Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On March 26, the CFPB announced several regulatory flexibility measures to help financial companies work with consumers affected by Covid-19. Specifically, the measures postpone certain industry data collections on Bureau-related rules. These include:
- HMDA. Quarterly information reporting by certain mortgage lenders as required under HMDA and Regulation C will not be expected during this time. However, entities should continue collecting and recording HMDA data in anticipation of making annual submissions. Entities will be provided information by the Bureau on when and how to commence new quarterly HMDA data submissions. (See statement here.)
- TILA. During this time, annual submissions required under TILA, Regulation Z, and Regulation E “concerning agreements between credit card issuers and institutions of higher education; quarterly submission of consumer credit card agreements; collection of certain credit card price and availability information; and submission of prepaid account agreements and related information” will not be expected. (See statement here.)
- Section 1071. A survey seeking information from financial institutions on the cost of compliance in connection with pending rulemaking on Section 1071 of the Dodd-Frank Act has been postponed. As previously covered by InfoBytes, under the terms of a stipulated settlement resolving a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071, the Bureau agreed to outline a proposal for collecting data and studying discrimination in small-business lending.
- PACE Financing. A survey of firms providing Property Assessed Clean Energy (PACE) financing to consumers for the purposes of implementing Section 307 of the Economic Growth, Regulatory Relief, and Consumer Protection Act has been postponed.
- Supervision and Enforcement. The Bureau’s policy statement provides “that it does not intend to cite in an examination or initiate an enforcement action against any entity for failure to submit to the Bureau” specified information related to credit card and prepaid accounts. However, the Bureau’s announcement advises entities to “maintain records sufficient to allow them to make delayed submissions pursuant to Bureau guidance.” With respect to operational challenges facing institutions due to Covid-19, the Bureau states that it will work with institutions when scheduling examinations and other supervisory activities to minimize disruption and burden. “[W]hen conducting examinations and other supervisory activities and in determining whether to take enforcement action, the Bureau will consider the circumstances that entities may face as a result of the [Covid-19] pandemic and will be sensitive to good-faith efforts demonstrably designed to assist consumers,” the announcement states.
Global technology companies testify before Senate Commerce Committee on need for federal consumer data privacy legislation
On September 26, the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “Examining Safeguards for Consumer Data Privacy” to discuss whether federal lawmakers should write a broad federal online privacy law in the wake of the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) of 2018, which was amended on September 23. Committee Chairman, Senator John Thune, noted that the September 26 hearing was the first in a series of hearings the Committee plans to hold to discuss consumer data privacy concerns. Testifying before the Committee were executives representing six global technology and telecommunications companies who all agreed that there is a need for federal consumer privacy safeguards that would give consumers more control over the way their data is used. The witnesses also supported the idea of engaging in further discussions with the Committee regarding the FTC’s enforcement powers under its current authority to determine whether the agency needs more resources and tools to carry out its responsibilities effectively. However, the witnesses cautioned that Congress needed to strike an appropriate balance between industry accountability and giving government agencies unchecked power. The witnesses also voiced their opposition to proposed legislation that would require businesses to notify consumers of data breaches within 72 hours of their discovery.
Among other things, the hearing also discussed topics addressing: (i) GDPR compliance burdens; (ii) the need for federal privacy laws to preempt the growing “patchwork” of inconsistent state laws; (iii) pitfalls of mandatory opt-in requirements for consumers; (iv) data use transparency and mandatory disclosures; and (v) efforts undertaken by companies to monitor violations of the Children’s Online Privacy Protection Act, particularly with respect to both in-house and third-party apps offered by the several of the witnesses’ companies.
On September 25, the CFPB released a report on the Bureau’s data governance program, including what data the Bureau collects, from where the data is sourced, and how the data is used and reused within the Bureau. The report emphasizes that data informs a large portion of the Bureau’s work, including rule writing, supervision, enforcement, consumer education, and market monitoring. The report details the more than 188 data collections from public sources, government agencies, commercial vendors, financial institutions, and consumers that the Bureau has undertaken to date. In connection with the report, the Bureau issued a request for information (RFI) seeking feedback on the Bureau’s data governance program and data use. Specifically, the RFI requests comments on, among other things, (i) the overall effectiveness and efficiency of the Bureau’s data collections; (ii) privacy issues related to the Bureau’s data collection practices; (iii) ways the Bureau should or should not reuse data collected for one purpose to inform other work; and (iv) ways the Bureau could make data reporting less burdensome. Comments must be received by December 27.
- Jonice Gray Tucker to moderate “Pandemic relief response and lasting impacts on access, credit, banking, and equality” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Sherry-Maria Safchuk to discuss UDAAP at an American Bar Association webinar
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference