Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On July 16, the U.S. Government Accountability Office (GAO) submitted a report to the ranking members of the Senate Banking Committee and the House Committee on Financial Services recommending that the CFPB improve communications to consumer reporting agencies (CRAs) and furnishers about the Bureau’s supervisory expectations. Specifically, the report—based on a CRA performance audit conducted by GAO from July 2018 to July 2019—presents two recommendations to the CFPB director on communicating expectations to CRAs concerning: (i) “reasonable procedures for assuring maximum possible accuracy of consumer report information;” and (ii) “reasonable investigations of consumer disputes.” According to the report, there are various causes for consumer report inaccuracies: errors in the data collected by CRAs and data not being matched to the correct consumer by CRAs. While the Bureau has “generally focused on assessing compliance with Fair Credit Reporting Act (FCRA) requirements,” GAO notes that the CFPB “has not defined its expectations for how CRAs can comply with key statutory requirements.” For instance, under the FCRA, CRAs must follow reasonable procedures for ensuring maximum possible accuracy and reasonably investigate consumer disputes. However, although the CFPB has identified deficiencies concerning these requirements in its CRA examinations, the Bureau “has not defined its expectations—such as by communicating information on appropriate practices—for how CRAs can comply with these requirements.” Therefore, GAO concluded, there exist opportunities for the Bureau to improve its oversight of CRAs. The CFPB neither agreed nor disagreed with GAO’s recommendations, and stressed that “it has made oversight of the consumer reporting market a top priority and that its supervisory reviews of CRAs have focused on evaluating their systems for assuring the accuracy of data used to prepare consumer reports.” The Bureau also commented on CRAs’ significant advances in promoting greater accuracy.
U.S. government watchdog studies fintech lending trends, recommends need for clarity on use of alternative data
In December, the Government Accountability Office (GAO) issued a report entitled “Financial Technology: Agencies Should Provide Clarification on Lenders’ Use of Alternative Data,” which addresses emerging issues in fintech lending due to rapid growth in loan volume and increasing partnerships between banks and fintech lenders. The report also addresses fintech lenders’ use of alternative data to supplement traditional data used in making credit decisions or to detect fraud. The report notes that many banks and fintech lenders would benefit from additional guidance to ease the regulatory uncertainty surrounding the use of alternative data, including compliance with fair lending and consumer protection laws. The report’s findings cover the following topics:
- Growth of fintech lending. GAO’s analysis discusses the growth of fintech lending and several possible driving factors, such as financial innovation; consumer and business demand; lower interest rates on outstanding debt; increased investor base; and competitive advantages resulting from differences in regulatory requirements when compared to traditional state- or federally chartered banks.
- Partnerships with federally regulated banks. The report addresses two broad categories of business models: bank partnership and direct lending. GAO reports that the most common structure is the bank partnership model, where fintech lenders evaluate loan applicants through technology-based credit models, which incorporate partner banks’ underwriting criteria and are originated using the bank’s charter as opposed to state lending licenses. The fintech lender may then purchase the loans from the banks and either hold the loan in portfolio, or sell in the secondary market.
- Regulatory concerns. GAO reports that the most significant regulatory challenges facing fintech lenders relate to (i) compliance with varying state regulations; (ii) litigation-related concerns including the “valid when made” doctrine and “true lender” issues; (iii) ability to obtain industrial loan company charters; and (iv) emerging federal initiatives such as the Office of the Comptroller of the Currency’s (OCC) special-purpose national bank charter, fragmented coordination among federal regulators, and the Consumer Financial Protection Bureau's (CFPB) “no-action letter” policy.
- Consumer protection issues. The report identifies several consumer protection concerns related to fintech lending, including issues related to transparency in small business lending; data accuracy and privacy, particularly with respect to the use of alternative data in underwriting; and the potential for high-cost loans due to lack of competitive pressure.
- Use of alternative data. The report discusses fintech lenders’ practice of using alternative data, such as on-time rent payments or a borrower’s alma mater and degree, to supplement traditional data when making credit decisions. GAO notes that while there are potential benefits to using alternative data—including expansion of credit access, improved pricing of products, faster credit decisions, and fraud prevention—there are also a number of identified risks, such as fair lending issues, transparency, data reliability, performance during economic downturns, and cybersecurity concerns.
The GAO concludes by recommending that U.S. federal financial regulators, including the CFPB, Federal Reserve Board of Governors, Federal Deposit Insurance Corporation, and the OCC communicate in writing with fintech lenders and their bank partners about the appropriate use of alternative data in the underwriting process. According to the report, all four agencies indicated their intent to take action to address the recommendations and outlined efforts to monitor the use of alternative data.
On May 8, the House voted to repeal, under the Congressional Review Act (CRA), CFPB Bulletin 2013-02 (Bulletin) on indirect auto lending and compliance with the Equal Credit Opportunity Act (ECOA). As previously covered by InfoBytes, the Senate approved the resolution on April 18 and the White House issued a Statement of Administrative Policy supporting the Senate resolution; it is expected that President Trump will sign the measure soon.
If the measure is successful, this would be the first time that Congress has used the CRA to repeal a regulatory issuance outside the statute’s general 60-day period. In December 2017, the Government Accountability Office (GAO) issued a letter to Senator Pat Toomey (R-Pa) stating that “the Bulletin is a general statement of policy and a rule” that is subject to override under the CRA, which allowed for the Senate to introduce the resolution measure years after the CFPB released the Bulletin.
On April 18, the Senate voted to strike down, under the Congressional Review Act, the CFPB’s Bulletin 2013-02 (Bulletin) on indirect auto lending and compliance with the Equal Credit Opportunity Act (ECOA). The vote follows a December 2017 letter issued by the Government Accountability Office (GAO) to Senator Pat Toomey (R-Pa) stating that the Bulletin is a “general statement of policy and a rule” that is subject to override under the Congressional Review Act (CRA). As previously covered by InfoBytes, GAO reasoned that the CRA’s definition of a “rule” includes both traditional rules, which typically require notice to the public and an opportunity to comment, and general statements of policy, which do not. GAO concluded that the Bulletin meets this definition “since it applies to all indirect auto lenders; it has future effect; and it is designed to prescribe the Bureau’s policy in enforcing fair lending laws.” The measure has been sent to the House and is expected to be voted on soon. On April 17, the White House issued a Statement of Administrative Policy which supported the Senate resolution nullifying the guidance, stating that if the resolution were to be presented to the president, his advisors would recommend he sign it. If the measure is successful, this would be the first time that Congress has used the CRA to repeal a regulatory issuance outside the statute’s general 60-day period.
On April 3, the U.S. Treasury Department released recommendations to the Federal Reserve Board, the FDIC, and the OCC (CRA regulators) on suggestions for modernizing the Community Reinvestment Act (CRA). As previously covered in a Buckley Sandler Special Alert, Treasury released a report last June indicating that the CRA should be modernized to better target statutory and regulatory responses to financial risks faced by U.S. consumers and ensure that the benefits of the CRA investments are aligned with the needs of the communities being served. Last month the Government Accountability Office (GAO) released a report recommending Treasury consider GAO’s findings when conducting its review. (See previous InfoBytes coverage here.)
The April memorandum of recommendations addresses findings from Treasury’s comprehensive assessment of the CRA framework and focuses on four key areas: assessment areas, examination clarity and flexibility, the examination process, and bank performance. Specifically, the recommendations include (i) updating the definitions of “geographic assessment areas to reflect the changing nature of banking arising from changing technology, customer behavior, and other factors”; (ii) improving the flexibility of the CRA examination process to increase clarity in examiner guidance and improve evaluation criteria to increase CRA rating determination transparency and effectiveness; (iii) addressing the timing and issuance of performance evaluations to increase banks’ accountability when planning CRA activity; and (iv) identifying performance incentives to encourage banks to meet the credit and deposit needs of their entire communities, including low- and moderate-income areas. The memorandum solicited input from stakeholders such as consumer advocacy groups, financial industry members, and the CRA regulators.
In March, the Government Accountability Office ("GAO") issued a report addressing aspects of the fintech marketplace, including the benefits and risks for consumers; current regulatory oversight and challenges; and recommendations for federal action. The report notes that fintech products – such as payments, lending, wealth management, and distributed ledger technologies, among others – generally produce benefits to consumers in the form of lower costs and easier access. Nonetheless, fintech innovation comes with associated risks as certain products may not be covered by existing consumer protection laws, and the extent to which fintech providers are subject to federal and state oversight varies. According to the GAO, fintech providers note that complying with the “fragmented” federal and state requirements is “costly and time consuming.” The report emphasizes the need for regulators to increase collaboration to address key concerns in the fintech market, such as financial account aggregation. The GAO also highlights the efforts other jurisdictions have taken to increase fintech innovation and recommends U.S. federal agencies consider successful foreign regulatory approaches, such as “regulatory sandboxes,” which allow fintech companies to offer products on a limited scale with certain regulatory relief.
Of note, Arizona recently became the first U.S. state to introduce a “regulatory sandbox” for fintech products marketed and sold to Arizona consumers. See InfoBytes summary here.
On March 16, the Government Accountability Office (GAO) released a report identifying incentives to encourage financial institutions to provide banking services and small-dollar consumer loans in lower- and middle-income (LMI) communities. The report—issued in response to concerns raised by a 2015 FDIC survey, which found that “unbanked” or “underbanked” households tended to be located in LMI communities—assessed services provided by financial institutions in these areas, reviewed how regulators performed Community Reinvestment Act (CRA) evaluations, and solicited input from stakeholders such as consumer advocacy groups and financial industry members.
Currently, CRA evaluation procedures do not consistently require an assessment of banks’ provision of retail banking services or small-dollar, non-mortgage consumer lending. Rather, banks are evaluated for these criteria typically only “if consumer lending is a substantial majority of the lending or a major product of the institution, which generally is not the case across all institution types.” According to GAO’s report, a June 2017 Treasury report (previously covered in a Buckley Sandler Special Alert), indicated that the CRA should be modernized to better target statutory and regulatory responses to financial risks faced by U.S. consumers. Treasury announced plans to review the CRA, but a timeline is yet to be released. Meanwhile, GAO recommended—and Treasury concurred—that Treasury should consider the findings in this report when conducting its review. GAO also proposed several incentives for financial institutions, including the following:
- modifying lending and service tests conducted as part of the CRA examination process to focus more on how institutions are offering basic banking services and small-dollar, non-mortgage loans;
- expanding the scope of areas and entities assessed as part of the CRA examinations to capture more types of institutions, including all bank affiliates and nonbanks; and
- providing clarifying guidance about the examination process.
On February 27, the U.S. Government Accountability Office (GAO) released a report of recommendations to financial regulators on actions to take related to the compliance burdens faced by certain small financial institutions. The report is the result of a study the GAO initiated with over 60 community banks and credit unions (collectively, “institutions”) regarding which financial regulations were viewed as the most burdensome. Among others, the report includes a recommendation to the CFPB that it should assess the effectiveness of its TILA/RESPA Integrated Disclosure Rule (TRID) guidance and take affirmative steps to address any issues that are necessary. In a response to the GAO that is included in the report, the CFPB Associate Director David Silberman said, “the Bureau agrees with this recommendation and commits to evaluating the effectiveness of its guidance and updating it as appropriate.” Among other recommendations, the GAO highlights the need for the CFPB to coordinate with the other financial regulators on their periodic Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) reviews.
In addition to the compliance concerns with TRID disclosures, the GAO reports that the institutions also consider the data reporting requirements under HMDA, and the transaction reporting and customer due diligence requirements of the Bank Secrecy Act and related anti-money laundering laws the most burdensome. The GAO includes specific recommendations to the other financial regulators to strengthen and streamline regulations through the EGRPRA process.
On February 26, the Government Accountability Office (GAO) released a report, which describes Bank Secrecy Act/anti-money laundering (BSA/AML) compliance challenges facing Southwest border banks, examines the impact “derisking” has had on banking services in this region, and evaluates responses by regulators to “derisking” concerns. “Derisking” is defined by GAO as “the practice of banks limiting certain services or ending their relationships with customers to, among other things, avoid perceived regulatory concerns about facilitating money laundering.” According to GAO, because the region has a high volume of cash and cross-border transactions, as well as a large number of foreign accountholders, banks are required to engage in more intensive and frequent monitoring and investigating to comply with BSA/AML requirements. Due to some Southwest border residents and businesses reporting challenges when trying to access banking services in the region, GAO was asked to undertake a review to determine if the access problems were due to “derisking” and branch closures.
Among other things, the report found that (i) the average number of suspicious activity reports filed in the region was two and a half times the number for high-risk counties outside the region; (ii) 80 percent of banks in the region terminated accounts due to risks related to BSA/AML; (iii) 80 percent limited or did not offer accounts to certain businesses considered high risk for money laundering and terrorist financing because those customers drew heightened BSA/AML regulatory oversight; and (iv) money-laundering risks were a more important driver of branch closures in the region than elsewhere. GAO discovered that BSA/AML regulatory concerns may be a factor in banks’ decisions to engage in “derisking” in the region, and that “the actions taken to address derisking by the federal bank regulators and the Financial Crimes Enforcement Network (FinCEN) and the retrospective reviews conducted on BSA/AML regulations have not fully considered or addressed these effects.” The account terminations and limitations, along with branch closures in the region, have raised concerns that the closures have “affected key businesses and local economies and . . . economic growth.”
GAO recommended that FinCEN, FDIC, Federal Reserve Board, and the OCC (the agencies) conduct a comprehensive review of their BSA/AML regulatory framework to assess how banks’ regulatory concerns may be affecting their decisions to provide banking services. It also recommended that the agencies jointly conduct a retrospective review of BSA/AML regulations and their implementation and revise BSA regulations as necessary to “ensure that BSA/AML regulatory objectives are being met in the most efficient and least burdensome way.”
On January 30, the Government Accountability Office (GAO) released its annual report on federal financial regulators’ compliance with the Regulatory Flexibility Act (RFA). Specifically, the report assessed whether certain regulators adhered to the RFA when drafting and implementing regulations that may affect small entities. Such regulators include the Federal Reserve, Commodity Futures Trading Commission, CFPB, FDIC, OCC, and SEC (collectively, the "agencies"). Under the RFA, the agencies must either (i) certify that a rule would not have a significant economic impact on a substantial number of small entities, or (ii) perform a regulatory flexibility analysis to assess the rule’s impact on small entities and “consider alternatives that may minimize any significant economic impact of the rule.” The report disclosed issues related to certifications. Examples included (i) providing incomplete disclosures of data sources or methodologies of economic analysis and impact; (ii) failing to provide definitions for criteria used to determine a “substantial number” or a “significant economic impact”; and (iii) relying on alternative and potentially outdated definitions of small entities. Additionally, GAO noted that many regulators were unable to provide supporting documentation for their analyses. GAO presented 10 recommendations for enhancing compliance procedures, and stressed that regulators should “develop and implement specific policies and procedures for consistently complying with RFA requirements and related guidance for conducting RFA analyses.” Specific recommendations for each agency are located here.
- Benjamin W. Hutten to discuss "BSA program reporting, management and board of directors responsibilities" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- H Joshua Kotin to discuss "Recent developments in fair lending and avoiding the pitfalls" at the Arkansas Community Bankers/Bankers Assurance 2019 Compliance Conference
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Valerie L. Hletko to discuss "Banking on guns ‘n drugs: Social policy meets financial services" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Katherine L. Halliday to discuss "UDAP, UDAAP & the Map rule compliance basics" at the Mortgage Bankers Association Regulatory Compliance Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss "Washington regulatory overview" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Jeffrey P. Naimon to discuss "Truth in lending" at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions" at the Institute of International Bankers Risk Management and Regulatory Examination/Compliance Seminar
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference