InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California DBO issues cannabis banking guidance
On October 3, the California Department of Business Oversight (DBO) issued guidance for state-chartered financial institutions that serve cannabis-related businesses. The guidance, which is intended to help financial institutions manage risks appropriately, addresses cannabis program governance and compliance with the Bank Secrecy Act (BSA), as well as cannabis banking guidance issued in 2014 by the Financial Crimes Enforcement Network (FinCEN). As previously covered by InfoBytes, FinCEN’s guidance—which includes federal law enforcement priorities still in effect that were taken from a now-rescinded DOJ memo—details the necessary elements of a customer due diligence program, ongoing monitoring and suspicious activity report filing requirements, and priorities and potential red flags. Notably, the DBO states that while it will not bring regulatory actions against state-chartered financial institutions “solely for establishing a banking relationship with licensed cannabis businesses,” it expects all financial institutions to comply with FinCEN’s BSA expectations and guidance to make appropriate risk assessments. The DBO also referred bank examiners to its September Cannabis Job Aid, which is intended to assist with the examination of financial institutions that may be banking cannabis-related businesses.
FTC temporarily halts real estate workshops due to deceptive marketing
On October 4, the FTC announced that the U.S. District Court for the District of Utah granted a temporary restraining order against a Utah-based company and its affiliates (collectively, “defendants”) for allegedly using deceptive marketing to persuade consumers to attend real estate events costing thousands of dollars. According to the complaint, filed by the FTC and the Utah Division of Consumer Protection, the defendants violated the FTC Act, the Consumer Review Fairness Act (CRFA), and Utah state law, by marketing real estate events with false claims, using celebrity endorsements. The defendants allegedly told consumers they will (i) earn thousands of dollars in profits from real estate investment “flips” by using the defendants’ products; (ii) receive 100 percent funding for their real estate investments, regardless of credit history; and (iii) receive a full refund if they do not make “‘a minimum of three times’” the price of the workshop within six months. The complaint argues that these statements are false or unsubstantiated, and that consumers seeking refunds from the defendants often only received a partial refund on the condition they would not speak to the FTC or other state regulators about the defendants’ products. Among other things, the temporary court order prohibits the defendants from continuing to make unsupported marketing claims and from interfering with consumers’ ability to review their products.
California cities allowed to form public banks
On October 2, the California governor signed AB 857 to authorize the creation of “public banks” in the state to support local economies, community development, and address infrastructure and housing needs for localities. Under AB 857, public banks are defined as “a corporation, organized as either a nonprofit mutual benefit corporation or a nonprofit public benefit corporation for the purpose of engaging in the commercial banking business or industrial banking business, that is wholly owned by a local agency, as specified, local agencies, or a joint powers authority.”
Among other things, cities who submit applications to the California Department of Business Oversight (DBO) to obtain a certificate of authorization will be required to provide a viability study, as well comply with “[a]ll provisions of law applicable to nonprofit corporations” and obtain deposit insurance through the FDIC. AB 857 also requires “a local agency that is not a charter city to obtain voter approval of a motion to submit an application to the [DBO].” The number of new public bank licenses the DBO is authorized to approve is limited to two per calendar year, with no more than 10 public banks operating at any time. In addition, public banks may only offer products to retail customers through partnerships with existing financial institutions, and are barred from competing with local financial institutions. AB 857 expires seven years after regulations under this law are promulgated.
EU Court of Justice: Orders to remove defamatory content issued by member state courts can be applied worldwide
On October 3, the European Court of Justice held that a social media company can be ordered to remove, worldwide, defamatory content previously declared to be unlawful “irrespective of who required the storage of that information.” The decision results from a 2016 challenge brought by a former Austrian politician against the social media company’s Ireland-based operation—responsible for users located outside of the U.S. and Canada—to remove defamatory posts and comments made about her on a user’s personal page that was accessible to any user. The social media company disabled access to the content after an Austrian court issued an interim order, which found the posts to be “harmful to her reputation,” and ordered the social media company to cease and desist “publishing and/or disseminating photographs” showing the former politician “if the accompanying text contained the assertions, verbatim and/or [used] words having an equivalent meaning as that of the comment” originally at issue. On appeal, the higher regional court upheld the order but determined that “the dissemination of allegations of equivalent content had to cease only as regards [to] those brought to the knowledge of the [social media company] by the [former politician] in the main proceedings, by third parties or otherwise.”
The Austrian Supreme Court of Justice requested that the EU Court of Justice adjudicate whether the cease and desist order may also be “extended to statements with identical wording and/or having equivalent content of which it is not aware” under Article 15(1) of Directive 2000/31 (commonly known as the “directive on electronic commerce”). Specifically, the EU Court of Justice considered (i) whether Directive 2000/31 generally precludes a host provider that has not “expeditiously removed illegal information”—including identically worded items of information—from removing content wordwide; (ii) if Directive 2000/31 does not preclude the host provider from its obligations, “does this also apply in each case for information with an equivalent meaning”; and (iii) does Directive 2000/31 also apply to “information with an equivalent meaning as soon as the operator has become aware of this circumstance.”
According to the judgment, Directive 2000/31 “does not preclude those injunction measures from producing effects worldwide,” holding that a national court within the member states may order host providers to remove posts it finds defamatory or illegal. However, the judges concluded that such an order must function “within the framework of the relevant international law.”
California addresses robocall spoofing
On October 2, the California governor signed SB 208, the “Consumer Call Protection Act of 2019,” which requires telecommunications service providers (TSPs) to implement specified technological protocols to verify and authenticate caller identification for calls carried over an internet protocol network. Specifically, the bill requires TSPs to implement “Secure Telephone Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols or alternative technology that provides comparable or superior capability by January 1, 2021. The bill also authorizes the California Public Utilities Commission and the Attorney General to enforce certain parts of 47 U.S.C. 227, making it unlawful for any person within the U.S. to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.
As previously covered by InfoBytes, in June 2019, the FCC adopted a Notice of Proposed Rulemaking (NPRM) requiring voice providers to implement the “SHAKEN/STIR” caller ID authentication framework. The FCC argued that once “SHAKEN/STIR” is implemented, it would “reduce the effectiveness of illegal spoofing and allow bad actors to be identified more easily.”
CSBS seeks comments on money services businesses model law
On October 1, the Conference of State Bank Supervisors (CSBS) issued a request for comments on its Draft Model Law Language for money services businesses (MSBs). According to CSBS, state regulation of MSBs is a primary part of Vision 2020—a state regulator initiative to modernize the regulation of fintech companies and other non-banks by creating an integrated, 50-state system of licensing and supervision. (Previously covered by InfoBytes here.) The model MSB law draft addresses recommendations made by the Payments Subgroup of the Fintech Industry Advisory Panel, and “is based on and overlays the Uniform Money Services Act.” In addition, the draft amends definitions and interpretations that vary between states, and consists of three primary policies: (i) regulations “must sufficiently protect consumers from harm, including all forms of loss”; (ii) regulations “must enable the states’ ability to prevent bad actors from entering the money services industry”; and (iii) regulations “must preserve public confidence in the financial services sector, including the states’ ability to coordinate.” According to the Fintech Industry Advisory Panel, differences in standards and procedures for change in control have created significant administrative burdens, which the working group addressed by standardizing change of control triggers and the definition of control persons. The draft also includes implementation language designed to provide the legal framework to facilitate interstate coordination and the adoption of consistent standards and processes. The proposed language is adapted from current state laws, which focus “on permitting interstate supervision and creating parity between national and state chartered banks.” CSBS notes that using these models will grant states the legal authority to adjust to new products, risks, processes, and technological capabilities in a coordinated manner.
Comment are due November 1.
Class certification granted in FCRA suit against credit reporting agency
On October 1, the U.S. District Court for the Central District of California granted a plaintiff’s motion for class certification in an action against a national credit reporting agency for allegedly failing to follow reasonable procedures to assure maximum possible accuracy in the plaintiffs’ credit reports, in violation of the FCRA. As previously covered by InfoBytes, the credit reporting agency allegedly failed to delete all of the accounts associated with a defunct loan servicer, despite statements claiming to have done so in January 2015. As of October 2015, 125,000 accounts from the defunct loan servicer were still being reported, and the accounts were not deleted until April 2016. The class action alleges that the credit reporting agency violated the FCRA by continuing to report the past-due accounts, even after deleting portions of the positive payment history on the accounts. After the district court initially granted summary judgment in favor of the credit reporting agency, the U.S. Court of Appeals for the Ninth Circuit revived the lawsuit, holding that a “reasonable jury could conclude that [the credit reporting agency’s] continued reporting of [the account], either on its own, or coupled with the deletion of portions of [the consumer’s] positive payment history on the same loan, was materially misleading.”
In certifying a class of all persons whose credit report contained an account originated after January 21, 2015, from the defunct loan servicer, the district court concluded that the “Defendant’s failure to use maximum reasonable procedures to prevent the continued reporting of delinquent [loan servicer] accounts—presents a clear risk of material harm to Plaintiff’s concrete interest in accurate credit reporting.” The court rejected the credit reporting agency’s argument that the named plaintiff must prove standing on behalf of the entire class, determining that “for all the same reasons Plaintiff has standing, it’s at least possible that the unnamed class members also have standing.” Moreover, the court rejected the argument that damages should be an individual question because many class members “likely suffered no injury at all.” The court concluded that the fact that each class member may “collect slightly different amounts of statutory damages is insufficient, without more, to defeat a showing of predominance in this case.”
OCC issues final stress test revisions
On October 2, the OCC issued the final rule revising the stress testing requirements for OCC-supervised institutions, consistent with changes made by Section 401 of the Economic Growth, Regulatory Relief, and Consumer Protection Act. The final rule remains unchanged from the proposed rule, which was issued by the OCC in December 2018 (previously covered by InfoBytes here). The final rule (i) changes the minimum threshold for applicability from $10 billion to $250 billion; (ii) revises the frequency of required stress tests for most FDIC-supervised institutions from annual to biannual; and (iii) reduces the number of required stress testing scenarios from three to two. Specifically, OCC-supervised institutions that are covered institutions will “be required to conduct, report, and publish a stress test once every two years, beginning on January 1, 2020, and continuing every even-numbered year thereafter.” The final rule also adds a new defined term, “reporting year,” which will be the year in which a covered bank must conduct, report, and publish its stress test. The final rule requires certain covered institutions to still conduct annual stress tests, but this is limited to covered institutions that are consolidated under holding companies required to conduct stress tests more frequently than once every other year. Lastly, the final rule removes the “adverse” scenario—which the OCC states has provided “limited incremental information”—and requires stress tests to be conducted under the “baseline” and “severely adverse” stress testing scenarios. The final rule is effective November 24.
McWilliams highlights upcoming CRA examination updates for MDIs, encourages partnerships between community banks and fintechs
On October 2, FDIC Chairman Jelena McWilliams spoke at the National Bankers Association’s annual convention to discuss the agency’s objectives regarding minority depository institutions (MDIs). McWilliams highlighted recent FDIC initiatives, including past and future roundtable discussions between large and minority banks regarding potential partnership opportunities. McWilliams noted that many large banks are unaware of how these partnerships can count for Community Reinvestment Act (CRA) credit. Therefore, the FDIC is updating its examiner instructions for CRA performance evaluations to identify activities involving MDIs. McWilliams also reminded attendees about the upcoming inaugural meeting of the agency’s new MDI Subcommittee to its Advisory Committee on Community Banking, which will focus on issues, tools, and resources unique to MDIs. One of the subcommittee’s goals, she noted, is to “identify additional opportunities to provide regulatory relief for MDIs with less-complex balance sheets while maintaining safety and soundness.” Concerning the FDIC’s franchise-marketing process for failing MDIs, McWilliams commented that “[g]oing forward, when a new marketing initiative begins, we will provide a two-week window exclusively for MDIs,” and will also contact all qualified MDIs on the bid list and provide technical assistance.
Earlier, on October 1, McWilliams delivered keynote remarks at the Federal Reserve Bank in St. Louis, in which she warned community banks that their ability to survive and thrive depends on their ability to innovate and adapt to changing technology. Specifically, McWilliams discussed the growth of digitization, open banking, machine learning/artificial intelligence, and personalization, stressing that banking technology is advancing at a “relentless pace.” Consequently, “we all must challenge ourselves to think about what that means for the future of the banking industry, and community banks in particular.” McWilliams noted, however, that community banks’ inability to keep pace with innovation is due to both cost and regulatory uncertainty. “The cost to innovate is in many cases prohibitively high for community banks. They often lack the expertise, the information technology, and research and development budgets to independently develop and deploy their own technology.” She suggested that community banks partner with fintech firms that have already developed, tested, and rolled out new technology, and emphasized that her goal is for the FDIC to lay “the foundation for the next chapter of banking by encouraging innovation that meets consumer demand, promotes community banking, reduces compliance burdens, and modernizes our supervision.”
DOJ sues Maryland car dealership for ECOA violations
On September 30, the DOJ announced it filed a lawsuit in the U.S. District Court for the District of Maryland alleging that a Maryland used car dealership and its owner and manager violated ECOA by offering different terms of credit based on race to consumers seeking to finance cars. According to the complaint, between September 2017 and April 2018, compliance testing done by the DOJ concluded that the defendants’ “actions, policies, and practices discriminate against applicants on the basis of race with respect to credit transactions…by offering more favorable terms to white testers than to African American testers with similar credit characteristics.” Specifically, the complaint alleged that African American testers were, among other things, (i) told they needed higher down payment amounts than white testers for the same car; (ii) quoted higher bi-weekly payments for “buy here, pay here” financing than white testers for the same car; and (iii) not offered to fund down payments in two installments, as compared to white testers. The DOJ also alleges that the conduct was “intentional, willful, and taken in disregard of the rights of others” and seeks injunctive relief and monetary relief.