Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 24, the U.S. District Court for the Eastern District of Virginia issued an order dismissing a suit seeking to overturn a rule that allows federally regulated credit unions to expand their business lending activities. The complaint, filed in September 2016, claimed the NCUA exceeded the plain language of its statutory authority by permitting such business lending activities The bank trade group further alleged that because credit unions are tax-exempt, they offer commercial loans at a lower price than the trade group’s community bank members, resulting in injury to those institutions. The court, however, stated that the bank trade group failed to prove its claim or show that injury was caused to its members. “Merely codifying an extant rule in part of a new regulation does not effectuate a reopening. If anything, this reflects the agency’s view that its earlier rule is ... settled to the point that it may serve as a foundation for further rule-making,” Judge Cacheris wrote.
On January 23, the Attorneys General of 16 states and the District of Columbia (the State Attorneys General) filed a motion requesting the permission of the D.C. Circuit to intervene in the CFPB’s petition for en banc reconsideration in PHH Corp. v. CFPB. In the motion, the State Attorneys General argue that they have a vital interest in the matter because the October 2016 panel decision subjecting the CFPB Director to “at will” removal by the President “threatens to undermine the ability of the State Attorneys General [to work with the CFPB] to bring effective civil enforcement and coordinated regulatory actions free from political influence and interference.”
Noting the possibility that President Trump may seek to remove CFPB Director Cordray before the petition for rehearing is resolved or refuse to pursue an appeal to the Supreme Court if the panel decision stands, the State Attorneys General raise the concern that “[t]he incoming administration … may not continue an effective defense of the statutory for-cause protection of the CFPB director.” Therefore, because “[a] significant probability exists that the pending petition for rehearing will be withdrawn, or the case otherwise rendered moot,” the State Attorneys General argue that the D.C. Circuit should allow them to intervene to protect their interests.
In addition to the District of Columbia, the motion was filed on behalf of the Attorneys General for the following states: Connecticut, Delaware, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Mississippi, New Mexico, New York, North Carolina, Oregon, Rhode Island, Vermont, and Washington. The filing of the motion was announced by Connecticut Attorney General George Jepsen, whose office prepared the initial draft.
On January 17, the New York Department of Financial Services (NYDFS) Superintendent Maria T. Vullo submitted a comment letter in stern opposition to the OCC proposal to create a new FinTech charter, stating that the proposed regulatory scheme is not authorized by federal law and would create a number of problems, including a serious risk of regulatory confusion and uncertainty. New York’s top financial regulator is of the opinion that “the OCC should not use technological advances as an excuse to attempt to usurp state laws.” More specifically, NYDFS’ contends, among other things, that: (i) state regulators are better equipped to regulate cash-intensive nonbank financial service companies; (ii) a national charter is likely to stifle rather than encourage innovation; (iii) the proposal could permit companies to engage in regulatory arbitrage and avoid state consumer protection laws; and (iv) a national charter would encourage large “too big to fail” institutions, permitting a small number of technology-savvy firms to dominate different types of financial services.
An interview of Superintendent Vullo discussing this topic may be accessed here.
On January 17, Secretary of the Pennsylvania Department of Banking and Securities, Robin L. Wiessmann, submitted a comment letter calling upon the OCC to give “more thoughtful deliberation about the intended and unintended consequences that will result from such an apparent departure from the OCC’s current policy and scope of supervision.” Specifically, Wiessman requested that the federal bank regulator address three concerns regarding: (i) the broad application and ambiguity of the term “fintech”; (ii) the need by the OCC to have an adequate regulatory scheme in place before approving charters; and (iii) the possible federal preemption of existing state consumer protection laws. The Secretary’s letter echoes many of the concerns raised in a recent comment letter submitted by the Conference of State Bank Supervisors (CSBS) “reiterating its opposition to the [OCC] proposal to issue a special charter for fintech companies.”
Pennsylvania’s Secretary of Banking and Securities, Robin L. Wiessmann, issued guidance to businesses engaged in money transmission to inform them of significant changes that will be required for their businesses as a result of amendments to the Money Transmission Business Licensing Law. Governor Tom Wolf signed the changes into law on November 3, 2016 (Act 129 of 2016) and the new law became effective on January 2, 2017.
On December 22, the Kentucky Department of Financial Institutions (the “Department”) issued a memorandum stating that master servicers and sub servicers are required to be licensed as mortgage loan companies under the Kentucky Mortgage Licensing and Regulation Act, unless they can document to the Department in writing that an exemption applies to them. The memorandum defines “master servicer” as “any entity or individual that owns the right to perform servicing of a mortgage loan. A master servicer typically reserves the legal right to either perform the servicing itself or to do so through a sub servicer.” The memorandum specifies that “[a] sub servicer does not own the right to perform mortgage servicing, but performs servicing on behalf of a master servicer, generally premised upon duties enumerated in a contract between the sub servicer and master servicer.” The licensing requirement is effective March 1, 2017.
On December 28, 2016, the New York Department of Financial Services (DFS) issued a revised version (Revised Proposed Rule) of its cybersecurity rule for financial institutions issued on September 13, 2016 (Proposed Rule). The revision came after DFS received more than 150 comments in response to the Proposed Rule, as well as a hearing before New York State lawmakers. The Revised Proposed Rule retains the spirit of the original Proposed Rule, but offers covered entities somewhat more flexibility in implementing the requirements.
The Proposed Rule marked the next step in a period of increased focus on cybersecurity by the agency. Between May 2014 and April 2015, DFS issued three reports relating to cybersecurity in the financial and insurance industries. In November 2015, DFS issued a letter to federal financial services regulatory agencies, which alerted the federal regulators to DFS’s proposed regulatory framework and invited comment from the regulators.
In the September release, DFS explained that the Proposed Rule is a response to the “ever-growing threat posed to information and financial systems by nation-states, terrorist organizations, and independent criminal actors.” As originally written, the Proposed Rule covered financial institutions operating under a charter or license issued by DFS, and set cybersecurity program, policy, training, and reporting requirements that are more stringent than the current federal requirements. The Proposed Rule gave a January 1, 2017 effective date, with a 180-day transitional period. Taking into consideration these concerns, on December 19, 2016, the New York State Assembly’s Standing Committee on Banks held a public hearing regarding cybersecurity and the Proposed Rule. Among the chief concerns expressed at the hearing and in the comment letters was the cost of compliance, especially for smaller banks, and that the Proposed Rule’s “one-size-fits-all” requirements do not consider the varying operational structures, business models, and risk profiles of financial institutions. There was also concern that the Proposed Rule was too different from the current federal requirements.
* * *
We will continue to monitor the DFS rulemaking process. If you have questions about the Revised Rule or other cybersecurity issues, visit our Privacy, Cyber Risk & Data Security practice for more information, or contact a Buckley Sandler attorney with whom you have worked in the past.
On December 19, the New York Assembly Standing Committee on Banks held a public hearing, receiving testimony about a recently proposed regulation intended to address cybersecurity risks to entities regulated by the New York Department of Financial Services (NYDFS). Previously covered by InfoBytes upon its initial release in September 2016, the proposed regulation has since been subject to a public comment period before final issuance.
The hearing before the NY State Assembly provided an opportunity for representatives from a variety of NYDFS-regulated entities to offer testimony and/or raise objections. Many of the witnesses cited the proposal’s “one-size-fits-all” approach as a source of concern, noting that the proposed regulation currently does not account for variations in the business models, IT system structures, or risk profiles of the institutions they affect. Other concerns raised by the witnesses included onerous reporting requirements, a lack of harmony between the proposal and federal regulations and guidance, high costs of compliance, and even reputational risk arising out of exposure through FOIA Laws. An archived video of the hearing can be accessed here.
Two days after the hearing in Albany, NYDFS indicated that it is now planning to release an updated version of the regulation on December 28—thereby pushing the effective date to March 1, 2017. InfoBytes will continue to monitor the status of the proposed regulation and will issue an update once NYDFS publishes its revised regulation.
N.Y. Attorney General's Office, SEC and FINRA Assess Penalties, Fines Against Securities Firm Over Dark Pool Access Disclosures
On December 16, N.Y. Attorney General Eric Schneiderman announced a $37 million settlement against a major securities firm following its joint investigation with the Securities and Exchange Commission (SEC) into allegedly false statements and omissions made by the firm in connection with the marketing of its electronic order routing services, known as its “Dark Pool Ranking Model.” As explained by Attorney General Schneiderman, “Electronic order routing systems that route investor orders to various markets, including dark pools, are a part of modern equities trading, and companies that promote their routing capabilities must do so truthfully.” As part of the agreement, the firm admitted that it misled investors and violated New York State and federal securities laws; its conduct was also censured by both regulators.
That same day, FINRA announced its decision to fine the same firm $3.25 million for failing to disclose accurate information to all clients about services and features of its alternative trading system (ATS). In Form ATS filings with the SEC, the firm represented that all ATS users would have “identical access” to the system’s services and features. However, FINRA found that some ATS users, including high-frequency traders, were provided with more information than others and received services not available to others. The firm settled without admitting or denying the charges.
On December 14 the New York State Department of Financial Services (NYDFS) announced the imposition of a $235 million fine against an Italian bank and its New York branch as part of a consent order addressing “significant violations of New York Bank Secrecy Act and anti-money laundering (BSA/AML) laws.” According to the consent order, a NYDFS investigation identified “compliance failures . . . arising from deficiencies in the implementation and oversight of the transaction monitoring system located at the New York Branch,” as well as “non-transparent practices to process payments on behalf of Iranian clients” and “shell company activity indicative of potentially suspicious transactions” and a general “breakdown in audit and management oversight.” The consent order findings stipulate that the wrongdoing dated back to 2002, but also acknowledge that the Bank made the decision to discontinue certain of its non-transparent practices in 2006. In addition to a civil monetary penalty, the consent order also requires that the bank continue to engage an independent consultant to help “remediate the identified shortcomings,” “audit the Bank’s transaction review efforts”, and submit a report of its findings, conclusions and recommendations within 60 days. Thereafter, the Bank must submit, in writing for NYDFS review, across-the-board enhancements to its internal control policies and procedures.
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium