Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Banking groups seek to halt CFPB’s 1033 rule

    Courts

    On October 23, one bank and two banking industry groups challenged the CFPB’s 1033 Rule that would mandate banks to share sensitive customer data, such as transaction history, account balances, and account and routing numbers with third parties through application programming interfaces (APIs). The lawsuit was filed in the U.S. District Court for the Eastern District of Kentucky and sought both declaratory and injunctive relief.

    The plaintiffs alleged the CFPB exceeded its statutory authority under the Dodd-Frank Act by requiring banks to provide customer financial information to third parties without proper authorization from Congress. They claimed that Section 1033 of Dodd-Frank, which the CFPB cites as its authority, only requires banks to provide information to consumers, their agents, trustees, and to representatives — and not to third parties. Plaintiffs asserted that the rule unlawfully expands the definition of “consumer” to include innumerable, as-yet unidentified third-party entities with unknown credentials or security protocols and no special relationship to the consumer, which is not supported by the statutory language.

    Additionally, plaintiffs contended the rule imposes significant compliance costs on banks, including the development and maintenance of APIs, and increased security risks by mandating the sharing of sensitive financial data with less-regulated third parties. They averred this could lead to unauthorized access and misuse of customer data, as these third parties may not have the same level of security and regulatory oversight as banks. Further, the complaint highlighted data breaches at fintech companies, underscoring the potential risks to consumers.

    The plaintiffs also claimed the 1033 rule would be arbitrary and capricious because it fails to adequately address the security concerns associated with sharing sensitive financial data. They argue that the CFPB did not provide a sufficient rationale for its decision and ignored the substantial risks and costs identified by industry stakeholders during the rulemaking process. Furthermore, the plaintiffs asserted the rule’s compliance deadlines are “unrealistic” and do not account for the time needed to develop and implement the required APIs.

    Courts CFPB Dodd-Frank Consumer Finance Privacy, Cyber Risk & Data Security Section 1033 Consumer Protection Open Banking

  • CFPB releases beta platform for small business lending data filing platform

    Federal Issues

    On August 27, the CFPB launched a beta platform for the small business lending data collection rule under Section 1071 of the Dodd-Frank Act. Financial institutions and their technology Participants can upload sample data test files to test the platform, explore its features and provide feedback. The beta platform is for testing purposes only, and data submitted will not count towards compliance with small business lending data reporting requirements. Test files are available in the CFPB’s repository. Finally, the Bureau states that it is imperative that participants avoid using actual customer data.

    Federal Issues Small Business Lending CFPB Consumer Finance Dodd-Frank Section 1071

  • FDIC, Fed approve final resolution planning guidance

    On July 30, the Fed and the FDIC published final guidance to enhance resolution planning at large banks. The guidance aims to assist certain larger financial institutions in developing their resolution plans, which are required under section 165(d) of Dodd-Frank.

    The “Guidance for Resolution Plan Submissions of Domestic Triennial Full Filers,“ applies to domestic Category II and III banking organizations, referred to as domestic triennial full filers. Key challenges for resolution discussed in the guidance include resolution capital adequacy and positioning (RCAP) and resolution capital execution need (RCEN), ensuring firms have sufficient capital to support material entities during resolution. Liquidity requirements are addressed through resolution liquidity adequacy and positioning (RLAP) and resolution liquidity execution need (RLEN), ensuring firms can meet liquidity needs during resolution. The guidance also addresses (i) governance mechanisms, including clearly identified triggers for specific actions to mitigate vulnerabilities; (ii) maintaining operational capabilities related to payment, clearing, and settlement activities, and collateral management; (iii) arrangements to support the continuity of shared and outsources services; (iv) legal entity rationalization criteria; and (v) expectations for analyzing how the resolution strategy aligns with the FDIC’s statutory least-cost requirement for insured depository institutions.

    The agencies concurrently released “Guidance for Resolution Plan Submissions of Foreign Triennial Full Filers," which applies to foreign Category II and III banking organizations, referred to as foreign triennial full filers. The guidance focuses on the interaction between the global resolution plan and U.S. operations, requiring firms to describe the impact of executing the global plan on U.S. operations. Similar to the domestic guidance, it addresses expectations for capital adequacy and positioning (RCAP) and resolution capital execution need (RCEN) for U.S. operations, as well as liquidity requirements through RLAP and RLEN expectations. The guidance also discusses the governance mechanisms that a firm should identify to ensure coordination between U.S. operations and foreign parent entities; capabilities for managing continuity of payment, clearing, and settlement activities; capabilities to manage, identify, and value collateral; information systems capabilities; the continuity of operations; the development of legal entity rationalization criteria; separability options; and whether an analysis is required to show that the FDIC could resolve the failed bank in a manner consistent with the FDIC’s statutory least-cost requirement.

    Bank Regulatory FDIC Bank Resolution Dodd-Frank Agency Rule-Making & Guidance

  • Congress members: 1033 Rule could hinder innovation of fraud prevention tools

    Federal Issues

    On July 31, a bipartisan group of Congress members sent a letter to CFPB Director Rohit Chopra raising concerns regarding the Bureau’s proposed 1033 Rule, which relates to consumer financial data privacy (covered by InfoBytes here). While the Congress members supported the overall goals of the proposed rule, including promoting data privacy and enabling consumers to control their own financial information, they expressed concerns that the inflexible restrictions on the secondary use of data may hinder innovation and fraud prevention efforts that could benefit consumers and small businesses. Specifically, they argued that the proposed limitations on data use beyond the consumer’s “requested product or service” could impact the development of fraud detection products and other new financial products and services, particularly those benefiting low-income consumers and improving access to credit. The letter urges the CFPB to consider allowing some secondary uses of data, provided consumer privacy is maintained through practices like data minimization and deidentification.

    Federal Issues Congress Section 1033 Dodd-Frank CFPB

  • District Court hears whether FINRA’s claims must be litigated in the courts

    Courts

    On July 10, the U.S. District Court for the Eastern District of Pennsylvania received a complaint from a plaintiff suing FINRA for allegedly putting forth disciplinary hearings that took place “in an improper forum, before an arbitrator whose selection was made in blatant violation and disregard of [the individual’s] Seventh Amendment right to a trial before a jury in an Article III court.” The individual countersued after receiving a 2023 FINRA complaint for allegedly violating FINRA Rules 2010, 2111, and 4511, where FINRA initiated in-house proceedings. The plaintiff averred these allegations were assertions of common law fraud and should have been brought before an Article III court. The 2023 FINRA complaint alleged the plaintiff failed to file certain required documents, failed to ensure clients received benefits, and exercised improper discretion.

    In its complaint, plaintiff noted the recent U.S. Supreme Court decision, SEC v. Jarkesy, that the SEC may no longer pursue legal claims through in-house enforcement proceedings when levying civil penalties (covered by InfoBytes here). The complaint further noted that to receive Seventh Amendment protection pursuant to the Jarkesy holding, a two-part test from Granfinanciera v. Nordberg case must be applied. According to the plaintiff, this case met both the first and second parts of the Granfinanciera test, arguing that the plaintiff should receive the Seventh Amendment right to a jury trial, and as a second cause of action also request a permanent injunction.

    Courts FINRA Pennsylvania Dodd-Frank Securities Exchange Commission

  • Agencies issue NPRM on incentive-based compensation

    Agency Rule-Making & Guidance

    On May 6, the FDIC, OCC, NCUA and the FHFA issued a NPRM (proposed rule) on incentive-based compensation, pursuant to Dodd-Frank’s Section 956 (Section 956), which required federal regulators to prescribe regulations or guidelines regarding incentive-based compensation at covered financial institutions. Regulators first proposed a rule to implement Section 956 in 2011, and again in 2016. Now, regulators are reproposing the 2016 version without change, albeit with certain alternatives. The current proposal, however, will be published without involvement from the Fed or SEC.

    Section 956 defined “covered financial institutions” as institutions with at least $1 billion in assets and include the following: depository institutions or depository institution holding companies, registered broker-dealers, credit unions, investment advisers, Fannie Mae, and Freddie Mac (or any other financial institution that federal regulators determined should be treated as a covered financial institution). Dodd-Frank required regulators to prohibit incentive-based compensation arrangements that encouraged “inappropriate risks.” The proposed rule included prohibitions intended to make these compensation arrangements more sensitive to risk, such as a ban on incentive-based compensation arrangements that do not include risk adjustment of awards, deferral of payments, or forfeiture and clawback provisions. In addition, the proposed rule set forth recordkeeping and disclosure requirements to help federal regulators monitor potential issues.

    The agencies will review both new comments and those received in 2016 for the prior proposed rule. The agencies invited those who previously submitted comments and resubmit their comments to explain how their viewpoint may have changed from their prior comments. The agencies also requested comments on the compliance date and disclosures, like the recordkeeping and clawback requirements. Comments will be due no later than 60 days following publication in the Federal Register.

    Agency Rule-Making & Guidance Bank Regulatory OCC FDIC FHFA Dodd-Frank SEC Federal Reserve

  • District Court rules against CFPB on Prepaid Rule disclosure requirement

    Courts

    On March 28, the U.S. District Court for the District of Columbia (D.D.C.) ruled in favor of a fintech digital wallet provider by granting its motion for summary judgment, denying the CFPB’s cross-motion, and vacating the CFPB’s Prepaid Rule’s short-form disclosure requirements for digital wallets. The suit focused on the applicability of the Prepaid Rule’s short-form disclosure requirements to digital wallet products. The plaintiff sued the CFPB, arguing the CFPB’s Prepaid Rule was arbitrary and capricious because, unlike for general-purpose reloadable (GPR) products, the CFPB failed to provide a “well-founded, non-speculative reason for subjecting digital wallets” to the Prepaid Rule’s short-form disclosure regime.

    The CFPB’s Prepaid Rule mandated that pre-acquisition fee disclosures, which were intended to apply to GPR cards, be required for digital wallets––i.e., digital wallet providers would be required to provide consumers with a pre-acquisition fee disclosure in a formatted “short form.” While the judge agreed that this makes sense as applied to GPR products, digital wallet products were fundamentally different from GPRs and were not primarily “used to access funds or to function as a substitute checking account.” While the CFPB’s Advanced Notice of Proposed Rulemaking, did not initially include digital wallets, in the final Prepaid Rule, the CFPB included digital wallets for three reasons: (1) the CFPB reasoned that the Prepaid Rule should apply to digital wallets since digital wallets can carry funds (just like GPRs), and the fee structure “may not hold true in the future”; (2) the CFPB argued that the Prepaid Rule filled a regulatory gap for digital wallets; and (3) the CFPB claimed it “cast a wide net” on purpose to avoid a “patchwork regime.”

    In response, the plaintiff argued that the disclosure requirement was arbitrary and capricious due to the Bureau having no rational justification for including digital wallets in the Prepaid Rule. Further, it was arbitrary and capricious because the CFPB did not comply with its role under Dodd-Frank by assessing the costs and benefits of the Rule. Finally, the plaintiff argued that the short-form disclosure regime violated the First Amendment.

    While declining to rule on First Amendment issues, the court held that the CFPB lacked a “rational justification” for subjecting digital wallets to the Prepaid Rule’s short-form disclosure requirement, agreeing that the CFPB’s requirement was arbitrary and capricious, and that it had no basis for including digital wallets because they were materially different products. The judge also found the CFPB’s cost-benefit analysis (as mandated by Dodd-Frank) was deficient, as the “general” cost-benefit analysis did not fit for digital wallets.

    Courts CFPB Digital Wallets Prepaid Rule Disclosures Dodd-Frank

  • Senator Warren pens letter to banking regulators to check on their regulatory commitments following 2023 bank failures

    On March 10, Senator Warren (D-MA) released a letter to Federal Reserve Vice Chair Michael Barr, FDIC Chairman Martin Gruenberg, and Acting Comptroller of the Currency Michael J. Hsu (the bank regulators) seeking information on any progress with their commitments to strengthen bank regulatory standards following the 2023 banking issues. Warren urged the bank regulators to reinstate the rules for banks with assets between $100 and $250 billion, including liquidity requirements and capital stress tests, that were rolled-back with the 2018 enactment of the “Economic Growth, Regulatory Relief, and Consumer Protection Act” (EGRRCPA). She concluded her letter by posing several questions, including asking what efforts the bank regulators are taking to strengthen rules, when these rules are expected to be announced or implemented, how many banks will be subject to these rules, if the implementation process would include a comment period, and if lobbying by large banks against the Basel III capital rule has weakened the bank regulators’ resolve to strengthen rules for banks with more than $100 billion in assets. Sen. Warren has asked for a response by March 25.

    Bank Regulatory Basel FDIC OCC Federal Reserve EGRRCPA Dodd-Frank

  • FTC provides its 2023 ECOA activities to CFPB

    Federal Issues

    On February 12, the FTC provided the CFPB with an annual summary of its 2023 enforcement, research and policy development, and educational-related initiatives on ECOA, as Dodd-Frank allows the Commission to enforce ECOA and any CFPB rules applicable to entities within the FTC’s jurisdiction. The letter emphasized the commitment of each agency to enforce laws protecting civil rights, fair competition, consumer protection, and equal opportunity in the development and use of automated systems and artificial intelligence. Additionally, the letter stated the FTC continued its involvement in initiatives such as military outreach and participation in interagency task forces on fair lending. Its initiatives focused on consumer and business education regarding issues related to Regulation B and guiding fair lending practices. The Commission also highlighted (1) an enforcement action against a group of auto dealerships alleging ECOA and its implementing Regulation B violations in connection with the sale of add-on products; (2) refund checks sent as a result of the settlement of two enforcement actions against auto dealerships in which it was alleged that the dealerships violated ECOA and Regulation B by discrimination against Black and Latino consumers by charging them higher financing costs; and (3) an amicus brief submitted to an appeals court in support of the CFPB’s appeal to the U.S. Court of Appeals for the Seventh Circuit of the lower court’s decision regarding the applicability of ECOA to individuals other than “applicants.” 

    Federal Issues FTC CFPB ECOA Dodd-Frank Enforcement

  • CFPB releases its spring 2023 semi-annual report

    Federal Issues

    The CFPB recently issued its semi-annual report to Congress covering the Bureau’s work for the period beginning October 1, 2022 and ending March 31, 2023. The report, which is required by Dodd-Frank, includes, (i) a list of significant rules and orders (including final rules, proposed rules, pre-rule materials, and upcoming plans and initiatives); (ii) an analysis of consumer complaints, (iii) lists of public supervisory and enforcement actions, (iv) assessments of actions by state regulators and attorneys generals related to consumer financial law; (v) assessment of fair lending enforcement and rulemaking; and (vi) an analysis of efforts to increase workforce and contracting diversity.

    Federal Issues CFPB Consumer Finance Dodd-Frank Supervision ECOA HMDA Fair Lending

Pages

Upcoming Events