Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 29, Senator Elizabeth Warren (D-MA) sent a letter to the Fed regarding its recent notice of proposed rulemaking, urging them to “finalize the rules as quickly as possible.” In July, the Fed announced amendments to the regulatory capital requirements for large banking organizations that would implement the final components of the Basel III agreement (previously covered by InfoBytes here). Warren noted that she is concerned about the Fed’s intent to seek potential modifications as it could result in weakening the proposed rule. Warren also warned that big bank lobbyists has been “engaging in a full-court press to fend off higher capital requirements” before the release of the proposed rule, and that big banks lobbying expenditures were up 20 percent compared to the same period of time in the previous year, indicating a “clear effort to fend off stronger rules” following recent bank failures. The senator finally noted that the capital bank requirements are a threat to bank’s “massive payouts for executives and shareholders.”
On August 28, the DOJ announced a settlement agreement to resolve allegations of redlining by an Oklahoma-based bank. According to the complaint, defendant allegedly engaged in redlining by refraining from providing home loans and other mortgage-related services, and also engaged in biased behavior, to deter individuals residing in or seeking credit within predominantly Black and Hispanic neighborhoods in Tulsa from pursuing mortgage opportunities. According to the proposed consent order, without admitting or denying the allegations, defendant agreed to (i) invest $1.15 million to increase credit opportunities in neighborhoods of color; (ii) invest at least $950,000 in a loan subsidy fund for predominantly Black and Hispanic neighborhoods in Tulsa; (iii) invest $100,000 for advertising, outreach and consumer education; (iv) invest $100,000 for community partnerships to improve access to residential mortgage credit services; (v) “open a new community-oriented loan production office in the historically Black area of Tulsa”; and (vi) assign at least two mortgage loan officers to solicit mortgage applications in predominantly Black and Hispanic neighborhoods in Tulsa, among other things.
The DOJ press release makes reference to the 1921 Tulsa Race Massacre. The bank's press release announcing the settlement responded by stating that “[a]s Oklahomans, we carry a profound sense of sorrow for the tragic events of the Tulsa Race Massacre over a century ago. It is with deep concern that we note the Justice Department’s decision to reference this distressing historical event in its complaint against our bank, established a mere 25 years ago.”
On August 17, the Fed announced an enforcement action against a state bank and its holding company for failing to comply with conditions imposed during the approval process for the bank to become a member of the Federal Reserve System and subsequent application for acquisition. Namely, the order provides that, among other conditions and limitations, the bank was required to provide advance notice of any change in its business plan, and was found to have changed the business plan without the requisite prior written approval. As part of the order, the bank will wind down its operations as part of a purchase agreement where it will sell its assets to a third-party bank and it will ensure the conservation of capital, preservation of cash assets, and will limit its business activities to only those necessary to consummate the purchase agreement.
The National Institute of Standards and Technology (NIST) recently unveiled a proposed update to its Cybersecurity Framework, which was originally developed to provide information security guidelines for “critical infrastructure” like banking and energy industries. (Covered by InfoBytes here). The update includes a new, sixth pillar called “govern” that provides categories to facilitate executive oversight; manage enterprise risk (including supply chain risk); and effective alignment of enterprise resources, strategies, and risk, emphasizing that “cybersecurity is a major source of enterprise risk and a consideration for senior leadership.” This pillar will also guide organizations’ leadership in making internal decisions to support its cybersecurity strategy. The framework draft also updated its implementation guidance, especially for creating profiles that tailor guidance for certain situations. Additionally, NIST included implementation examples that are particularly beneficial for smaller firms. The framework’s lead developer, Cherilyn Pascoe, mentioned the framework has proven useful across many different sectors like small businesses and foreign governments, therefore it was updated to be a useful tool to sectors, regardless of type or size, outside of those designated as critical. A major goal of the updated version of the framework is to show organizations how to leverage existing technology frameworks, standards, and guidelines to implement NIST’s framework. Furthermore, the framework title changed from “Framework for Improving Critical Infrastructure Cybersecurity” to “The Cybersecurity Framework” to reflect its expanded inclusivity and wide adoption.
Public comments must be received by November 4.
CFPB contests motions for preliminary injunctions to block enforcement of Small Business Lending Rule
On August 22, the CFPB filed an opposition to a motion made by a group of intervenors seeking to expand the scope of a preliminary injunction issued by the U.S. District Court for the Southern District of Texas, which enjoined the CFPB from implementing its Small Business Lending Rule. As previously covered by InfoBytes, the original plaintiffs in the litigation, a Texas banking association and a Texas bank, challenged the legality of the CFPB’s Small Business Lending Rule. After the American Bankers Association joined the case, the plaintiffs sought, and the court granted, a preliminary injunction enjoining implementation and enforcement of the rule against plaintiffs and their members. The intervenors, who consist of both banking and credit union trade associations, as well as individual banks and credit unions, seek a nationwide injunction that would apply beyond the parties to the case, or at least to the intervenors and their members. The CFPB’s opposition to this request for an expanded preliminary injunction argues that the intervenors fail to show that they would suffer immediate harm from enforcement of the Small Business Lending Rule.
In a related matter, on August 21, a group of Kentucky banks and a Kentucky banking association filed a motion for a preliminary injunction in the U.S. District Court for the Eastern District of Kentucky against the CFPB, seeking a preliminary injunction enjoining the CFPB from enforcing the Small Business Lending Rule against the plaintiffs and their members. Referencing the parallel Texas litigation, the Kentucky plaintiffs allege that they are entitled to an order enjoining enforcement of the Small Business Lending Rule against them for the same reasons that the Texas district court enjoined enforcement of the rule.
The most recent litigation activity follows a request from a group of trade associations to the CFPB to take administrative action to address the disparity in compliance dates that results from the district court’s injunction, a disparity that the trade associations argue is both unfair and disruptive to the market’s compliance efforts. The CFPB declined this request.
Both of these challenges to the Small Business Lending Rule point to a recent decision issued by the U.S. Court of Appeals for the Fifth Circuit in Community Financial Services Association of America v. Consumer Financial Protection Bureau, where the court found that the CFPB’s “perpetual self-directed, double-insulated funding structure” violated the Constitution’s Appropriations Clause (covered by InfoBytes here), as justification for why the final rule should ultimately be set aside.
On August 21, the U.S. Court of Appeals for the Second Circuit upheld the dismissal of a whistleblower False Claims Act (FCA) case, holding that FCA qui tam relator complaints may be dismissed upon the government’s motion without a hearing, provided the district court consider the parties’ arguments. The plaintiff qui tam here alleged that a bank (defendant) failed to pay penalties to the government for violating economic sanctions. Plaintiff’s complaint specifically alleged that defendant facilitated illegal transactions violating economic sanctions and defrauded the government by concealing the extent of its illegal activities during negotiation of a deferred prosecution agreement. In a summary order without precedential effect, the 2nd Circuit upheld the dismissal of plaintiff’s complaint.
Plaintiff’s complaint was initially dismissed by the district court following a motion to dismiss by the government, which intervened in the action to argue that the complaint should be dismissed because it lacked merit and would waste government resources. Consideration of plaintiff’s appeal of the dismissal was delayed until after the Supreme Court issued a decision in Polansky v. Executive Health Resources, Inc., a different FCA case raising applicable issues regarding when the government has the authority to force the dismissal of an FCA case brought by a whistleblower.
Following the Supreme Court’s ruling in Polansky, the 2nd Circuit upheld the dismissal of plaintiff’s complaint, reasoning that district court properly dismissed the qui tam relator claim after the government’s intervention seeking dismissal, since the defendant bank had not yet answered the complaint or moved for summary judgment. The 2nd Circuit held that “the district met the hearing requirement” established by Polansky for dismissing qui tam relator cases through its careful consideration of the briefs and materials submitted by the parties. In reaching this conclusion, the 2nd Circuit noted that Polansky does “not mandate universal requirements” for an FCA hearing in every case. The 2nd Circuit also rejected plaintiff’s due process arguments, plaintiff’s claim that the court failed to evaluate defendant’s settlement with the government resolving related criminal and administrative violations, and plaintiff’s claim that the district court erred in denying its motion for an indicative ruling, based on new evidence published while the appeal was pending.
On August 21, the OCC issued a proclamation providing discretion to OCC-regulated institutions to close offices affected by Tropical Storm Hilary in California, Nevada, and Arizona “for as long as deemed necessary for bank operation or public safety.” The proclamation directs institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions. According to the OCC, only bank offices directly affected by potentially unsafe conditions should close, and institutions should make every effort to reopen as quickly as possible to address customers’ banking needs.
Find continuing InfoBytes coverage on disaster relief here.
On August 17, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include civil money penalty orders, formal agreements, and prohibition orders, each issued with the consent of the parties. The OCC also announced a termination of an existing enforcement action against a bank. Included in the release is a formal agreement entered into with a Minnesota-based bank on June 27 in connection with OCC findings of alleged unsafe or unsound practices relating to, among other things, consumer compliance and third party risk management. In connection to violations of certain Flood Disaster Protection Act rules, the agreement requires the bank to (i) establish a compliance committee to monitor the bank’s progress in complying with the agreement’s provisions; (ii) report such progress to the bank’s board of directors on a quarterly basis; and (iii) implement a written consumer compliance program. This program must also include procedures and guidance for compliance with all consumer protection laws, rules, and regulations to which the bank should adhere, an independent audit program, a comprehensive training program for bank personnel in the consumer protection laws, rules, and regulations as appropriate, and policies to manage risks in the credit process. It also separately requires revisions to the third-party risk management program addressing due diligence and monitoring of third parties, including monitoring for compliance with consumer protection-related laws and regulations.
On August 22, the White House announced the SAVE Plan, an income-driven repayment plan, intended to calculate payments based on a borrower’s income and family size rather than the loan balance and provide forgiveness for balances after a certain number of years since repayment. It is estimated that over 20 million borrowers could benefit from this plan and that it will have particular critical benefits for low- and middle-income borrowers, community college students, and borrowers who work in public service. In order to encourage participation by borrowers, the Department of Education is partnering with grassroots organizations on an outreach campaign. This plan builds on broader actions taken by the current administration to deliver relief to borrowers and make college more affordable.
On August 22, the DOJ and the FTC jointly announced a permanent injunction and civil penalty of $650,000 against a company that offers credit information, analytical tools, and marketing services for alleged violations of the CAN-SPAM Act, the CAN-SPAM Rule, and the FTC Act. The case, which was filed in the District Court for the Central District of California, asserts that millions of commercial emails sent to consumers did not give the recipients requisite notice of the option to opt-out of future such emails, in violation of the CAN-SPAM Act and Rule. The order enjoined the company from sending commercial emails that do not provide notice of the recipient’s ability to opt-out of future emails, it also enjoins the company from otherwise violating the CAN-SPAM Act, and subjects it to a civil penalty judgment of $650,000.