InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB proposes collection of small business lending data
On September 1, the CFPB released a notice of proposed rulemaking (NPRM) and request for public comment on a proposed rule to implement Section 1071 of the Dodd-Frank Act, which requires the agency to collect and disclose data on lending to women and minority-owned small businesses. The NPRM would create a new subpart B to existing Regulation B, the implementing regulation for ECOA, in order to increase transparency in the lending marketplace. Covered financial institutions would be required to collect and report to the Bureau a broad set of data points relating to applications for several small business credit products with the stated goal of facilitating the enforcement of fair lending laws and enabling the identification of business and community development needs and opportunities for women-owned, minority-owned, and other small businesses.
The NPRM defines a covered “financial institution” as an entity that meets a specific origination threshold where at least 25 “covered credit transactions” are originated to small businesses in each of the two preceding calendar years. A “covered credit transaction” under the NPRM would include transactions that meet the definition of business credit under Regulation B, as well as loans, lines of credit, credit cards, merchant cash advances, credit transactions for agricultural purposes, and transactions covered by HMDA. The definition of a small business would be one that had less than $5 million in gross annual revenue for the preceding fiscal year. Additionally, the NPRM defines a “covered application” as “an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested.” Data points that covered financial institutions would be required to collect on a calendar-year basis to be reported by June 1 of the following year are also provided.
The Bureau proposes that an eventual final rule would become effective 90 days after publication in the Federal Register; however, compliance would not be required until approximately 18 months after publication. Additionally, the Bureau proposes certain transitional provisions that would allow covered financial institutions to begin collecting data prior to the compliance date and would permit covered financial institutions to “use either the two calendar years immediately preceding the effective date or the second and third years preceding the compliance date to determine coverage.” (See also the Bureau’s summary on the NPRM here.) Comments on the NPRM will be received for 90 days following publication in the Federal Register.
“This data will be used to support business and community development and foster fair lending,” acting Director Dave Uejio noted in a statement following the announcement of the NPRM. He added that the “rule is about providing greater transparency into which small businesses get credit and which ones do not.”
A Buckley Special Alert is forthcoming.
FTC bans respondents from surveillance business
On September 1, the FTC announced that a data monitoring application and its CEO (collectively, “respondents”) will be permanently banned from the surveillance industry for failing to provide reasonable data security for consumers’ personal information by allegedly “secretly harvesting and sharing data on people’s live location, web use, and online activities through their product’s hidden device hack.” The respondents allegedly sold real-time access to their surveillance system, which allowed stalkers and domestic abusers to “stealthily track” unknowing victims.
According to the complaint, the respondents violated Section 5 of the FTC Act by committing unfair or deceptive business practices in using unauthorized personal information and failing to secure such data in which “victims continue to experience substantial harm, including injury in the form of depression, anxiety, and ongoing fear for one’s safety,” even after the stalking or domestic abuse ended. The complaint detailed the covert monitoring products and services offered by respondents once their application is installed, including capturing and logging: email, SMS messages, call history, GPS location and live location, web history, contacts, pictures, calendar, video chats, files downloaded on the device, notifications, among other functions depending on cost.
Under the terms of the proposed settlement, the respondents are: (i) banned from offering, promoting, selling, or advertising any surveillance app, service, or business; (ii) required to delete any information illegally collected from their apps; and (iii) required to notify owners of devices that their devices might have been monitored and the devices may not be secure. This is the agency’s second case “brought against stalkerware apps, and the first where the FTC is obtaining a ban.” According to a statement released by FTC Commissioner Rohit Chopra, the agency is also “seeking public comment on banning [the defendants] from licensing, marketing, or offering for sale surveillance products,” which is “a significant change from the agency’s past approach.”
Agencies provide guidance on Hurricane Ida and California wildfires
Recently, the FDIC, Federal Reserve Board, NCUA, OCC, and the Conference of State Bank Supervisors issued joint statements covering supervisory practices for financial institutions affected by Hurricane Ida and the California wildfires (see here and here). Among other things, the agencies informed institutions facing operational challenges that the regulators will expedite requests for temporary facilities, noting that in most cases, “a telephone notice to the primary federal and/or state regulator will suffice initially to start the approval process, with necessary written notification being submitted shortly thereafter.” The agencies also called on financial institutions to “work constructively” with affected borrowers, noting that “prudent efforts” to adjust or alter loan terms in affected areas “should not be subject to examiner criticism.” Institutions facing difficulties in complying with any publishing and reporting requirements should contact their primary federal and/or state regulator. Additionally, the agencies noted that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services that revitalize or stabilize federally designated disaster areas. Institutions are also encouraged to monitor municipal securities and loans impacted by Hurricane Ida and the California wildfires.
Uejio says SPCPs may help economically disadvantaged homeowners
On September 1, CFPB acting Director Dave Uejio spoke before the National Fair Housing Alliance’s forum on special purpose credit programs (SPCPs) to address discrimination and inequity trends in homeownership and explore ways that SPCPs could be used to promote fair and equitable access to credit and mortgage markets. Uejio discussed a Bureau report detailing the “enormous toll” that the Covid-19 pandemic has had on minority homeowners and cautioned that Black and Hispanic homeowners will be disproportionately represented in foreclosure data once pandemic housing protections end. To address these issues, Uejio referred to a Bureau advisory opinion issued last December, which provided creditors additional guidance for complying with ECOA to ensure the development of compliant SPCPs. (Covered by InfoBytes here.) While ECOA and Regulation B prohibit discrimination on a prohibited basis in any aspect of a credit transaction, SPCP provisions under the statute and regulation provide specific means to allow creditors meet special social needs and benefit economically-disadvantaged groups. “The SPCP provision in ECOA is also a recognition that government alone cannot solve this problem,” Uejio stated. “All of us—regulators, policymakers, nonprofits, advocates, and mortgage lenders—must work together.”
CFPB examines pandemic effect on access to new credit
On August 26, the CFPB released findings regarding trends in credit cards, mortgages, and auto loans for consumers through the Covid-19 pandemic. The post—the fifth and final in a series documenting trends in consumer credit outcomes during the Covid-19 pandemic—examines how access to new credit and the amount of extended credit for new account holders have been impacted by the pandemic. An August 2020 Bureau report (covered by InfoBytes here and updated here) found that while credit limit increases seemed to have been halted for many consumers, there was not a pronounced reduction in available credit card credit since the start of the pandemic (the 2020 report did not discuss access to new credit trends). According to the Bureau’s most recent report, access to new credit declined for credit cards but increased for mortgages and auto loans during the Covid-19 pandemic. Among other things, the Bureau noted that early in the pandemic, the success rate of credit card inquiries declined from around 45 percent in January 2020 to just over 30 percent in May 2020—a “drop well beyond what could be expected from seasonal variation.” Additionally, the volume of credit card inquiries also dropped substantially and did not recover until March 2021, with credit card inquiry success rates also similarly declining “across credit score groups as well as across age groups and subgroups of consumers classified by their census tract or county characteristics.”
Although the report noted that there was “a small and transitory dip” for auto loans in March and April 2020, by February 2021, success rates for auto loan and mortgage inquiries were well above pre-pandemic levels. According to the Bureau, “[t]his result for auto loan and mortgages inquiries contrasts somewhat with responses to the Federal Reserve’s survey of bank loan officers, which indicate that large banks tightened lending standards on auto and mortgage loans during 2020, only loosening standards in 2021.”
DOJ, OCC settle redlining allegations
On August 30, the DOJ and the OCC announced coordinated efforts to resolve allegations of lending discrimination by a Georgia-based bank for violations of the Fair Housing Act and ECOA by allegedly redlining predominantly Black and Hispanic neighborhoods in Texas from 2013-2017. The OCC, which referred the matter to DOJ, ordered the bank to pay a $3.3 million civil money penalty. Under the DOJ’s settlement, the bank will invest more than $5.5 million to increase credit opportunities for residents of those neighborhoods.
FDIC releases July enforcement actions
On August 27, the FDIC released a list of administrative enforcement actions and one Notice of Charges taken against banks and individuals in July. During the month, the FDIC issued nine orders consisting of “three Orders to Pay Civil Money Penalties, two Orders of Prohibition from Further Participation, three Section 19 Orders, and one Order Terminating Consent Order.” Among the orders is a civil money penalty imposed against a Kansas-based bank concerning alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank “made, increased, extended, renewed, sold, or transferred a loan secured by a building or mobile home located or to be located in a special flood hazard area without properly notifying the Administrator of FEMA or their designee.” The order requires the payment of a $9,500 civil money penalty.
The FDIC also imposed a civil money penalty against a Missouri-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank (i) “[m]ade, increased, extended or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance”; (ii) “[m]ade, increased, extended or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral”; and (iii) “[f]ailed to comply with proper procedures for force-placing flood insurance in instances where the collateral was not covered by flood insurance at some time during the term of the loan.” The order requires the payment of a $4,000 civil money penalty.
CFPB officially withdraws extension of compliance date for debt collection rules
On September 1, the CFPB published a proposal in the Federal Register to withdraw its proposed rule that would have extended the effective date of its final rules amending Regulation F, which implements the FDCPA. As previously covered by InfoBytes, in April, the Bureau proposed delaying the effective date by 60 days to provide affected parties additional time to comply due to the ongoing Covid-19 pandemic. However, the Bureau determined that an extension is unnecessary and will publish a formal notice in the Federal Register, withdrawing the April notice of proposed rulemaking (covered by InfoBytes here). According to the Bureau, industry comments generally did not support an extension, and “[m]ost industry commenters stated that, despite the pandemic, they would be prepared to comply with the Debt Collection Final Rules by November 30, 2021.”
OCC says banks affected by Hurricane Ida may close
On August 27, the OCC issued a proclamation permitting OCC-regulated institutions, at their discretion, to close offices affected by Hurricane Ida “for as long as deemed necessary for bank operation or public safety.” The proclamation directs institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions. According to the 2012 Bulletin, it is generally expected that only bank offices directly affected by potentially unsafe conditions should close and institutions should make every effort to reopen as quickly as possible to address customers’ banking needs.
DOJ charges payment processing executives involved in $150 million scheme
On August 26, the DOJ unsealed an indictment in the District of Massachusetts against four individuals, charging them with “conspiring to deceive banks and credit card companies into processing more than $150 million in credit and debit card payments on behalf of merchants involved in prohibited and high-risk businesses, including online gambling, debt collection, debt reduction, prescription drugs, and payday lending.” According to the announcement, executives of a Los Angeles-based payment processing company secured payment processing for these high-risk businesses through fraudulent misrepresentations about merchant clients. As a payment processor, the company “enabl[ed] merchant clients to accept debit and credit card payments over global electronic payment networks run by major card brands” and “served as an intermediary between its merchant clients and financial institution members of the card brand networks.” Two of the individuals were charged with conspiring to commit wire fraud, and two others were charged with conspiring to commit wire fraud and bank fraud. Among other things, the DOJ asserts that the individuals and their co-conspirators allegedly made fraudulent misrepresentations to financial institutions, card brands, and others about the type of transactions that were being processed along with the true identities of the merchant clients, created shell companies and fake websites to make it appear that they were selling low-risk goods, and “miscategorized the true nature of the transactions” by using industry-standard codes.