Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Agencies propose ROV guidance

    Agency Rule-Making & Guidance

    On June 8, the CFPB joined the Federal Reserve Board, FDIC, NCUA, and the OCC to request comments on proposed interagency guidance relating to reconsiderations of value (ROV) for residential real estate valuations. The proposed guidance advises financial institutions on policies that would afford consumers an opportunity to introduce evidence that was not previously considered in the original appraisal. The proposal references the occurrence of “deficiencies” in real estate valuations, which can be due to errors or omissions, valuation methods, assumptions, or other factors. According to the proposed guidance, these kind of valuation deficiencies can “prevent individuals, families, and neighborhoods from building wealth through homeownership by potentially preventing homeowners from accessing accumulated equity, preventing prospective buyers from purchasing homes, making it harder for homeowners to sell or refinance their homes, and increasing the risk of default.” Also noted is the risk non-credible valuations pose to financial institutions, which may lead to loan losses, violations of law, fines, civil money penalties, damages, and civil litigation.

    The proposed guidance (i) provides direction on how ROVs overlap with appraisal independence requirements and compliance with relative laws and regulations; (ii) identifies how financial institutions can implement and improve existing ROV policies while remaining compliant with regulations, preserving appraiser independence, and being responsive to consumers; (iii) explains how deficiencies can pose risk to financial institutions and describes how ROV policies should be factored into risk management functions; and (iv) provides examples of ROV policies, procedures, control systems, and complaint processes to address deficient valuations.

    Comments on the proposed guidance are due within 60 days of publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues Bank Regulatory CFPB FDIC Federal Reserve NCUA FHFA OCC Mortgages Consumer Finance

  • Agencies propose new standards for AVMs

    Agency Rule-Making & Guidance

    On June 1, the CFPB joined the Federal Reserve Board, OCC, FDIC, NCUA, and FHFA in issuing a notice of proposed rulemaking (NPRM) to implement quality control standards mandated by the Dodd-Frank Act concerning automated valuation models (AVMs) used by mortgage originators and secondary market issuers. Specifically, institutions that engage in certain credit decisions or make securitization determinations would be required to adopt quality control standards to ensure a high level of confidence that estimates produced by an AVM are fair and nondiscriminatory. Other requirements would necessitate institutions to protect against data manipulation and avoid conflicts of interest. Institutions would also be required to conduct random sample testing and reviews and comply with applicable nondiscrimination laws. The agencies acknowledged that while advances in AVM technology and data availability may contribute to lower costs and reduce loan cycle times, institutions’ reliance on AMV technology must not be used as an excuse to evade the law.

    CFPB Director Rohit Chopra explained that, while AVMs rely on mathematical formulas and number crunching to produce estimates (and are often used to “check” human appraisers or used in place of an appraisal), they can still embed the human biases they are meant to correct. This is due in part to the data fed into the AVMs, the algorithms used within the machines, and biases and blind spots attributed to the individuals who develop the models, Chopra warned, commenting that AVMs can actually “make bias harder to eradicate in home valuations because the algorithms used cloak the biased inputs and design in a false mantle of objectivity.”

    Chopra went on to explain that inaccurate or biased algorithms can lead to serious harms to consumers, neighborhoods, and the housing market, and may also impact the tax base. A focus common to all the agencies, Chopra said, is ensuring that automated systems and artificial intelligence modeling technologies are developed and used in accordance with federal laws to avert discriminatory outcomes and prevent negative impacts on consumer financial stability.

    Comments on the NPRM are due within 60 days of publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues CFPB FDIC Federal Reserve NCUA FHFA OCC AVMs Mortgages Consumer Finance

  • Republican lawmakers ask about risks of customers’ digital assets on balance sheets

    Securities

    On March 2, Senator Cynthia M. Lummis (R-WY) and Representative Patrick McHenry (R-NC) sent a letter to the Federal Reserve Board, FDIC, OCC, and NCUA requesting input on SEC guidance issued last year that directs cryptocurrency firms to account for customers’ digital assets on their balance sheets. Last April, the SEC issued Staff Accounting Bulletin No. 121 (SAB 121), covering obligations for safeguarding crypto-assets held by entities for platform users. Among other things, SAB 121 clarified that entities should track customer assets as a liability on their balance sheets. “[A]s long as Entity A is responsible for safeguarding the crypto-assets held for its platform users, including maintaining the cryptographic key information necessary to access the crypto-assets, the staff believes that Entity A should present a liability on its balance sheet to reflect its obligation to safeguard the crypto-assets held for its platform users,” SAB 121 explained.

    Claiming that SAB 121 “purports to require banks, credit unions and other financial institutions to effectively place digital assets on their balance sheets,” the lawmakers argued that this “would trigger a massive capital charge,” and in turn would likely prevent regulated entities from engaging in digital asset custody. Rather, regulators should encourage regulated financial institutions to offer digital asset services, since they are subject to the highest level of oversight, the letter said. Among other things, the letter asked the regulators whether the SEC contacted them prior to issuing the guidance, and if they have directed regulated financial institutions to comply with SAB 121. The lawmakers also inquired whether the regulators “agree that SAB 121 potentially weakens consumer protection by preventing well-regulated banks, credit unions, and other financial institutions from providing custodial services for digital assets[.]” The letter pointed to the bankruptcy case of a now-defunct crypto lender, which classified all customers as unsecured creditors, as an example of the legal risk of requiring customer custodial assets be placed on an entity’s balance sheet. “SAB 121 places customer assets at greater risk of loss if a custodian becomes insolvent or enters receivership, violating the SEC’s fundamental mission to protect customers,” the lawmakers wrote.

    Securities SEC Digital Assets Cryptocurrency Congress Federal Reserve FDIC OCC NCUA Accounting Fintech

  • NCUA approves final cyber incident reporting rule

    Agency Rule-Making & Guidance

    On February 16, the NCUA approved a final rule that requires federally-insured credit unions (FICUs) to notify the agency as soon as possible (and no later than 72 hours) after a FICU “reasonably believes that a reportable cyber incident has occurred.” Specifically, the rule requires FICUs to report cyber incidents that lead “to a substantial loss of confidentiality, integrity, or availability of a network or member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes.” Under the rule, FICUs must report any cyberattacks that disrupt their business operations, vital member services, or a member information system within 72 hours of the FICU’s “reasonable belief that it has experienced a cyberattack.” The NCUA explained that the 72-hour notification requirement provides an early alert to the agency but that the rule does not require the submission of a detailed incident assessment within this time frame. The final rule takes effect September 1. Additional reporting guidance will be provided prior to the effective date.

    “Through these high-level early warning notifications, the NCUA will be able to work with other agencies and the private sector to respond to cyber threats before they become systemic and threaten the broader financial services sector,” NCUA Chairman Todd M. Harper said. Harper further explained that “[t]his final rule will also align the NCUA’s reporting requirements with those of the federal banking agencies and the Cyber Incident Reporting for Critical Infrastructure Act.”

    Agency Rule-Making & Guidance Federal Issues Privacy, Cyber Risk & Data Security NCUA Credit Union Data Breach

  • Agencies reiterate illegality of appraisal discrimination

    Federal Issues

    On February 14, CFPB Fair Lending Director Patrice Ficklin joined senior leaders from the FDIC, HUD, NCUA, Federal Reserve Board, DOJ, OCC, and FHFA in submitting a joint letter to The Appraisal Foundation (TAF) urging the organization to further revise its draft Ethics Rule for appraisers to include a detailed statement of federal prohibitions against discrimination under the Fair Housing Act (FHA) and ECOA.

    This is the second time the agencies have raised concerns with TAF. As previously covered by InfoBytes, last February, the agencies sent a joint letter in response to a request for comments on proposed changes to the 2023 Appraisal Standards Board Ethics Rule and Advisory Opinion 16, in which they noted that while provisions prohibit an appraiser from relying on “unsupported conclusions relating to characteristics such as race, color, religion, national origin, sex, sexual orientation, gender, marital status, familial status, age, receipt of public assistance income, disability, or an unsupported conclusion that homogeneity of such characteristics is necessary to maximize value,” the “provisions do not prohibit an appraiser from relying on ‘supported conclusions’ based on such characteristics and, therefore, suggest that such reliance may be permissible.” The letter noted that the federal ban on discrimination under the FHA and ECOA is not limited only to “unsupported” conclusions, and that any discussions related to potential appraisal bias should be consistent with all applicable nondiscrimination laws. 

    In their second letter, the agencies said that the fourth draft removed a detailed, unambiguous summary covering nondiscrimination standards under the FHA and ECOA, and instead substituted “a distinction between unethical discrimination and unlawful discrimination.” The letter expressed concerns that the term “unethical discrimination” is not well established in current law or practice, and could lead to confusion in the appraisal industry. Moreover, the letter noted that “the term ‘ethical’ discrimination, and reference to the possibility of a protected characteristic being ‘essential to the assignment and necessary for credible assignment results,’ appears to resemble the concept of ‘supported’ discrimination that the agencies previously disfavored and whose removal and replacement with a summary of the relevant law significantly improved the draft Ethics Rule.” The agencies further cautioned that “[s]uggesting that appraisers avoid ‘bias, prejudice, or stereotype’ as general norms” would grant individual appraisers wide discretion in applying these norms and likely yield inconsistent results. The agencies advised TAF to provide a thorough explanation of these legal distinctions.

    Federal Issues CFPB Consumer Finance Appraisal FDIC HUD NCUA Federal Reserve DOJ OCC FHFA Fair Housing Act ECOA Discrimination

  • NCUA will maintain loan interest rate ceiling at 18%

    Agency Rule-Making & Guidance

    On January 27, the NCUA board unanimously voted to maintain the current temporary 18 percent interest rate ceiling for loans made by federal credit unions (FCUs) for another 18 months. The extension starts after the current period ends March 10. According to the announcement, the National Association of Federally-Insured Credit Unions (NAFCU) urged the NCUA to immediately raise the interest rate ceiling to 21 percent in order to help mitigate interest rate-related risks facing FCUs. Recognizing that the NAFCU “has consistently advocated for a floating permissible interest rate ceiling to address constraints of the 15 percent ceiling set by the FCU Act,” NCUA Chairman Todd Harper said the agency is conducting an analysis of a floating interest rate ceiling that should be completed by the April board meeting.

    Agency Rule-Making & Guidance NCUA Interest Rate Credit Union

  • NCUA proposal looks to promote CU-fintech partnerships

    Agency Rule-Making & Guidance

    On December 15, the NCUA issued a proposed rule seeking input on amendments to the agency’s regulations on the purchase of loan participations and the purchase, sale, and pledge of eligible obligations and other loans, including notes of liquidating credit unions. Among other things, the proposed rule would remove certain prescriptive limitations and other qualifying requirements to provide federal credit unions with additional flexibility to purchase eligible obligations of their members and engage with advanced technologies and other opportunities presented by fintechs. Improved flexibility and individual autonomy will allow federal credit unions “to establish their own risk tolerance limits and governance policies for these activities, while codifying due diligence, risk assessment, compliance and other management processes that are consistent with the Board’s long-standing expectations for safe, sound, fair and affordable lending practices,” the NCUA said. Comments on the proposed rule are due 60 days after publication in the Federal Register.

    “As I have emphasized before, credit unions should recognize and harness the potential opportunities fintechs may offer them,” NCUA Chairman Todd Harper said. “However, we must also acknowledge the potential risks they pose to credit unions, their members, and the system and develop appropriate guardrails. This proposed rule strikes that balance. It provides flexibility, safety, and tailored relief to credit unions while fostering greater innovation.”

    Agency Rule-Making & Guidance Federal Issues NCUA Fintech

  • Senate Banking grills regulators on crypto

    Federal Issues

    On November 15, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Oversight of Financial Regulators: A Strong Banking and Credit Union System for Main Street” to hear from federal financial regulators about growing risks related to bank mergers, bailouts, climate change, crypto assets, and cyberattacks, among other topics. Committee Chairman Sherrod Brown (D-OH) opened the hearing by emphasizing that Congress “must stay vigilant and empower regulators with the tools to combat these growing risks,” and said that banks and credit unions must be able to partner with third parties in a manner that enables competition but without risking consumer money. He also warned that big tech companies and shadow banks should not be allowed to “play by different rules because of special loopholes.” In his opening statement, Ranking Member Patrick J. Toomey (R-PA) challenged the regulators to “not stray beyond their mandates into politically contentious issues or establish unnecessary new regulatory burdens,” pointing to the participation of the Federal Reserve Board, FDIC, and OCC in the Network for the Greening the Financial System as an example of politicizing financial regulation.

    Testifying at the hearing were the Fed’s Vice Chair for Supervision Michael S. Barr, NCUA Chair Todd M. Harper, acting FDIC Chairman Martin J. Gruenberg, and acting Comptroller of the Currency Michael J. Hsu. Cryptocurrency concerns were a primary focus during the hearing, where Toomey asked the regulators why they still have not provided public clarity on banks’ involvement in crypto activities, such as providing custody services or issuing stablecoins.

    Pointing to a major cryptocurrency exchange’s recent major collapse, Toomey pressed Hsu on whether the OCC “discourages banks from providing custody services” for crypto assets. Toomey speculated, “it seems to me if people had access to custody services provided by a wide range of institutions, including regulated financial institutions, they might be able to sleep more comfortably knowing that those assets are unlikely to be used for some completely inappropriate purpose.” Answering that the OCC discourages banks from engaging in activities that are not safe, sound, and fair, Hsu acknowledged that there are underlying fundamental issues and questions about what it means to control crypto through a custody “which have not been fully worked out.” Toomey emphasized that part of the obligation rests on the OCC to provide clarity on how banks could provide these services in a safe, sound, and fair manner, and stressed that currently these activities are operating in a space outside the regulatory perimeter. Barr agreed that it would be useful for the Fed to provide guidance to banks on how to safely custody crypto assets and said it is something he plans to work on with his colleagues.

    Toomy further noted that Congress’s failure “to pass legislation in this space and the failure of regulators to provide clear guidance has created ambiguity that has driven developers and entrepreneurs overseas where regulations are often lax at best.” Senator Bill Haggerty (R-TN) cautioned that lawmakers should not resort to a “heavy-handed” regulatory response to the cryptocurrency exchange’s collapse. “No amount of poorly considered, knee-jerk over-regulation here in the U.S. would have prevented a foreign-domiciled company like [the collapsed cryptocurrency exchange] from doing what it did,” Haggerty said. “The fact of the matter is that crypto, much like all of finance, isn’t beholden to a specific country or a specific legal system, and by not acting and by failing to provide legal clarity here in the United States, Congress only incentivizes activity to migrate outside of our country’s borders,” Haggerty stated, adding that it is “important to recognize that whatever happened with a bad actor running a centralized exchange and defrauding customers” has “nothing to do with the technology underpinning crypto itself.” When asked by Sen. John Kennedy (R-LA) which regulator was responsible for watching the collapsed cryptocurrency exchange, Gruenberg said “I think in the first instance, you’d probably want to engage with the market regulators, the SEC and the CFTC, to talk about the activities and the authorities in this area.”

    The regulators also discussed efforts to mitigate cybersecurity risks and strengthen information security within the banking industry. Hsu stressed during the hearing that “the greatest risk is the risk of complacency,” while noting in his prepared remarks that the OCC is aware of the risks associated with cybersecurity and has “encouraged banks to stay abreast of new technology and threats.” Barr pointed to the importance of operational resilience in his prepared remarks, noting that “technology-based failures, cyber incidents, pandemics, and natural disasters,” combined with the growing reliance on third-party service providers, expose banks to a range of operational risks that are often challenging to anticipate. Harper commented in his prepared remarks that the NCUA continues to provide guidance for credit unions to reinforce their ability to withstand potential cyberattacks, and recommends that credit unions report cyber incidents to the NCUA, the FBI, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. In his prepared remarks, Gruenberg pointed to recent examination findings revealing that banks that have dedicated resources for implementing appropriate controls are better at defending against cyberattacks, and said the FDIC is “piloting technical examination aids that will help [] examiners focus on the controls [] found to be most effective in defending against these attacks.”

    The House Financial Services Committee also held a hearing later in the week that focused on similar topics with the regulators. Chair Maxine Waters (D-CA) and Rep. Patrick McHenry (R-NC) also announced that the committee will hold a hearing in December to investigate the aforementioned cryptocurrency exchange’s collapse and understand the broader consequences the collapse may have on the digital asset ecosystem.

    Federal Issues Digital Assets Privacy, Cyber Risk & Data Security Senate Banking Committee House Financial Services Committee FDIC OCC NCUA Federal Reserve Risk Management Third-Party Climate-Related Financial Risks Fintech

  • Agencies seek comment on renewing FFIEC’s cybersecurity assessment tool

    On August 8, the OCC, the Federal Reserve Board, the FDIC, and the NCUA (collectively, “Agencies”) issued a notice in the Federal Register soliciting comments on the renewal of the Federal Financial Institutions Examination Council’s cybersecurity assessment tool. According to the notice, the Agencies are seeking comment on, among other things: (i) “[w]hether the collection of information is necessary for the proper performance of the functions of the agencies, including whether the information has practical utility”; (ii) “[t]he accuracy of the Agencies’ estimates of the burden of the collection of information; (iii) how to “enhance the quality, utility, and clarity of the information to be collected”; and (vi) “minimize[ing] the burden of the collection on respondents.” Comments are due 30 days after publication in the Federal Register.

    Bank Regulatory Agency Rule-Making & Guidance Federal Issues OCC Federal Reserve FDIC NCUA FFIEC Privacy, Cyber Risk & Data Security

  • Agencies seek comment on CRE loan statement

    Agency Rule-Making & Guidance

    On August 2, the FDIC, OCC, and NCUA (collectively, “the agencies”) issued a notice in the Federal Register soliciting public comment on an updated policy statement regarding accommodations and workouts for commercial real estate (CRE) loans whose borrowers are experiencing financial difficulty. In 2009, the Policy Statement on Prudent Commercial Real Estate Loan Workouts was issued by the FFIEC, which the agencies view “as being useful for both agency staff and financial institutions in understanding risk management and accounting practices for [] CRE loan workouts.” Among other things, the statement would include (i) a new section on short-term loan accommodations; (ii) information about changes in accounting principles since 2009; and (iii) revisions and additions to examples of CRE loan workouts. The new updated statement would also “address relevant accounting changes on estimating loan losses and provide updated examples of how to classify and account for loans modified or affected by loan accommodations or loan workout activity.” Specifically, the agencies seek input on how the document reflects sound practices in CRE loan accommodation and what additional information can be included to optimize the guidance of managing CRE loan portfolios.

    Agency Rule-Making & Guidance Bank Regulatory FDIC OCC NCUA FFIEC Federal Register Commercial Lending

Pages

Upcoming Events