Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 26, the CFPB published Bulletin 2016-02 on service providers to amend previously issued guidance covered in Bulletin 2012-03. Bulletin 2016-02 seeks to clarify that supervised banks and nonbanks have flexibility in managing the risks of service provider relationships. Specifically, the CFPB advises that “the depth and formality of the risk management program for service providers may vary depending upon the service being performed —its size, scope, complexity, importance and potential for consumer harm—and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations.” The CFPB plans to post Bulletin 2016-02 on its website on October 31, 2016.
On October 25, the CFPB released its latest monthly report of consumer complaint trends. This month’s report highlights prepaid complaints, noting that since July 21, 2011, the CFPB has received approximately 6,000 prepaid complaints. According to the report, the “most common issues identified by consumers are problems with managing, opening or closing an account (32 percent) and unauthorized transactions or other transaction issues (30 percent).” Additional prepaid complaints highlighted in the report include: (i) consumers experiencing delays in receiving a replacement card after having notified a company of fraudulent or unauthorized charges to their prepaid cards; (ii) difficulty using a prepaid card after having purchased one; (iii) assessing dormancy fees that depleted the card’s balance; and (iv) balance discrepancies. Consistent with past reports, this month’s issue lists the top ten most-complained-about companies across all financial products, as well as the top seven most-complained about companies for prepaid-related issues. Finally, the report identifies North Carolina as its geographical spotlight, observing that, as of October 1, 2016, the CFPB has received about 27,600 complaints from North Carolina consumers.
CFPB Issues Warning Letters to 44 Mortgage Lenders and Brokers for Potential HMDA Reporting Failures
On October 27, the CFPB issued warning letters to 44 mortgage lenders and mortgage brokers informing them that they may not be in compliance with certain provisions of the Home Mortgage Disclosure Act (HMDA) and Regulation C. The warning letters state that the recipients may be required to collect, record, and report housing-related lending data, and that they may be violating those requirements. Under HMDA, financial institutions that meet certain criteria are required to collect and report data related to their housing-related activity, including home purchase loans, home improvement loans, and refinancings they originate or purchase, or for which the institutions receive applications. The letters recite HMDA’s coverage criteria for lenders who are not banks, credit unions, or savings associations, suggesting that the CFPB is particularly concerned about HMDA compliance for non-depository mortgage lenders. While the letters state that the CFPB has not made any determinations that the recipients are in violation of HMDA filing requirements, the letters urge recipients to review their practices to ensure compliance with the relevant laws, and encourage recipients to advise the CFPB if the institution has taken steps or will take steps to ensure compliance. The letters advise recipients of the CFPB’s authority to impose civil money penalties for noncompliance with HMDA. In October 2013, the CFPB fined a bank and a nonbank mortgage lender for filing inaccurate HMDA data. In October 2015, the CFPB finalized a rule amending the HMDA reporting requirements under Regulation C, with the majority of the provisions taking effect on January 1, 2018.
Last week, the CFPB’s final rule amending the mortgage servicing provisions of Regulations X and Z was published in the Federal Register. The amendments were previously covered in BuckleySandler’s August 9 Special Alert. The majority of the final rule will take effect on October 19, 2017, exactly one year after its Federal Register publication date. Certain provisions related to successors in interest and bankruptcy periodic statements will become effective on April 19, 2018. The CFPB’s interpretive rule under the FDCPA addressing industry concerns and conflicts with the servicing rules in Regulations X and Z was simultaneously published in the Federal Register on October 19, 2016.
On October 20, the CFPB released a new report titled “Project Catalyst report: Promoting consumer-friendly innovation-Innovation Insights.” The report provides an overview of Project Catalyst’s work to promote “consumer-friendly innovation and entrepreneurship,” and outlines the importance of ensuring that consumer protections are built into emerging products and services from the outset. The CFPB released the report in conjunction with remarks given by Director Cordray at Money 20/20, an industry conference focused on payments and financial services innovation.
The report emphasizes the CFPB’s “very sensitive” approach to new technologies, such as its “active role in the push for faster payments systems,” as well as its more general efforts “to identify innovative trends in the marketplace to inform our work.” Throughout the report, the CFPB highlights its efforts to establish “effective communication channels” with “innovators,” including the agency’s pilot program with a credit card company to evaluate the effectiveness of certain practices to encourage prepaid card users to develop regular saving behavior. In its last section, the report discusses various “marketplace developments that may hold the potential for consumer benefits.”
The report similarly summarizes ongoing efforts to coordinate with state, federal, and international regulators, cautioning that the agency “will take action as necessary to protect consumers from innovations that may be unfair, deceptive, abusive, or discriminatory.” In addressing industry members, both the report and Director Cordray at Money 20/20 discuss the CFPB’s authority to provide greater latitude for companies to test alternatives to standard disclosures over time – using as an example, the CFPB’s trial disclosure waiver policy and its no-action letter policy through which the Bureau “can reduce regulatory uncertainty for consumer-friendly innovations.” The report and Director Cordray call for industry participants to propose alternative means of disclosure to consumers.
On October 25, CFPB Director Richard Cordray delivered remarks to the Mortgage Bankers Association (MBA). Cordray highlighted the CFPB's role in helping the housing economy to recover, including regulatory actions from 2014 to the present. Director Cordray also advised industry participants that they should expect more regulation and oversight over the coming year, explaining that the cost of compliance, though burdensome, was "inevitable" in light of the "far-reaching" effects of the financial crisis that Congress was trying to fix.
Director Cordray revealed three priority areas for enforcement and supervision in the next year: (i) consumer complaints, explaining that the CFPB will now require underperforming servicers to document the technology and process changes used to implement the agency’s recently released servicing regulations, because, among other reasons, the Bureau considers monitoring and addressing the process through which complaints are handled part of "a basic component" of any compliance effort; (ii) redlining, noting that the Bureau has identified “redlining” as a target for its supervisory work in the coming year, and has teamed up with the DOJ to bring “major enforcement actions” against institutions found to be discriminatory in their lending practices; (iii) RESPA violations, announcing that the CFPB will continue to adhere to its 2015 bulletin regarding marketing servicing agreements despite the recent PHH ruling. He further noted that the PHH case "is not final at this point" and that the Bureau "respectfully disagrees" with the finding.
A Brazilian aircraft manufacturer, will pay more than $205 million to the SEC and the DOJ to resolve alleged FCPA violations stemming from payments made through its third-party agents to officials in the Dominican Republic, Saudi Arabia, and Mozambique that allegedly resulted in more than $83 million in profits for the company. Pursuant to a Deferred Prosecution Agreement with DOJ, the Brazilian company must pay a penalty of more than $107 million and must retain an independent corporate compliance monitor for three years. The company will also pay more than $98 million in disgorgement and interest to the SEC, but it may receive a credit of up to a $20 million depending on the amount of disgorgement it pays in a parallel civil proceeding in Brazil. Additional FCPA Scorecard coverage of the company's investigation can be found here, here, and here.
A Swedish telecommunications company disclosed in its Third Quarter Interim Report that it has set aside $1.45 billion to settle investigations conducted by Dutch and U.S. authorities regarding alleged bribery in Uzbekistan. The company disclosed that the authorities have proposed a global resolution that includes a financial sanction of $1.45 billion, although the company noted that further discussion and negotiation is necessary; the timing and amount of payment is uncertain at this time.
On October 26, the OCC announced plans to establish an Office of Innovation (Office) with staff located in Washington, New York, and San Francisco. The OCC simultaneously published a paper titled “Recommendations and Decisions for Implementing a Responsible Innovation Framework,” which provides an overview of the financial services landscape and the OCC’s innovation initiatives. With the expectation to begin operations in first quarter 2017, the new Office will implement certain aspects of the OCC’s responsible innovation framework, including: (i) creating an outreach and technical assistance program; (ii) conducting awareness and training activities for OCC staff, such as implementing an “internal web page that provides OCC staff a ‘one-stop-shop’ to access information on industry trends and innovative products, services, and processes”; (iii) encouraging coordination and facilitation among the regulatory community and industry stakeholders; (iv) conducting industry innovation research; and (v) promoting coordination with other agencies, particularly those with overlapping jurisdictions. Beth Knickerbocker will head the Office as acting Chief Innovation Officer.
The OCC noted that its “assessment of granting a special purpose national bank charter to nonbank financial technology companies, and under what conditions, continues.” Later in 2016, the OCC plans to publish a paper to address issues related to a potential special purpose charter.
On October 25, FinCEN issued advisory bulletin FIN-2016-A005 reminding financial institutions of their Bank Secrecy Act (BSA) obligations to report certain cyber-events and cyber-enabled crime. The advisory highlights the importance of (i) reporting cyber-events and cyber-enabled crime through Suspicious Activity Reports (SARs); (ii) including cyber-related information such as IP addresses with timestamps, virtual-wallet information, device identifiers, and cyber-event information, in SAR reporting; (iii) collaborating with BSA/AML, cybersecurity, and other in-house units to facilitate “a more comprehensive threat assessment and develop appropriate risk management strategies to identify, report, and mitigate cyber-events and cyber-enabled crime”; and (iv) sharing cyber-related information – including specific malware signatures, IP addresses and device identifiers, and virtual currency addresses that seem anonymous – amongst financial institutions for the “purpose of identifying and, where appropriate, reporting money laundering or terrorist activities.” Importantly, the advisory distinguishes between mandatory SAR reporting of cyber-events, providing three specific examples, and voluntary reporting of cyber-events. Per the advisory, “[c]yber-events targeting financial institutions that could affect a transaction or series of transactions would be reportable as suspicious transactions because they are unauthorized, relevant to a possible violation of law or regulation, and regularly involve efforts to acquire funds through illegal activities.”
FinCEN simultaneously issued FAQs to supplement advisory bulletin FIN-2016-A005. The FAQs, which supersede 2001 FAQs regarding computer intrusion, provide answers to a set of nine questions. The FAQs address, among other things, (i) when cyber-related SAR reports should be filed; (ii) the type of information that should be included in cyber-related SARs; and (iii) cyber-event and cyber-enabled crime information sharing, pursuant to Section 314(b) of the USA PATRIOT Act, between financial institutions.
- Jonice Gray Tucker to join CFPB panel at CBA’s Washington Forum
- Jonice Gray Tucker to moderate “Pandemic relief response and lasting impacts on access, credit, banking, and equality” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference