Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 25, the CFPB held its “Abusive Acts or Practices Symposium,” the first event in a symposia series covering a range of consumer financial services topics. The event had two panels of experts discussing unfair, deceptive, or abusive acts and practices (UDAAP)—the first was a policy discussion, moderated by Tom Pahl, CFPB’s Policy Associate Director, Research, Markets and Regulation; and the second, examined how the “abusive” standard has been used in practice in the field and was moderated by David Bleicken, CFPB Deputy Associate Director, Supervision, Enforcement and Fair Lending. Director Kraninger began the symposium noting that it will help to “inform the Bureau’s thinking as to whether the Bureau should use its rulemaking or other tools to provide clarity about the general meaning of abusiveness—and, if so, which principles should be applied to determine the scope of abusiveness.”
The policy panel focused on whether consumer harm was required for a practice to be considered abusive. One panelist noted that while the Dodd-Frank Act statutory definition of abusive does not specifically require proof of consumer harm, it would be surprising if consumer harm wasn’t a priority in weighing enforcement claims. As for what principles the Bureau should apply in determining the scope of abusive acts and practices, one panelist identified three: “fidelity, autonomy, and modesty,” meaning the Bureau should follow the statutory language, protect autonomy of consumer decision-making, and be careful not to tie its hands prematurely based on current market information.
The practitioners’ panel focused on whether there was even a need to clarify the abusive standard, as it is already statutorily defined. Most panelists agreed that a guidance document or policy statement would be an important first step for the Bureau in providing clarity to the industry. Specifically, the panelists noted that the industry has struggled with examples of how abusiveness is different from unfairness or deception, arguing the Bureau has been “inconsistent at times” in the application of the abusive standard. One panelist explained that the Bureau often brings abusive claims in connection with a claim of deception or unfairness, stating “while this may work for the Bureau’s litigation strategy the market looks to enforcement for guidance on the policy. Standalone abusiveness claims that show how abusiveness is different from deception and unfairness would provide direction to staff and industry.” Because the standard is unclear to industry, a panelist argued that many companies choose to limit products or offerings to avoid unknown compliance risks.
An archived copy of the webcast will be available on the Bureau’s website.
On June 21, the Federal Reserve Board released the results of its supervisory Dodd-Frank Act bank stress tests conducted on 18 financial institutions, which collectively hold 70 percent of bank assets in the U.S. Under the most severe scenario tested by the Fed, consisting of a severe global recession— “with the U.S. unemployment rate rising by more than 6 percentage points to 10 percent, accompanied by a large decline in real estate prices and elevated stress in corporate loan markets”— the Fed projected losses at the 18 institutions would total $410 billion and the aggregate common equity tier 1 capital ratio would fall from an actual 12.3 percent in the fourth quarter of 2018 to 9.2 percent. Vice Chairman, Randal K. Quarles, noted that “[t]he results confirm that our financial system remains resilient,” and “the nation’s largest banks are significantly stronger before the crisis and would be well-positioned to support the economy after a secure shock.”
On June 4, the OCC extended the deadline for national banks and federal savings associations (FSAs) with consolidated assets between $100 billion and $250 billion to comply with the Dodd-Frank stress test (DFAST) requirements to November 25. In December 2018, the OCC issued a letter noting that prior DFAST exams and OCC supervision have indicated that qualifying banks with consolidated assets within these thresholds have adopted effective stress testing programs and integrated them into their general risk management tools, and as such, “requiring DFAST submissions for these banks in 2019 would provide limited supervisory value.” According to the OCC, the extension is consistent with the Economic Growth, Regulatory Relief, and Consumer Protection Act’s goal of reducing regulatory burden for applicable national banks and FSAs.
On May 22, the FTC published a final rule in the Federal Register rescinding model forms and disclosures promulgated pursuant to the FCRA. The FTC has determined the model forms and disclosures are no longer necessary and the rescission would reduce confusion as the CFPB’s FCRA model forms and disclosures were updated in 2018. Specifically, the final rule rescinds: (i) Appendix A—Model Prescreen Opt-Out Notices; (ii) Appendix D—Standardized Form for Requesting Annual File Disclosures; (iii) Appendix E—Summary of Identity Theft Rights; (iv) Appendix F—General Summary of Consumer Rights; (v) Appendix G—Notice of Furnisher Responsibilities; and (vi) Appendix H—Notice of User Responsibilities. The final rule also makes conforming amendments to FTC rules that reference the applicable forms issued under the FCRA. The rule is effective May 22.
On May 15, a group of 25 Democratic Attorneys General submitted a comment letter in response to the CFPB’s February proposal to rescind certain provisions related to the underwriting standards of the “Payday, Vehicle Title, and Certain High-Cost Installment Loans” (the Rule) (covered by InfoBytes here). In the comment letter, the Attorneys General argue, among other things, that the elimination of the underwriting provisions of the Rule: (i) is inconsistent with the Bureau’s obligations to protect consumers under the Dodd-Frank Act; (ii) ignores state experiences with payday and vehicle title lending; and (iii) would reduce states’ ability to protect their residents from predatory lending.
Specifically, the letter argues that the Bureau’s reasoning for repealing the underwriting requirements—that the findings of the Rule “were not supported by sufficiently ‘robust and reliable’ evidence”—would saddle the Bureau with an unreasonably high evidentiary standard that would prevent the Bureau from regulating unfair and abusive practices. Additionally, the letter states that the Bureau’s conclusion that the underwriting requirements would harm consumers by reducing consumer’s access to credit and ability to choose lenders offering credit ignores “the experiences of numerous states that have implemented restrictions on payday and vehicle title lending—restrictions that have protected consumers without unreasonably limiting consumers’ access to credit.” States’ restrictions on payday and vehicle title lending, according to the letter, have “benefited consumers and expanded access to manageable credit.” Lastly, the letter asserts that maintaining a federal regulatory floor on lending activities is “crucial to supporting and complementing state oversight,” and removal of the floor will “enable lenders to continue trying to avoid state regulation and continue marketing expensive and often unlawful products to consumers without providing borrowers an opportunity for negotiation or comparison.”
The comment letter was written by the Attorneys General of the District of Columbia, New Jersey, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Mexico, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, Vermont, Virginia, Washington, and Wisconsin.
As previously covered by InfoBytes, the same group of Attorneys General had urged the CFPB via a previous comment letter not to delay the August 19, 2019 compliance date for any aspect of the Rule, and had warned that they would consider taking legal action if the Bureau did so.
On May 14, the California Reinvestment Coalition (CRC) announced it filed a lawsuit in the U.S. District Court for the Northern District of California against the CFPB for allegedly failing to implement Section 1071 of the Dodd-Frank Act, which requires the Bureau to collect and disclose data on lending to small, women, and minority-owned businesses. In the complaint, the CRC argues that the failure to implement Section 1071 violates two provisions of the Administrative Procedures Act. Specifically, the CRC alleges the that Bureau has “unlawfully withheld and unreasonably delayed” the implementation of Section 1071 since Dodd Frank’s passage in 2011, and also, that the Bureau has acted “arbitrarily and capriciously” by informing financial institutions to “not to make [the] inquiries, nor compile, maintain, and submit [the loan application] data” required by Section 1071. The CRC claims that the failure to collect and publish the data has harmed its ability to advocate for access to credit, advise organizations working with women and minority-owned small businesses, and work with lenders to arrange investment in low-income and communities of color. The CRC is seeking the court to invalidate the Bureau’s countermanding of Section 1071’s requirements on financial institutions and an order or writ compelling the Bureau to issue a final rule implementing Section 1071.
On March 28, the Federal Reserve Board released a report titled, “Dodd-Frank Act Stress Test 2019: Supervisory Stress Test Methodology,” which details the models and methodologies the Board will use for 2019 stress tests. The release is intended to “increase the transparency of [the Board’s] stress tests without compromising [its] ability to test the resiliency of the nation's largest banks.” Specifically, the report provides more information than in years past on the models that are used to project bank losses, including (i) ranges of loss rates for loans that are grouped by distinct risk characteristics; (ii) examples of portfolios with hypothetical loans with projected loss rates; and (iii) enhanced descriptions of models.
On February 26, 2019, the Ninth Circuit issued a long-awaited opinion in a case involving a life sciences manufacturing company and its former General Counsel. The 23-page opinion, slated for publication, takes a mixed view of the trial outcome, vacating in part, affirming in part, and remanding for the district court to determine whether to hold a new trial.
Two years ago, following a $55 million civil and criminal FCPA settlement by the company, a jury awarded Wadler (the company’s former General Counsel) $11 million in punitive and compensatory damages, including double back-pay under Dodd-Frank, in his whistleblower retaliation case against his former employer. The company appealed to the Ninth Circuit, arguing that the district court erroneously instructed the jury that SEC rules or regulations prohibit bribery of a foreign official; that the company’s alleged FCPA violations resulted from Wadler’s own failure to conduct due diligence as the company’s General Counsel; that the district court should have allowed certain impeachment testimony and evidence related to Wadler’s pursuit and hiring of a whistleblower attorney; and that Wadler was not a “whistleblower” under Dodd-Frank because he only reported internally and did not report out to the SEC. The Court heard arguments on November 14, 2018.
Section 806 of the Sarbanes-Oxley Act, codified as 18 U.S.C. § 1514A, protects whistleblowers from retaliation under certain circumstances, including reporting violations of “any rule or regulation of the Securities and Exchange Commission.” The company alleged, and the Ninth Circuit agreed, that the district court’s jury instructions incorrectly stated that Section 806 encompasses reports of FCPA violations. The Court ruled that “statutory provisions of the FCPA, including the three books-and-records provisions and anti-bribery provision . . . are not ‘rules or regulations of the SEC’ under SOX § 806.” However, the Court found that with the right instructions, a jury could have still ruled in Wadler’s favor. Accordingly, the Court vacated the Section 806 verdict and remanded to the district court for consideration of a new trial. On the other hand, the Court held that the same jury instruction error was harmless for the purposes of Wadler’s California public policy claim, so the Court upheld that verdict and its associated damages. The Court also rejected the company’s claims of evidentiary error. Finally, the Court ruled that under another case involving a real estate investment company and its former executive, Dodd-Frank does not apply to people who only report misconduct internally, and vacated the Dodd-Frank claim. As for damages, the Ninth Circuit affirmed Wadler’s compensatory and punitive damages award but vacated the double back-pay associated with the Dodd-Frank claim.
This decision is likely the first circuit court opinion to cite the case in an FCPA case for its holding that individuals who only report violations internally do not hold “whistleblower” status under Dodd-Frank.
On March 5, the FTC released proposed amendments to two rules that protect the privacy and security of customer data held by financial institutions. The agency seeks comments on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule requires financial institutions to develop, implement, and maintain comprehensive information security programs, whereas the Privacy Rule requires financial institutions to notify customers about information-sharing practices, as well as enable customers to opt out of sharing their information with certain third parties. The FTC’s proposed amendments to the Safeguards Rule would, among other things, add more detailed requirements for financial institutions, including mandatory encryption of customer data and the use of multi-factor authentication to prevent unauthorized access to customer information. The proposed amendments to the Privacy Rule would change the rule to account for statutory changes in the Dodd-Frank Act, which gave the majority of the FTC’s rulemaking authority for the Privacy Rule to the CFPB with the exception of certain motor vehicle dealers. The agency plans to remove examples of financial institutions that do not apply to motor vehicle dealers, as well as clarify when annual customer privacy notices must be provided. In addition, the FTC proposes to expand the definition of “financial institution” in both rules to include “finders,” which include persons or entities that charge a fee to introduce consumers to a lender.
On February 26, the U.S. Court of Appeals for the 9th Circuit affirmed a former general counsel’s whistleblower retaliation claim, under California public policy, against a biopharmaceutical manufacturer and its CEO but vacated the jury’s Sarbanes-Oxley Act (SOX) and Dodd-Frank Act verdicts. According to the opinion, the general counsel sued the company and the CEO claiming whistleblower retaliation under SOX, the Dodd-Frank Act, and California wrongful termination case law, claiming the company fired him after he alleged the company may have violated the FCPA in China. The jury awarded the general counsel $11 million, including $2.96 million in lost wages, which was doubled under the Dodd-Frank Act’s whistleblower provision, and $5 million in punitive damages. The company appealed the verdict arguing the district court erred in the instructions to the jury when it stated that statutory provisions of the FCPA constitute “rules or regulations of the SEC for purposes of whether [the general counsel] engaged in protected activity under SOX.”
On appeal, the 9th Circuit concluded the district court’s instructional error was not harmless as to the SOX claim, finding that the statutory provisions of the FCPA are not “rules or regulations of the SEC under SOX” as instructed to the jury. While the error was not harmless, the appellate court rejected entering judgment in favor of the company and instead, remanded the case back for proper instruction. Additionally, the appellate court vacated the district court’s instructions for the jury to enter judgment in favor of the Dodd-Frank Act claim, citing to the Supreme Court decision in Digital Realty Trust Inc. v. Somers. The appellate court concluded that the whistleblower provision of the act does not apply to purely internal reports and entered judgment in favor of the company. As for the California public policy claim, the appellate court determined that the incorrect SOX jury instructions were harmless because his California claim did not depend on SOX and the jury “necessarily would have reached the same verdict under proper instruction.” The affirmation of the California claim and associated damages left the general counsel with an award of nearly $8 million.
- Amanda R. Lawrence to discuss "Navigating the challenges of the latest data protection regulations and proven protocols for breach prevention and response" at the ACI National Forum on Consumer Finance Class Actions and Government Enforcement
- Tim Lange to discuss "Ease your pain at the state level: Recommendations for navigating the licensing issues in the states" at the Online Lenders Alliance Compliance University
- Amanda R. Lawrence, Aaron C. Mahler, and Jonice Gray Tucker to discuss "Expanded role for the FTC ahead: Implications for bank and nonbank financial institutions" at an American Bar Association Banking Law Committee Webinar
- Buckley Webcast: Flirting with alternatives — Opportunities and challenges created by alternative data, modeling, and technology
- Daniel P. Stipano to discuss "Reporting requirements for credit unions: CTRs and SARs" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Daniel P. Stipano and Moorari K. Shah to discuss "Vendor management: What is the NCUA looking for?" at the National Association of Federally-Insured Credit Unions BSA Seminar
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Summer Regulatory Compliance School
- Warren W. Traiger to discuss "CRA modernization" at the National Association of Industrial Bankers and the Utah Association of Financial Services Annual Convention
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Hank Asbill to discuss "Ethical guidance in conducting internal investigations – The intersection of Yates and Upjohn" at the American Bar Association Southeastern White Collar Crime Institute
- Brandy A. Hood to discuss "RESPA Section 8/referrals: How do you stay compliant?" at the New England Mortgage Bankers Conference
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at the American Bar Association Business Law Section Annual Meeting
- Daniel P. Stipano to discuss "Navigating the conflicting federal and state laws for doing business with cannabis companies" at the American Bar Association Business Law Section Annual Meeting
- Tim Lange to discuss "Services and value" at the North American Collection Agency Regulatory Association Annual Conference
- Amanda R. Lawrence to discuss "Data privacy litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Brandy A. Hood to discuss "How to ace your TRID exam" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "HMDA data is out, now what?" at the Mortgage Bankers Association Regulatory Compliance Conference
- Daniel P. Stipano to discuss "Assessing the CDD final rule: A year of transitions" at the ACAMS AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Lessons learned from recent enforcement actions and CMPs" at the ACAMS AML & Financial Crime Conference
- Melissa Klimkiewicz to discuss "Navigating FHA rules and regs" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "The state’s role in fintech: Providing an industry framework for innovation" at Lend360
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference