Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • NIST issues updated security requirements and assessment procedures for protecting controlled unclassified information

    Privacy, Cyber Risk & Data Security

    On May 14, the National Institute of Standards and Technology (NIST) released “Revision 3” to Special Publication 800-171 (Protecting Controlled Unclassified Information on Nonfederal Systems and Organizations) and 800-171A (Assessing Security Requirements for Controlled Unclassified Information) for federal contractors and other entities that do business with the federal government and handle controlled unclassified information. The revisions were intended to create better alignment with the controls set forth in Special Publication 800-53 Rev. 5 (Security and Privacy Controls for Information Systems and Organizations), realign controls based on new tailoring criteria, and to directly tie specific controls to the handling of controlled unclassified information. The revisions further implemented the framework set forth in Executive Order 13556 – Controlled Unclassified Information, and give the private sector more clarity by tailoring the moderate baseline for controls in Special Publication 800-53 Rev. 5 to withdraw the requirements that are, among other things, primarily the responsibility of the federal government, not directly related to the protection of controlled unclassified information, or are adequately addressed through other related controls. The updates will also allow for more specific tailoring of organizational controls to security standards, increasing flexibility. Finally, the assessment procedures in Special Publication 800-171A for determining whether a contractor or other entity would be compliant with Special Publication 800-171 was updated to align with the new revisions in Special Publication 800-171. These updates will come at a time when the Department of Defense will continue to implement the Cybersecurity Maturity Model Capability, covered by InfoBytes here.

    Privacy, Cyber Risk & Data Security NIST Federal Issues

  • CFPB and Fed adjust dollar thresholds for Regulation CC

    Agency Rule-Making & Guidance

    On May 13, the CFPB and the Fed announced inflation-adjusted changes to Regulation CC, which governed the availability of customer funds from bank deposits. The final rule altered the minimum amounts that must be made available for withdrawal by the next business day for certain types of check deposits and modified the funds from certain checks deposited into new accounts that are subject to next-day availability. Mandated by Dodd-Frank, these adjustments were based on the five-year change in the CPI for Urban Wage Earners and Clerical Workers from July 2018 to July 2023. The updated thresholds will go into effect on July 1, 2025.

    Agency Rule-Making & Guidance Federal Issues CFPB Regulation CC Federal Reserve

  • FSOC releases report on nonbank mortgage servicing

    Federal Issues

    On May 10, the Financial Stability Oversight Council (FSOC) released a report analyzing the growing nonbank mortgage servicing sector. The report discussed the sector’s significant market share, strengths and vulnerabilities particularly in financial stress scenarios. The FSOC emphasized the potential for these vulnerabilities to affect financial stability including income, balance sheets, and access to credit simultaneously, and the need for enhanced resilience measures. To combat these issues, the FSOC suggested a series of recommendations to promote safe and sound operations, address liquidity pressures in the event of stress, and ensure continuity of servicing operations.

    The FSOC’s recommendations included urging state regulators to improve oversight and prudential standards, suggesting Congress grant FHFA and Ginnie Mae greater authority to enforce safety and soundness standards. Furthermore, the report suggested that Congress would authorize Ginnie Mae and encourage state regulators to share information with each other and with Council member agencies. The Council also recommended that Congress would consider legislation to provide Ginnie Mae with the authority to expand the Pass-Through Assistance Program into a more effective liquidity backstop for mortgage servicers participating in the program during periods of severe market stress. The report further proposed the creation of a fund to support servicing continuity in times of servicer failure, including loss-mitigation activities for borrowers and the advancement of monthly payments to investors.

    The Director of the CFPB, Rohit Chopra, released a statement in response to the FSOC’s report. Chopra emphasized the importance of the mortgage market to the economy, and the significant role played by nonbank mortgage companies. He expressed concern about the lack of oversight of nonbanks in comparison to banks and said that the Bureau will soon propose a rule “to strengthen certain homeowner protections.” He also mentioned that regulators were concerned about nonbanks’ lack of supervision and sensitivity to market volatility given their often-limited cash reserves and heavy dependence on bank borrowing.

    If a large nonbank mortgage company were to fail, Chopra said that borrowers could face chaos: payment issues, no customer service, and foreclosure risks, as well as generally limited access to credit, especially for low- and moderate-income households. Chopra also mentioned that the report does not discuss specific measures for addressing these risks within the FSOC and suggested appropriate tools for managing such risks will be a future effort. Chopra expressed concern that current rules do not sufficiently protect borrowers exposed to foreclosure and “junk fees” and stated that the CFPB will conduct a thorough evaluation to determine if any significant nonbank mortgage firms would meet the criteria for heightened supervision and regulation by the Fed as well as work on a proposed rule to mitigate losses by including foreclosure protections from the earliest stage of mortgage servicing, even if the servicer does not yet have all the documents.

    Federal Issues Nonbank Supervision Mortgages Mortgage Servicing

  • House questions CFPB's rules on NSF fees and impact on small businesses

    Federal Issues

    On May 9, the House Committee on Small Business expressed concerns in a letter addressed to CFPB Director, Rohit Chopra, on a proposed rule that would ban charging insufficient fund fees (NSF fees) on declined transactions (covered by InfoBytes here). The Committee argued this proposed rule could unduly complicate existing UDAAP regulations and impose additional burdens on small financial institutions.

    The letter stated the CFPB did not convene a Small Business Advocacy Review (SBAR) panel and questioned the CFPB’s claims that the rule would not significantly affect a substantial number of small businesses. The Committee suggested that the CFPB’s analysis, which minimizes the impact of NSF fees on small institutions’ revenue, might be flawed and that the rule could have a significant economic impact in terms of reporting requirements and compliance, warranting a review by an SBAR panel. The Committee also challenges the CFPB’s assertion that NSF fees for certain transactions are inherently “abusive,” arguing that the CFPB is overstepping its authority by attempting to ban “business practices” altogether rather than limiting abusive practices. Finally, the Committee requests information from the CFPB on several fronts, including the number of small financial institutions affected by the rule, the compliance burden, the CFPB’s methodology for identifying UDAAP, and the CFPB's stance on disclosures compared to other financial regulations and the FTC's approach.


    Federal Issues CFPB NSF Fees Agency Rule-Making & Guidance Fees

  • New York Fed reports on community development financial institutions

    Federal Issues

    On May 8, the New York Fed released a report examining both the origination and sale of loans by community development financial institutions (CDFIs) and found that loans of both types more than doubled from 2018 to 2022. According to the report, in 2022, CDFIs originated $67 billion and sold $14 billion of loans, which was a major increase since 2018, where CDFIs originated $29 billion and sold $6 billion of loans. This doubling also contributed to some market concentration: The 10 most active CDFIs in 2022 originated over 25 percent of the total origination volume and 75 percent of the total sold loan volume. The report stressed “nearly all loan sales to Ginnie Mae and life insurance companies” were sold from the most active sellers.

    On breakdown, the New York Fed found residential (single family) loans as the highest volume collateral data type, far outpacing lines of credit, multifamily, commercial real estate, and business. There were also a high number of CDFI originations in California and Florida, and credit unions were the most active originators over banks, thrifts, or loan funds.

    On May 14, a member of the Fed Board of Governors Lisa Cook spoke on how CDFIs impact communities positively and some of the challenges CDFIs face. Cook noted specifically that CDFIs often “continue their work with borrowers even after loans are made… helping them through rough spots, should borrowers experience difficulty repaying loans,” which were unique among the CDFI borrower-banking relationship. On challenges, Cook noted how demand for capital was outpacing the current supply: Federal funding tied to past pandemic relief programs have dried up, leading to the challenge of building out long-term capital sources for future CDFI demand. She closed by emphasizing the importance of the CDFI industry and her continued support of CDFIs.



    Federal Issues Bank Regulatory Federal Reserve New York Ginnie Mae

  • CFPB reports consumer complaints on credit card rewards programs

    Federal Issues

    On May 9, the CFPB issued a report on credit card rewards programs which highlighted the CFPB’s views on issues affecting millions of consumers. The report opened with a note that the CFPB received over 1,200 complaints regarding credit card rewards in 2023, reportedly a 70 percent increase since before the pandemic, and according to the CFPB, the research found that the benefits of rewards programs “fail to exceed” the costs of credit cards for many borrowers. The report identified four themes: consumers felt misled by vague or hidden conditions that do not match marketing materials from issuers; consumers lost out when card issuers devalue rewards; consumers faced obstacles when card issuers do not resolve redemption issues; and consumers lost rewards when accounts are closed.

    In a live panel between the Director of the CFPB, Rohit Chopra, Secretary of the DOT, Pete Buttigieg, and airline trade leaders on credit card reward programs, Chopra noted that there were 550 million credit cards in the U.S. which collectively account for over $1 trillion in consumer debt. Chopra also stated the CFPB will review how it can protect consumers against the devaluation of credit card points. In the panel, Chopra asked the trade groups what they would like the CFPB to do regarding credit card terms and conditions: some organizations asked for greater transparency in points systems, with one suggesting that credit card issuers’ ability to change terms mid-contract should be prohibited.

    Federal Issues CFPB UDAAP Credit Cards Rewards Programs

  • GAO calls for the FDIC to address outstanding recommendations

    On April 30, GAO sent a letter to the FDIC on its outstanding recommendations, emphasizing the importance of two priority recommendations, which pertained to blockchain technology and fintech. Regarding blockchain technology, the letter stressed the need for the FDIC and other financial regulators to establish a formal mechanism to identify and address blockchain-related risks. Despite the regulator's coordination, the response to crypto-asset risks had been criticized as untimely. With respect to fintech, this recommendation would have the FDIC and relevant agencies clarify the appropriate use of alternative data in loan underwriting for banks that partner with fintech lenders. The letter also called for the FDIC's attention to additional high-risk areas, including IT management, human capital, federal real property, cybersecurity, and the personnel security clearance process.

    Bank Regulatory Federal Issues GAO FDIC Bank Supervision Congress Fintech Blockchain

  • Fed releases April SLOOS on bank lending practices from Q1 2024

    On May 6, the Fed released its quarterly survey of the Senior Loan Officer Opinion Survey (SLOOS) on bank lending practices for the first quarter of the year which revealed tightened lending standards and a decrease in demand across loans. Regarding business lending, the survey asked banks about commercial and industrial lending (C&I) and commercial real estate lending (CRE). For C&I loans, banks reported stricter standards and a decline in demand from firms of all sizes. Banks reported tightening due to a less favorable economic outlook, reduced tolerance for risk, and a worsening of industry-specific problems. For CRE loans, banks reported a tightening of standards for all types of loans. A significant share of banks reported weaker demand for nonfarm nonresidential and multifamily residential lending. For household lending, banks also tightened residential real estate (RRE) loan standards, while demand for all RRE loan types declined. Home equity lines of credit also faced stricter standards. Banks also tightened consumer lending standards for credit card, auto, and other consumer loans. Demand for these loans decreased as well, with a significant drop in auto loan inquiries.

    Bank Regulatory Federal Issues Federal Reserve Loans CRE Lending

  • Student loan servicer and trust could pay more than $5M in enforcement action with CFPB

    Federal Issues

    On May 6, the CFPB filed a complaint against a Pennsylvania-based student loan servicer and 15 student loan trusts for alleged failure to properly respond to various borrower requests in violation of the CFPA. The complaint alleged thousands of borrower requests went unanswered from 2015 to 2021. Many of these requests allegedly sought forms of payment relief including: (i) co-signer release; (ii) extension of forbearance or deferment; (iii) loan settlement or forgiveness; (iv) Servicemember Civil Relief Act benefits; and (v) other forms of payment or interest rate reduction.

    The CFPB also released two proposed stipulated final judgment orders for the trusts and the servicer to resolve the claims. If agreed upon by the court, the trusts and servicer will have to pay civil money penalties of $400,000 and $1.75 million, respectively, in addition to providing close to $3 million in compensation to impacted consumers. Additionally, the orders required non-monetary relief, such as the approval of outstanding borrower applications, the rectification of credit reports, the suspension of debt collection efforts, and the implementation of a functional process.

    Federal Issues CFPB Consumer Finance Student Lending Enforcement

  • FHFA shares ‘lessons learned’ from evaluating exposure to climate-related risks

    Federal Issues

    On May 1, the FHFA released a report covering the “lessons learned” from its review of the Climate Scenario Analysis (CSA) which was used by financial institutions and regulators to evaluate exposure to climate-related risk. Climate-related risk can be categorized in two ways: (i) physical risk which is damage to property, land, and infrastructure due to severe weather and environmental changes; and (ii) transition risk that results from policy and technological shifts towards a low-carbon economy.

    In its preliminary CSA exercises, the FHFA made the following key observations:

    1. Data and Methodology Limitations: There were data limitations and methodological shortcomings as current tools depend on incomplete data.
    2. Modeling Assumptions: Results were significantly impacted by modeling assumptions.
    3. Challenges with Existing Credit Models: Current credit loss models were constrained while incorporating climate risks.
    4. Predictive Inaccuracy: The tools used to estimate the historical relationship between climate-related events and financial impacts may not be representative of future financial impacts.

    The FHFA concluded that these findings indicated the CSA a complex process with room for enhancement and that no single risk assessment can fully capture the breadth of potential impacts from climate-related physical and transition risks.

    Federal Issues FHFA Fannie Mae Freddie Mac Climate-Related Financial Risks Flood Insurance Risk Management


Upcoming Events