InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB says states may regulate credit reporting markets
On June 28, the CFPB issued an interpretive rule addressing states’ authority to pass consumer-reporting laws. Specifically, the Bureau clarified that states “retain broad authority to protect people from harm due to credit reporting issues,” and explained that state laws are generally not preempted unless they conflict with the FCRA or “fall within narrow preemption categories enumerated within the statute.” Under the FCRA, states have flexibility to enact laws involving consumer reporting that reflect challenges and risks affecting their local economies and residents and are able to enact protections against the abuse and misuse of data to mitigate these consequences.
Stating that the FCRA’s express preemption provisions have a narrow and targeted scope, the Bureau’s interpretive rule provided several examples such as (i) if a state law “were to forbid consumer reporting agencies [(CRA)] from including information about medical debt, evictions, arrest records, or rental arrears in a consumer report (or from including such information for a certain period of time), such a law would generally not be preempted; (ii) a state law that prohibits furnishers from furnishing such information to a CRA would generally not be prohibited; and (iii) if a state law requires a CRA to provide information required by the FCRA at the consumer’s requests in a language other than English, such a law would generally not be preempted. The interpretive rule is effective upon publication in the Federal Register.
The issuance of the interpretive rule arises from a notice received by the Bureau from the New Jersey attorney general concerning pending litigation that involves an argument that the FCRA preempted a state consumer protection statute. The Bureau stated that it “will continue to consider other steps to promote state enforcement of fair credit reporting along with other parts of federal consumer financial protection law,” including “consulting with states whenever interpretation of federal consumer financial protection law is relevant to a state regulatory or law enforcement matter, consistent with the State Official Notification Rule." As previously covered by InfoBytes, the Bureau issued an interpretive rule last month, clarifying states’ authority to bring enforcement actions for violations of federal consumer financial protection laws, including the CFPA.
Industry groups urge CFPB to rescind UDAAP anti-discrimination policy
On June 28, industry groups and the U.S Chamber of Commerce (collectively, “groups”) released a White Paper, Unfairness and Discrimination: Examining the CFPB’s Conflation of Distinct Statutory Concepts, urging the CFPB to rescind the recently released unfair, deceptive and abusive acts or practices (UDAAP) examination manual. As previously covered by a Buckley Special Alert, in March, the CFPB announced significant revisions to its UDAAP exam manual, in particular highlighting the CFPB’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service. The White Paper, among other things, explained the groups’ position that the Bureau’s UDAAP authority cannot be used to extend the fair lending laws beyond the limits of existing statutory law. The White Paper stated that the Bureau “conflated” concepts of “unfairness” and “discrimination” “by announcing, via a UDAAP exam manual ‘update,’ that it would examine financial institutions for alleged discriminatory conduct that it deemed to be ‘unfair’ under its UDAAP authority.” The groups stated that the agency has “taken the law into its own hand” arguing that “the Bureau did not follow Administrative Procedure Act requirements for notice-and-comment rulemaking.” The groups said the change in the examination manual is “contrary to law and subject to legal challenge” as well as legislative repeal under the Congressional Review Act. Additionally, the groups argued that the Bureau’s interpretation exceeds the agency’s statutory authority, and that the Bureau’s “action should be held unlawful and set aside.” The groups further stated that “[c]hanges that alter the legal duties of so many are the proper province of Congress, not of independent regulatory agencies, and the CFPB cannot ignore the requirements of the Administrative Procedures Act and Congressional Review Act. The CFPB may well wish to fill gaps it perceives in federal antidiscrimination law. But Congress has simply not authorized the CFPB to fill those gaps.”
In a letter sent to CFPB Director Rohit Chopra, the groups conveyed that Congress did not intend for the Bureau to “fill gaps” between the clearly articulated boundaries of antidiscrimination statutes with its UDAAP authority. The groups urged Director Chopra to rescind the exam manual update and stated that “[s]hould [he] believe additional authority is necessary to address alleged discriminatory conduct, we stand ready to work with Congress and the CFPB to explore that possibility and to ensure the just administration of the law.
CFPB discusses expanding electronic payments access
On June 28, CFPB Deputy Director Zixta Martinez spoke before the FDIC Meeting of the Advisory Committee on Economic Inclusion to discuss expanding access to affordable payments, credit, and other financial products and services. In her remarks, Martinez first discussed electronic payments, which she considers to be “quickly supplanting cash and are now an essential part of the economy.” She then discussed the role of banks, noting that they have an “obligatory and leading role” in expanding electronic payments. Martinez stated that with “their obligations to increase banking access and reduce banking and financial inequities, banks can play a key role, for example, in reducing the persistent and growing homeownership gap between Black and white families and closing the economic gap between the banked and the under- and un-banked.” She also stated that having access to electronic payments will “low[er] monthly fees and further reduc[e] the cost of overdraft and non-sufficient fund fees” and will service banking deserts in rural areas and within communities of color. Martinez further discussed actions to build out banking access and described a recent proposal to update the Community Reinvestment Act’s (CRA) regulatory framework (covered by InfoBytes here). Martinez stated that the proposal will; (i) take steps to address problems with grade inflation on CRA exams (i.e., meaning that “almost every bank” passes”); (ii) “rely upon small business lending data, which will allow for a more in-depth understanding of small business lending issues,” race, and ethnicity; (iii) “increase incentives for banks to finance community development projects in areas experiencing persistent poverty”; and (vi) “recognize banks that assist low- and moderate-income communities with clean energy transition and climate resiliency.” Additionally, Martinez noted that the Bureau “is working to ensure that banking access and access to credit is not unfairly affected by algorithmic models.” In conclusion, she said the Bureau’s recently released guidance “confirm[s] that it is unlawful to use black box models that do not allow for clear understanding of adverse actions, such as denial of credit.” (Covered by InfoBytes here.)
FTC sues national retailer for allegedly facilitating money transfer fraud
On June 28, the FTC filed a complaint against a national retailer for allegedly allowing its money-transfer services to facilitate fraud. The complaint alleges the retailer knew about the role money transfer services play in scams but failed to properly secure the services offered at its stores, thus allowing money to be sent to “domestic and international fraud rings.” According to the FTC, at least 226,679 complaints totaling more than $197 million were received by several money transfer services companies about fraud-induced money transfers that were sent from or received at one of the retailer’s stores between January 1, 2013 and December 31, 2018. An investigation by the FTC purportedly revealed that the retailer’s practices allegedly harmed consumers by, among other things, (i) allowing the payout of suspicious money transfers, which allowed scammers to retrieve fraud proceeds at one of the retailer’s stores; (ii) failing to have in place a written anti-fraud policy or consumer protection program until November 2014; (iii) allowing cash pickups for large payments, often through the use of fake IDs; (iv) failing to display or provide materials warning consumers about potential frauds; (v) failing to effectively train or retrain employees; and (vi) allowing money transfers to be used for telemarketing purchases, which are prohibited under the Telemarketing Sales Rule (TSR) due to the high risk of fraud.
According to the complaint, the retailer “is well aware that telemarketing and other mass marketing frauds, such as ‘grandparent’ scams, lottery scams, and government agent impersonator scams, induce people to use [the retailer’s] money transfer services to send money to domestic and international fraud rings. Nevertheless, [the retailer] has continued processing fraud-induced money transfers at its stores—funding telemarketing and other scams—without adopting policies and practices that effectively detect and prevent these transfers.”
The complaint seeks a permanent injunction, monetary relief, civil penalties, restitution, and other relief for each violation of the FTC Act and the TSR. The FTC also requests the “rescission or reformation of contracts, the refund of money, the return of property, the payment of damages, public notification, or other relief necessary to redress injury to consumers damages.”
The retailer issued a press release following the FTC’s announcement, stating that it considers the agency’s claims to be “misguided and legally flawed,” and that the civil lawsuit “was approved by the FTC by the narrowest of margins after Chair Lina Khan refused [the retailer] the due process of hearing directly from the company.” The retailer noted that the FTC’s decision comes after DOJ declined to pursue the case in court. Among other thing, the retailer contended that because it maintains robust anti-fraud measures there is no need for injunctive relief requiring the retailer to change its practices. The retailer pointed to the U.S. Supreme Court’s ruling in AMG Capital Management LLC v. FTC, which limited the FTC’s ability to obtain monetary relief in federal court (covered by InfoBytes here), to argue that the FTC “pivoted their focus in this case after AMG to a distorted interpretation of the TSR to effectively try and hold [the retailer] strictly liable for money transfers that third-party criminals reportedly persuaded some consumers to send.” The retailer added that “[s]witching their main legal theory to the TSR is an obvious attempt to get around the Supreme Court’s ruling in AMG.”
Fed to implement new Fedwire message format in March 2025
On June 27, the Federal Reserve Board announced the final timeline and implementation details for the adoption of the International Organization for Standardization’s (ISO) 20022 message format for its Fedwire Funds Service—a real-time gross settlement system owned and operated by the Federal Reserve Banks that enables businesses and financial institutions to quickly and securely transfer funds. (See notice here.) The final details are “broadly similar” to the Fed’s proposal issued last October (covered by InfoBytes here). The Fed confirmed that ISO 20022 will be adopted on a single day as previously proposed instead of in three separate phases. Additionally, the Fed extended the implementation timeframe from a target date of November 2023 to March 10, 2025, based on comments received in response to the initial proposal. The Fed also provided information concerning its revised testing strategy and backout strategy, as well as other details concerning the implementation of the new message format.
OCC releases report on mortgage performance
On June 27, the OCC released its quarterly mortgage metrics report, which presents performance data for the first quarter of 2022 for loans that reporting banks own or service for others as a fee-based business. The first-lien mortgages included in the OCC’s quarterly report comprise 22 percent of all residential mortgage debt outstanding in the U.S., or approximately 12.2 million loans totaling $2.6 trillion in principal balances. The report, among other things, found that the performance of first-lien mortgages in the federal banking system improved during the first quarter of 2022. According to the report, 96.9 percent of mortgages were current and performing at the end of the quarter. The percentage of seriously delinquent mortgages was 1.8 percent in the first quarter of 2022, compared to 2.3 percent in the prior quarter. However, foreclosures increased compared to the prior quarter and a year earlier as pandemic-related accommodations wound down, with servicers initiating 19,524 new foreclosures in the first quarter of 2022.
FDIC releases May enforcement actions
On June 24, the FDIC released a list of 14 public enforcement actions taken against banks and individuals in May. These orders consist of “two consent orders, one modification of an 8(e) prohibition order, three orders to pay civil money penalty, three orders of prohibition, two section 19 orders, and one order of prohibition from further participation and order to pay, one order terminating amended supervisory prompt corrective action directive, and one order of termination of insurance.” Included is an order to pay a civil money penalty imposed against a Texas-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank failed “to obtain flood insurance or obtain an adequate amount of insurance coverage, at or before loan origination, for all structures in a flood zone, including multiple structures,” and failed “to force-place flood insurance, after loan origination, when the insurance on buildings securing the loan” was insufficient or nonexistent. The order assessed a $2,000 civil money penalty.
The FDIC also issued a consent order against a Utah-based bank based on alleged unsafe or unsound banking practices relating to the Bank Secrecy Act. The bank neither admitted nor denied the alleged violations but agreed to, among other things, “increase its oversight of the Bank's compliance with the BSA” and “conduct a comprehensive assessment of BSA/AML staffing needs.”
FTC, Florida file complaint against grant funding operation
On June 27, the FTC and the Florida attorney general filed a complaint against a Florida-based grant funding company and its owner (collectively, “defendants”) alleging that the defendants violated the Consumer Protection Act, the FTC Act, and the Florida Deceptive Unfair Trade Practices Act. According to the complaint, the defendants deceptively marketed grant writing and consulting services to minority-owned small businesses by, among other things, (i) promising grant funding that did not exist and/or was never awarded; (ii) misleading customers about the status of grant awards; and (iii) failing to honor a “money-back guarantee” and suppressing customer complaints. The complaint also alleged that the owner relied on funds that she acquired through the federal Paycheck Protection Program Covid-19 stimulus program to start the company. The U.S. District Court for the Middle District of Florida issued a restraining order with asset freeze, appointment of a temporary receiver, and other equitable relief order against the defendants, which also prohibits them from engaging in grant funding business activities.
Fannie and Freddie release updated guidance on credit score coding glitch
On June 24, Fannie Mae and Freddie Mac issued additional guidance related to a coding issue that impacted approximately 12 percent of credit scores earlier this year. As previously covered by InfoBytes, a consumer reporting agency informed lenders and industry members that it experienced a coding issue when it changed some of the technology to its legacy online model platform.
After making a determination that the underlying credit report data errors resulting from the coding issue “are not considered to be material erroneous credit data errors under Selling Guide B3-2-09,” Fannie Mae issued LL-2022-02 to provide requirements applicable specifically to impacted loans. Specifically, lenders are not required to obtain an updated credit report and re-underwrite the impacted loan “by resubmitting the loan to Desktop Underwriter® (DU® )” nor are they required to “re-assess the underwriting decision for non-DU loans, based solely on this issue.” An inaccurate credit score used at the time of underwriting will not render the loan ineligible for purchase, Fannie Mae stated, adding that a “repurchase request will not be issued based solely on this issue.” Guidance related to obtaining corrected credit scores and making data corrections, as well as information concerning loan-level price adjustments, post-closing quality control review, and representation and warranty relief is also provided in the lender letter.
Freddie Mac issued Bulletin 2022-14 to provide similar guidance to sellers about their credit reporting and data correction responsibilities, and stated that it will also “not issue a repurchase based solely on an inaccurate credit score used in the underwriting of a mortgage.”
The guidance is effective immediately.
OCC reports on key risks facing the federal banking system
On June 23, the OCC released its Semiannual Risk Perspective for Spring 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that as “banks continue to navigate the operational- and market-related impacts of the pandemic along with substantial government stimulus, current geopolitics have tightened financial conditions and increased downside risk to economic growth.” However, the OCC noted that banks’ financial conditions remain strong and that banks are well-positioned to “deal with the economic headwinds arising from geopolitical events, higher interest rates and increased inflation.”
The OCC highlighted operational, compliance, interest rate, and credit risks as key risk themes in the report. Observations include: (i) operational risk, including evolving cyber risk, is elevated, with an observed increase in attacks on the financial services industry given current geopolitical tensions; (ii) compliance risk remains heightened as banks navigate the current operational environment, regulatory changes, and policy initiatives; and (iii) credit risk remains moderate, with banks facing certain areas of weakness and potential longer-term implications resulting from the Covid-19 pandemic, inflation, and direct and indirect effects of the war in Ukraine. Staffing challenges among banks also present risks, with challenges posed by “strong competition” in the labor market.
The report also discussed the importance of appropriate due diligence of new digital asset products and services. The OCC said that it “continues to engage on an interagency basis to analyze various crypto-asset use cases,” and is looking to “provide further clarity on legal permissibility, as well as safety and soundness and compliance considerations related to crypto-assets” in the banking industry.
The OCC further stated it “will continue to monitor the development of climate-related financial risk management frameworks at large banks,” and reported that “OCC large-bank examination teams will integrate the examination of climate-related financial risk into supervision strategies and continue to engage with bank management to better understand the challenges banks face in this effort, including identifying and collecting appropriate data and developing scenario analysis capabilities and techniques.”