Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 27, the Department of Education (DOE) announced final rules cracking down on deceptive practices affecting veterans and servicemembers and expanding college access to incarcerated students. (See DOE fact sheet here.) The final rules, among other things, (i) implement a change to the “90/10 rule” made by the American Rescue Plan in 2021, which closed a loophole in the Higher Education Act that previously incentivized some for-profit colleges to aggressively recruit veterans and servicemembers in order to receive more DOE funding (going forward, these institutions may no longer count money from veteran and service member benefits toward a 10 percent revenue requirement); (ii) expand access to DOE’s Second Chance Pell Experimental Sites Initiative to allow incarcerated individuals in nearly all states to participate; (iii) provide incarcerated individuals with access to the FSA’s Fresh Start initiative, which will help borrowers with defaulted loans access income-driven low monthly payments as well as with access to Pell Grants; and (iv) clarify requirements and processes for post-secondary institutions when changing ownership, which may require institutions to provide additional financial protection or impose other conditions to protect against risks arising from the transaction.
On October 25, the CFPB responded to a notice of supplemental authority filed by a credit reporting agency (CRA) in the U.S. District Court for the Northern District of Illinois, which sought to use a recent decision issued by the U.S. Court of Appeals for the Fifth Circuit as justification for the dismissal of a lawsuit against the CRA. In April, the Bureau sued the CRA, two of its subsidiaries, and a former senior executive (collectively, “defendants”) for allegedly violating a 2017 consent order in connection with alleged deceptive practices related to their marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. (Covered by InfoBytes here.) Following the 5th Circuit’s decision, in which a three-judge panel unanimously held in CFSA v. CFPB that the CFPB funding structure created by Congress violated the Appropriations Clause of the Constitution (covered by a Buckley Special Alert), the defendants filed a notice of supplemental authority on October 20, arguing that the suit must be dismissed and that the Bureau may not use unappropriated funds when prosecuting the suit. The defendants further contended that the 2017 consent order is invalid because the Bureau used unappropriated funds in its preparation.
The Bureau countered in its response that the 5th Circuit’s holding does not “make sense,” is “without support in law,” and does not help the defendants’ defense. According to the Bureau, “the court mustered no case from more than 230 years of constitutional history that has ever held that Congress violates the Appropriations Clause or separation of powers when it authorizes spending by statute, as it did for the Bureau.” Moreover, the Bureau argued that the appellate court’s contention that the CFPB’s funding was “impermissibly ‘double-insulated’ from congressional oversight” was incorrect because “Congress is fully capable of overseeing the Bureau’s spending, including because of several provisions in the Bureau’s statute that ensure its ability to supervise.” Adding that the court “should reject” the 5th Circuit’s analysis and “join every other court to address the issue—including the en banc D.C. Circuit—in upholding the Bureau’s statutory funding mechanism,” the agency further argued that even if the district court should disagree with this contention, it should still deny the defendants’ motion to dismiss because any alleged defect in the agency’s funding authorization “would not deprive the Bureau of the power to carry out the responsibilities given it by Congress to enforce the law.”
On October 27, the CFPB released a 71-page outline of proposals and alternatives under consideration related to the Bureau’s Dodd-Frank Section 1033 rulemaking efforts. The outline describes proposals under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” Emphasizing that “[c]lear data rights for consumers have the potential to give individuals more bargaining leverage,” the Bureau claimed that companies compiling vast amounts of personal data, including information about consumers’ use of financial products and services, are able to monopolize the use of this data, thereby blocking competition and stifling the development of competitors’ products and services.
Highlights from the outline include a series of discussion questions for small businesses and a list of topics, including:
- Data providers subject to the proposals under consideration. The proposals, if finalized, would impact data providers, including “depository and non-depository financial institutions that provide consumer funds-holding accounts or that otherwise meet the Regulation E definition of financial institution, as well as depository and non-depository institutions that provide credit cards or otherwise meet the Regulation Z definition of card issuer.” Notably, “a financial institution would be a covered provider if it issues an ‘access device’ (as the term is defined in Regulation E § 1005.2(a)(1)), such as a digital credential storage wallet, and provides EFT services, even if it does not hold consumer accounts.” Additionally, “a card issuer would be a covered data provider if it issues a ‘credit card’ (as the term is defined in Regulation Z § 1026.2(a)(15)(i)), such as by issuing digital credential storage wallets, even if it does not hold consumer credit accounts.” The outline also defines covered accounts and states the Bureau is considering potential exemptions for certain data providers.
- Recipients of information. To be considered an authorized third party under the proposals, a third party must: (i) provide an “authorization disclosure” informing consumers of key terms of access; (ii) obtain consumers’ informed, express consent to the key terms of access contained within the authorization disclosure; and (iii) certify to consumers that it will abide by certain obligations related to the collection, use, and retention of a consumer’s information. The Bureau is considering proposals that would address “a covered data provider’s obligation to make information available upon request directly to a consumer (direct access) and to authorized third parties (third-party access).”
- Types of information covered data providers would need to make available. The outline proposes six categories of information data providers would have to make available with respect to covered accounts, including (i) periodic statement information; (ii) information on certain types of prior transactions and deposits that have not-yet-settled; (iii) information regarding prior transactions not typically shown on periodic statements or online account portals; (iv) online banking transactions that have not yet occurred; (v) account identity information; and (vi) other information, such as consumer reports, fees, bonuses, discounts, incentives, and security breaches that exposed a consumer’s identity or financial information.
- Exceptions to the requirement to make information available. The outline provides four exceptions to the requirement for making information available: (i) confidential commercial information; (ii) information obtained to prevent fraud, money laundering, or other unlawful conduct; (iii) information that is required to be kept confidential; and (iv) information a “data provider cannot retrieve in the ordinary course of business.”
- How and when information would need to be made available. The outline states the Bureau is considering ways to define the methods and the circumstances in which a data provider would need to make information available with respect to both direct access and third-party access.
- Third party obligations. The Bureau is examining proposals to limit authorized third parties’ collection, use, and retention of consumer information to that which “is reasonably necessary to provide the product or service the consumer has requested.” This includes (i) limiting duration, frequency, and retention periods; (ii) providing consumers a simple way to revoke authorization; (iii) limiting a third party’s secondary use of consumer-authorized information; (iv) requiring third parties to implement data security standards and policies and procedures to ensure data accuracy and dispute resolution; and (v) requiring third parties to comply with certain disclosure obligations, including a mechanism for consumers to request information about the extent and purposes of a third party’s access to their data.
- Record retention obligations. Proposals under consideration would establish requirements for data providers and third parties to demonstrate compliance with their obligations under the rule.
- Implementation period. The Bureau is seeking feedback on time frames to ensure consumers are able to benefit from a final rule, while also considering implementation factors for data providers and third parties.
An appendix to the highlights provides examples of ways the proposals would apply to hypothetical transactions involving consumer-authorized data access to an authorized third party.
The Bureau’s rulemaking process will include panel convenings, as mandated under the Small Business Regulatory Enforcement Fairness Act of 1996, after which the panel will prepare a report for the Bureau to consider as it develops the proposed rule. “Dominant firms shouldn’t be able to hoard our personal data and appropriate the value to themselves,” CFPB Director Rohit Chopra said in announcing the rulemaking outline. Chopra further elaborated on the rulemaking’s purposes during an industry event earlier in the week (covered by InfoBytes here) where he said the Bureau plans to propose requiring financial institutions that offer deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts to set up secure methods for data sharing as a way to “facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping.”
On October 26, President Biden discussed guidance issued by the CFPB to help banks avoid charging illegal “junk fees” on deposit accounts. The Bureau’s Circular 2022-06 noted that overdraft fees can be considered an “unfair” practice and violate the Consumer Financial Protection Act (CFPA) even if such fees are in compliance with other laws and regulations. Specifically, the Circular noted that “overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair.” The guidance further stated that unanticipated overdraft fees are likely to impose substantial injury on consumers that they cannot reasonably avoid and that are not outweighed by countervailing benefits to consumers or competition. The Bureau’s compliance bulletin on surprise depositor fees explained that a returned deposited item is a check that a consumer deposits into their checking account that is returned to the consumer because the check could not be processed against the check originator’s account. The bulletin stated that “blanket policies of charging returned deposited item fees to consumers for all returned transactions irrespective of the circumstances or patterns of behavior on the account are likely unfair under the [CFPA].” The Bureau further explained that indiscriminately charging depositor fees, regardless of circumstances, are likely illegal and noted that the bulletin is intended to put regulated entities on notice regarding how the agency plans to exercise its enforcement and supervisory authorities in the context of deposit fees. The bulletin urged financial institutions to charge depositor fees only in situations where a depositor could have avoided the fee, such as when a depositor repeatedly deposits bad checks from the same originator. The Bureau emphasized the guidance as part of its Junk Fee Initiative, noting that since it launched the initiative in January 2022, the CFPB has taken action to constrain “pay-to-pay” fees (covered by InfoBytes here), and has announced an advance notice of proposed rulemaking soliciting information from credit card issuers, consumer groups, and the public regarding late payments, credit card late fees, and card issuers’ revenue and expenses (covered by InfoBytes here).
On October 25, the FDIC announced that approximately 96 percent of U.S. households had a depository institution account in 2021, according to the FDIC’s 2021 National Survey of Unbanked and Underbanked Households. According to the biennial survey, an estimated 4.5 percent of U.S. households (representing 5.9 million households) lacked a bank or credit union account, the lowest national unbanked rate since the FDIC survey began in 2009. The survey also found that approximately 1.2 million more households were banked since 2019. Nearly half of newly banked households that received government payments said these payments contributed to their decision to open an insured bank or credit union account. The survey also found that while unbanked rates were higher among some racial and ethnic minority groups, the gaps had shrunk since 2019, with the unbanked rate falling by 2.5 percentage points for Black households, 2.9 points for Hispanic households and 9.4 points for Native American and Alaska Native households, compared with a 0.4 point decrease for white households. According to the FDIC, other key findings include that: (i) 4.5 percent of U.S. households were “unbanked” in 2021; (ii) 2.1 percent of White households were unbanked, compared with 11.3 percent of Black households and 9.3 percent of Hispanic households; (iii) mobile banking use increased sharply among banked households between 2017 (15.1 percent) and 2021 (43.5 percent); (iv) 21.7 percent of unbanked households cited “don’t have enough money to meet minimum balance” as the main reason for not having an account; and (v) the use of some nonbank financial transaction services, such as check cashing, and nonbank credit products, including payday or pawn shop loans, continue to decrease. The FDIC noted that its #GetBanked (covered by InfoBytes here) was a way to inform consumers about how to open a bank account online and to facilitate the safe and timely distribution of Economic Impact Payments through direct deposit. The FDIC requested that community groups and government agencies “join the movement and help bring more people into the banking system.”
On October 25, the FDIC issued FIL-49-2022 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Illinois affected by severe storms and flooding from July 25-28. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and suggested that institutions work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements.
On October 21, the U.S. Court of Appeals for the Eighth Circuit issued an order granting an emergency motion filed by state attorneys general from Nebraska, Missouri, Arkansas, Iowa, Kansas, and South Carolina to temporarily prohibit the Biden administration from discharging any federal loans under its student debt relief plan (announced in August and covered by InfoBytes here). The states’ motion requested an administrative stay prohibiting President Biden from discharging any student loan debt under the cancellation plan until the appellate court issues a decision on the states’ motion for an injunction pending an appeal. The order follows an October 20 ruling issued by the U.S. District Court for the Eastern District of Missouri, which dismissed the states’ action for lack of Article III standing after concluding that the states—which attempted “to assert a threat of imminent harm in the form of lost tax revenue in the future”— failed to establish imminent and non-speculative harm sufficient to confer standing. “It should be emphasized that ‘standing in no way depends upon the merits of the Plaintiff[s’] contention that the particular conduct is illegal,’” the district court said. “While Plaintiffs present important and significant challenges to the debt relief plan, the current Plaintiffs are unable to proceed to the resolution of these challenges.” The 8th Circuit ordered an expedited briefing schedule on the states’ motion for an injunction pending appeal, which required both parties to file responses the same week the order was issued.
On October 24, FHFA published a new Uniform Appraisal Dataset (UAD) Aggregate Statistics Data File, along with dashboards that provide visualizations of the newly available data related to home valuations. According to the press release, the UAD data file and dashboards provide stakeholders and the public access to a broad set of data points and trends found in appraisal reports that may be grouped by neighborhood characteristics and geographic levels. The data was compiled from 47.3 million UAD appraisal records collected from 2013 through the second quarter of 2022 on single-family properties. “As home valuations are a vital component of the mortgage process, publishing transparent, aggregate data on appraisals provides useful information to the public while protecting borrowers’ personally identifiable information,” FHFA Director Sandra L. Thompson said. “Today’s announcement exemplifies our commitment to the development of a more efficient and equitable valuation system that ultimately reduces appraisal bias.”
On October 24, FHFA announced the elimination of upfront fees for certain first-time homebuyers, low-income borrowers, and underserved communities as part of the agency’s ongoing review of Fannie Mae and Freddie Mac’s (GSEs) pricing framework. Specifically, upfront fees are eliminated for (i) first-time homebuyers who are at or below 100 percent of area median income (AMI) in most of the U.S. and below 120 percent of AMI in high-cost areas; (ii) HomeReady and Home Possible loans under the GSEs’ affordable mortgage programs; (iii) HFA Advantage and HFA Preferred loans; and (iv) single-family loans supporting the Duty to Serve program. These changes “will result in savings for approximately 1 in 5 borrowers of the [GSEs’] recent mortgage acquisitions,” FHFA Director Sandra L. Thompson said in the announcement, noting that the agency is working with the GSEs and will announce an implementation date shortly. The pricing updates also include targeted increases to upfront fees for most cash-out refinance loans. Implementation of these fees will start February 1, 2023, in order to minimize market and pipeline disruption.
On October 25, CFPB Director Rohit Chopra spoke before an industry event where he announced that the Bureau will soon release a discussion guide for small businesses to further the agency’s Section 1033 rulemaking efforts with respect to consumer access to financial records. As announced in the Bureau’s Spring 2022 rulemaking agenda, Section 1033 of Dodd-Frank provides that, subject to Bureau rulemaking, covered entities such as banks must make certain product or service information, including transaction data, available to consumers. The Bureau is required to prescribe standards for promoting the development and use of standardized formats for information made available to consumers under Section 1033. In 2020, the Bureau issued an advanced notice of proposed rulemaking seeking comments to assist in developing the regulations (covered by InfoBytes here).
Chopra explained that, before issuing a proposed rule, the Bureau must first convene a panel of small businesses that represent their markets to solicit input on proposals the CFPB is considering. Chopra said the Bureau plans to “hear from small banks and financial companies who will be providers of data, as well as the small banks and financial companies who will ingest the data,” and will also gather input from intermediary data brokers that facilitate data transfers (“fourth parties”). He noted that a report will be published in the first quarter of 2023 based on comments received during the process, which will be used to inform a proposed rule that is slated to be issued later in 2023. Chopra said the Bureau hopes to finalize the rule in 2024, stating “[w]hile not explicitly an open banking or open finance rule, the rule will move us closer to it, by obligating financial institutions to share consumer data upon consumer request, empowering people to break up with banks that provide bad service, and unleashing more market competition.”
Chopra also expressed plans to propose requiring financial institutions that offer deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts to set up secure methods for data sharing. He stressed that doing so would “facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping.” He further noted that the Bureau is planning to assess ways to prevent incumbent institutions from improperly restricting access when consumers try to control and share their data, including by developing requirements for limiting misuse and abuse of personal financial data, fraud, and scams. Chopra said staff has been directed to consider alternatives to the “notice-and-opt out” regime that has been the standard for financial data privacy and to explore safeguards to prevent excessive control or monopolization by one or a handful of firms.