Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
In January, the NCUA issued a letter to board of directors and chief executive officers at federally insured credit unions outlining the agency’s 2020 supervisory priorities. Top supervisory priorities include:
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML). Examinations will continue to focus on customer due diligence and beneficial ownership requirements. The NCUA will also collaborate with law enforcement and banking regulators on initiatives such as updates to the FFIEC’s BSA/AML examination manual and enforcement guidelines, guidance concerning politically exposed persons, and measures for improving suspicious activity and currency transaction report filing procedures.
- Consumer Financial Protection. Based on a rotating regulation review cycle, NCUA examiners will review compliance (at a minimum) with the following regulations: the Electronic Fund Transfer Act, Fair Credit Reporting Act, Gramm-Leach-Bailey (Privacy Act), Payday Alternative Lending and other small dollar lending, Truth in Lending Act, Military Lending Act, and the Servicemembers Civil Relief Act.
- Cybersecurity. In 2020 the NCUA will continue conducting cybersecurity maturity assessments for credit unions with assets over $250 million and will begin to assess those with assets over $100 million. In addition, the NCUA intends to pilot new procedures—scaled to an institution’s size and risk profile—to evaluate critical security controls during examinations between maturity assessments.
- LIBOR Cessation Planning. Examiners will assess credit unions’ planning related to the discontinuation of LIBOR. According to the NCUA, credit unions should “proactively transition away from instruments using LIBOR as a reference rate.”
Other areas of focus include credit risk, current expected credit losses, liquidity risk, and modernization updates. The extended examination cycle will continue to apply to qualifying credit unions.
On December 31, the CFPB released its annual report to Congress on college credit card agreements. The report was prepared pursuant to the CARD Act, which requires card issuers to submit to the CFPB the terms and conditions of any agreements they make with colleges, as well as certain organizations affiliated with colleges. The CFPB cited data from 2018 showing that (i) the number of college card agreements in effect declined “both year-over-year as well as in comparison to 2009,” the first year data was collected; (ii) no new issuers submitted data to the Bureau for the first time since 2011, and two issuers left the market; and (iii) agreements with alumni associations continue to dominate the market based on most metrics. The complete set of credit card agreement data collected by the Bureau can be accessed here.
On December 20, the FTC announced it had filed suit for unfair and deceptive acts and practices in violation of the FTC Act against a fuel payment card services company (company) for its “problematic marketing and fee practices.” The FTC’s complaint, filed in U.S. District Court for the Northern District of Georgia, alleges that the company marketed the fuel payment cards to “companies that operate vehicle fleets” with false promises that the cards would provide (i) cost savings; (ii) protection from unauthorized card purchases; and (iii) “no set-up, transaction, or membership fees, including when used to purchase fuel at any of the thousands of locations nationwide that accept [the company’s] fuel cards.” In fact, according to the complaint, the company “has charged customers at least hundreds of millions of dollars in unexpected fees,” and “at least tens of millions of dollars in recurring fees for programs they have not ordered,” and, in spite of its marketing representing otherwise, the company has not provided advertised fuel savings, and has not provided fraud protection for unauthorized transactions. The complaint also claims that the company has not timely posted customer payments when received, leading to customers being levied additional fees for late charges and “related [i]nterest and [f]inance [c]harges even when the customers have paid their balance in full by the due date.” The FTC seeks permanent injunctive relief against the company to prevent future violations, as well as redress for those consumers injured by the FTC Act violations, “including rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill-gotten monies.”
On December 27, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in November. The 14 orders include “two consent orders; one civil money penalty; one order terminating consent order; one supervisory prompt corrective directive action; five section 19 orders (prohibiting persons who have been convicted of any criminal offense involving dishonesty, breach of trust, or money laundering from serving as institution-affiliated parties with respect to an insured depository institution); two removal and prohibition orders; and two orders terminating prompt supervisory corrective action directives.” In one action, the FDIC issued a consent order against an Illinois-based bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. Among other things, the bank is ordered to (i) implement a revised, written BSA compliance program to address BSA and FinCEN regulation provisions, such as suspicious activity reporting, customer due diligence, and beneficial ownership; (ii) update its Customer Due Diligence Program to assure the reasonable detection of suspicious activity; (iii) implement a process for account transaction monitoring; (iv) retain qualified BSA management to ensure compliance with applicable laws and regulations; (v) implement a comprehensive BSA training program for appropriate personnel; (vi) address automated clearing house (ACH) activity and update policies and procedures to monitor credit risk associated with ACH transactions; and (vii) refrain from entering into any new lines of business prior to conducting appropriate due diligence.
On December 18, the CFPB issued its mandated annual report to Congress covering activity in 2016 and 2017 pertaining to the Truth in Lending Act (TILA), the Electronic Fund Transfer Act (EFTA), and the Credit Card Accountability Responsibility and Disclosure Act (CARD Act). The report describes enforcement actions brought by the Bureau and federal agencies related to TILA, EFTA, the CARD Act (and respective implementing Regulations Z and E), as well as data on required reimbursements to consumers. The report also includes a compliance assessment of TILA and EFTA violations. Federal Financial Institutions Examination Council (FFIEC) member agencies report that more institutions were cited for violations of Regulation Z than Regulation E during the 2016 and 2017 reporting periods, and that the most frequently reported Regulation Z violations include (i) failing to disclose, or to accurately disclose, the finance charge on closed-end credit; (ii) failing to disclose good faith estimates on disclosures for closed-end credit; and (iii) failing to provide consumers with specific loan cost information on closing disclosures. The most commonly cited Regulation E violations include (i) failing to comply with investigation and timeframe requirements when resolving errors in electronic fund transfers; and (ii) failing to provide applicable disclosures. In addition, the report recaps FFIEC outreach activities related to TILA and EFTA, such as workshops, blogs, and other outreach events.
On December 30, President Trump signed S. 151—the “Telephone Robocall Abuse Criminal Enforcement and Deterrence Act” (TRACED Act)—which, among other things, grants the FCC authority to promulgate rules to combat illegal robocalls and requires voice service providers to develop call authentication technologies. The TRACED Act, Public Law No. 116-105, also directs the FCC to issue regulations to ensure that banks and other callers have effective redress options if their calls are erroneously blocked by call-blocking services.
Highlights of the TRACED Act include:
- STIR/SHAKEN implementation. Within 18 months of enactment, the FCC must require voice service providers to implement “STIR/SHAKEN” caller ID authentication framework protocols at no additional charge to consumers. Providers will be required to adopt call authentication technologies to enable telephone carriers to verify the authenticity of the calling party’s calls. (Previously covered by InfoBytes here.)
- Increased enforcement authority. The FCC will be able to levy civil penalties of up to $10,000 per violation, with additional penalties of as much as $10,000 for intentional violations. The TRACED Act also extends the window for the FCC to take enforcement action against intentional violations to four years.
- FCC requirements. The TRACED Act directs the FCC to (i) initiate a rulemaking to protect subscribers from receiving unwanted calls or texts from callers who use unauthenticated numbers; (ii) initiate a proceeding to protect parties from “one-ring” scams “in which a caller makes a call and allows the call to ring the called party for a short duration, in order to prompt the called party to return the call, thereby subjecting the called party to charges”; (iii) submit annual robocall reports to Congress; and (iv) establish a working group to issue best practices to prevent hospitals from receiving illegal robocalls.
- Agency collaboration. The TRACED Act directs the DOJ and the FTC to convene an interagency working group comprised of relevant federal departments and agencies, such as the Department of Commerce, Department of State, Department of Homeland Security, FTC, and CFPB, which must consult with state attorneys general and other non-federal entities, to identify and report to Congress on recommendations and methods for improving, preventing, and prosecuting robocall violations.
- Criminal prosecutions. The TRACED Act encourages the DOJ to bring more criminal prosecutions against robocallers.
Earlier on December 20, the FCC issued a public notice seeking industry input on current practices for blocking unwanted calls as part of a study required by last June’s declaratory ruling and proposed rulemaking (covered by InfoBytes here; Federal Register notice here). The FCC will use the information collected in an upcoming report on the current state of call blocking efforts. Comments will be accepted until January 29, and reply comments are due on or before February 28.
On December 17, eight Senate Democrats wrote to CFPB Director Kathy Kraninger urging the Bureau to fulfill its statutory obligations related to the oversight of student loan servicers who collect loans guaranteed by the federal government. In the letter, the Senators express concern over what they consider the Bureau’s “unacceptable” abandonment of its supervision and enforcement activities related to federal student loan servicers, and discuss the Department of Education’s termination of two Memoranda of Understanding (MOUs) in 2017 that previously permitted the sharing of information in connection with the oversight of federal student loans. (Previously covered by InfoBytes here.) According to the Senators, Kraninger’s testimony before the Senate Banking Committee in October (covered by InfoBytes here) reaffirmed the Bureau’s responsibility and ability to examine entities engaged in federal and private student loans. In addition, the Senators claim that Kraninger testified that the Bureau and the Department were “discussing how to move forward in an effective way” to ensure they were overseeing student loan servicers. However, the Senators note that “nearly two months later, the Bureau and Department still have not reestablished MOUs, and the Bureau still has not resumed examinations of federal student loan servicers.” In addition to calling on Kraninger to “take immediate steps, including seeking a court order” requiring the Department to provide access to borrower information so the Bureau can resume examinations of student loan servicers, the Senators request information concerning the MOUs as well as a timeline from the Bureau on when it will resume its examinations.
On December 16, the three federal banking agency members of the Federal Financial Institutions Examination Council (FFIEC) with Community Reinvestment Act (CRA) responsibility—the Federal Reserve Board, the FDIC, and the OCC—announced the release of the 2018 small business, small farm, and community development CRA data. The analysis contains information from 700 lenders about originations and purchases of small loans (loans with original amounts of $1 million or less) in 2018, a 2.2 percent decrease from the 718 lenders that reported data in 2017. According to the analysis, the total number of originated loans increased by approximately 8 percent from 2017, with the dollar amount of originations increasing by roughly 5 percent; however, the analysis notes that the majority of this growth is attributable to one bank’s increase in originations. The analysis further notes that 615 banks reported community development lending activity totaling nearly $103 billion in 2018, an increase from $96 billion in 2017.
On December 9, the CFPB released a special edition of its fall 2019 Supervisory Highlights, focusing on recent supervisory findings in the areas of consumer reporting and information furnishing to consumer reporting companies (CRCs). This is the second special edition to focus on consumer reporting issues, and follows a report that the Bureau released in March 2017 covered by InfoBytes here. According to the Bureau, recent supervisory reviews of FCRA and Regulation V compliance have identified new violations as well as compliance management system (CMS) weaknesses at CFPB-supervised institutions. However, the Bureau noted that examiners have also observed significant improvements, such as continued investment in FCRA-related CMS.
Highlights of the supervisory findings include:
- Recent examples of CMS weaknesses and FCRA/Regulation V violations (where corrective action has either been taken or is currently being taken) in which one or more (i) mortgage loan furnishers did not maintain policies and procedures “appropriate to the nature, size, complexity, and scope of the furnisher’s activities”; (ii) auto loan furnishers’ policies and procedures failed to provide sufficient guidance for investigating indirect disputes containing allegations of identity theft; (iii) debt collection furnishers’ policies and procedures failed to differentiate between FCRA disputes, FDCPA disputes, or validation requests, leading to a lack of consideration for applicable regulatory requirements when handling these matters; and (iv) deposit account furnishers lacked written policies and procedures for furnishing or validating the information provided to specialty CRCs.
- Examiners found that one or more furnishers provided information they knew, or had reasonable cause to believe, was inaccurate. Examples include inaccurate derogatory status codes due to coding errors and unclear addresses for consumers to submit disputes.
- Examiners discovered several instances where furnishers failed to send prompt notifications to CRCs after determining that information previously furnished was inaccurate, including situations where furnishers failed to promptly update or correct information after consumers paid charged-off balances in full or discharged them in bankruptcy.
- Examiners found that some furnishers reported the incorrect date of the first delinquency in connection with their responsibility to provide notice of delinquent accounts to CRCs.
- Examiners found several instances where furnishers failed to investigate disputes, complete investigations in a timely manner, or notify consumers of certain determinations related to “frivolous or irrelevant” disputes.
The Bureau also discussed supervisory observations concerning CRC compliance with FCRA provisions, and commented that CRCs continue to (i) improve procedures concerning the accuracy of information contained in consumer reports; (ii) implement improvements to prevent consumer reports from being furnished to users who lack a permissible purpose; (iii) strengthen procedures to “block information that a consumer has identified as resulting from an alleged identity theft”; and (iv) investigate and respond to consumer disputes.
On December 10, in a speech before the National Association of Attorneys General Capital Forum, CFPB Director Kathy Kraninger discussed partnership with the states, as well as recent efforts between the Bureau and states in the areas of supervision and enforcement, including innovation policies. Kraninger also discussed the Bureau’s small dollar and debt collection rules. Noting that the Bureau will “effectively enforce the law to fulfill our consumer protection mission … after thoroughly reviewing the facts,” Kraninger recapped FY 2019 enforcement actions and settlements, which have resulted in more than $777 million in total consumer relief, which included over $600 million in consumer redress and more than $174 million in other relief. These actions, Kraninger stated, have resulted in more than $185 million in civil money penalties, not taking into account suspended amounts. Kraninger also highlighted several joint efforts with states and other agencies over the past year, including (i) a multi-agency action resolving a 2017 data breach (InfoBytes coverage here); (ii) a joint action with the New York Attorney General against a network of New York-based debt collectors that allegedly engaged in improper debt collection tactics (InfoBytes coverage here); (iii) a coordinated action with the Minnesota Attorney General’s Office, the North Carolina Department of Justice, and the Los Angeles City Attorney concerning a student loan debt relief operation (InfoBytes coverage here); and (iv) an action with the South Carolina Department of Consumer Affairs against an operation that offered high-interest loans to veterans and other consumers in exchange for the assignment of some of the consumers’ monthly pension or disability payments (InfoBytes coverage here).
Kraninger also discussed the Bureau’s recently-announced American Consumer Financial Innovation Network (ACFIN), which is designed to enhance coordination among federal and state regulators to facilitate financial innovation. (InfoBytes coverage here). ACFIN currently includes nine state attorneys general and four state financial regulators. Kraninger noted that the Bureau is presently reviewing approximately 190,000 comments concerning proposed changes related to certain payday lending requirements and mandatory underwriting provisions (InfoBytes coverage here), as well as over 14,000 comments submitted in response to its Notice of Proposed Rulemaking issued in May concerning amendments to the debt collection rule (InfoBytes coverage here). Kraninger stressed that the Bureau plans to release a Supplemental Notice of Proposed Rulemaking “very early” in 2020, and will be “interested in practical and pragmatic ideas of how to make time-barred debt disclosures work.”
- Daniel P. Stipano to moderate "Washington update" at the Puerto Rican Symposium of Anti Money Laundering
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the Mortgage Bankers Association Servicing Solutions Conference & Expo
- Jonice Gray Tucker and H Joshua Kotin to discuss regulatory compliance issues in the fintech industry at Protiviti's Risk & Compliance Innovation Roundtable
- APPROVED Checkpoint Webcast: CFL overview
- Amanda R. Lawrence and Sherry-Maria Safchuk to discuss "California privacy rule" on an NAFCU webinar
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS International AML & Financial Crime Conference
- Brandy A. Hood to discuss "RESPA 8 (TRID applied compliance)" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- John P. Kromer to discuss "Navigating the multi-state fintech regulatory regime" at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Hank Asbill to discuss "Critique of direct examination; Questions and answers" at the American Bar Association Section of Litigation Anatomy of a Trial: Murder Trial of Ziang Sung Wan
- Hank Asbill to discuss "What judges want from trial lawyers" at the American Bar Association Section of Litigation Anatomy of a Trial: Murder Trial of Ziang Sung Wan
- Steven R. vonBerg to speak at the "Conference super session" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference