InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC announces Illinois disaster relief
On October 25, the FDIC issued FIL-49-2022 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Illinois affected by severe storms and flooding from July 25-28. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and suggested that institutions work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements.
FHFA publishes new statistics on home valuations
On October 24, FHFA published a new Uniform Appraisal Dataset (UAD) Aggregate Statistics Data File, along with dashboards that provide visualizations of the newly available data related to home valuations. According to the press release, the UAD data file and dashboards provide stakeholders and the public access to a broad set of data points and trends found in appraisal reports that may be grouped by neighborhood characteristics and geographic levels. The data was compiled from 47.3 million UAD appraisal records collected from 2013 through the second quarter of 2022 on single-family properties. “As home valuations are a vital component of the mortgage process, publishing transparent, aggregate data on appraisals provides useful information to the public while protecting borrowers’ personally identifiable information,” FHFA Director Sandra L. Thompson said. “Today’s announcement exemplifies our commitment to the development of a more efficient and equitable valuation system that ultimately reduces appraisal bias.”
FHFA eliminates upfront fees for some borrowers
On October 24, FHFA announced the elimination of upfront fees for certain first-time homebuyers, low-income borrowers, and underserved communities as part of the agency’s ongoing review of Fannie Mae and Freddie Mac’s (GSEs) pricing framework. Specifically, upfront fees are eliminated for (i) first-time homebuyers who are at or below 100 percent of area median income (AMI) in most of the U.S. and below 120 percent of AMI in high-cost areas; (ii) HomeReady and Home Possible loans under the GSEs’ affordable mortgage programs; (iii) HFA Advantage and HFA Preferred loans; and (iv) single-family loans supporting the Duty to Serve program. These changes “will result in savings for approximately 1 in 5 borrowers of the [GSEs’] recent mortgage acquisitions,” FHFA Director Sandra L. Thompson said in the announcement, noting that the agency is working with the GSEs and will announce an implementation date shortly. The pricing updates also include targeted increases to upfront fees for most cash-out refinance loans. Implementation of these fees will start February 1, 2023, in order to minimize market and pipeline disruption.
Chopra previews Section 1033 rulemaking on consumers’ rights to data
On October 25, CFPB Director Rohit Chopra spoke before an industry event where he announced that the Bureau will soon release a discussion guide for small businesses to further the agency’s Section 1033 rulemaking efforts with respect to consumer access to financial records. As announced in the Bureau’s Spring 2022 rulemaking agenda, Section 1033 of Dodd-Frank provides that, subject to Bureau rulemaking, covered entities such as banks must make certain product or service information, including transaction data, available to consumers. The Bureau is required to prescribe standards for promoting the development and use of standardized formats for information made available to consumers under Section 1033. In 2020, the Bureau issued an advanced notice of proposed rulemaking seeking comments to assist in developing the regulations (covered by InfoBytes here).
Chopra explained that, before issuing a proposed rule, the Bureau must first convene a panel of small businesses that represent their markets to solicit input on proposals the CFPB is considering. Chopra said the Bureau plans to “hear from small banks and financial companies who will be providers of data, as well as the small banks and financial companies who will ingest the data,” and will also gather input from intermediary data brokers that facilitate data transfers (“fourth parties”). He noted that a report will be published in the first quarter of 2023 based on comments received during the process, which will be used to inform a proposed rule that is slated to be issued later in 2023. Chopra said the Bureau hopes to finalize the rule in 2024, stating “[w]hile not explicitly an open banking or open finance rule, the rule will move us closer to it, by obligating financial institutions to share consumer data upon consumer request, empowering people to break up with banks that provide bad service, and unleashing more market competition.”
Chopra also expressed plans to propose requiring financial institutions that offer deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts to set up secure methods for data sharing. He stressed that doing so would “facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping.” He further noted that the Bureau is planning to assess ways to prevent incumbent institutions from improperly restricting access when consumers try to control and share their data, including by developing requirements for limiting misuse and abuse of personal financial data, fraud, and scams. Chopra said staff has been directed to consider alternatives to the “notice-and-opt out” regime that has been the standard for financial data privacy and to explore safeguards to prevent excessive control or monopolization by one or a handful of firms.
FDIC’s Gruenberg discusses the prudential regulation of crypto assets
On October 20, FDIC acting Chairman Martin J. Gruenberg spoke before the Brookings Institution on the prudential regulation of crypto-assets. In his remarks, Gruenberg first discussed banking, innovation, and crypto-assets, which he defined as “private sector digital assets that depend primarily on the use of cryptography and distributed ledger or similar technologies.” He stated that innovation “can be a double-edged sword,” before noting that subprime mortgages, subprime mortgage-backed securities, collateralized debt obligations and credit default swaps were considered financial innovations before they were “at the center of the Global Financial Crisis of 2008.” Gruenberg further discussed that such innovations resulted in catastrophic failure because, among other things, consumers and industry participants did not fully understand their risks, which were downplayed and intentionally ignored. He then provided an overview of the FDIC’s approach to engaging with banks as they consider crypto-asset related activities, and the potential benefits, risks, and policy questions related to the possibility that a stablecoin could be developed that would allow for reliable, real-time consumer and business payments. He stated that “[f]rom the perspective of a banking regulator, before banks engage in crypto-asset related activities, it is important to ensure that: (a) the specific activity is permissible under applicable law and regulation; (b) the activity can be engaged in a safe and sound manner; (c) the bank has put in place appropriate measures and controls to identify and manage the novel risks associated with those activities; and (d) the bank can ensure compliance with all relevant laws, including those related to anti-money laundering/countering the financing of terrorism, and consumer protection.”
Gruenberg pointed to an April financial institution letter from the FDIC (covered by InfoBytes here), which requested banks to notify the agency if they engage in crypto asset-related activities. He added that as the FDIC and other federal banking agencies develop a better understanding of the risks associated with crypto-asset activities, “we expect to provide broader industry guidance on an interagency basis.” Regarding crypto-assets and the current role of stablecoins, Gruenberg noted that payment stablecoins could be significantly safer than available stablecoins if they were subject to prudential regulation, including issuing payment stablecoins through a bank subsidiary. He cautioned that disclosure and consumer protection issues should be “carefully” considered, especially if custodial wallets are allowed outside of the banking system as a means for holding and conducting transactions. Specifically, he said that “payment stablecoin and any associated hosted or custodial wallets should be designed in a manner that eliminates—not creates—barriers for low- and moderate-income households to benefit from a real-time payment system.” Gruenberg added that if a payment stablecoin system is developed, it should complement the Federal Reserve's forthcoming FedNow service—a faster payments network that is on track to launch between May and July of next year—and the potential future development of a U.S. central bank digital currency. In conclusion, Gruenberg stated that although federal banking agencies have significant authority to address the safety, soundness and financial stability risks associated with crypto assets, there are “clear limits to our authority, especially in certain areas of consumer protection as well as the provision of wallets and other related services by non-bank entities.”
Dems ask regulators to address crypto’s “revolving door”
On October 24, Democratic lawmakers sent letters to the leaders of the SEC, CFTC, Treasury Department, Federal Reserve, FDIC, OCC and CFPB regarding concerns about “the revolving door between [] financial regulatory agencies and the cryptocurrency (crypto) industry.” In the letters, the lawmakers argued “that the crypto revolving door risks corrupting the policymaking process and undermining the public’s trust in our financial regulators.” The letters also noted that Treasury saw the most movement from the Treasury Department, with 31 former employees joining the crypto industry. The SEC was second with 28 former employees, according to Tech Transparency Project. The lawmakers argued that “Americans should be able to trust that financial rules are crafted to reduce risk, improve security, and ensure the fair and efficient functioning of the market,” and that “Americans should be confident that regulators are working on behalf of the public, rather than auditioning for a high-paid lobbying job upon leaving government service.” The letters requested that the agencies provide information by November 7, including answers to inquiries about each agency’s ethics guidelines and polices in place to protect the agency from being influenced by current or former employees’ potential conflicts of interest.
Fed releases study on racial bias in mortgage lending
Recently, the Federal Reserve Board published a study titled How Much Does Racial Bias Affect Mortgage Lending? Evidence from Human and Algorithmic Credit Decisions. Using confidential supervisory data collected under HMDA to estimate the extent of racial and ethnic discrimination in mortgage lending, the study found that racial bias has played “a limited role” in recent years in generating disparities seen in mortgage lending denials. The researchers acknowledged that as a self-reporting mechanism, HDMA reports may not reflect reality, “as a lender engaged in illegal discrimination would be unlikely to explicitly admit this.” The study also analyzed denial rates among fintech lenders, finding that by automating more of the application process, fintech firms have the potential to decrease racial discrimination. The study also found that excess denials are higher at fintech lenders, which is “the opposite result we would expect if excess denials reflect racially biased human judgment.” Additionally, the study found that group differences in risk characteristics drive most of the disparities in credit access. The study showed that Black and Hispanic applicants tend to be more leveraged and have much lower credit scores. Both groups of applicants are “less likely to receive algorithmic approval recommendations from government automated underwriting systems (AUS) than white applicants,” the study found. The study also noted caveats, such as that the researchers “only study discrimination in approval decisions conditional on formally applying.”
DOE announces PSLF changes
On October 25, the Department of Education (DOE) announced executive actions intended to bring loans managed by the DOE closer to forgiveness, including credit toward the Public Service Loan Forgiveness (PSLF) Program for borrowers who have qualifying employment. According to the DOE, these actions will provide borrowers with many of the same benefits already going to those who have applied for PSLF under temporary changes (known as the Limited PSLF Waiver), before its October 31, 2022 end date. The announcement further noted that borrowers with Direct Loans or DOE-managed Federal Family Education Loans (FFEL) will receive credit toward forgiveness on income-driven repayment (IDR) for all months spent in repayment, including payments prior to consolidation, regardless of whether they made partial or late payments or are on a repayment plan. Borrowers will also receive credit for specific periods in deferment and forbearance. Even with these actions, the DOE encouraged borrowers to take the necessary steps to apply for the Limited PSLF Waiver by October 31. The DOE also released a Fact Sheet outlining benefits for borrowers who have Direct or DOE-managed FFEL loans as well as Direct Loan borrowers seeking PSLF.
FTC’s proposed breach order would apply personally to CEO
On October 24, the FTC announced an action against a company operating an online alcohol marketplace and its CEO related to a data breach that allegedly exposed the personal information of roughly 2.5 million consumers. The FTC alleged in its complaint that the respondents were alerted to problems with the company’s data security procedures following an earlier security incident in 2018, which involved hackers accessing company servers to mine cryptocurrency until the company changed its cloud computing account login information. According to the FTC, the company failed to take appropriate measures to address its security problems, but publicly claimed it had appropriate security protections in place. Two years later, an employee account was breached, thus allowing a hacker to gain access to login information, hack into the company’s database, and steal customers’ information. Among other things, the respondents allegedly violated the FTC Act by (i) failing to implement basic security measures or put in place reasonable safeguards to secure the personal information it collected and stored; (ii) storing critical database information, including login credentials, on an unsecured platform; (iii) failing to monitor its network for security threats or unauthorized attempts to access or remove personal data; and (iv) exposing customers to hackers, identity thieves, and malicious actors who use personal information to open fraudulent lines of credit or commit other fraud.
Under the terms of the proposed decision and order, the respondents will be required to take several measures to prevent further violations, including destroying unnecessary personal data, limiting future data collection to what is necessary for specifically outlined purposes, and implementing a comprehensive information security program. As part of these requirements, the respondents must establish security safeguards to protect against the identified security incidents, such as providing employees security training, designating a high-level employee to oversee the company’s information security program, implementing controls on who is able to access personal data, and requiring multi-factor authentication in order to access databases and other assets containing consumer data.
Notably, the FTC said in its announcement that the proposed order applies personally to the individual respondent who presided over the company’s insufficient data security practices. The FTC explained that the proposed order will follow the individual respondent even if he leaves the company, and that he “will be required to implement an information security program at future companies if he moves to a business collecting consumer information from more than 25,000 individuals” where the individual respondent “is a majority owner, CEO, or senior officer with information security responsibilities.”
FHFA announces validation of FICO 10T and VantageScore 4.0 for GSE use
On October 24, FHFA announced the validation and approval of both the FICO 10T credit score model and the VantageScore 4.0 credit score model for use by Fannie Mae and Freddie Mac (GSEs). The agency also announced that the GSEs will require two credit reports from the national consumer reporting agencies, rather than three. According to the announcement, FHFA expects implementation of FICO 10T and VantageScore 4.0 to be a multiyear effort, but once in place, lenders will be required to deliver both FICO 10T and VantageScore 4.0 credit scores with each loan sold to the GSEs. FHFA noted that FICO 10T and VantageScore 4.0 are more accurate than the classic FICO model because they include payment history for factors like rent, utilities, and telecommunications. FHFA also released a Fact Sheet on the newly approved models, which “will improve accuracy, strengthen access to credit, and enhance safety and soundness.”