InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB issues NAL on housing counselors
On January 10, the CFPB issued its second no-action letter (NAL) under the agency’s revised NAL Policy that was issued last September. The new NAL Policy’s goal is to streamline the review process to “focus[ ] on the consumer benefits and risks of the product or service in question.” As previously covered by InfoBytes, the Bureau issued its first NAL under the revised policy in response to a request by HUD on behalf of more than 1,600 housing counseling agencies (HCAs) that participate in HUD’s housing counseling program.
A national bank is the recipient of the most recent NAL regarding the bank’s funding arrangements with HCAs certified by HUD. The NAL states that the Bureau will not take supervisory or enforcement actions against the bank under RESPA or UDAAP for entering into certain arrangements with HCAs for pre-purchase housing counseling services conditioned on the consumer applying for a loan from the bank, even if that activity could be construed as a referral, as long as the level of payment for the services is no more than a level that is commensurate with the services provided and is reasonable and customary for the area. The Bureau noted that the bank submitted its application to facilitate funding arrangements with HCAs through the HUD NAL application, which was made public last year.
Fed issues enforcement order for BSA/AML compliance
On January 9, the Federal Reserve Board announced that it entered into a cease and desist order on December 30 with a Texas state-chartered bank due to “significant deficiencies” in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program that were discovered in its latest examination of the bank. The requirements set out for the bank in the order include:
- Board oversight. The bank must submit a board-approved, written plan to improve oversight of BSA/AML requirements.
- BSA/AML compliance program. The bank must submit a written BSA/AML compliance program that includes BSA/AML training; independent testing of the compliance program; management of the program by a qualified compliance officer with adequate staffing support; BSA/AML compliance internal controls; and a BSA/AML risk assessment of the bank, its products and services, and its customers.
- Customer due diligence. The bank must submit a revised customer due diligence program that includes policies and procedures to ensure accurate client account information; a plan to bring existing accounts into compliance with due diligence requirements; a method to assign risk ratings to account holders; policies and procedures to ensure proper customer information is obtained according to the risk of the account holder; and risk-based monitoring procedures and updates to accounts.
- Suspicious activity monitoring and reporting. The bank must submit a written suspicious activity monitoring and reporting program that includes a documented process for establishing monitoring rules; policies and procedures for review of monitoring rules; customer and transaction monitoring; and policies and procedures for the review of suspicious activity.
Representatives urge financial regulators to strengthen cyber infrastructures
On January 7, Representatives Emanuel Cleaver II (D-MO) and Gregory Meeks D-NY) sent a letter to nine federal financial regulators urging them to strengthen their financial infrastructures against possible cyber-attacks in the wake of recent threats against the U.S. from Iran and its allies following the killing of Iranian official Qasem Soleimani. The letter also requests that the regulators coordinate with law enforcement and regulated entities to increase information sharing surrounding cyber threats, and “communicate a strategy to further mitigate existing cyber vulnerabilities within [the U.S.] financial infrastructure by March.” The letter was sent to the Federal Reserve Board, Treasury Department, SEC, FDIC, CFPB, Federal Housing Finance Agency, Commodity Futures Trading Commission, National Credit Union Administration, and the OCC.
As previously covered by InfoBytes, NYDFS separately issued an Industry Letter on January 4 warning regulated entities about the “heightened risk” of cyber-attacks by hackers affiliated with the Iranian government. The letter provides recommendations for ensuring quick responses to any suspected cyber incidents, and reminds entities they must inform NYDFS “as promptly as possible but in no event later than 72 hours’ after a material cybersecurity event.”
CFPB files claims against debt relief companies
On January 9, the CFPB announced that it filed a complaint in the U.S. District Court for the Central District of California against a mortgage lender, a mortgage brokerage, and several student loan debt relief companies (collectively, “the defendants”), for allegedly violating the FCRA, TSR, and FDCPA. In the complaint, the CFPB alleges that the defendants violated the FCRA by, among other things, illegally obtaining consumer reports from a credit reporting agency for millions of consumers with student loans by representing that the reports would be used to “make firm offers of credit for mortgage loans” and to market mortgage products. The Bureau asserts that the reports of more than 7 million student loan borrowers were actually resold or provided to companies engaged in marketing student loan debt relief services.
According to the complaint, “using or obtaining prescreened lists to send solicitations marketing debt-relief services is not a permissible purpose under FCRA.” The complaint alleges that the defendants violated the TSR by charging and collecting advance fees before first “renegotiat[ing], settl[ing], reduc[ing], or otherwise alter[ing] the terms of at least one debt pursuant to a settlement agreement, debt-management plan, or other such valid contractual agreement executed by the customer,” and prior to “the customer ma[king] at least one payment pursuant to that settlement agreement, debt management plan, or other valid contractual agreement between the customer and the creditor or debt collector.” The CFPB further alleges that the defendants violated the TSR and the CFPA when they used telemarketing sales calls and direct mail to encourage consumers to consolidate their loans, and falsely represented that consolidation could lower student loan interest rates, improve borrowers’ credit scores, and change their servicer to the Department of Education.
The Bureau is seeking a permanent injunction to prevent the defendants from committing future violations of the FCRA, TSR, and CFPA, as well as an award of damages and other monetary relief, civil money penalties, and “disgorgement of ill-gotten funds.”
HUD unveils new version of AFFH rule
On January 7, HUD published its proposed replacement for the 2015 version of the Affirmatively Furthering Fair Housing (AFFH) rule. According to HUD, the proposed AFFH rule will provide state and local government participants with more straightforward advice “to help them improve affordable housing choices in their community.”
In August of 2018, HUD suspended requirements under the 2015 rule for HUD grant recipient communities to submit assessments of fair housing. Additionally, as previously covered in InfoBytes, HUD solicited comments on amendments to the 2015 AFFH regulations, which, according to the agency, “proved ineffective, highly prescriptive, and effectively discouraged the production of affordable housing.” The proposed rule suggests a change to the definition of AFFH to “advancing fair housing choice within the program participant’s control or influence,” and seeks to move the focus away from anti-segregation planning and toward creation of affordable housing options.
According to the proposed rule, fair housing choice includes (i) “[p]rotected choice, meaning absence of discrimination”; (ii) “[a]ctual choice, meaning not only that affordable housing options exist,” but that state and local governments are encouraged to educate the public on their rights; and (iii) “[q]uality choice, meaning that the available and affordable housing is decent, safe, and sanitary, and, for persons with disabilities, accessible as required under civil rights laws.”NCUA releases 2020 supervisory priorities
In January, the NCUA issued a letter to board of directors and chief executive officers at federally insured credit unions outlining the agency’s 2020 supervisory priorities. Top supervisory priorities include:
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML). Examinations will continue to focus on customer due diligence and beneficial ownership requirements. The NCUA will also collaborate with law enforcement and banking regulators on initiatives such as updates to the FFIEC’s BSA/AML examination manual and enforcement guidelines, guidance concerning politically exposed persons, and measures for improving suspicious activity and currency transaction report filing procedures.
- Consumer Financial Protection. Based on a rotating regulation review cycle, NCUA examiners will review compliance (at a minimum) with the following regulations: the Electronic Fund Transfer Act, Fair Credit Reporting Act, Gramm-Leach-Bailey (Privacy Act), Payday Alternative Lending and other small dollar lending, Truth in Lending Act, Military Lending Act, and the Servicemembers Civil Relief Act.
- Cybersecurity. In 2020 the NCUA will continue conducting cybersecurity maturity assessments for credit unions with assets over $250 million and will begin to assess those with assets over $100 million. In addition, the NCUA intends to pilot new procedures—scaled to an institution’s size and risk profile—to evaluate critical security controls during examinations between maturity assessments.
- LIBOR Cessation Planning. Examiners will assess credit unions’ planning related to the discontinuation of LIBOR. According to the NCUA, credit unions should “proactively transition away from instruments using LIBOR as a reference rate.”
Other areas of focus include credit risk, current expected credit losses, liquidity risk, and modernization updates. The extended examination cycle will continue to apply to qualifying credit unions.
CFPB releases annual college credit card report
On December 31, the CFPB released its annual report to Congress on college credit card agreements. The report was prepared pursuant to the CARD Act, which requires card issuers to submit to the CFPB the terms and conditions of any agreements they make with colleges, as well as certain organizations affiliated with colleges. The CFPB cited data from 2018 showing that (i) the number of college card agreements in effect declined “both year-over-year as well as in comparison to 2009,” the first year data was collected; (ii) no new issuers submitted data to the Bureau for the first time since 2011, and two issuers left the market; and (iii) agreements with alumni associations continue to dominate the market based on most metrics. The complete set of credit card agreement data collected by the Bureau can be accessed here.
FTC sues fuel card marketer for deceptive advertising and hidden fees
On December 20, the FTC announced it had filed suit for unfair and deceptive acts and practices in violation of the FTC Act against a fuel payment card services company (company) for its “problematic marketing and fee practices.” The FTC’s complaint, filed in U.S. District Court for the Northern District of Georgia, alleges that the company marketed the fuel payment cards to “companies that operate vehicle fleets” with false promises that the cards would provide (i) cost savings; (ii) protection from unauthorized card purchases; and (iii) “no set-up, transaction, or membership fees, including when used to purchase fuel at any of the thousands of locations nationwide that accept [the company’s] fuel cards.” In fact, according to the complaint, the company “has charged customers at least hundreds of millions of dollars in unexpected fees,” and “at least tens of millions of dollars in recurring fees for programs they have not ordered,” and, in spite of its marketing representing otherwise, the company has not provided advertised fuel savings, and has not provided fraud protection for unauthorized transactions. The complaint also claims that the company has not timely posted customer payments when received, leading to customers being levied additional fees for late charges and “related [i]nterest and [f]inance [c]harges even when the customers have paid their balance in full by the due date.” The FTC seeks permanent injunctive relief against the company to prevent future violations, as well as redress for those consumers injured by the FTC Act violations, “including rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill-gotten monies.”
FDIC releases November enforcement actions
On December 27, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in November. The 14 orders include “two consent orders; one civil money penalty; one order terminating consent order; one supervisory prompt corrective directive action; five section 19 orders (prohibiting persons who have been convicted of any criminal offense involving dishonesty, breach of trust, or money laundering from serving as institution-affiliated parties with respect to an insured depository institution); two removal and prohibition orders; and two orders terminating prompt supervisory corrective action directives.” In one action, the FDIC issued a consent order against an Illinois-based bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. Among other things, the bank is ordered to (i) implement a revised, written BSA compliance program to address BSA and FinCEN regulation provisions, such as suspicious activity reporting, customer due diligence, and beneficial ownership; (ii) update its Customer Due Diligence Program to assure the reasonable detection of suspicious activity; (iii) implement a process for account transaction monitoring; (iv) retain qualified BSA management to ensure compliance with applicable laws and regulations; (v) implement a comprehensive BSA training program for appropriate personnel; (vi) address automated clearing house (ACH) activity and update policies and procedures to monitor credit risk associated with ACH transactions; and (vii) refrain from entering into any new lines of business prior to conducting appropriate due diligence.
CFPB releases TILA, EFTA, and CARD Act annual report
On December 18, the CFPB issued its mandated annual report to Congress covering activity in 2016 and 2017 pertaining to the Truth in Lending Act (TILA), the Electronic Fund Transfer Act (EFTA), and the Credit Card Accountability Responsibility and Disclosure Act (CARD Act). The report describes enforcement actions brought by the Bureau and federal agencies related to TILA, EFTA, the CARD Act (and respective implementing Regulations Z and E), as well as data on required reimbursements to consumers. The report also includes a compliance assessment of TILA and EFTA violations. Federal Financial Institutions Examination Council (FFIEC) member agencies report that more institutions were cited for violations of Regulation Z than Regulation E during the 2016 and 2017 reporting periods, and that the most frequently reported Regulation Z violations include (i) failing to disclose, or to accurately disclose, the finance charge on closed-end credit; (ii) failing to disclose good faith estimates on disclosures for closed-end credit; and (iii) failing to provide consumers with specific loan cost information on closing disclosures. The most commonly cited Regulation E violations include (i) failing to comply with investigation and timeframe requirements when resolving errors in electronic fund transfers; and (ii) failing to provide applicable disclosures. In addition, the report recaps FFIEC outreach activities related to TILA and EFTA, such as workshops, blogs, and other outreach events.