Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 17, HUD issued Mortgagee Letter 2021-27, which provides updates on appraisal fair housing compliance and general appraiser requirements. According to HUD, the letter clarifies FHA’s existing requirements for appraisers and mortgagees on compliance with fair housing laws related to appraisal of properties that will serve as security for FHA-insured mortgages, and applies to all FHA Single Family Title II Forward and Reverse Mortgage Programs. Among other things, the changes include: (i) revising the Appraisers Post-Approval Requirements section to emphasize compliance with applicable laws, including the Fair Housing Act and all other federal, state, and local antidiscrimination laws; (ii) clarifying language in the Quality of Appraisal section to emphasize the requirement that mortgagees ensure the appraisal complies with applicable laws, including the Fair Housing Act and other federal, state, and local antidiscrimination laws; and (iii) restructuring a section of the General Appraiser Requirements into subsections, which clarifies guidance to the nondiscrimination policy and compliance with FHA guidelines and appraiser conduct. The mortgagee letter is effective immediately.
On November 18, the CFPB issued a reminder that “debt collectors who adopt and follow certain procedures can obtain a bona fide error defense from civil liability for unintentional violations of the prohibition against third-party communications when communicating by email or text message,” as determined by the Bureau’s debt collection rule. As previously covered by InfoBytes, in October 2020 the CFPB issued its final rule amending Regulation F, which implements the FDCPA, addressing debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. The reminder emphasizes that for text message communications, a provision in the rule includes utilizing a “complete and accurate database” to ensure that a consumer’s telephone number has not been re-assigned. Additionally, the reminder notes that the rule’s commentary identifies the FCC’s Reassigned Numbers Database as a “complete and accurate database,” which the FCC has published.
On November 18, the FDIC, Federal Reserve Board, and the OCC issued a final rule intended to enhance information sharing about cyber incidents that may affect the U.S. banking system. The final rule, among other things, requires a banking organization to timely notify its primary federal regulator in the event of a significant computer-security incident within 36 hours after the banking organization determines that a cyber incident has taken place. The final rule notes that notification is required for incidents that have affected, in certain circumstances: (i) the viability of a banking organization’s operations; (ii) its ability to deliver banking products and services; or (iii) the stability of the financial sector. Additionally, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially dispute or degrade, a banking organization’s customers for four or more hours. The final rule further provides that the notification requirement for bank service providers is important since “banking organizations have become increasingly reliant on third parties to provide essential services,” which may also experience computer-security incidents that could affect the support services they provide to banking organization customers, along with other significant impacts. The rule is effective April 1, 2022, and banking organizations are expected to comply with the final rule by May 1, 2022.
On November 16, acting Comptroller of the Currency Michael J. Hsu told attendees at the Federal Reserve Bank of Philadelphia’s Fifth Annual Fintech Conference that the federal banking agencies are “approaching crypto activities very carefully and with a high degree of caution” and “expect banks to do the same.” Hsu pointed out what while changes to the financial regulatory perimeter generally occur as a response to crises and failures, regulatory agencies need to take proactive modernization measures given the astounding growth and expansion of fintechs and cryptocurrencies. Hsu highlighted several important questions that agencies must consider, including whether fintech and crypto firms will start to function like banks and whether bringing them into the bank regulatory perimeter would be the proper solution. He also stated that regulatory agencies must consider whether the risks faced by banks and fintech/crypto firms are the same and, subsequently, whether agencies need to modernize or maintain their status quo. Hsu focused on two specific areas of concern: (i) synthetic banking, or fintechs, operating outside the bank regulatory perimeter but that offer a range of services, including extending various forms of credit and offering interest on cash held in accounts (emphasizing the importance of fintech-bank partnerships); and (ii) the fragmented supervision of universal crypto firms, where Hsu asserted that gaps in supervision are driven by the fact that crypto firms are not subject to comprehensive consolidated supervision.
Hsu announced that the agencies will soon issue a statement conveying results from a recent interagency “crypto sprint,” and that the OCC will also provide clarity on its recently concluded review of crypto-related interpretive letters. Hsu explained that “safety and soundness is paramount” when banks engage in crypto activities and that the agencies’ clarifications “should not be interpreted as a green light or a solid red light, but rather as reflective of a disciplined, deliberative, and diligent approach to a novel and risky area.”
On November 16, the Federal Reserve Board announced an enforcement action against a Chinese state-owned bank’s New York branch for alleged credit risk management deficiencies. The written agreement requires the bank and its branch to jointly submit a written plan to strengthen senior management oversight of risk management and internal controls, including a sustainable governance and risk management framework. Among other things, the plan must ensure that the branch’s risk management, internal audit function, and credit risk functions maintain appropriate stature and independence, and that potential credit risks are timely escalated. Additionally, risk management roles and responsibilities must be “clearly defined” in the plan, and the bank must ensure that “data management procedures are incorporated into an effective data governance framework.” After the Fed approves the plans, the bank and branch will have 30 days following the end of each quarter to submit “written progress reports detailing the form and manner of all actions taken to secure compliance” with the provisions of the written agreement.
On November 16, the CFPB issued a notice and request for comments regarding the rules for implementing the Home Mortgage Disclosure Act (HMDA). The Request for Information (RFI) solicits public comments on its plans to assess the effectiveness of the HMDA Rule, focusing on, among other things: (i) institutional and transactional coverage; (ii) data points; (iii) benefits of the new data and disclosure requirements; and (iv) operational and compliance costs. According to the CFPB, the RFI follows a 2021 HMDA report, which found that mortgage lenders deny credit and charge higher interest rates to Black and Hispanic applicants more often than white applicants, and a July 2021 report that analyzed 2020 HMDA loan data and examined the differences in mortgage characteristics across Asian American and Pacific Islander subgroups. (Covered previously by InfoBytes here and here.) Additionally, the RFI notes that the Bureau expects to issue a report on the findings of its assessment of the HMDA Rule by January 1, 2023. The Bureau also notes that it “plans to review recent changes to the rule and evaluate their effectiveness,” and that the assessment “will strengthen the CFPB’s ability to maintain a fair, competitive, and non-discriminatory mortgage market.” The deadline for submitting comments on the RFI is 60 days after the notice is published in the Federal Register.
On November 10, seven democratic senators sent a letter to CFPB Director Rohit Chopra requesting that the Bureau reform the credit reporting industry by improving credit reporting accuracy and updating the process on dispute resolutions, among other things. The senators recommended that the Bureau examine persistent errors in credit reporting “and how CRAs [(credit reporting agencies)] consistently fail to resolve these errors, especially by failing to devote sufficient personnel and resources for dispute resolution—a shortcoming the CFPB could use its supervisory authority to remedy.” Among other things, the senators requested that the Bureau (i) establish an ombudsperson position to facilitate the dispute resolution process; (ii) require nationwide CRAs to match an individual’s full Social Security number; (iii) consider requiring nationwide CRAs to perform accuracy audits on information furnishers periodically; and (iv) “codify provisions of the nationwide CRAs’ settlement with state attorneys general that delayed reporting of medical debt for six months and removed debts paid by insurance.” The senators noted that their requests were not exhaustive, and asked for immediate action to be taken to protect consumers and establish “much-needed accountability into the credit reporting system.”
On November 10, the CFPB updated its FAQs on the Home Mortgage Disclosure Act (HMDA) reporting requirements to clarify institutional and transactional coverage. The updated FAQs, among other things, highlighted that the final rule, issued in April 2020, established the closed-end mortgage loan threshold to be 100 in each of the two preceding calendar years, effective July 2020, and the open-end line of credit threshold at 200 in each of the two preceding calendar years, effective January 1, 2022, upon the expiration of the temporary threshold of 500 open-end lines of credit. (Covered by InfoBytes here). Additionally, the FAQs presented circumstance-based questions and answers applying the threshold rules to scenarios with varying originations of closed-end mortgage loans and open-end lines of credit and addressed voluntary reporting.
On November 12, the CFPB sent a reminder to institutions that the threshold for reporting HMDA data for open-end lines of credit will adjust to 200 open-end lines of credit in each of the two preceding calendar years effective January 1, 2022. According to the reminder, starting January 1, 2022, an institution that meets the new threshold and all other Regulation C institutional coverage criteria, must collect, record, and report data about its open-end lines of credit.
On November 12, the CFPB filed a complaint against a Texas-based pawn lender and its wholly owned subsidiary (together, “lenders”) for allegedly violating the Military Lending Act (MLA) by charging active-duty servicemembers and their dependents more than the allowable 36 percent annual percentage rate on pawn loans. According to the Bureau, between June 2017 and May 2021, the two lenders together allegedly made more than 3,600 pawn loans carrying APRs that “frequently exceeded” 200 percent to more than 1,000 covered borrowers. The Bureau further claimed that the lenders failed to make all loan disclosures required by the MLA and forced borrowers to waive their ability to sue. The identified 3,600 pawn loans only represent a limited period for which the Bureau has transactional data, the complaint stated, adding that the pawn stores located in Arizona, Nevada, Utah, and Washington that originated these loans only comprise roughly 10 percent of the Texas lender’s nationwide pawn-loan transactions. As such, that Bureau alleged that the lenders—together with their other wholly owned subsidiaries—made additional pawn loans in violation of the MLA from stores in these and other states. The Bureau seeks injunctive relief, consumer restitution, disgorgement, civil money penalties, and other relief, including a court order enjoining the lenders from collecting on the allegedly illegal loans and from selling or assigning such debts.
As previously covered by InfoBytes, the Bureau issued a prior consent order against an affiliated lender in 2013, which required the payment of $14 million in consumer redress and a $5 million civil money penalty. The affiliated lender was also ordered to cease its MLA violations. In its current action, the Bureau noted that because the Texas lender (who was not identified in the 2013 action) is a successor to the prior affiliated lender, it is therefore subject to the 2013 order. Accordingly, the Bureau alleged that the Texas lender’s violations of the MLA also violated the 2013 order.
On November 12, the FTC released a preliminary draft of the Strategic Plan for Fiscal Years 2022 to 2026 for public review and comment. Recognizing that protecting the public from unfair or deceptive acts or practices in the marketplace is a key FTC strategic goal, the draft Strategic Plan outlines several objectives guiding the Commission’s work in this area including (i) identifying, investigating, and taking enforcement action to deter these types of harm; (ii) providing consumers and businesses with guidance and tools to prevent harm; (iii) engaging in domestic and international collaboration efforts to enhance consumer protections, including those related to telemarketing, internet fraud, and privacy violations; and (iv) advancing measures to support underserved and marginalized communities. Recognizing that consumers cannot always identify whether unfair or deceptive practices have occurred, the FTC reports it will continue to identify consumer protection violations and collaborate with law enforcement partners to identify trends and targets and enforce consumer protection laws. These efforts will include safeguarding consumer privacy and litigating cases involving privacy risks.
Additional goals outlined within the draft Strategic Plan focus on marketplace competition, anticompetitive mergers, antitrust issues, resource management and workforce protections, and climate readiness. The draft Strategic Plan notes the importance of “cross-training staff on both consumer protection and competition issues” and of “grasping market realities” as “the economy becomes increasingly digitized.” According to the FTC, the “agency plans to be especially attentive to next-generation technologies, innovations, and nascent industries across sector.” Comments on the draft plan may be submitted through November 30.