InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
VA eliminates pre-approval process for certain loans
On May 19, the Department of Veterans Affairs (VA) issued Circular 26-22-09 to announce new procedures for loan approval and new procedures for processing joint loans. The Circular explains that, historically, the Department conducted a pre-closing review of loan application packages when the borrower had been rated unable to manage financial affairs and has a VA-appointed fiduciary. The Department also conducted a pre-closing review of cases where a loan would include more than one veteran using entitlement. In both cases, “the lender has sent such loan application packages to VA in advance of loan closing, and loan closing has not been able to proceed until after VA has issued approval.” The Circular noted that in an effort to streamline procedures to improve the veteran experience, the Department “has determined that such case-by-case reviews add a step that VA no longer believes necessary for ensuring program integrity.” The Circular also noted that that post-audit oversight would be as effective as a pre-closing review in maintaining program integrity, without the delays and additional administrative burdens that can be associated with the historical process. The Circular is effective immediately.
FTC orders credit card payment ISO to comply with heightened monitoring practices
On May 24, the FTC finalized an order against an independent sales organization and its owners (collectively, “respondents”) to settle allegations that they violated the FTC Act and the Telemarketing Sales Rule by helping scammers launder millions of dollars of consumers’ credit card payments from 2012 to 2013 and ignored warning signs that the merchants were fake. According to the FTC’s administrative complaint, the respondents, among other things, created 43 different merchant accounts for fictitious companies and provided advice to the organizers of the scam on how to spread out the transactions among different accounts to evade detection (covered by InfoBytes here).
Under the terms of the final order, the respondents are required to make several substantial changes to their processes, and are prohibited from engaging in credit card laundering, as well as any other actions to evade fraud and risk monitoring programs. Additionally, the respondents are banned from providing payment processing services to any merchant that is, or is likely to be, engaged in deceptive or unfair conduct, and to any merchant that is flagged as high-risk by the credit card industry monitoring programs. Furthermore, the respondents are required to screen potential merchants who are engaged in certain activities that could harm consumers, and monitor and designate as necessary current merchants who may require additional screening. The FTC noted that it is unable to obtain a monetary judgment in this action due to the U.S. Supreme Court’s decision in AMG Capital Management v. FTC, which held that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act (covered by InfoBytes here).
CFPB’s new innovation office to focus on competition instead of fintech sandboxes
On May 24, the CFPB launched the Office of Competition and Innovation, which will focus on competition and explore ways to “create market conditions where consumers have choices, the best products win, and large incumbents cannot stifle competition by exploiting their network effects or market power.” The new office will be housed under the Bureau’s Research, Markets and Regulation division, providing “greater access to resources to look at market-structure problems that create obstacles to innovation.” It replaces the Bureau’s existing Office of Innovation, which was established in 2018 and focused on allowing companies to apply for no-action letters and regulatory sandboxes in order to test specific product offerings. According to the Bureau, the agency will no longer offer these programs after a review established that the initiatives “proved to be ineffective and that some firms participating in these programs made public statements indicating that the Bureau had conferred benefits upon them that the Bureau expressly did not.”
The new office will focus on competition and explore ways to stop large banks and fintech lenders from “squeezing out smaller players” in the consumer finance market. It will also explore ways to ensure that consumers have their “walking rights” and can easily switch service providers. Additionally, the new office will research “structural problems” that create obstacles to innovation, examine dynamics between large and small players related to competition, identify ways to address commonplace obstacles such as access to capital and talent, examine financial data-sharing to ensure large financial institutions are not hoarding large volumes of digital data, and host events that explore barriers to entry and other obstacles, the Bureau said.
District Court issues judgment against student debt relief operation
On May 24, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against an individual defendant who participated in a deceptive debt-relief enterprise operation. As previously covered by InfoBytes, in 2019, the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against the student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the third amended complaint, the Bureau and the states alleged that since at least 2015 the debt relief operation violated the CFPA, TSR, FDCPA, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claimed that the debt relief operation engaged in deceptive practices by misrepresenting, among other things: (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness for borrowers; and (iii) their ability to actually lower borrowers’ monthly payments. Moreover, the debt relief operation allegedly failed to inform borrowers that it was their practice to request that the loans be placed in forbearance and also submitted false information to student loan servicers to qualify borrowers for lower payments. Under the terms of the final judgment, the individual defendant must pay a $483,662 civil money penalty to the Bureau.
FTC addresses importance of effective incident response and breach disclosure
On May 20, the FTC’s Team CTO and the Division of Privacy and Identity Protection published a blog post, titled Security Beyond Prevention: The Importance of Effective Breach Disclosures. The blog noted that the FTC Act creates a de facto data breach notification requirement because failure to disclose can increase the likelihood that affected parties will suffer harm. The post outlines effective security breach detection and response programs, which can: (i) permit an organization time to take remedial actions to counter, prevent, or mitigate an attack; (ii) prevent and minimize consumer harm from breaches; (iii) provide valuable information to the prevention function of a security team; and (vi) remove an attacker and allow for post-breach remedial measures. According to the FTC, failure to maintain such practices could indicate a lack of competition in the marketplace. The post stated that “[r]egardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties mitigate reasonably foreseeable harm may violate Section 5 of the FTC Act.” Listing recent cyber-related FTC enforcement actions, the post explained that deceptive statements can limit consumers’ ability to mitigate foreseeable harms like identity theft, loss of sensitive data, or financial impacts. Looking at these cases together, the post further noted that “companies have legal obligations with respect to disclosing breaches, and that these disclosures should be accurate and timely.”
CFPB, New York reach $4 million settlement with debt collection operation
On May 25, the U.S. District Court for the Western District of New York entered a stipulated final judgment and order in an action taken by the CFPB, in partnership with the New York attorney general, resolving allegations that a debt collection operation based near Buffalo, New York, which includes six companies, three owners, and two managers (collectively, “defendants”), engaged in deceptive tactics to induce consumer payments. (See also CFPB press release here.) As previously covered by InfoBytes, the CFPB filed a complaint in 2020 against the defendants for allegedly violating the CFPA, FDCPA, and various New York laws by using illegal tactics to induce consumer payments, such as (i) threatening arrest and imprisonment; (ii) claiming consumers owed more debt than they actually did; (iii) threatening to contact employers about the existence of the debt; (iv) harassing consumers and third parties by using “intimidating, menacing, or belittling language”; and (v) failing to provide debt verification notices. Under the terms of the settlement, the defendants must pay a $2 million penalty to the CFPB and a $2 million penalty to the New York AG. The judgment provides that if the defendants fail to make timely payments, each penalty amount would increase to $2.5 million. The judgment also permanently bans the defendants from engaging in debt collection operations and prohibits them from engaging in deceptive practices in connection with consumer financial products or services.
Ginnie announces Digital Collateral Program and eGuide enhancements
On May 23, Ginnie Mae announced enhancements to its Digital Collateral Program and released updated guidance for the securitization of eNotes. According to the announcement, the revised Digital Collateral Guide (eGuide) applies to all existing eIssuers and provides eligibility and technological requirements for interested applicants. The announcement noted that Ginnie Mae’s digital program has received continued interest since Ginnie Mae securitized its first eNote in January 2021. The current participants in the Ginnie Mae program are existing issuers, which is a requirement under the program. After a successful pilot phase of its new Digital Collateral Program, Ginnie Mae said that it will reopen the program to new applicants on June 21. Additionally, enhancements to the program include the ability to perform eModifications to eNotes, streamlined procedures for Release of Secured Party requests, and the acceptance of eNotes using a Power of Attorney. The eGuide updates are effective June 1.
FDIC highlights operational risks in 2022 Risk Review
On May 20, the FDIC released its 2022 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2021 in four broad categories: credit risk, market risk, operational risk, and climate-related financial risk. According to the FDIC, the current risk review expands upon coverage in prior reports by examining operational risks to banks resulting from cyber threats, illicit finance, and climate-related financial risks. Monitoring these risks is among the agency’s top priorities, the FDIC said, explaining that the number of ransomware attacks in the banking industry increased in 2021, and that the “number and sophistication of cyber attacks also increased with remote work and greater use of digital banking tools.” Additionally, “threats from illicit activities continue to pose risk management challenges to banks.” The FDIC noted that the banking environment improved in 2021 as the economy recovered but stated that recovery was uneven across industries and regions. While “[f]inancial market conditions were generally supportive of the economy and banking industry in 2021,” they began to deteriorate in early 2022 with the onset of the Russian invasion of Ukraine, the FDIC said.
OCC releases enforcement actions
On May 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against an Alaska-based bank for allegedly engaging in Bank Secrecy Act/anti-money laundering (BSA/AML) program violations. The bank allegedly “failed to adopt and implement a compliance program that adequately covers the required BSA/AML program elements, including, in particular, internal controls for customer due diligence and procedures for monitoring suspicious activity, BSA officer and staff, and training.” The order requires the bank to, among other things, establish a compliance committee, submit a BSA/AML action plan, and develop a written suspicious activity monitoring and reporting program.
FTC to strengthen advertising and endorsement guidelines against fraudulent reviews
On May 19, the FTC announced it is considering changes to strengthen its advertising guidelines to address fake and manipulative reviews, as well as concerns over inadequate disclosure tools. The Commission unanimously voted to submit a notice of proposed changes to its “Guides Concerning the Use of Endorsements and Testimonials in Advertising” (Endorsement Guides), which were enacted in 1980 and amended in 2009. Under the Endorsement Guides, advertisers are required “to be upfront with consumers and clearly disclose unexpected material connections between endorsers and a seller of an advertised product.” In February 2020, the FTC issued a request for comments on, among other things, whether the Endorsement Guides are effective at addressing concerns in the marketplace, as well as issues related to social media disclosures, incentive reviews, and affiliate links. According to the Commission’s announcement, the proposed changes (i) warn “social media platforms that some of their tools for endorsers are inadequate and may open them up to liability”; (ii) clarify that the Endorsement Guides cover fake reviews; (iii) add a new principle, which provides that “in procuring, suppressing, boosting, organizing, or editing consumer reviews, advertisers should not distort or misrepresent what consumers think of their products”; (iv) clarify that social media tags are covered by the Endorsement Guides; (v) modify “the definition of ‘endorsers’ to bring virtual influencers—that is, computer-generated fictional characters—under the guides”; (v) provide an example addressing the microtargeting of a discrete group of consumers; and (vi) introduce a new section addressing concerns related to child-directed advertising.
A public event will be hosted by the FTC on October 19 to address topics including “children’s capacity at different ages and developmental stages to recognize and understand advertising content and distinguish it from other content,” and the “need for and efficacy of disclosures as a solution for children of different ages, including the format, timing, placement, wording, and frequency of disclosures.”