services Committee held a hearing titled “Rent-A-Bank Schemes and New Debt Traps: Assessing Efforts to Evade State Consumer Protections and Interest Rate Caps” to discuss policies relating to state interest rate caps and permissible interest rates on small dollar loans such as payday and car-title loans. As previously covered by a Buckley Special Alert, in November, the OCC and the FDIC proposed rules meant to override the 2015 Madden v. Midland funding decision from the U.S. Court of Appeals for the Second Circuit, and reinforce that when a national bank or savings association, or state chartered bank, transfers a loan, the permissible interest rate after the transfer is the same as it was prior to the transfer. In January, however, a group of attorneys general from 21 states and the District of Columbia submitted a comment letter to the OCC claiming the proposed rule would encourage predatory lending through “rent-a-bank schemes.” (Covered by InfoBytes here.) During the hearing, Committee Chairwoman Maxine Waters (D-CA), expressed concern that the two agency proposals would harm consumers by allowing non-banks to partner with banks and enable non-bank lenders to “peddle harmful short-term, triple-digit interest rate loans.” Representative Rashida Tlaib (D-MI) echoed that concern when she suggested that “rent-a-bank” schemes allow non-banks to dodge state interest rate laws. Many Republicans had views differing from those expressed by Tlaib and Waters. North Carolina Representative Patrick McHenry remarked that the proposals from the OCC and the FDIC merely formalized the “valid when made” rule that had been in use for over a century. At the hearing, HR 5050, which would cap federal interest rates on certain small loans at 36 percent, was also discussed, with several Democrats stressing that the cap may negatively affect credit availability to some consumers.
CFPB issues semi-annual report to Congress
On February 3, the CFPB issued its semi-annual report to Congress covering the Bureau’s work from April 1, 2019, through September 30, 2019. The report, which is required by the Dodd-Frank Act, addresses, among other things, problems faced by consumers with regard to consumer financial products or services; significant rules and orders adopted by the Bureau; and various supervisory and enforcement actions taken by the Bureau. In her opening letter, Director Kathy Kraninger reported that she has focused, “whenever appropriate and possible” on two areas: (i) encouraging saving, by establishing a program called “Start Small, Save Up”; and (ii) unleashing innovation by reducing regulatory constraints and revising innovation policies and promoting cooperation between state and federal regulators, as demonstrated with the launch of the American Consumer Financial Innovation Network last year.
Among other things, the report highlights credit scores, credit reporting, and the consumer credit card market as areas in which consumers face significant problems. The report notes that credit reports and credit scores greatly affect credit available to consumers. With respect to the availability of general purpose credit cards the report cites Bureau findings that in 2018, consumers with high credit scores had an 83 percent approval rate, whereas consumers with subprime credit scores had only a 17 percent approval rate. In addition to these areas of focus, the report notes the issuance of one significant final rule—Payday, Vehicle Title, and Certain High-Cost Installment Loans; Delay of Compliance Date; Correction Amendments—last year. (Covered by InfoBytes here.) Several less significant rules were also finalized, including (i) Technical Specifications for Submissions to the Prepaid Account Agreements Database; (ii) Availability of Funds and Collection of Checks (Regulation CC); and (iii) Home Mortgage Disclosure (Regulation C)–2019 Final Rule.
SEC reports cybersecurity and resiliency observations
On January 27, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of a report entitled Cybersecurity and Resiliency Observations, compiled from an assessment of prior examinations. The report provides best practices for regulated entities to increase readiness and awareness related to cybersecurity. Echoing themes from the OCIE’s risk-based exam priorities, previously covered by InfoBytes here, the report also emphasizes risk management. Some of the highlights of the report include:
- Governance and Risk Management. OCIE lists senior level engagement as an important factor in an effective cybersecurity program. Also important is a thorough program risk assessment as well as the application of policies and procedures based on the assessment. Additionally, the cybersecurity program should continuously evolve, and provide for constant testing and monitoring.
- Access Rights and Controls. OCIE emphasizes the need for controls to limit access to certain data only to authorized users. Organizations should set out policies and procedures to monitor for unauthorized users, require periodic password changes for users, and review systems for changes that are not approved.
- Data Loss Prevention. Many firms protect sensitive data by using vulnerability scanning as well as perimeter security to monitor network traffic. Firms may utilize technology that can monitor for and detect network threats and insider threats. Also, encrypting data as it moves into and out of the network, and segmenting data for use only by authorized systems are key data loss prevention measures.
- Mobile Security. Firms that use mobile devices and applications may require enhanced security policies including the use of multi-factor authentication, limiting firm information that can be extracted from devices, and enabling the firm to remotely clear content when devices are lost or stolen. Training is also an important practice.
- Incidence Response and Resiliency. Effective risk-based incident response plans developed by firms focus on detection and corrective actions. The plans include business continuity as well as regular testing and reassessment of the plan.
- Vendor Management. OCIE promotes proper due diligence of vendors as well as effective management of vendors including monitoring and testing to ensure security requirements are continually met.
- Training and Awareness. OCIE notes that many firms incorporate effective policies and procedures into training, periodically re-evaluate training programs, and ensure employee participation.
CFPB updates HMDA Small Entity Compliance Guide
On January 24, the CFPB published the HMDA Small Entity Compliance Guide with updates to integrate the HMDA final rule issued in October. According to the guide, HMDA rule changes include (i) the types of institutions and transactions that are subject to Regulation C; (ii) the information that institutions must collect and report; and (iii) the process for reporting the information. As previously covered in InfoBytes, some institutions are exempt from the information collection and reporting requirements. Additionally, the guide notes that effective January 1, 2022, the rule “reduces the loan-volume threshold for covered open-end lines of credit to 100 covered open-end lines of credit in each of the two preceding calendar years” from the temporary threshold of 500 lines, previously covered here. It also clarifies and expands the categories of excluded transactions.