InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Minnesota issues executive order allowing shareholders flexibility to hold remote meetings
On April 24, the Minnesota governor issued an executive order permitting Minnesota businesses and shareholders of corporations subject to the reporting requirements of sections 13(a) and 15(d) of the Securities Exchange Act of 1934 to conduct remote shareholder meetings, provided that certain requirements are met. Additionally, if it is impracticable for a corporation to convene a currently noticed meeting of shareholders at a physical location due to Covid-19, the corporation may adjourn the meeting to another date or time, to be held by remote communication, provided certain requirements are met.
District of Columbia Department of Insurance, Securities and Banking issues bulletin regarding submission of filings
On April 24, the District of Columbia Department of Insurance, Securities and Banking issued a Bulletin 0X-SB-00X 03/20 suspending the procedures established by Bulletin 03-SB-04-03/21 in light of the Covid-19 public health emergency. Required filings and fee payments that would have been submitted pursuant to the procedures outlined in Bulletin 03-SB-04-03/21 must now be submitted to the department via PDF to a specified email address. Further, instead of physical checks, the associated payments must be submitted in electronic form in accordance with the instructions in the bulletin.
SBA, Treasury issue guidance on calculating the maximum PPP loan amount
On April 24, the Small Business Administration along with the Department of Treasury issued guidance on payroll costs and determining the maximum Paycheck Protection Program (PPP) loan amount for which a small business can apply. The guidance—organized by business entity type—contains nine questions with answers that address the self-employed, partnerships, corporations, nonprofit organizations, nonprofit religious and veterans’ organizations, tribal businesses, and limited liability companies. Small businesses must also document that they were in business as of February 15, 2020. The guidance notes that “[t]he U.S. government will not challenge lender PPP actions that conform to this guidance.”
OCC reminds banks of its exclusive visitorial authority
On April 24, the OCC issued Bulletin 2020-43 to “remind[] banks that it has exclusive visitorial authority over them.” The bulletin states that it is important for banks to quickly provide the Small Business Administration’s Paycheck Protection Program loans to small businesses. As such, state and local officials cannot examine banks’ books and records without prior authorization such that they attempt to exercise visitorial authority. Moreover, banks are not required to comply with such requests, and are further encouraged to contact their OCC examiner regarding any state and local requests. State and local officials are likewise encouraged to contact the OCC with any information or questions.
Special Alert: Regulators provide important guidance on next wave of PPP funding
President Trump on April 24 signed the Paycheck Protection Program and Health Care Enhancement Act, adding $310 billion in funding to the $350 billion initially appropriated to the program under the Coronavirus Aid, Relief, and Economic Security Act. The Federal Reserve Board, Treasury Department, and the Small Business Administration have issued important guidance in recent days related to loan participations, additional Fed support, borrower eligibility, and loan forgiveness. The SBA and the Fed have also provided more information on electronic execution and collection of loan documents, as the importance of digital loans continues to loom large with signatories working remotely.
SEC announces formation of internal Covid-19 Market Monitoring Group
On April 24, the SEC announced the formation of an internal, cross-divisional Covid-19 Market Monitoring Group, which will assist the commission with (i) commission and staff actions and analysis related to the effects of Covid-19 on markets, issuers, and investors, and (ii) responding to requests for information, analysis and assistance from other regulators and public sector partners.
Federal Reserve provides updates on facilities in Section 13(3) report to Congress
On April 24, the Federal Reserve filed a report with Congress regarding various new credit facilities developed to combat liquidity issues caused by the Covid-19 pandemic. The report provides the initial update to Congress regarding the Primary Dealer Credit Facility, Commercial Paper Funding Facility, and Money Market Mutual Fund Liquidity Facility pursuant to Section 13(3) of the Federal Reserve Act as of April 14, 2020.
CFPB guidance provides clarity to mortgage servicing transfers
On April 24, the CFPB outlined new guidance to help facilitate compliance with mortgage servicing rules when transferring mortgage servicing rights to a servicer or a sub-servicer. According to the CFPB, after significant changes were made to Regulation X (RESPA) that took effect in 2014, the Bureau found weaknesses in the management of mortgage transfers. The new guidance provides “a roadmap for servicers that will prevent consumer harm,” and notes that when transferring a loan, “servicers should have policies and procedures reasonably designed to transfer all of the information and documents in their possession or control relating to a transferred mortgage loan, such as, a unique identifier for each loan, the terms of the loan, current unpaid principal balance as of a specific date, information concerning any escrow, and copies of any loss mitigation applications submitted by a borrower and of any loss mitigation agreements agreed to with a borrower.” According to the Bureau’s press release, servicers should also consider: (i) developing a servicing transfer plan, including an escalation plan for potential problems; (ii) engaging in quality control work to validate data; (iii) determining servicing responsibilities for legacy accounts; (iv) conducting post-transfer reviews to determine the effectiveness of a transfer plan; (v) monitoring consumer complaints and loss mitigation performance metrics; and (vi) identifying defaulted loans, active foreclosures, bankruptcies, or any forbearance agreements entered into with a borrower, and including loss mitigation activity for each loan where applicable.
The Bureau recognizes that entities may face particular challenges as a result of the Covid-19 pandemic and states it intends to consider such challenges, including operational and time constraints related to the transfer, and will “be sensitive to good-faith efforts demonstrably designed to transfer the servicing without adverse impact to consumers.”
Credit card launderer settles FTC charges for $6.75 million
On April 22, the FTC filed a complaint against a Canadian company and its CEO (defendants) for allegedly participating in deceptive and unfair acts or practices in violation of the FTC Act and the Telemarketing Sales Rule (TSR) by, among other things, laundering credit card payments for two tech support scams that were sued by the FTC in 2014. The FTC alleges in its complaint that the defendants entered into contracts with payment processors to obtain merchant accounts to process credit card charges. While these contracts prohibited the defendants from submitting third-party sales through its merchant accounts, the FTC claims that the defendants used the accounts to process millions of dollars of consumer credit card charges on behalf of the two tech support operators and also processed charges for lead generators that directed consumers to the tech support scam. The FTC alleges that the defendants were aware of the unlawful conduct of at least one of the two operators and attempted to hide these charges from the payment processors.
Under the proposed settlement, the defendants neither admitted nor denied the allegations, except as specifically stated within the settlement, and (i) will pay $6.75 million in equitable monetary relief; (ii) are permanently enjoined from engaging in any further payment laundering or violations of the TSR; and (iii) will screen and monitor prospective high risk clients.
Multi-jurisdiction settlement reached with credit reporting agency over 2017 data breach
On April 17, the Massachusetts attorney general announced a settlement with a credit reporting agency (CRA) to resolve a state investigation into a 2017 data breach that reportedly compromised the personal information of nearly three million Massachusetts residents. According to the AG’s 2017 complaint (covered by InfoBytes here), the CRA ignored cybersecurity vulnerabilities for months before the breach occurred and failed to take measures to implement and maintain reasonable safeguards. Under the terms of the proposed settlement, pending final court approval, the CRA will pay Massachusetts $18.2 million and is required to take significant measures to strengthen its security practices to ensure compliance with Massachusetts law. These measures include (i) implementing a comprehensive information security program; (ii) minimizing the collection of sensitive personal information; (iii) managing and implementing specific technical safeguards and controls; (iv) providing consumer-related relief, such as credit monitoring services and security freezes; and (iv) allowing third-party assessments of its data safeguards.
Earlier, on April 14, the Indiana attorney general also announced that the CRA will pay the state $19.5 million to resolve allegations that it failed to protect Indiana residents whose personal information was exposed in the 2017 data breach. Under the terms of the final judgment and consent decree, in addition to paying $19.5 million in restitution, the CRA must take measures similar to those outlined in the Massachusetts settlement.
Massachusetts and Indiana were the only two states that chose not to participate in the 2017 multi-agency settlement that resolved federal and state investigations into the data breach and required the company to pay up to $700 million (covered by InfoBytes here).
Separately, on April 7, the City of Chicago announced a $1.5 million settlement to resolve allegations that the CRA’s failure to employ adequate data-security measures led to the breach.