Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB issues 2023 HMDA institutional and transactional coverage charts
On March 15, the CFPB released the 2023 HMDA institutional and transactional coverage charts. The charts update the reporting thresholds for transactions that involve a closed-end mortgage loan, pursuant to an order issued last September by the U.S. District Court for the District of Columbia in National Community Reinvestment Coalition v. CFPB. (Covered by InfoBytes here.) As previously covered by InfoBytes, in 2020 the CFPB issued a final rule, which amended Regulation C and permanently increased the reporting threshold from the origination of at least 25 closed-end mortgage loans in each of the two preceding calendar years to 100, and permanently increased the threshold for collecting and reporting data about open-end lines of credit from the origination of 100 lines of credit in each of the two preceding calendar years to 200.
The 2023 HMDA Institutional Coverage Chart outlines criteria for determining whether an institution is covered by Regulation C. Additionally, the 2023 HMDA Transactional Coverage Chart explains that under HMDA/Regulation C, a transaction is reportable only if it is an application for, an origination of, or a purchase of a covered loan. The chart explains how to determine whether a transaction involves a covered loan and whether it meets the applicable loan-volume thresholds.
Design firm to settle False Claims Act allegations related to cybersecurity failures
On March 14, the DOJ announced a $293,771 settlement with a design company to resolve alleged False Claims Act (FCA) violations related to failures in its cybersecurity practices. According to the DOJ, the company failed to secure personal information on a federally-funded Florida children’s health insurance website that was created, hosted, and maintained by the company. “Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, said in the announcement. “We will use the [FCA] to hold accountable companies and their management when they knowingly fail to comply with their cybersecurity obligations and put sensitive information at risk.” In this case, the Florida entity (which receives federal Medicaid funds, as well as state funds to provide children’s health insurance programs) contracted with the design company for the provision of a hosting environment that complied with HIPPA’s personal information protection requirements. The company also agreed to adapt, modify, and create code on the webserver to support the secure communication of data. However, between January 1, 2014, and Dec. 14, 2020, the company allegedly failed to provide secure hosting of applicants’ personal information and failed to implement necessary updates. In December 2020, the website experienced a data breach that potentially exposed more than 500,000 applicants’ personal identifying information and other data. In response to the data breach and the company’s cybersecurity failure, the Florida entity shut down the website’s application portal.
CFPB seeks input on data broker businesses
On March 15, the CFPB issued a Request for Information (RFI) seeking public input on data broker business practices in order to inform planned rulemaking under the FCRA and help the agency understand the current state of the industry. “Modern data surveillance practices have allowed companies to hover over our digital lives and monetize our most sensitive data,” CFPB Director Rohit Chopra said in the announcement. He added, “[o]ur inquiry will inform whether rules under the [FCRA] reflect these market realities.” The Bureau explained that the FCRA—which covers data brokers such as credit reporting companies and background screening firms, as well as parties who report information to these firms—provides several protections, including accuracy standards, dispute rights, and restrictions on how data can be used. The RFI seeks feedback on business models and practices used by the data broker market, including information about the types of data being collected and sold and the sources data brokers rely upon. In particular, the Bureau seeks information on consumer harm and market abuses, and wants to understand “whether companies using these new business models are covered by the FCRA, given the FCRA’s broad definitions of ‘consumer report’ and ‘consumer reporting agency.’” The Bureau stated it is also interested in learning about consumers’ direct experiences with data brokers, including when consumers try to remove, correct, or regain control of their data. Comments on the RFI are due by June 13.
HHS releases health care cybersecurity guide
On March 8, the Department of Health and Human Services (HHS) released a cybersecurity implementation guide to assist public and private health care sectors prevent cybersecurity incidents. The Cybersecurity Framework Implementation Guide was developed jointly with the Administration for Strategic Preparedness and Response and the Health Sector Coordinating Council Cybersecurity Working Group. Substantial contributions to the guide were also provided by the National Institute for Standards and Technology (NIST) and other federal agencies. HHS explained that the guide is intended to help health care organizations implement the 2018 NIST Framework for Improving Critical Infrastructure Cybersecurity using their existing security measures, stating that the guide should be used to assess current cybersecurity practices and risks and identify gaps for remediation. Among other things, the guide (i) outlines risk management principles and best practices; (ii) provides common language for addressing and managing cyber risk; (iii) lays out a structure for applying cyber risk management; and (iv) identifies “effective standards, guidelines, and practices to manage cybersecurity risk cost-effectively based on business needs.”
Fed issues Bank Term Funding Program FAQs
On March 13, the Federal Reserve Board issued FAQs on its Bank Term Funding Program, which launched March 12, to provide additional funding to eligible depository institutions in order to meet depositors’ needs. The program will serve as an additional source of liquidity against high-quality securities, and will eliminate the need for an institution to quickly sell those securities in times of stress. Loans of up to one year in length will be made available to “banks, savings associations, credit unions, and other eligible depository institutions pledging U.S. Treasuries, agency debt and mortgage-backed securities, and other qualifying assets as collateral.” The Fed said in its announcement that it “is closely monitoring conditions across the financial system and is prepared to use its full range of tools to support households and businesses, and will take additional steps as appropriate.”
CFPB receives FCRA rulemaking petition on debt collection
On March 3, the CFPB received a rulemaking petition from the National Consumer Law Center (NCLC) in response to forthcoming FCRA rulemaking announced in the Bureau’s Fall 2022 regulatory agenda. As previously covered by InfoBytes, the Bureau announced it is considering pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. In January, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). At the time, CFPB Director Rohit Chopra said that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.” (Covered by InfoBytes here.)
The NCLC presented several issues for consideration in the FCRA rulemaking process, including that the Bureau should (i) “establish strict requirements to regulate the furnishing of information regarding a debt in collections by third-party debt collectors and debt buyers”; (ii) “require translation of consumer reports by the [CRAs] into the eight languages most frequently used by limited English proficient consumers”; and (iii) “establish an Office of Ombudsperson to assist consumers who have been unable to fix errors in their consumer reports from the nationwide CRAs and other CRAs within the CFPB’s supervisory authority.”
“Given the level of errors, problems, and abuses by debt collectors in furnishing and resolving disputes, requiring an original creditor tradeline is a reasonable quality control mechanism,” the NCLC said. “Alternatively, if the CFPB continues to permit the furnishing of debt collection information without a pre-existing tradeline by the original creditor, the Bureau should require that the furnisher of debt collection activity (whether a debt collector, debt buyer, servicer or other) provide a complete account history in the tradeline, including positive payments,” the petition added, stressing that “such reporting must require adequate substantiation[.]”
House subcommittee discusses CFPB reform proposals
On March 9, the House Financial Services Committee’s Subcommittee on Financial Institutions and Monetary Policy held a hearing to discuss proposals that would alter the structure and authority of the CFPB. The subcommittee heard from several witnesses, including the CEO of the American Financial Services Association (AFSA), the Bureau’s former deputy director, and the Minnesota attorney general.
During the hearing, members discussed legislation that would reform the Bureau, including: (i) the Consumer Financial Protection Commission Act, which would make the Bureau an independent commission; (ii) the Transparency in CFPB Cost-Benefit Analysis Act, which would require the Bureau to include a statement justifying any proposed rulemaking (including “why the private market, State, local, or tribal authorities cannot adequately address the problem”), as well as provide qualitative and quantitative cost assessments and data or studies used in preparing a proposal; (iii) the CFPB-IG Reform Act, which would create a separate inspector general for the Bureau; and (iv) the Taking Account of Bureaucrats’ Spending (TABS) Act, which would make the Bureau an independent agency from the Federal Reserve System called the “Consumer Financial Empowerment Agency” that would be funded through congressional appropriations rather than the Fed.
In his prepared testimony, the AFSA CEO alleged several examples of regulatory overreach taken by the Bureau, including: (i) imposing limits on arbitration, despite the Bureau’s own finding that arbitration benefits consumers; (ii) releasing guidance, instead of legislative rulemaking, which creates ambiguity for companies and consumers; (iii) using “regulation by enforcement” to change TILA and creating an ability to repay standard that does not exist in any consumer financial law or regulation; (iv) issuing press releases that serve as regulations and provide recommendations inconsistent with the plain language of laws such as the SCRA; and (v) creating potential harm to servicemembers through misinterpretations of the Military Lending Act. He further explained that a press release issued by the Bureau last year on junk fees (covered by InfoBytes here) “goes beyond its authority” and creates confusion for both depository institutions and finance companies who are unsure what the rules are. He emphasized that “the best way to protect consumer is to protect access to credit,” and the best method for achieving this “is to have clearly defined terms and conditions that both industry and the regulatory community can understand and follow.”
The former CFPB deputy director also asserted in his prepared testimony that the agency is prone to exceeding statutory limits or requirements. He commented that “[w]hile one or two of these actions could perhaps be dismissed as over-exuberance, the frequency with which these issues arise suggests that the agency lacks adequate internal or external controls to ensure it operates within the law,” and that in “the absence of these controls . . . [it] compels the conclusion that the CFPB is ripe for reform.” He also maintained that having the Bureau go through the annual appropriations process would help the agency “focus its priorities” and “improve its effectiveness and efficiency.” He further noted that expanding the Bureau’s UDAAP authority to cover conduct it observes in the marketplace (such as applying UDAAP credit discrimination laws to any decision making by a financial institution) is “a decision fundamentally for Congress.”
The Minnesota attorney general, however, highlighted joint enforcement actions taken with the Bureau in his prepared testimony, stating that by serving “as a critical enforcement partner,” the agency is operating as Congress intended when it created the Bureau in response to the 2008 financial crisis. “The CFPB’s destruction would topple the whole system like dominos,” he stressed, adding that the funding arguments fall short as several federal agencies are not funded by Congress.
Senators Sherrod Brown (D-OH), Chair of the Senate Banking Committee, and Representative Maxine Waters (D-CA), Ranking Member of the House Financial Services Committee, issued a statement strongly disagreeing with the introduced legislation. “We will continue to work with our colleagues to stop any anti-consumer bill and protect the CFPB so that consumers can continue to have an agency solely dedicated to protecting their hard-earned money,” the lawmakers said.
CFPB seeks feedback on LO comp
On March 10, the CFPB issued a Request for Comment (RFC) seeking feedback on the Regulation Z Mortgage Loan Originator Rules, including the provisions often referred to as the Loan Originator Compensation or “LO Comp” Rule. (See also blog post here.) The Bureau states that a significant focus of the RFC is to assist in determining whether the Rule should be amended or rescinded to minimize the Rule’s economic impact upon small entities.
The Mortgage Loan Originator Rules, among other things, prohibit compensation to loan originators that is based on the terms of a mortgage transaction (or proxies for terms), prohibit a loan originator from receiving compensation from both the creditor and consumer on the same transaction, prohibit steering a consumer to a particular loan because it will result in more compensation for the loan originator unless the loan is in the consumer’s interest, require certain records related to compensation be kept, and implement licensing and qualification requirements for loan originators.
The RFC is open-ended insofar as it requests public comment on any topic related to the impact of the Mortgage Loan Originator Rules pursuant to section 610 of the Regulatory Flexibility Act (Section 610). Section 610 mandates a review of all agency rules which have a significant economic impact upon a substantial number of small entities within ten years of its effective date. In conducting a Section 610 review, the agency must consider (i) the continued need for the rule; (ii) the nature of complaints or comments received concerning the rule from the public; (iii) the complexity of the rule; (iv) the extent to which the rule overlaps, duplicates, or conflicts with other Federal rules, and, to the extent feasible, with State and local governmental rules; and (v) the length of time since the rule has been evaluated or the degree to which technology, economic conditions, or other factors have changed in the area affected by the rule.
Notably, the RFC references feedback it has previously received from stakeholders related to the Mortgage Loan Originator Rules, specifically referring to recommendations it has received related to (i) whether to permit different loan originator compensation for originating State housing finance authority loans as compared to other loans (i.e., on bond loans); (ii) whether to permit creditors to decrease a loan originator’s compensation due to the loan originator’s error or to match competition; and (iii) how the Rule provisions apply to loans originated by mortgage brokers and retail loan originators differently. Each of these topics has been a source of significant industry input, including in response to the CFPB’s 2018 Request for Information Regarding the Bureau's Adopted Regulations.
The Bureau is most likely simply following standard procedure to comply with Section 610, which mandates the CFPB conduct a review within ten years for all rules that significantly impact small entities. But it is possible that the Bureau may be open to making certain adjustments to the Rule that industry has been clamoring for since the Rule was implemented, particularly as the Bureau chose to specifically reference three such recommendations.
HUD establishes 40-year loss-mit option
On March 8, HUD published a final rule in the Federal Register to allow mortgagees to increase the maximum term of a loan modification from 360 to 480 months for FHA-insured mortgages after a borrower defaults. HUD explained that “[i]ncreasing the maximum term limit will allow mortgagees to further reduce the borrower’s monthly payment as the outstanding balance would be spread over a longer time frame, providing more borrowers with FHA-insured mortgages the ability to retain their homes after default.” The change also aligns FHA with modifications made available to borrowers with mortgages backed by Fannie Mae and Freddie Mac, both of which provide a 40-year loan modification option. HUD considered public comments in response to a proposed rule published last April (covered by InfoBytes here), and noted that commenters said a 40-year loan modification option would provide significant relief to struggling borrowers. Concurrently, HUD published Mortgagee Letter 2023-06 to establish the standalone 40-year loan modification policy. The final rule is effective May 8.
Biden administration urges states to join fee crack down
On March 8, the Biden administration convened a gathering of state legislative leaders to hold discussions about so-called “junk fees”—described as the “unnecessary, unavoidable, or surprise charges” that obscure true prices and are often not disclosed upfront. While the announcement acknowledged actions taken by federal agencies over the past few years to crack down on these fees, the administration recognized the role states play in advancing this effort. The Guide for States: Cracking Down on Junk Fees to Lower Costs for Consumers outlined actions states can take to address these fees, and provided several examples of alleged junk fees, including hotel resort fees, debt settlement fees, event ticketing fees, rental car and car purchase fees, and cable and internet fees. The guide also highlighted “the banking industry’s excessive and unfair reliance on banking junk fees.” The administration pointed out that a number of businesses have changed their policies in response to the increased scrutiny of junk fees and said several banks have ended fees for overdraft protection. The same day, the CFPB released a new Supervisory Highlights, which focused on junk fees uncovered in deposit accounts and the auto, mortgage, student, and payday loan servicing markets (covered by InfoBytes here).
Additionally, HUD Secretary Marcia L. Fudge published an open letter to the housing industry and state and local governments, encouraging them to “limit and better disclose fees charged to renters in advance of and during tenancy.” Fudge noted that “actions should aim to promote fairness and transparency for renters while ensuring that fees charged to renters reflect the actual and legitimate costs to housing providers.”
California Attorney General Rob Bonta also issued a statement responding to the administration’s call to end junk fees. “Transparency and full disclosure in pricing are crucial for fair competition and consumer protection,” Bonta said, explaining that in February the state senate introduced legislation (see SB 478) to prohibit the practice of hiding mandatory fees.
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit