Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 6, the FCC approved a Declaratory Ruling and Notice of Proposed Rulemaking to address unwanted robocalls to consumers. The Declaratory Ruling affirms that voice service providers may block unwanted robocalls “based on reasonable call analytics, as long as their customers are informed and have the opportunity to opt out of the blocking.” Among other things, the Declaratory Ruling clarifies that voice providers (i) may offer call blocking tools to their customers as a default, as opposed to an opt-in basis; and (ii) may offer customers tools that would allow customers to block calls from any number that is not listed in the customer’s contact list or other “white lists.” The FCC notes that a “white list” could be based on a customer’s contact list and would be updated as customers add and remove contacts from their phone. According to reports, the FCC also adopted language that was added to the May proposal, which encourages voice providers to devise a system for addressing complaints made by legitimate companies whose calls to customers are being blocked. The final Declaratory Ruling is effective upon its publication on the FCC’s website.
The FCC also adopted a Notice of Proposed Rulemaking (NPRM) (available in the May proposal) requiring voice providers to implement the “SHAKEN/STIR” caller ID authentication framework—an “industry-developed system to authenticate Caller ID and address unlawful spoofing by confirming that a call actually comes from the number indicated in the Caller ID, or at least that the call entered the US network through a particular voice service provider or gateway.” The FCC asserts that once the “SHAKEN/STIR” is implemented, it would “reduce the effectiveness of illegal spoofing and allow bad actors to be identified more easily.” The deadline for comments in response to the NPRM will be established upon publication in the Federal Register.
On May 31, the FDIC announced its release of a list of administrative enforcement actions taken against banks and individuals in April. The list reflects that the FDIC issued 17 orders, which includes “two consent orders; three terminations of consent orders; five Section 19 orders; three removal and prohibition orders; and four orders to pay civil money penalty.” Among other actions, the FDIC assessed civil money penalties against three separate banks (see here, here, and here) for alleged violations of the Flood Disaster Protection Act, including failing to (i) obtain flood insurance coverage on loans at or before origination; (ii) maintain, increase, extend, renew, or provide written notification to borrowers concerning flood insurance coverage on loans secured by collateral located in special flood hazard areas; (iii) follow force-placement flood insurance procedures; or (iv) provide borrowers with notice of the availability of federal disaster relief assistance within a reasonable timeframe.
The FDIC also assessed a civil money penalty against a New York-based bank related to alleged violations of the Bank Secrecy Act.
On June 3, the Federal Housing Finance Authority (FHFA) officially launched the Uniform Mortgage-Backed Security (UMBS), a common security through which Fannie Mae and Freddie Mac mortgage-backed securities will be issued. FHFA Deputy Director Robert Fishman noted that the new UMBS will bring “additional liquidity and efficiency to the market.” Moreover, “[b]y addressing structural issues and trading disparities, the UMBS will benefit taxpayers and the nation's housing finance system.” As previously covered by InfoBytes, in March 2018, FHFA announced the UMBS, stating that it would replace all current offerings of mortgage-backed securities that occur in the to-be-announced (TBA) forward market. The FHFA also indicated that the UMBS would be issued using the Common Securitization Platform (CSP) through the Enterprises’ joint venture, Common Securitization Solutions (CSS).
On May 28, the OCC issued a proclamation permitting OCC-regulated institutions, at their discretion, to close offices affected by severe flooding in the south central region of the U.S. “for as long as deemed necessary for bank operation or public safety.” In issuing the proclamation, the OCC noted that only bank offices directly affected by potentially unsafe conditions should close, and that institutions should make every effort to reopen as quickly as possible to address customers’ banking needs. The proclamation directs institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions.
Find continuing InfoBytes coverage on disaster relief here.
On May 21, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Illicit Financing By Anonymous Shell Companies Through the Collection of Beneficial Ownership Information.” The Committee heard from the same panel of witnesses who testified in November on the need for modernization of the Bank Secrecy Act/Anti-Money Laundering regime. (Covered by InfoBytes here.) Committee Chairman Mike Crapo opened the hearing by stressing the need to discuss ways in which beneficial ownership information collected in an effort to deter money laundering and terrorist financing through anonymous shell companies can be made more useful.
Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco emphasized that while the collection of beneficial ownership information occurs when an account is opened at a financial institution, as required under FinCEN’s Customer Due Diligence Final Rule (CDD Rule), “it is but one critical step toward closing this national security gap.” Blanco stressed that “[t]he second critical step in closing this national security gap is collecting beneficial ownership information at the corporate formation stage,” and stated Congress should develop a streamlined solution.
FBI Financial Crimes Section Chief Steven D’Antuono agreed with Blanco and said that, from a law enforcement perspective, a central repository would be “extremely helpful.” D’Antuono emphasized his support for the creation of a regime to collect and consolidate beneficial ownership information, which would enable law enforcement agencies to easily identify the beneficial owners of shell companies and help the agencies address illicit financing activity in a timely fashion. He encouraged Congress to consider other countries’ beneficial ownership disclosure requirements when developing legislation.
OCC Senior Deputy Comptroller for Bank Supervision Policy Grovetta Gardineer also agreed that a standardized approach for beneficial ownership data verification should be established. She highlighted the compliance burden on banks caused by the implementation of the CDD Rule, and suggested that Congress could establish a nationwide requirement, or a centralized database, for legal entities to provide, update and verify beneficial ownership information. In addition, because cross-border transaction activity can present higher risks for money laundering and terrorist financing, she recommended that “foreign legal entities be required to report ownership information either at the time of state registration or upon establishing an account relationship with a U.S. financial institution.”
On May 22, the FDIC announced it resolved a 2014 lawsuit brought by payday lenders that alleged that the FDIC, the OCC and the Federal Reserve abused their supervisory authority during Operation Chokepoint, an Obama Administration DOJ initiative that formally ended in August 2017 (covered by InfoBytes here) and was designed to target fraud by investigating U.S. banks and certain of their clients perceived to be a higher risk for fraud and money laundering. As previously covered by InfoBytes, in 2014, payday lenders filed a lawsuit against the federal banking agencies alleging that they participated in Operation Chokepoint “to drive [the payday lenders] out of business by exerting back-room pressure on banks and other regulated financial institutions to terminate their relationships” with such lenders. The payday lenders argued, among other things, that the initiative resulted in over 80 banking institutions terminating their business relationships with law-abiding companies.
Along with the announcement of the tentative settlement between the parties, the FDIC released a statement summarizing the FDIC’s internal policies and guidance for FDIC recommendations to financial institutions to terminate customer deposit accounts. The statement also included a letter written to the plaintiffs’ counsel acknowledging that “certain employees acted in a manner inconsistent with FDIC policies with respect to payday lenders in what has been generically described as ‘Operation Choke Point,’ and that this conduct created misperceptions about the FDIC’s policies.” In the press announcement regarding the resolution of the case, the FDIC emphasized that neither the statement nor the letter represent a change in the FDIC’s policy and guidance, and that all “existing applicable regulations and guidance documents remain in full force and effect.” Further, while the May 21 joint status report filed in the case noted that FDIC senior leadership had not yet reviewed the agreement, the report noted that the FDIC does “not anticipate any objections.”
Additionally, on May 23, the OCC acknowledged it had been dismissed from the litigation as part of the lawsuit’s resolution.
On May 21, the FTC announced a payment processor, its CEO and owner, and two other officers (collectively, “defendants”) agreed to settle charges that they knowingly processed fraudulent transactions to consumers’ accounts in violation of the FTC Act. According to the FTC’s complaint, the defendants allegedly assisted merchants, who were engaged in fraud, in hiding their activities from banks and credit card networks. The defendants allegedly (i) created fake foreign shell companies to open accounts in their names; (ii) submitted dummy websites and other false information to merchant banks; and (iii) worked to evade card network rules and monitoring designed to prevent fraud. The settlement order against the processing company and its CEO imposes a judgment of over $110 million, which is partially suspended due to the inability to pay. The settlement order against one officer imposes a judgment of over $300,000, which is suspended due to the inability to pay. The settlement order against the second officer, the company’s Chief Operating Officer, imposes a $1 million judgment. Each order imposes a permanent ban on the defendants from, among other things, engaging in payment processing and credit card laundering, whether directly or through an intermediary.
On May 22, the Office of Information and Regulatory Affairs released the CFPB’s spring 2019 rulemaking agenda. According to a Bureau blog post, the information presented represents regulatory matters it “reasonably anticipates having under consideration during the period of May 1, 2019, to April 30, 2020.” The rulemaking activities include implementing statutory directives mandated in the Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act), continuing certain other rulemakings previously outlined in the Bureau’s fall 2018 agenda (covered by InfoBytes here), as well as considering future projects and requests for information.
Key rulemaking initiatives include:
- Property Assessed Clean Energy Loans (PACE): On March 4, the Bureau published an advanced notice of proposed rulemaking (ANPR) and request for comments in response to Section 307 of the Act, which amended TILA to mandate the CFPB propose regulations related to PACE financing. The regulations must carry out the purposes of TILA’s ability-to-repay requirements, and apply TILA’s general civil liability provisions for violations. (InfoBytes coverage here.)
- Remittance Transfers: On April 25, the Bureau issued a request for information (RFI) on two aspects of the Remittance Rule that require financial companies handling international money transfers, or remittance transfers, to disclose to individuals transferring money the exact exchange rate, fees, and the amount expected to be delivered. The RFI seeks information related to the expiration of the temporary exception and whether to propose changing the number of remittance transfers a provider must make to be governed by the rule. (InfoBytes coverage here.)
- HMDA/Regulation C: On May 2, the Bureau issued a notice of proposed rulemaking (NPRM) to raise permanently coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit under the HMDA rules. Specifically, the NPRM would raise permanently the reporting threshold for closed-end mortgage loans from 25 loans in each of the two preceding calendar years to either 50 or 100 closed-end loans in each of the preceding two calendar years. (InfoBytes coverage here.)
- Debt Collection Rule: On May 7, the Bureau issued a NPRM to amend Regulation F, which implements the FDCPA, covering debt collection communications and consumer disclosures and addressing related practices by debt collectors. The Bureau reports that the NPRM “builds on research and pre-rulemaking activities regarding the debt collection market, which remains a top source of complaints.” (InfoBytes coverage here.)
- Payday Rule/Delay of Compliance Date: On February 6, the Bureau released two NPRMs related to certain payday lending requirements under the CFPB’s 2017 final rule covering “Payday, Vehicle Title, and Certain High-Cost Installment Loans” (the Rule). The first proposal would rescind portions of the Rule related to ability-to-repay underwriting standards for payday loans and related products scheduled to take effect later this year, while the second proposal would delay the compliance date for those same provisions for fifteen months. The Bureau anticipates it will issue a final rule concerning the compliance date this summer and a final determination on reconsideration thereafter. (InfoBytes coverage here.)
Long term priorities include rulemaking addressing (i) consumer reporting; (ii) amendments to FIRREA concerning automated valuation models; (iii) disclosure of records and information; (iv) consumer access to financial records; (v) Regulation E modernization; (vi) rules to implement the Act, concerning various mortgage requirements, student lending, and consumer reporting; and (vii) clarity for the definition of abusive acts and practices.
On May 20, the OCC released its Semiannual Risk Perspective for Spring 2019, identifying and reiterating key risk areas that pose a threat to the safety and soundness of the federal banking system, focusing on the following risk areas: credit, operational, compliance, and interest rate. The OCC noted that rapid growth within the fintech and regulatory technology space impacts each of these risk areas, which the agency is monitoring closely in order to implement necessary actions to address concerns. Overall, although the OCC acknowledged that the health of the federal banking system remains strong, specific risk areas of concern include (i) the need to have in place appropriate risk management practices as well as methods for assessing “the quality and timeliness of credit risk identification, risk mitigation, and loan loss reserve methodology”; (ii) elevated operational risk as banks adapt to a changing and increasingly complex operating environment, including cybersecurity threats, fintech innovation, and a reliance on third-party providers; (iii) high compliance risk related to Bank Secrecy Act/anti-money laundering (BSA/AML), as well as challenges facing banks to “effectively manage money-laundering risks in a complex, dynamic global operating and regulatory environment”; and (iv) potential challenges to earnings due to interest rate risk and liquidity risk, which lead to increased difficulties when forecasting liability costs.
Concerning BSA/AML risk, the OCC specifically noted that AML-related deficiencies “stem from three primary causes: inadequate customer due diligence and enhanced due diligence, insufficient customer risk identification, and ineffective processes related to suspicious activity monitoring and reporting, including the timeliness and accuracy of Suspicious Activity Report filings. Talent acquisition and staff retention to manage BSA/AML compliance programs and associated operations present ongoing challenges, particularly at smaller regional and community banks.” The report reminded banks that necessary training, quality assurance, independent testing, and control updates are expected to be implemented during the FY 2019 examination cycle as required under the Financial Crimes Enforcement Network’s customer due diligence rule (previously covered by InfoBytes here).
“Innovation can enhance a bank’s ability to compete by introducing new ways to meet customer product and service needs, improve operating efficiencies, and increase revenue,” the OCC noted, but changing business models or offering new products and services can “elevate strategic risk when pursued without appropriate corporate governance and risk management.”
On May 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include personal cease-and-desist orders, removal and prohibition orders, notice of charges against an individual, and terminations of existing enforcement actions against individuals and banks. The release also includes two civil money penalty orders discussed below.
On April 9, the OCC assessed $35,000 in civil money penalties against an Oklahoma-based bank for an alleged pattern or practice of violations of the Flood Disaster Protection Act and its implementing regulations. Additionally, on April 24, the OCC assessed $136,000 in civil money penalties against a Texas-based bank for an alleged pattern or practice of failing to ensure timely notification and force-placement of flood insurance on property in special flood hazard areas, in violation of the National Flood Insurance Act.
- APPROVED Webcast: Introducing Mogy — APPROVED’s licensing technology solution
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Christopher M. Witeck and Moorari K. Shah to discuss "The latest in vendor management regulations" at a Mortgage Bankers Association webinar
- Buckley Webcast: Hot topics in debt collection — An analysis of recent federal FDCPA litigation
- Jonice Gray Tucker to discuss "How to succeed in law school" at the SEO Law DC Panel Discussions
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference