Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 29, OCC Senior Deputy Comptroller Grovetta Gardineer delivered remarks at the 2016 Association of Military Banks of America Workshop, emphasizing the significance of banks’ compliance with the Servicemember Civil Relief Act (SCRA) and the Military Lending Act (MLA). Although Gardineer noted that SCRA-related issues have decreased since making SCRA compliance an examination focus, she stressed that room for improvement remains. Gardineer advised banks to perform due diligence with third-party vendors, noting that banks “will be held accountable for failures” by their third-party vendors. Gardineer further cautioned that, in light of the new MLA requirements taking effect on October 3, banks must ensure that they properly identify military borrowers entitled to the MLA’s expanded coverage, which will include “nearly all consumer credit covered under the Truth in Lending Act.”
On July 29, the FDIC issued FIL-50-2016 to request comments on the agency’s proposed Guidance for Third-Party Lending, which aims to “set forth safety and soundness and consumer compliance measures FDIC-supervised institutions should follow when lending through a business relationship with a third party.” Pursuant to the proposed guidance, third-party lending would be defined as “a lending arrangement that relies on a third party to perform a significant aspect of the lending process.” Intended to supplement the FDIC’s 2008 Guidance for Managing Third-Party Risk, the proposed guidance seeks to establish specific expectations for third-party lending arrangements. FIL-50-2016 includes 10 questions related to (i) the proposed definition of third-party lending and the scope of the guidance; (ii) the potential risks arising from the use of third parties, with a particular emphasis on risks associated with third-party lending programs; (iii) the proposed expectations for establishing a third-party lending risk management program, including expectations around strategic planning policy development, risk assessment, due diligence and ongoing oversight, model risk management, vendor oversight, and contract structuring and review; (iv) supervisory considerations, including, but not limited to, credit underwriting and administration, loss recognition practices, and consumer compliance; and (v) the proposed examination procedures, which would establish “a 12-month examination cycle for institutions with significant third-party lending programs, including for those institutions that may otherwise qualify for an 18-month examination cycle.” Comments on the proposed guidance, with a particular emphasis on the questions posed in FIL-50-2016, are due by October 27, 2016.
On July 14, the CFPB ordered a Delaware-based national bank to pay a $10 million civil penalty to settle allegations that its overdraft fee practices were deceptive and violated Regulation E of the Electronic Fund Transfer Act because the bank allegedly charged consumers overdraft fees in connection with ATM and one-time debit card transactions without obtaining their affirmative consent. The CFPB alleges that the bank incentivized sales representatives of a third-party telemarketing vendor to market its overdraft service through “Opt-in Call Campaigns.” According to the consent order, vendor representatives deviated from sales scripts approved by the bank and provided consumers with incomplete, inaccurate, or misleading information to persuade them to enroll in the overdraft service. The CFPB alleges that the bank failed to properly monitor the vendor and detect “widespread problems” throughout the Opt-in Call Campaigns, including, but not limited to: (i) enrolling consumers in the bank’s overdraft program without their consent; (ii) falsely advertising the overdraft program as free, when in fact consumers were charged $35 per overdraft; (iii) misleading consumers into believing they would be charged overdraft fees regardless of whether or not they signed up for the program, or telling consumers they would face additional charges if they opted out of the program; and (iv) falsely claiming that the purpose of the call was “not a sales call” but rather to let consumers know that the bank had changed its name. In addition to imposing a $10 million civil penalty, the consent order requires the bank to, among other things, (i) validate that all consumers who were enrolled in the program through its vendor wish to remain in the program; (ii) stop using a vendor to conduct the marketing of its overdraft service; and (iii) develop and implement a new or revised written policy to govern vendor management for Service Providers engaged in telemarketing of consumer financial products or services.
On July 11, the OCC released its Semiannual Risk Perspective for Spring 2016, which generally provides an overview of supervisory concerns for the federal banking system and specifically presents data as of December 31, 2015 in the following areas: (i) operating environment; (ii) bank performance; (iii) key risk issues; and (iv) regulatory actions. Similar to the fall 2015 report, the current report identifies cybersecurity, third-party vendor management, business continuity planning, TRID, and BSA/AML compliance, among other things, as key areas of potential operational and compliance risk. Further, the report highlights the new Military Lending Act rule, effective October 3, 2016, as a new key potential risk. According to the report, the OCC’s supervisory priorities for the next twelve months will generally remain the same; moreover, the outlook for the OCC’s Large Bank Supervision and Midsize and Community Bank Supervision operating units will remain broadly similar.
CFPB Takes Action Against North Dakota Payment Processor for Alleged Unauthorized Withdrawal Practices
On June 6, the CFPB filed a complaint against a North Dakota-based third-party payment processor and two of its senior executives for alleged violations of the Dodd-Frank Act’s prohibition against unfair acts and practices. Acting on behalf of its clients, the payment processor transferred funds electronically through a network called the Automated Clearing House, and in the process, according to the CFPB, the payment processor “ignored numerous red flags about the transactions they were processing, including repeated consumer complaints, warnings about potential fraud or illegality raised by banks involved in the transactions, unusually high return rates, and state and federal law enforcement actions against their clients.” The CFPB contends that the defendants failed to: (i) heed warnings, including federal and state enforcement actions taken against the defendants’ clients, from banks and consumers regarding potential fraud or unauthorized debits; (ii) adequately monitor and respond to “enormously” high return rates; and (iii) investigate “red flags” throughout its clients’ application processes that “should have caused it to… perform enhanced due diligence prior to accepting a client for processing.” Regarding the individuals’ involvement in the allegedly unlawful activity, the CFPB’s complaint alleges that both engaged in unfair acts and practices by “actively ignoring” a number of red flags associated with the payment processor’s business activities. The CFPB’s complaint seeks monetary relief, injunctive relief, and penalties.
On June 15, the FTC will host its fourth Start with Security event in Chicago, Illinois. Featuring agency representatives Todd Kossow, Maureen Ohlhausen, Cora Han, Jim Trilling, Steve Wernikoff, and Andrea Arias, as well as security experts from various industries, the Start with Security event is intended to provide companies with tips for implementing effective data security. The event will host the following four panels: (i) Building a Security Culture; (ii) Integrating Security into the Development Pipeline; (iii) Considering Security when Working with Third Parties; and (iv) Recognizing and Addressing Network Security Challenges. A full day event, the panels “will address how companies can create and prioritize a culture of security, how to integrate security into the development pipeline, what security issues to consider when a company works with third parties, and how to recognize and address network security challenges.”
As recently noted in its 2015 Annual Highlights report, the FTC’s Start with Security efforts, including its June 2015 Guide for Business, are part of the agency’s education outreach programs designed to promote good data security practices within businesses.
The Conference of State Bank Supervisors (CSBS) and the Multi-State Mortgage Committee (MMC) issued a report to state regulators regarding its 2015 review of the supervisory structure around examination and risk assessment of non-bank mortgage loan servicers. Notable servicing examination findings outlined in the report include: (i) violations and deficiencies related to loan transfer activity, noting that a “significant portion of servicing examination findings are tied to the mortgage servicing requirements implemented into the [RESPA] and [TILA] in January of 2014”; (ii) ineffective oversight of sub-servicer activity and insufficient third party vendor management; and (iii) ineffective examination management procedures on the part of mortgage servicers, leading to delayed examination processes, as well as impeded regulatory oversight. The report further outlines origination examination findings, emphasizing RESPA violations related to Mortgage Servicing Agreements (MSAs) which typically include payments for promotional advertising services performed on behalf of the mortgage company. According to the MMC, MSA-related violations carry high risk. Additional MMC 2015 observations outlined in the report include, but are not limited to, the following: (i) state license engagement of third party providers overseen by federal regulators resulted in an increase of state/federal communications and information sharing, fostering a stronger regulatory framework; (ii) lapses in loan originator education may lead to significant deficiencies at the company level; (iii) whistleblower information provided to the MMC in 2015 played a large role in uncovering prohibited activity; and (iv) technological systems with incorrect programming continue to cause lenders to charge borrowers statutorily prohibited fees. Finally, the report briefly touches on the CSBS’ and the NMLS’s Mortgage Call Report Analytics Tool – designed to provide detailed information about the loan portfolio and financial condition of a company – and the State Coordinating Committee’s coordinated efforts with the CFPB to include the development of the Coordinated Examination Guidance tool, which is intended to provide “suggested best practices for coordinated examinations and a step-by-step listing of action items to be completed during a coordinated examination.”
On April 29, the FFIEC updated its IT Examination Handbook, revising its Retail Payment Systems booklet to include an Appendix E, Mobile Financial Services. The Retail Payment Systems booklet consists of guidance intended to help examiners evaluate financial institutions’ and third-party providers’ management of risks associated with retail payment systems. Appendix E is designed to address risk management associated with mobile financial services (MFS): “Appendix E contains guidance pertaining to [MFS] risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology or retail payment systems.” Appendix E outlines risk management practices for the following MFS technologies: (i) short message service/text messaging; (ii) mobile-enabled web sites and browsers; (iii) mobile applications; and (iv) wireless payment technologies. In addition to MFS technologies, Appendix E also addresses management strategies related to (i) risk identification; (ii) risk measurement; (iii) risk mitigation; and (iv) monitoring and reporting.
- Hank Asbill to discuss "Critique of direct examination; Questions and answers" at the American Bar Association Section of Litigation Anatomy of a Trial: Murder Trial of Ziang Sung Wan
- Hank Asbill to discuss "What judges want from trial lawyers" at the American Bar Association Section of Litigation Anatomy of a Trial: Murder Trial of Ziang Sung Wan
- Benjamin W. Hutten to discuss "Understanding OFAC sanctions" at a NAFCU webinar
- Warren W. Traiger to discuss "Key takeaways from proposed CRA modernization" at the New York Bankers Association Technology, Compliance & Risk Management Forum
- Garylene D. Javier to discuss "Navigating workplace culture in 2020" at the DC Bar Conference