Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 1, the Conference of State Bank Supervisors (CSBS) issued a request for comments on its Draft Model Law Language for money services businesses (MSBs). According to CSBS, state regulation of MSBs is a primary part of Vision 2020—a state regulator initiative to modernize the regulation of fintech companies and other non-banks by creating an integrated, 50-state system of licensing and supervision. (Previously covered by InfoBytes here.) The model MSB law draft addresses recommendations made by the Payments Subgroup of the Fintech Industry Advisory Panel, and “is based on and overlays the Uniform Money Services Act.” In addition, the draft amends definitions and interpretations that vary between states, and consists of three primary policies: (i) regulations “must sufficiently protect consumers from harm, including all forms of loss”; (ii) regulations “must enable the states’ ability to prevent bad actors from entering the money services industry”; and (iii) regulations “must preserve public confidence in the financial services sector, including the states’ ability to coordinate.” According to the Fintech Industry Advisory Panel, differences in standards and procedures for change in control have created significant administrative burdens, which the working group addressed by standardizing change of control triggers and the definition of control persons. The draft also includes implementation language designed to provide the legal framework to facilitate interstate coordination and the adoption of consistent standards and processes. The proposed language is adapted from current state laws, which focus “on permitting interstate supervision and creating parity between national and state chartered banks.” CSBS notes that using these models will grant states the legal authority to adjust to new products, risks, processes, and technological capabilities in a coordinated manner.
Comment are due November 1.
On October 1, the U.S. District Court for the Central District of California granted a plaintiff’s motion for class certification in an action against a national credit reporting agency for allegedly failing to follow reasonable procedures to assure maximum possible accuracy in the plaintiffs’ credit reports, in violation of the FCRA. As previously covered by InfoBytes, the credit reporting agency allegedly failed to delete all of the accounts associated with a defunct loan servicer, despite statements claiming to have done so in January 2015. As of October 2015, 125,000 accounts from the defunct loan servicer were still being reported, and the accounts were not deleted until April 2016. The class action alleges that the credit reporting agency violated the FCRA by continuing to report the past-due accounts, even after deleting portions of the positive payment history on the accounts. After the district court initially granted summary judgment in favor of the credit reporting agency, the U.S. Court of Appeals for the Ninth Circuit revived the lawsuit, holding that a “reasonable jury could conclude that [the credit reporting agency’s] continued reporting of [the account], either on its own, or coupled with the deletion of portions of [the consumer’s] positive payment history on the same loan, was materially misleading.”
In certifying a class of all persons whose credit report contained an account originated after January 21, 2015, from the defunct loan servicer, the district court concluded that the “Defendant’s failure to use maximum reasonable procedures to prevent the continued reporting of delinquent [loan servicer] accounts—presents a clear risk of material harm to Plaintiff’s concrete interest in accurate credit reporting.” The court rejected the credit reporting agency’s argument that the named plaintiff must prove standing on behalf of the entire class, determining that “for all the same reasons Plaintiff has standing, it’s at least possible that the unnamed class members also have standing.” Moreover, the court rejected the argument that damages should be an individual question because many class members “likely suffered no injury at all.” The court concluded that the fact that each class member may “collect slightly different amounts of statutory damages is insufficient, without more, to defeat a showing of predominance in this case.”
On October 2, the OCC issued the final rule revising the stress testing requirements for OCC-supervised institutions, consistent with changes made by Section 401 of the Economic Growth, Regulatory Relief, and Consumer Protection Act. The final rule remains unchanged from the proposed rule, which was issued by the OCC in December 2018 (previously covered by InfoBytes here). The final rule (i) changes the minimum threshold for applicability from $10 billion to $250 billion; (ii) revises the frequency of required stress tests for most FDIC-supervised institutions from annual to biannual; and (iii) reduces the number of required stress testing scenarios from three to two. Specifically, OCC-supervised institutions that are covered institutions will “be required to conduct, report, and publish a stress test once every two years, beginning on January 1, 2020, and continuing every even-numbered year thereafter.” The final rule also adds a new defined term, “reporting year,” which will be the year in which a covered bank must conduct, report, and publish its stress test. The final rule requires certain covered institutions to still conduct annual stress tests, but this is limited to covered institutions that are consolidated under holding companies required to conduct stress tests more frequently than once every other year. Lastly, the final rule removes the “adverse” scenario—which the OCC states has provided “limited incremental information”—and requires stress tests to be conducted under the “baseline” and “severely adverse” stress testing scenarios. The final rule is effective November 24.
McWilliams highlights upcoming CRA examination updates for MDIs, encourages partnerships between community banks and fintechs
On October 2, FDIC Chairman Jelena McWilliams spoke at the National Bankers Association’s annual convention to discuss the agency’s objectives regarding minority depository institutions (MDIs). McWilliams highlighted recent FDIC initiatives, including past and future roundtable discussions between large and minority banks regarding potential partnership opportunities. McWilliams noted that many large banks are unaware of how these partnerships can count for Community Reinvestment Act (CRA) credit. Therefore, the FDIC is updating its examiner instructions for CRA performance evaluations to identify activities involving MDIs. McWilliams also reminded attendees about the upcoming inaugural meeting of the agency’s new MDI Subcommittee to its Advisory Committee on Community Banking, which will focus on issues, tools, and resources unique to MDIs. One of the subcommittee’s goals, she noted, is to “identify additional opportunities to provide regulatory relief for MDIs with less-complex balance sheets while maintaining safety and soundness.” Concerning the FDIC’s franchise-marketing process for failing MDIs, McWilliams commented that “[g]oing forward, when a new marketing initiative begins, we will provide a two-week window exclusively for MDIs,” and will also contact all qualified MDIs on the bid list and provide technical assistance.
Earlier, on October 1, McWilliams delivered keynote remarks at the Federal Reserve Bank in St. Louis, in which she warned community banks that their ability to survive and thrive depends on their ability to innovate and adapt to changing technology. Specifically, McWilliams discussed the growth of digitization, open banking, machine learning/artificial intelligence, and personalization, stressing that banking technology is advancing at a “relentless pace.” Consequently, “we all must challenge ourselves to think about what that means for the future of the banking industry, and community banks in particular.” McWilliams noted, however, that community banks’ inability to keep pace with innovation is due to both cost and regulatory uncertainty. “The cost to innovate is in many cases prohibitively high for community banks. They often lack the expertise, the information technology, and research and development budgets to independently develop and deploy their own technology.” She suggested that community banks partner with fintech firms that have already developed, tested, and rolled out new technology, and emphasized that her goal is for the FDIC to lay “the foundation for the next chapter of banking by encouraging innovation that meets consumer demand, promotes community banking, reduces compliance burdens, and modernizes our supervision.”
On September 30, the DOJ announced it filed a lawsuit in the U.S. District Court for the District of Maryland alleging that a Maryland used car dealership and its owner and manager violated ECOA by offering different terms of credit based on race to consumers seeking to finance cars. According to the complaint, between September 2017 and April 2018, compliance testing done by the DOJ concluded that the defendants’ “actions, policies, and practices discriminate against applicants on the basis of race with respect to credit transactions…by offering more favorable terms to white testers than to African American testers with similar credit characteristics.” Specifically, the complaint alleged that African American testers were, among other things, (i) told they needed higher down payment amounts than white testers for the same car; (ii) quoted higher bi-weekly payments for “buy here, pay here” financing than white testers for the same car; and (iii) not offered to fund down payments in two installments, as compared to white testers. The DOJ also alleges that the conduct was “intentional, willful, and taken in disregard of the rights of others” and seeks injunctive relief and monetary relief.
On October 1, the European Court of Justice held that, under the Privacy and Electronic Communications Directive (ePrivacy Directive), a website user does not “consent” to the use of a cookie when a website provides a “pre-checked box” that needs to be deselected for a user to withdraw consent. According to the judgment, a consumer group brought an action in German court against a German lottery company, challenging the website’s use of a pre-checked box allowing the website to place a cookie—text files stored on the user’s computer allowing website providers to collect information about a user’s behavior when the user visits the website—unless the consumer deselected the box. The consumer group argued that the pre-selection of the box is not valid consent under the ePrivacy Directive. The lower court had upheld the action in part, but, following an appeal, the German Federal Court of Justice stayed the proceedings and referred the matter to the EU Court of Justice.
On October 1, the U.S. Court of Appeals for the D.C. Circuit issued a decision, which mostly ratifies the FCC’s 2017 reversal of the net neutrality rules barring internet service providers (ISPs) from slowing down or speeding up web traffic based on business relationships. (See previous InfoBytes coverage here.) Notably, however, the decision vacates a portion of the FCC’s 2018 Restoring Internet Freedom Order (Order), which preempted states from issuing their own net neutrality rules on requirements that the FCC “‘repealed or decided to refrain from imposing’ in the Order or that [are] ‘more stringent’ than the Order.”
The D.C. Circuit held that the FCC’s decision to reclassify broadband internet access as a Title I service under the Telecommunications Act—allowing for a “light-touch” regulatory framework for ISPs instead of the more heavily regulated Title II—deserves Chevron deference. The appellate court also noted that while “[p]etitioners dispute that the transparency rule, market forces, or existing antitrust and consumer protection laws can adequately protect internet openness. . . . [we] are ultimately unpersuaded.”
The D.C. Circuit also concluded that the FCC failed to adequately address how the reversal of the net neutrality rules could affect public safety issues, holding that the FCC must address this issue. The appellate court stressed that “[u]nlike most harms to edge providers incurred because of discriminatory practices by broadband providers, the harms from blocking and throttling during a public safety emergency are irreparable.” Additionally, the appellate court instructed the FCC to revisit its analysis on how the reversal will affect the regulation of pole attachments as well as low-income households that receive the internet through an FCC subsidy program. Furthermore, while the appellate court concluded that the FCC overreached its authority in prohibiting states from passing their own net neutrality rules, Judge Williams—who concurred in part and dissented in parted—reasoned that the internet cannot be divided into state markets, and that state actions “would frustrate an agency’s authorized policy.”
On October 1, the OCC’s Committee on Bank Supervision released its bank supervision operation plan (Plan) for fiscal year 2020. The Plan outlines the agency’s supervision priorities and specifically highlights the following supervisory focus areas: (i) cybersecurity and operational resiliency; (ii) Bank Secrecy Act/anti-money laundering compliance; (iii) commercial and retail credit loan underwriting; (iv) effects of changing interest rates on bank activities and risk exposures; (v) preparation necessary for the current expected credit losses accounting standard, as well the potential phase-out of the London Interbank Offering Rate; and (vi) technological innovation and implementation.
The annual plan guides the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, service providers, and agencies of foreign banking organizations. Updates about these priorities will be provided in the OCC’s Semiannual Risk Perspective.
On October 1, the CFPB and the South Carolina Department of Consumer Affairs filed an action in the U.S. District Court for the District of South Carolina against two companies and their owner, alleging that the defendants violated the Consumer Financial Protection Act (CFPA) and the South Carolina Consumer Protection Code (SCCPC) by offering high-interest loans to veterans and other consumers in exchange for the assignment of some of the consumers’ monthly pension or disability payments. The complaint alleges that the majority of the credit offers are brokered for veterans with disability pensions or retirement pensions. The defendants allegedly did not disclose to consumers the interest rates associated with the products, marketing the contracts as sale of payments and not credit offers. The defendants also allegedly did not disclose that the contracts were void under federal and state law, which prohibit the assignment of certain benefits. The Bureau and South Carolina are seeking injunctive relief, restitution, damages, disgorgement, and civil money penalties.
The Bureau’s announcement notes that this is the third action in 2019 related to the marketing or administration of high-interest credit to veterans. As previously covered by InfoBytes, in January 2019, the Bureau settled with an online loan broker resolving allegations that the broker violated the CFPA by operating a website that connected veterans with companies offering high-interest loans in exchange for the assignment of some or all of their military pension payments. Additionally, in August 2019, the Bureau and the Arkansas attorney general announced a proposed settlement with three loan brokerage companies, along with their owner and operator, for allegedly misrepresenting high-interest credit offers to veterans and other consumers as purchases of future pension or disability payments (covered by Infobytes here).
On September 30, the SEC announced a settlement with a blockchain technology company resolving allegations that the company conducted an unregistered initial coin offering (ICO). According to the order, the company raised several billion dollars from the general public after an ICO, in which it publicly offered and sold 900 million digital assets in exchange for virtual currency, to raise capital to develop software. The SEC alleges that the company violated Section 5(a) and 5(c) of the Securities Act because the digital assets it sold were securities under federal securities laws, and the company did not have the required registration statement filed or in effect, nor did it qualify for an exemption to the registration requirements. The order, which the company consented to without admitting nor denying the findings, imposes a $24 million civil money penalty.
- Daniel P. Stipano to discuss "BSA/AML culture of compliance roundtable" at the FiSCA Annual Conference
- Daniel P. Stipano to discuss "Is there a better way to fight money laundering" at the FiSCA Annual Conference
- Michelle L. Rogers to discuss "What's trending in enforcement" at the Mortgage Bankers Association Annual Convention & Expo
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Buckley Webcast: Smoke and mirrors: Navigating the regulatory landscape in banking the marijuana industry
- H Joshua Kotin to discuss "CMS - Components of a successful monitoring program" at the RegList Annual Workshop
- Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Sherry-Maria Safchuk to discuss "Cybersecurity" at the RegList Annual Workshop
- Jeffrey P. Naimon to discuss "Hot topics in mortgage origination" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Sherry-Maria Safchuk to discuss "CCPA: Countdown to compliance – A discussion of common questions and what is next on the CA privacy horizon" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "Adapting to the rapidly changing compliance landscape involving marijuana and marijuana-related businesses" at an ACAMS webinar
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference