Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Hsu presses for global supervision of crypto
On March 6, acting Comptroller of the Currency Michael J. Hsu commented that the collapse of a major cryptocurrency exchange has underscored a need for consolidated supervision of global cryptocurrency firms. Speaking before the Institute for International Banker’s Annual Washington Conference, Hsu offered thoughts on how to build and maintain trust in global banking. “To be trustworthy, global crypto firms need a lead regulator who has authority and responsibility over the enterprise as a whole,” Hsu said. “Until that is done, crypto firms with subsidiaries and operations in multiple jurisdictions will be able to arbitrage local regulations and potentially play shell games using inter-affiliate transactions to obfuscate and mask their true risk profile.” Hsu pointed out that in order to conduct business in the U.S. foreign banks must be supervised by a home country via “a lead regulator with visibility and authority over the entirety of the bank’s global activities.” In contrast, not a single crypto firm is currently subject to consolidated supervision, Hsu said.
Hsu drew comparisons between a now-defunct international bank that led to significant changes in how global banks are supervised and the collapsed crypto exchange, arguing that there are “striking similarities” between the two, including that both (i) “faced fragmented supervision by a combination of state, federal, and foreign authorities”; (ii) “lacked a lead or ‘home’ regulator with authority and responsibility for developing a consolidated and holistic view of the firms”; (iii) “operated across jurisdictions where there was no established framework for regulators to share information on the firms’ operations and risk controls”; and (iv) “used multiple auditors to ensure that no one could have a holistic view of their firms.” To close the gap in the crypto sector, Hsu said action “will have to take place outside of bank regulatory channels,” but noted that the Financial Stability Board and other international bodies have already “recognized the need for a comprehensive global supervisory and regulatory framework for crypto participants.”
CFPB publishes HMDA review
On March 3, the CFPB published findings from a voluntary review of the 2015 HMDA Final Rule issued in October 2015, as well as subsequent related amendments that eased certain reporting requirements and permanently raised coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit (covered by InfoBytes here). Under Section 1022(d) of Dodd-Frank, the Bureau is required to conduct an assessment of each significant rule or order adopted by the agency under federal consumer financial law. The Bureau noted that it previously determined that the 2015 HMDA Final Rule “is not a significant rule for purposes of section 1022(d)” and said the decision to conduct the review was voluntary.
The Report on the Home Mortgage Disclosure Act Rule Voluntary Review found, among other things, that (i) “[c]onsistent with the 2015 HMDA Final Rule’s increase in the closed-end reporting threshold for depository institutions, HMDA coverage of first lien, closed-end mortgages decreased between Q1 of 2017 and Q1 of 2018, from 97.0 percent to 93.8 percent”; (ii) for all financial institutions originating closed-end mortgages, “the share of those institutions reporting HMDA data decreased between 2015 and 2020, with the largest decreases observed in 2017 and 2020” after the reporting threshold rose from 25 loan originations to 100 loan originations; (iii) revising data points to include the age of applicant and co-applicant race, ethnicity, gender, and income, increased the amount of compiled data; and (iv) analyzing data assists in detecting fair lending risk and discrimination in mortgage lending. “HMDA’s expanded transactional coverage improved the risk screening used to identify institutions at higher risk of fair lending violation by improving the accuracy of analysis and thus reducing the false positive rate at which lenders were mistakenly identified as high risk,” the report said.
The report also noted that interest rate data “provides an important observation that enables data users, including government agencies, researchers, and consumer groups to analyze mortgage pricing in order to better serve HMDA’s purposes. In particular, interest rate information brings a greater transparency to the market and facilitates enforcement of fair lending laws.” The Bureau further noted that HMDA data is “crucial” to federal regulators when conducting supervisory examinations and enforcement investigations. The Bureau commented that the “requirement to report new HMDA data points greatly increased the accuracy of supervisory data since the additional data points are now used to assess fair lending risks and are subject to supervisory exams for accurate filing to HMDA,” adding that the data is “also used to estimate appropriate remuneration amounts for harmed consumers.”
DOJ initiates SCRA action over auto auctions and dispositions
On March 3, the DOJ filed a complaint in the U.S. District Court for the Eastern District of North Carolina against a North Carolina-based towing company for allegedly auctioning off, selling, or disposing of vehicles owned by servicemembers through the use of court judgments obtained without filing proper military affidavits. Under the Servicemembers Civil Relief Act (SCRA), plaintiffs seeking a default judgment must “file an accurate military affidavit stating whether or not the defendant is in military service, or that the plaintiff is unable to determine the defendant’s military service status.” Towing companies are also required by the statute to make a good faith effort to determine if a defendant is in military service. A court may not enter a default judgment in favor of a plaintiff until after a servicemember has been appointed an attorney.
According to the complaint, the towing company disposed of servicemembers’ vehicles without complying with these requirements from at least 2017. The DOJ further claims that several factors should have alerted the towing company to the fact that the vehicles belonged to a servicemember, including that many of the vehicles were originally towed from locations on or near a military installation and many of the vehicles “had military decals, patches, and decorations, were financed through lenders geared towards members of the military, and contained military uniforms and paperwork, including orders.” The DOJ seeks damages for the affected servicemembers and civil penalties, as well as a court order enjoining the towing company from engaging in the illegal conduct.
House committees move forward on data privacy
On March 1, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy” to continue discussions on the need for comprehensive federal privacy legislation. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) delivered opening remarks, commenting that discussions during the hearing will build upon the bipartisan American Data Privacy and Protection Act (ADPPA), which advanced through the committee last July by a vote of 53-2. As previously covered by InfoBytes, the ADPPA (see H.R. 8152) was sent to the House floor during the last Congressional session, but never came up for a full chamber vote. The bill has not been reintroduced yet.
A subcommittee memo highlighted that absent a comprehensive federal standard, “there are insufficient limits to what types of data companies may collect, process, and transfer.” The subcommittee flagged the data broker industry as an example of where there are limited restrictions or oversight to prevent the creation of consumer profiles that link sensitive data to individuals. Other areas of importance noted by the subcommittee relate to data security protections, data minimization requirements, digital advertising, and privacy enhancing technologies. The subcommittee heard from witnesses who agreed that a comprehensive privacy framework would benefit consumers.
One of the witnesses commented in prepared remarks that preemption is key, calling the current patchwork of state laws confusing and costly to businesses and consumers. “Consumers need a strong and consistent law to protect them across jurisdictions and market sectors, and to clarify what privacy rights they should expect and demand as they navigate the marketplace,” the witness said. The witness also stated that the FTC is currently relying on outdated law, noting that while Section 5 of the FTC Act is frequently used, “virtually all of the FTC’s privacy and data security cases are settlements. That means that many of the legal theories advanced, as well as the remedies obtained, have never been tested in court.”
In advance of the hearing, the California governor, the California attorney general, and the California Privacy Protection Agency sent a joint letter opposing preemption language contained in H.R. 8152. “[B]y prohibiting states from adopting, maintaining, enforcing, or continuing in effect any law covered by the legislation, [the ADPPA] would eliminate existing protections for residents in California and sister states,” the letter warned. The letter asked Congress “to set the floor and not the ceiling in any federal privacy law” and “allow states to provide additional protections in response to changing technology and data privacy protection practices.”
Separately, at the end of February, Chairman of the House Financial Services Committee, Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165). The bill moved out of committee by a 26-21 vote, and now goes to the full House for consideration. Among other things, the bill would modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape. The bill would also ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time. Additional provisions are intended to protect against the misuse or overuse of consumers’ personal data and impose disclosure requirements relating to data collection methods, how data is used and who it is shared with, data retention policies, and informed choice. The bill is designed to provide consistency across the country to reduce compliance burdens, McHenry said.
Fannie says appraisals are no longer required to establish market value
On March 1, Fannie Mae issued a Selling Guide announcement to introduce a range of options for establishing a property’s market value, noting that it is “moving away from implying that an appraisal is a default requirement.” As part of Fannie’s efforts to improve the efficiency and accuracy of the home valuation process, it is rolling out choices that balance “traditional appraisals with appraisal alternatives.” Options introduce the term “value acceptance,” which will be “used in conjunction with the term ‘appraisal waiver’ to better reflect the actual process of using data and technology to accept the lender-provided value.” A new option, “value acceptance + property data” will use property data collected by vetted third parties that conduct interior and exterior data collection on a property. This data will be used by the lender to confirm property eligibility (an appraisal will not be required). “Hybrid appraisals” will be “based on interior and exterior property data collection by a vetted and trained third-party that is provided to an appraiser to inform the appraisal.” Fannie explained that hybrid appraisals will be “permitted for certain one-unit transactions where value acceptance + property data was initially started, but changes in loan characteristics results in the transaction not being eligible for that option.”
The updates also allow for alternative methods to the Appraisal Update and/or Completion Report, including a borrower/builder attestation letter verifying completion of construction, and a borrower attestation letter confirming completion of repairs for existing construction. The updates also provide additional guidance on the use of sweat equity and revise timelines and expectations for lenders’ prefunding and post-closing quality control reviews, among other things.
FHA proposes to ease branch office registration
On March 1, FHA published FHA INFO 2023-14 announcing a proposed rule to eliminate a requirement that mortgagees and lenders register all branch offices conducting FHA business with HUD. Currently, all FHA-approved mortgagees and lenders are required to register any branch office where they originate Title I or II loans or submit applications for mortgage insurance. Due to technological advances and remote service delivery, this requirement is inconsistent with current industry practices, FHA said, explaining that the proposed rule will grant mortgagees and lenders the choice as to whether to register and maintain branch offices with HUD. The proposed rule also will make branch registration fees applicable only to those branch offices registered with HUD. Unregistered branch offices will not be subject to unnecessary registration fees and will not be placed on the HUD Lender List Search page. Comments on the proposed rule are due May 1.
FTC orders refunds over compromised health data
On March 2, the FTC filed a complaint against an online counseling service alleging the respondent violated the FTC Act by monetizing consumers’ sensitive health data for targeted advertising purposes. As part of the process to sign up for the respondent’s counseling services, consumers are required to provide sensitive mental health information, as well as other personal information. Consumers are promised that their personal health data will not be used or disclosed except for limited purposes, such as for counseling services. However, the FTC claimed the respondent used and revealed consumers’ sensitive health data to third parties for advertising purposes. According to the FTC, the respondent failed to maintain sufficient policies or procedures to protect the sensitive information and did not obtain consumers’ affirmative express consent before disclosing the health data. The respondent also allegedly failed to limit how third parties could use the health data and denied reports that it revealed consumers’ sensitive information.
Under the terms of the proposed consent order, the respondent will be required to pay $7.8 million in partial refunds to affected users and will be banned from disclosing health information to certain third parties for re-targeting advertising purposes. This will be the first FTC action returning funds to consumers whose health data was compromised. The respondent will also be prohibited from misrepresenting its sharing practices and must also (i) obtain users’ affirmative express consent before disclosing personal information to certain third parties for any purpose; (ii) implement a comprehensive privacy program with strong safeguards to protect users’ data; (iii) instruct third parties to delete shared personal data; and (iv) implement a data retention schedule imposing limits on how long personal data can be retained.
Treasury seeks to advance CBDCs
On March 1, Treasury Undersecretary for Domestic Finance Nellie Liang announced that the Treasury Department will lead a new senior-level working group to advance work on a U.S. central bank digital currency (CBDC). As previously discussed in a Treasury report released last September on the future of money and payments (covered by InfoBytes here), Treasury was called to lead an interagency working group to complement work undertaken by the Federal Reserve Board to consider the implications of a U.S. CBDC. The working group will consist of leaders from Treasury, the Fed, and White House offices, including the Council of Economic Advisors, National Economic Council, National Security Council, and Office of Science and Technology Policy. In the coming months the working group “will begin to meet regularly to discuss a possible CBDC and other payments innovations,” Liang said during a workshop titled “Next Steps to the Future of Money and Payments.” The working group will focus on three main policy objectives: (i) how a U.S. CBDC would affect U.S. global financial leadership; (ii) potential national security risks posed by a CBDC; and (iii) the implications for privacy, illicit finance, and financial inclusion if a CBDC is created.
To support discussions on a possible CBDC and other payment innovations, Liang said the working group will develop an initial set of findings and recommendations. Those findings and recommendations may relate to whether a U.S. CBDC would help advance certain policy objectives, what features would be required for a U.S. CBDC to advance these objectives, choices for resolving CBDC design trade-offs, and areas where additional technological research and development might be useful.
Liang commented that the working group will also “engage with allies and partners to promote shared learning and responsible development of CBDCs.” She pointed out that CBDC efforts are already underway in jurisdictions around the world, with 11 countries already having fully launched CBDCs, “while central banks in other major jurisdictions are researching and experimenting with CBDCs, with some at a fairly advanced stage.” Liang stressed that regardless of whether a CBDC is adopted in the U.S., the country “has an interest in ensuring that CBDCs interact safely and efficiently with the existing financial infrastructure; that they support financial stability and the integrity of the international financial system; that global payment systems are efficient, innovative, competitive, secure, and resilient; and that global payments systems continue to reflect broader shared democratic values, like openness, privacy, accessibility, and accountability to the communities that rely upon them.”
CFPB publishes BNPL borrower profiles
On March 2, the CFPB released a report examining the financial profiles of Buy Now, Pay Later (BNPL) borrowers using data pulled from the agency’s Making Ends Meet survey and its access to credit bureau data. The report follows previous Bureau research conducted on the BNPL market (covered by InfoBytes here). The Bureau observed that, while many BNPL borrowers used the product without any noticeable markers of financial stress, these borrowers (as compared to non-BNPL borrowers) were, on average, more likely to have higher credit card debt and utilization rates and were more likely to have revolving balances on their credit cards. BNPL borrowers also had lower credit scores and higher utilization rates of alternative financial services such as payday loans and pawn loans that charge high interest rates and were more likely to incur bank account overdrafts. The report noted, however, that while BNPL borrowers generally have access to traditional credit products, they are more likely to borrow using retail accounts, personal loans, student loans, and auto loans compared to non-BNPL borrowers (BNPL borrowers were more than twice as likely to be delinquent on at least one of those products by 30 days or longer). The Bureau commented though “that many of these differences pre-date [BNPL] use and [the report] highlights the need for further research into whether the products have any causal impact on consumer indebtedness.” Black, Hispanic, and female consumers are also more likely than average to use BNPL products, the report found, along with consumers with income between $20,001-$50,000.
FHA codifies SOFR for LIBOR-based ARMs
On March 1, FHA published a final rule in the Federal Register removing LIBOR as an approved index for adjustable-rate mortgages (ARMs) and replacing it with the Secured Overnight Financing Rate (SOFR) as the approved index for newly-originated forward ARMs. The final rule also codifies HUD’s removal of LIBOR and approval of SOFR as an index for newly-originated home equity conversion mortgages (HECM) ARMs, and establishes “a spread-adjusted SOFR index as the Secretary-approved replacement index to transition existing forward and HECM ARMs off LIBOR.” Additionally, the final rule makes several clarifying changes and establishes a 10 percentage points maximum lifetime adjustment cap for monthly adjustable rate HECMs. The agency considered comments received to its proposed rule published last October (covered by InfoBytes here), and said the updated policy will now “generally align with Fannie Mae, Freddie Mac, and Ginnie Mae's policies replacing LIBOR with the SOFR index.” The final rule is effective March 31.
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit