InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC urges bank boards to promote climate risk management
On November 8, acting Comptroller of the Currency Michael J. Hsu discussed climate change risk at the OCC headquarters, highlighting areas for large bank boards of directors to consider when promoting and accelerating improvements in climate risk management practices. According to Hsu, bank boards play a “pivotal role” in actions against climate change, which poses significant risks to the financial system. Hsu compared credit risk management and climate risk management, stating that “strong credit risk management capabilities can provide the assurance and confidence needed for a bank to make risky credit decisions prudently, strong climate risk management capabilities can enable the same prudent risk taking with regards to climate-related business opportunities.” Additionally, Hsu noted that, by the end of this year, the OCC will issue a high-level framework guidance for large banks regarding climate risk management. Hsu also outlined several areas for board members to consider, including evaluating an institution’s overall exposure to climate change, estimating the exposure to a carbon tax, and assessing an institution’s most acute vulnerabilities to climate change events. Hsu stated that “now is the time” to identify and understand vulnerabilities impacting continuity and disaster recovery planning.
FTC permanently bans payment processor from debt relief processing
On November 8, the FTC announced the permanent ban of a payment processor from processing debt relief payments and ordered payment of $500,000 in consumer redress. According to the FTC’s complaint, the payment processor and its owner (collectively, “defendants”) allegedly processed roughly $31 million in consumer payments on behalf of a student loan debt relief operation charged by the FTC in 2019 for allegedly engaging in deceptive practices when marketing and selling their debt relief services. As previously covered by InfoBytes, the FTC claimed the operators (i) charged borrowers illegal advance fees; (ii) falsely claimed they would service and pay down their student loans; and (iii) obtained borrowers’ credentials in order to change consumers’ contact information and prevent communications from loan servicers. The FTC alleged the defendants processed payments from tens of thousands of consumers even though they were aware of numerous issues with the scheme and had received complaints from consumers and banks. The FTC further alleged that the defendants continued to process payments until the FTC took enforcement action against the operation.
Under the terms of the settlement, the defendants are permanently prohibited from processing payments for debt relief services and student loan entities and are banned from processing payments for any merchant unless there is a signed, written contract. The defendants are also required to screen prospective high-risk clients to determine whether such clients are, or are likely to be, engaging in deceptive or unfair activities. In addition, the settlement imposes a $27.5 million judgment against the defendants, which is largely suspended following the payment of $500,000, due to the defendants’ inability to pay the full amount.
House subcommittee holds hearing on cybersecurity
On November 3, the House Financial Services Subcommittee on Consumer Protection and Financial Institutions held a hearing titled “Cyber Threats, Consumer Data, and the Financial System.” The hearing examined cybersecurity and consumer data protection challenges for financial institutions, discussed agencies efforts to strengthen cyber defenses for financial institutions, and reviewed the current legal framework governing data security. According to a committee memorandum, cyberattacks on banks are increasing in number. In the first half of 2021, banks and credit unions saw a 1,318 percent increase in ransomware attacks. In written testimony, one of the witnesses expressed his concern regarding the technological disparity between minority depository institutions (MDI) and large banks, observing that “cultural shifts inside the financial services industry, including the core processors and regulators, are necessary to help MDIs better orient themselves to meet new customer demands.” Another witness discussed in his written testimony support for the NCUA to obtain data security and privacy authority over third-party vendors, which is an authority currently given to other federal agencies. Among other things, the hearing addressed several bills on cybersecurity and consumer protection: (i) Safeguarding Non-bank Consumer Information Act; (ii) Strengthening Cybersecurity for the Financial Sector; and (iii) Enhancing Cybersecurity of Nationwide Consumer Reporting Agencies Act. Specifically, one of the witnesses in his written testimony recommended that Congress revise the definition of “data aggregators” in the Safeguarding Non-bank Consumer Information Act to ensure that it covers non-financial institution entities and individuals.
CFPB deputy director discusses future rulemaking research efforts
On November 5, CFPB Deputy Director Zixta Martinez spoke before the Bureau’s Academic Research Council (ARC) meeting, in which she discussed recent research efforts taken to inform future rulemaking and identify root causes of challenges facing consumers. Martinez highlighted Section 1022 orders recently sent to several big tech payment platforms seeking information on their products, plans, and practices (covered by InfoBytes here). She noted that the evaluation of these companies’ payments platform data will help inform the Bureau on the future of the payments system as well as potential emerging risks, and will provide insights that may impact future rulemaking under Section 1033 concerning the disclosure of consumer data by regulated entities. Among other things, Martinez also discussed the importance of small business lending research to better understand whether these businesses provide fair and equitable access to credit and referred to the Bureau’s Section 1071 notice of proposed rulemaking issued in September (covered by a Buckley Special Alert). Martinez also noted that one of the Bureau’s priorities is ensuring access to fair and affordable credit for low-income, minority, or traditionally underserved communities, and said the Office of Research will solicit “suggestions and advice for ways to integrate racial and economic equity analyses into the CFPB’s research agenda.”
House fintech task force examines buy now/pay later industry
On November 2, the House Financial Services Committee’s Task Force on Financial Technology held a hearing titled “Buy Now, Pay More Later? Investigating Risks and Benefits of BNPL and Other Emerging Fintech Cash Flow Products,” urging regulators to examine the BNPL industry. The committee memorandum highlighted the rise in consumers products offered by fintechs, such as BNPL, earned wage access, and overdraft avoidance products, and warned that while these products may help consumers manage their personal cash flow, they also have the potential to create unsustainable levels of debt. FSC staff noted that many lending disclosure requirements, including those under TILA, may not apply to several of these products, thus creating concerns regarding consumers’ understanding of the associated risks. Pointing out that payments made on many of these products are not reported to credit bureaus, FSC staff raised the issue of whether consumers are missing out on opportunities to build credit.
The task force heard from several industry witnesses who discussed, among other things, current federal and state consumer protection regulations that apply to BNPL products. One witness stressed the importance of “balanced and thoughtful regulation” that benefits consumers and merchants using these new payment solutions, and noted that the industry is actively working with credit bureaus on ways to share repayment data. House Financial Services Chair Maxine Waters (D-CA) also urged the CFPB to “look[ ] deeply” at these emerging products to gain a better understanding of how they may impact low- and moderate-income consumers and borrowers of color. Representative Blaine Luetkemeyer (R-MO) noted, however, that these products “allow[] people to purchase products, [and] pay for them in a timely manner as they can afford them.” Representative Warren Davidson (R-OH) agreed, stressing that policymakers need to “avoid punishing new products for not fitting within regulatory buckets that were already built” and “should avoid overly impairing consumer choices on how they spend money.”
NCRC files fair housing complaints with HUD against mortgage lenders
On November 1, the National Community Reinvestment Coalition (NCRC) announced it had filed fair housing complaints with HUD against two mortgage lenders for allegedly engaging in discriminatory behavior against prospective Black clients. The first complaint is based on a matched-pair test conducted in the Seattle/Tacoma, Washington area, which allegedly demonstrated that lending specialists provided different lending product information to prospective borrowers based on race. NCRC also alleged that the lender’s HMDA data showed lending behaviors consistent with discriminatory practices. NCRC also conducted matched-pair testing on a second lender’s practices in the Charlotte, North Carolina area. According to the complaint, the lender also allegedly provided different information and more favorable services to White testers. An examination of the lender’s HMDA data similarly showed alleged discriminatory lending patterns.
OCC, Fed, and Treasury issue statements on climate change
On November 3, the OCC, the Federal Reserve, and the U.S. Treasury Department released statements expressing support for the Network for Greening the Financial System (NGFS) Glasgow Declaration. OCC acting Comptroller Michael J. Hsu noted in a statement that the OCC is developing “high-level climate risk management supervisory expectations for large banks” and expects to issue the framework guidance for comment “by the end of the year.” Hsu also noted that the OCC will implement recommendations of the FSOC Climate Change Report, which was released in response to President Biden’s May executive order, and directed financial regulators to take steps to mitigate climate-related risk related to the financial system (covered by InfoBytes here). In a statement by Treasury Secretary Yellen, she discussed the importance of tackling climate change, stating that it is “the greatest economic opportunity of our time,” and noted the U.S. is “calling on the multilateral development banks to increase their efforts.” The Fed noted in a statement that it is committed to understanding and addressing climate change and, furthermore, “will address climate-related risks in an analytically rigorous, transparent, and collaborative way through our domestic work with other federal agencies including the Financial Stability Oversight Council; our international engagement through the Financial Stability Board, the Basel Committee on Banking Supervision, and the NGFS; and through our broad and transparent engagement with the private sector.”
OCC says synthetic banking providers require supervision
On November 3, acting Comptroller of the Currency Michael J. Hsu spoke before the American Fintech Council’s Fintech Policy Summit 2021 and warned that “[t]he rebundling of banking services by fintechs and the fragmented supervision of universal crypto firms pose significant medium- to long-term risks to consumers, businesses, and financial stability.” Hsu also noted that large “universal” cryptocurrency firms interested in offering a wide range of financial services should “embrace comprehensive, consolidated supervision” like that given to banks. “Crypto firms today are regulated at most only partially and selectively, with no single regulator having a comprehensive view of the firm as a whole,” Hsu stated, adding “[t]his warrants greater attention as crypto firms, especially the universals, get bigger, engage in a wider range of activities and risk-taking, and deepen their interconnectedness within the crypto ecosystem and with traditional finance.” Warning that these “synthetic banking providers” (SBPs) could create a “run risk” and regulatory arbitrage, Hsu stressed the importance of removing “the disparity between the rights and obligations of banks and the rights and obligations of synthetic banking providers by holding SBPs to banking standards.” He further warned that customers’ needs must be met in a way that is reliable, consistently safe, sound, and fair, and discussed several reasons why more SBPs have not sought to become banks, including that “regulators have been unpredictable with regards to chartering new banks and approving fintech acquisitions of banks.” Establishing a clear, shared approach to the bank regulatory perimeter related to emerging technologies can address this challenge, he advised.
Hsu also announced that the OCC concluded its review of recent bank charter applications and cryptocurrency-related interpretive letters and stated that the agency will communicate its determinations and feedback to bank charter applicants in the coming weeks. Findings from a “crypto sprint” done in conjunction with the FDIC and Federal Reserve will also be communicated shortly. “The content of these communications—on the chartering decisions, interpretive letters, and the crypto sprint—will be broadly aligned with the vision for the bank regulatory perimeter laid out here today,” Hsu stated.Dept. of Labor issues ETS on employer vaccinations
On November 5, the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) published a rule in the Federal Register requiring employers to develop, implement and enforce a mandatory Covid-19 vaccination policy, unless they adopt a policy requiring employees to choose between vaccination or regular testing for Covid-19 and wearing a face covering at work. The emergency temporary standard (ETS) is for “employers with 100 or more employees—firm or company-wide,” which covers two-thirds of the nation's private-sector workforce. According to OSHA’s press release, the ETS requires employers to: (i) give paid time to workers to get vaccinated; (ii) permit paid leave for employees recovering from side effects; (iii) determine the vaccination status of each employee; (iv) acquire proof of vaccination from each vaccinated employee; (v) maintain records on each employee’s vaccination status; (vi) ensure each employee who is not fully vaccinated is tested for Covid-19 at least once a week, in certain circumstance; (vii) require employees to provide prompt notice after receiving a positive Covid-19 test or diagnosis; and (viii) ensure that each employee who has not been fully vaccinated working indoors or when occupying a vehicle with another person, for work purposes, wears a face covering. The ETS is effective immediately and “employers must comply with most requirements within 30 days of publication and with testing requirements within 60 days of publication.”
The same day, the Biden administration released a fact sheet clarifying the details of OSHA’s mandate. Specifically, the fact sheet noted that though the testing requirement will not take effect until January 4, 2022, employers must be in compliance with all other requirements, such as “providing paid-time for employees to get vaccinated and masking for unvaccinated workers,” by December 5.
CFPB affirms name-only matching practices violate FCRA
On November 4, the CFPB issued an advisory opinion to express its interpretation that credit reporting companies, including tenant and employment screening companies, are in violation of the FCRA if they engage in the practice of matching consumer records solely by name. According to the Bureau, the use of name-only matching procedures (without the use of other personally identifying information such as address, date of birth, or Social Security number) does not assure maximum possible accuracy of consumer information. The Bureau emphasized that there is a heightened risk of mistaken identity from name-only matching among Hispanic, Black, and Asian communities due to less surname diversity among those populations as compared to the White population. “When background screening companies and their algorithms carelessly assign a false identity to applicants for jobs and housing, they are breaking the law,” Director Rohit Chopra stated. “Error-ridden background screening reports may disproportionately impact communities of color, further undermining an equitable recovery.” The advisory opinion affirms consumer reporting companies’ obligation to use reasonable procedures to assure maximum possible accuracy, and “does not create a safe harbor to use insufficient matching procedures involving multiple identifiers.” Other practices, such as combining a name with date of birth, could also lead to cases of mistaken identity, the Bureau warned. The Bureau will work closely with the FTC to eliminate illegal conduct in the background screening industry, while the FTC may be able to take actions against unfair or deceptive conduct not covered by the CFPA. The Bureau further emphasized that violating the FCRA can lead to civil penalties, restitution, damages, and other relief.
Chopra issued a statement on the Bureau’s intention to curb false identity matching, pointing out that name-only matching is just one example of an inadequate procedure and that nothing in the advisory opinion “suggests that the responsibility to follow reasonable procedures to assure maximum possible accuracy can be met with a thoughtless application of any particular loose matching criteria, even if more than names alone are matched.” He also warned companies they should not try to evade their FCRA responsibilities “by issuing a disclaimer that their report might not be matched to the right person.” Chopra further noted that the Bureau will support the FTC in its work to monitor business models that rely on harvesting and monetizing personal data, as well as big tech companies and lesser-known data brokers that traffic data and consumer reports.