InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Kraninger: ATR/QM, Remittance Rules expected in May
On February 25, in a speech before the Credit Union National Association Government Affairs Conference, CFPB Director Kathy Kraninger discussed the Bureau’s rulemaking approach in the consumer financial marketplace. Specifically, Kraninger reminded attendees that the Bureau’s Advance Notice of Proposed Rulemaking (ANPR) on the Ability to Repay/Qualified Mortgage Rule (ATR/QM rule) issued last July signaled its “intent to allow the patch to expire as intended in January 2021 or shortly thereafter to allow for a smooth and orderly transition.” As previously covered by a Buckley Special Alert, the ANPR solicited feedback on, among other things, whether the debt-to-income ratio should be altered and how Regulation Z and the ATR/QM Rule should be amended to minimize disruption from the so-called GSE patch expiration. Following a review of all received public comments, Kraninger stated that the Bureau has “decided to propose to amend the QM rule by moving away from the 43 percent debt-to-income ratio requirement,” and will instead “propose an alternative, such as [a] pricing threshold to better ensure that responsible, affordable mortgage credit remains available for consumers.” A proposed rule seeking comments on possible amendments will be issued no later than May, Kraninger stated.
Kraninger also discussed possible amendments to the Remittance Rule (Rule), which implements the Electronic Fund Transfer Act and requires financial companies handling international money transfers, or remittance transfers, to disclose exact fees and exchange rates. The Bureau issued a Request for Information last April on two aspects of the Rule (covered by InfoBytes here), and a follow-up Notice of Proposed Rulemaking (NPR) in December (covered by InfoBytes here) to propose a permanent safe harbor for financial companies that provide 500 or fewer remittance transfers a year. According to Kraninger, “[t]his would reduce the burden on over 400 banks and almost 250 credit unions that send a relatively small number of remittances. Ultimately, by allowing the use of estimates in some circumstances and adjusting the threshold for coverage under the rule, . . . [the] proposal was designed to preserve consumers’ ability to send remittances from their bank accounts to certain destinations.” The Bureau plans to finalize the remittances rulemaking in May.
Kraninger also commented on the Bureau’s regulatory review process, and reminded attendees of its “Start Small, Save Up” initiative, which encourages partnerships between financial companies/service providers and the Bureau in order to develop savings products for consumers.
Special Alert: CFPB releases Supplemental Notice of Proposed Rulemaking on Time-Barred Debt Disclosures
On February 21, the CFPB issued a Supplemental Notice of Proposed Rulemaking (NPRM) to amend Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA), to require debt collectors to make certain disclosures when collecting time-barred debts (the “Supplemental Proposed Rule”).
The Supplemental Proposed Rule adds to the CFPB’s proposed rule, issued May 7, 2019, (InfoBytes coverage here), to amend Regulation F to broadly implement the FDCPA, with respect to third-party debt collectors (the “Proposed Rule”). The Bureau noted when releasing the earlier Proposed Rule that it was contemplating additional disclosure requirements for time-barred debt, and reserved space for such disclosures within Regulation F, as then proposed. The CFPB released several documents related to the Supplemental Proposed Rule, including a fact sheet discussing the Supplemental Proposed Rule and a report on the disclosure of time-barred debt and the right of revival, providing findings from quantitative disclosure testing that the CFPB conducted.* * *
Click here to read the full special alert.
If you have any questions regarding Time-Barred Debt Disclosures or other related issues, please visit our Debt Collection & Buying practice page or contact a Buckley attorney with whom you have worked in the past.DOJ, SEC settle with national bank for $3 billion over sales-compensation practices
On February 21, the DOJ and SEC announced that one of the nation’s largest banks agreed to a settlement including a $3 billion monetary penalty to resolve investigations regarding their incentive compensation sales program. (See the DOJ’s Statement of Facts here). As previously covered by InfoBytes, the OCC also recently issued charges against five of the bank’s former executives, and announced settlements with the former CEO and operating committee members for allegedly failing to adequately ensure that the bank’s sales incentive compensation plans operated according to policy.
The SEC alleged in its Cease and Desist order that the bank violated the antifraud provisions of the Securities Exchange Act of 1934. The SEC’s press release states that in addition to agreeing to cease and desist from committing any future violations of the antifraud provisions, the bank agreed to a civil penalty of $500 million, which the SEC will return to harmed investors.
The bank also settled the DOJ’s civil claims under the Financial Institutions Reform, Recovery and Enforcement Act. According to the settlement, the bank accepted responsibility, cooperated in the resulting investigations, and has taken “extensive remedial measures.” In addition, the DOJ’s press release states that it entered into a three-year deferred prosecution agreement with the bank regarding the bank’s sales incentive compensation practices.
FATF calls for countermeasures on Iran; discusses global AML/CFT deficiencies
On February 21, the U.S. Treasury Department released a public statement issued by the Financial Action Task Force (FATF) following the conclusion of its plenary meeting held February 19-21, calling on its members and urging all jurisdictions to impose countermeasures on Iran for failing to address deficiencies in its anti-money laundering/combating the financing of terrorism (AML/CFT) regime. FATF provided specific examples of countermeasures within The Interpretive Note to Recommendation 19, which include, among other things, (i) “[p]rohibiting financial institutions from establishing branches or representative offices in” Iran; (ii) “[l]imiting business relationships or financial transactions with” Iran; and (iii) “[r]equiring financial institutions to review, amend, or if necessary, terminate correspondent relationships with [Iranian] banks.” According to Treasury, the “countermeasures should be developed and implemented to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing . . . risks emanating from Iran.”
Treasury also discussed recent FATF guidance on digital identity for customer identification and verification. According to FATF, the guidance “explains how digital ID systems can meet FATF customer due diligence requirements and will assist governments and financial institutions worldwide when applying a risk-based approach to using digital ID systems.”
FATF’s public statement also discussed progress made by the U.S. to strengthen its AML/CFT system, including Treasury’s customer due diligence rulemaking and beneficial ownership requirements that took effect in 2018. According to Treasury, the U.S. is also one of the first countries to voluntarily submit to an assessment of its compliance with new FATF standards regarding virtual assets.
Finally, Treasury reported that FATF is calling “on all countries to apply countermeasures on North Korea due to the ongoing money laundering, terrorist financing, and weapons of mass destruction proliferation financing risks to the international financial system.” On the same day as its public statement, Treasury released an updated list of jurisdictions under increased monitoring that are actively working with FATF to address strategic AML/CFT deficiencies.
FTC report highlights 2019 privacy and data security work
On February 25, the FTC released its annual report highlighting the agency’s privacy and data security work in 2019. Among other items, the report highlights consumer-related enforcement activities in 2018, including:
- A $5 billion penalty—the largest consumer privacy penalty to date—against a global social media company to resolve allegations that the company violated its 2012 FTC privacy order and mishandled users’ personal information. (Covered by InfoBytes here.)
- A $170 million penalty against a global online search engine and its video-sharing subsidiary to resolve alleged violations of the Children’s Online Privacy Protection Act (COPPA). (Covered by InfoBytes here.)
- A proposed settlement in the FTC’s first case against developers of “stalking” apps that monitor consumers’ mobile devices and allegedly compromise consumer privacy in violation of the FTC’s Act prohibition against unfair and deceptive practices and COPPA.
- A global settlement of up to $700 million issued in conjunction with the CFPB, 48 states, the District of Columbia and Puerto Rico, to resolve federal and state investigations into a 2017 data breach that reportedly compromised sensitive information for approximately 147 million consumers. (Covered by InfoBytes here.)
The report also discusses the FTC’s enforcement of the EU-U.S. Privacy Shield framework, provides links to FTC congressional testimony on privacy and data security, and offers a list of relevant rulemaking, including rules currently under review. In addition, the report highlights recent privacy-related events, including (i) an FTC hearing examining consumer privacy as part of its Hearings on Competition and Consumer Protection in the 21st Century; (ii) the fourth annual PrivacyCon event, which hosted research presentations on consumer privacy and security issues (covered by InfoBytes here); (iii) a workshop examining possible updates to COPPA; and (iv) a public workshop that examined issues affecting consumer reporting accuracy.
Hospitality company’s bid to dismiss data breach suit denied
On February 21, the U.S. District Court for the District of Maryland denied an international hospitality company’s motion to dismiss multidistrict litigation resulting from its 2018 data breach. As previously covered by InfoBytes, the court also recently denied the company’s motion to dismiss in a suit brought by the city of Chicago as well as in a suit brought by a group of banks, both based on the same data breach of the company. The plaintiffs in this instance filed suit following the data breach, which exposed personal information including passport numbers and payment card numbers. The company argued, however, that the plaintiffs lacked standing and that they did not state a claim for which relief could be granted.
In the opinion, the court determined that the plaintiffs had successfully established injury-in-fact by claiming, among other things, that (i) plaintiffs’ personal information was targeted in the data breach and some plaintiffs were victims of identity theft, which “makes the threatened injury sufficiently imminent”; (ii) plaintiffs had spent time and money to mitigate harm from the data breach; and (iii) plaintiffs’ personal information lost value. The court also found that the company’s failure to properly secure the plaintiffs’ personal data could be traced to fraudulent accounts opened in certain plaintiffs’ names. In addition, the court denied the company’s motion to dismiss state negligence claims, contract claims, tort claims, and statutory claims in California, Florida, Georgia, Maryland, Michigan, New York, and Oregon. The court did, however, dismiss the plaintiffs’ negligence claims under Illinois law.
FDIC guide encourages fintech/bank partnerships
On February 24, the FDIC’s technology lab, FDiTech, announced the release of a new guide intended to assist fintech companies and other third parties with bank partnerships. Conducting Business with Banks: A Guide for Fintechs and Third Parties identifies several areas for third parties to consider when exploring potential partnerships with banks relevant to navigating regulatory requirements and due diligence processes. These include being able to: (i) “[u]nderstand the framework of laws and regulations” applicable to banks, such as those “related to consumer protection, privacy and data security, . . . the Bank Secrecy Act[,] and federal anti-money laundering laws”; (ii) “[m]aintain a well-managed and financially strong business”; (iii) respond to requests for information from potential partners that demonstrate “product integrity, risk management mitigation, and consumer protection”; and (iv) demonstrate the ability to ensure ongoing compliance with applicable laws and regulations and that appropriate monitoring systems have been implemented. In addition, the guide also outlines special considerations for modelers, and emphasizes that banks will expect to understand a third party’s use of models and algorithms or other automated decision-making systems.
As previously covered by InfoBytes, FDiTech was established in 2019 to encourage innovation within the banking industry, support collaboration for piloting new products and services, eliminate regulatory uncertainty, and manage risks.
CFPB denies debt collection law firm’s request to set aside CID
On February 10, the CFPB denied a debt collection law firm’s request to modify or set aside a third-party Civil Investigative Demand (CID) issued to the firm by the Bureau while investigating possible violations of the FDCPA, CFPA, and the FCRA. As previously covered by InfoBytes, the Bureau also denied a request by a debt collection company to modify or set aside a CID, which sought information about the company’s business practices and its relationship with the firm in the same investigation. The firm’s petition asserted arguments largely based on the theory that the CFPB’s structure is unconstitutional, and that the Dodd-Frank Act provides the Bureau’s director with “overly broad executive authority.” Alternatively, the firm argued that if the CID is not set aside, it should be modified, stating, among other things, that the CID’s scope exceeds applicable statutes of limitation.
As it did in the debt collection company’s request to set aside or modify the CID, the Bureau rejected the firm’s constitutionality argument, stating that “[t]he administrative process for petitioning to modify or set aside CIDs is not the proper forum for raising and adjudicating challenges to the constitutionality of provisions of the Bureau’s statute.” Additionally, the Bureau’s Decision and Order discounts the firm’s statute of limitations argument, contending that “the Bureau is not limited to gathering information only from the time period in which conduct may be actionable. Instead, what matters is whether the information is relevant to conduct for which liability can be lawfully imposed.” The Bureau also directed the firm to comply with the CID within ten days of the Order.
FTC, New York settle with debt collection schemer
On February 25, the FTC and the New York attorney general announced a settlement with an individual defendant who controlled a New York-based debt collection operation for allegedly violating the FTC Act, the FDCPA, and New York state law by using false or deceptive tactics to collect money from consumers. As previously covered by InfoBytes, the FTC and the New York AG filed a complaint against the operation in 2018, alleging that operation employees threatened consumers with arrest or lawsuits and sometimes falsely posed as law enforcement officials or attorneys. In addition, the FTC and New York AG claimed employees allegedly increased pressure on consumers by telling them they owed more than indicated in the operation’s records, using forms that showed both the actual balance owed by the consumer as well as a higher balance the collectors claimed the consumers owed—a practice known as “overbiffing.” Under the terms of the settlement, the defendant—who neither admitted nor denied the allegations—is permanently banned from participating in debt collection activities and “is prohibited from misleading consumers about any financial-related products” or services. The settlement also imposed a $1.7 million judgment, of which all but $30,000 is suspended due to the defendant’s inability to pay.
FTC gives annual ECOA summary to CFPB
On February 21, the FTC announced it recently provided the CFPB with its annual summary of work on ECOA-related policy issues, focusing specifically on the Commission’s activities with respect to Regulation B. The summary discusses, among other things, the following FTC research and policy development initiatives:
- The FTC continued its series of Hearings on Competition and Consumer Protection in the 21st Century. Session 12 of these hearings specifically focused on consumer privacy and “the use of big data in automated decision making and how . . . ECOA should inform the use of data collected from consumers.” Session 14 included a roundtable of state attorneys general and senior staff who addressed consumer protection issues related to “the impact of big data and algorithms on equal access to credit.”
- The FTC held a forum with a variety of business leaders, enforcement attorneys, and policymakers to discuss ECOA’s applicability to small business financing.
- The FTC held a consumer reporting workshop to discuss ECOA as well as (i) consumer report furnisher practices; (ii) making credit decisions based on fairness; and (iii) avoiding the use of a prohibited basis in extending credit.
- The FTC’s Military Task Force continued to work on military consumer protection issues, including military consumers’ rights to “various types of notifications as applicants for credit, including for adverse action, and information about the anti-discrimination provisions, in ECOA and Regulation B.”
- The FTC continued to participate in the Interagency Task Force on Fair Lending, along with the CFPB, DOJ, HUD, and federal banking regulatory agencies.
The summary also highlights FTC business and consumer education efforts on fair lending issues, as well as blog posts discussing the online marketplace for small business financing.