InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NIST Proposes Update To Mobile Device Security Guidelines
On July 11, the National Institute of Standards and Technology released a proposed update to its guidelines for securing mobile devices. Originally published as Guidelines on Cell Phone and PDA Security, the proposed Guidelines for Managing and Securing Mobile Devices in the Enterprise offer new recommendations for devices used by the federal government. The draft guideline provide recommendations for developing centralized device management systems, with specific guidance related to (i) developing system threat models, (ii) establishing mobile device security policies, and (iii) implementing and testing prototype mobile device solutions, among other topics.
Senate Committee Explores Framework for Mobile Payments
On July 10, the Senate Banking Committee held the second hearing in a two-part series on developing a framework for safe and efficient mobile payment systems. A panel comprised of economic and legal experts in the area of mobile payments updated the Committee on the state of the market and provided ideas for establishing an appropriate regulatory framework that balances innovation and consumer protection. Among other topics, the panelists and Senators discussed information collection and use and the related privacy and data security risks to consumers, as well as to merchants taking mobile payments. At the first hearing in the series, held in March, the Committee received testimony from regulatory experts from the Federal Reserve System. During that hearing the Committee sought information about the current roles of regulators with regard to mobile payments, and potential gaps in the regulatory structure. The House Financial Services Committee recently concluded a similar series in which it explored the regulatory structure for mobile payments and assessed the market impacts of mobile payment advances.
House Subcommittee Presses CFPB on White House Ties
On July 2, the Chairman of a House Oversight and Government Reform Subcommittee, Representative McHenry (R-NC), sent a letter to CFPB Director Richard Cordray seeking information and documents regarding the CFPB’s contacts with the executive branch. As an independent federal agency, the letter explains, the CFPB should operate “free from executive control.” The letter catalogues meetings and other interactions between CFPB staff and executive branch personnel that Mr. McHenry believes “raise concerns about the [CFPB’s] commitment to regulatory independence.” Representative McHenry asks that the CFPB produce documents and information in response to a series of questions by July 16, 2012. For example, the letter seeks (i) information about requested or suggested actions originating from the Executive Office of the President (EOP), (ii) CFPB internal guidelines and procedures to ensure independence from the executive branch, and (iii) all documents and communications between the CFPB and any employee of the EOP.
CFTC, SEC Approve Final Rules To Define "Swap"; CFTC Exempts Small Banks From Clearing Requirements
This week the CFTC and the SEC approved jointly written rules and guidance to further define “swap”, “security-based swap,” and other related terms for use in regulating over-the-counter (OTC) derivatives. The Dodd-Frank Act defines these terms but also requires both the SEC and CFTC to jointly define the terms further and jointly establish regulations regarding “mixed swaps” as may be necessary to carry out the purposes of swap and security-based swap regulation under the Act. The SEC and CFTC final rules and guidance identify specific products and services that do and do not fall within the further-defined terms. The approved rules will take effect 60 days after being published in the Federal Register. The approval of the definitions also triggers the period for swap dealers to comply with other Dodd-Frank Act rules put in place to regulate the OTC derivatives markets. The CFTC also approved a final rule that implements an exemption to the clearing requirement for non-financial entities and financial institutions with total assets of $10 billion or less that hedge or mitigate business risk through swaps.
OCC Identifies Risks Facing National Banks, Federal Savings Associations
On July 5, the OCC’s National Risk Committee issued its Semiannual Risk Perspective, which identifies issues that pose threats to the safety and soundness of banks. According to the report, the three major risks facing national banks and federal savings associations are (i) the lingering effects of a weak housing market, (ii) revenue challenges related to slow economic growth and market volatility, and (iii) the potential that banks may take excessive risks in an effort to improve profitability. Within each of the three major risk areas, the report identifies “key risk themes.” For example, with regard to the aftereffects of the housing market bust, the report observes as themes: (i) flaws in foreclosure processing that are exacting large remediation costs, record penalties, and reputational damage for mortgage servicers, (ii) continued above average rates of delinquency and charge-off for housing-related loans, and (iii) persistently high commercial real estate vacancy rates and high levels of problem assets. This is the first semiannual risk report published by the OCC; it is based on data as of December 31, 2011.
FFIEC Issues Statement on Cloud Computing Vendors
On July 10, the federal banking regulators, through the Federal Financial Institutions Examination Council (FFIEC), published a statement on outsourcing of cloud computing services by financial institutions. The statement explains that the regulators consider cloud computing to be another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing. The statement goes on to outline the key risks of outsourced cloud computing, focusing on due diligence, vendor management, information security, audits, legal and regulatory compliance, and business continuity planning. The statement concludes that “[c]loud computing may require more robust controls due to the nature of the service. When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service.”
DOJ Finalizes Settlement Over Bank's Mortgage Lending Practices
On July 12, the DOJ announced a settlement with a national bank to resolve allegations that the bank engaged in a pattern or practice of discrimination against qualified African-American and Hispanic borrowers in its mortgage lending from 2004 through 2009. Pursuant to a consent decree awaiting approval by the U.S. District Court for the District of Columbia, the bank will pay $125 million in compensation to wholesale borrowers who, the DOJ alleges, were steered into subprime mortgages or who paid higher fees and rates because of their race or national origin, and $50 million in direct down payment assistance to borrowers in communities identified by the DOJ as having large numbers of discrimination victims. In addition to the combined $175 million payment, the bank also agreed to separately compensate individual African-American and Hispanic borrowers identified through an internal review of its retail mortgage lending operations. Finally, the agreement will subject the bank to other compliance, training, recordkeeping, and monitoring requirements. In addition to resolving the federal allegations, the consent decree resolves a fair lending suit based on similar allegations brought by the Illinois Attorney General. The DOJ’s Fair Lending Unit in the Civil Rights Division’s Housing and Civil Enforcement Section worked with the U.S. Attorney’s Office for the District of Columbia and the Illinois Attorney General to obtain this agreement. The Fair Lending unit was established in 2010, and since that time has filed a complaint in or resolved 19 matters, a pace far surpassing that of previous years. This matter also is the most recent to be concluded under President Obama’s Financial Fraud Enforcement Task Force, an interagency effort to investigate and prosecute financial crimes.
House Members Urge CFPB To Adopt QM Rule With Safe Harbor
This week, 90 members of the House of Representatives reportedly sent a letter to CFPB Director Richard Cordray urging the CFPB to include a clear and strong safe harbor in its final “ability to repay” or “qualified mortgage” (QM) rule. The rule would require creditors to verify a consumer’s ability to repay prior to making a residential mortgage loan and would define a QM that has a presumption of compliance with the ability to repay requirement. The letter, which was initiated by Representatives Capito (R-WV) and Sherman (D-CA), adds to a record that some Members of Congress have been building with regard to the QM rule. The Financial Institutions and Consumer Credit Subcommittee of the House Financial Services Committee chaired by Representative Capito held a hearing this week to receive testimony on the rule from stakeholders. While the witnesses generally agreed that the QM rule should be broad and provide clearly defined standards, differences of opinion remain with regard to the safe harbor issue. This week the extended comment period for the rule closed; the CFPB has indicated that it expects to issue its final rule before the end of 2012.
CFPB Proposes Two Major Mortgage Rules
On July 9, the CFPB issued two proposed rules related to mortgages. The first proposed rule would amend Regulations X and Z to establish new disclosure requirements and forms for most residential mortgage transactions. The proposal would combine existing disclosure requirements in new loan estimate and closing forms and would incorporate new Dodd-Frank Act requirements. This proposed rule also provides extensive guidance regarding compliance with the new disclosure requirements. Comments on most aspects of the proposal are due by November 6, 2012, but the CFPB has requested comments by September 7, 2012 on two portions of the proposal. The second proposed rule would implement the Dodd-Frank Act’s amendments to HOEPA that (i) expand HOEPA’s coverage to more types of mortgage transactions, (ii) amend existing high-cost triggers, (iii) add a prepayment penalty trigger, and (iv) expand protections associated with high-cost mortgages. The proposal also would amend Regulation X to implement other homeownership counseling-related requirements in Dodd-Frank requiring lenders to (i) distribute a list of homeownership counselors or counseling organizations to consumers within a few days after applying for any mortgage loan and (ii) provide first-time borrowers with counseling before taking out a negatively amortizing loan. Comments on this second proposed rule are due by September 7, 2012.
Special Alert Update: Portions of California's "Homeowner Bill of Rights" Signed Into Law
As an update to a development we reported last week, on July 11, California Governor Jerry Brown signed into law two bills that form part of the state's proposed "Homeowner Bill of Rights." Effective January 1, 2013, the two substantively identical bills will (i) codify a number of protections similar to those contained in the Multistate Servicer Settlement between 49 state attorneys general, the Federal Government, and the nation’s five largest mortgage servicers announced on February 9, (ii) amend the mechanics of California’s foreclosure processes, and (iii) provide borrowers with new private rights of action. Several other parts of the Bill of Rights remain pending, as described in a fact sheet prepared by the California Attorney General.