InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
HUD releases ANPR on Affirmatively Furthering Fair Housing regulations
On August 13, HUD announced an advance notice of proposed rulemaking (ANPR) seeking comment on potential amendments to its 2015 Affirmatively Furthering Fair Housing (AFFH) regulations. As previously covered by InfoBytes, AFFH was aimed at helping communities who receive HUD funding meet their fair housing obligations to provide affordable housing in more communities; however, HUD now states that the rule “proved ineffective, highly prescriptive, and effectively discouraged the production of affordable housing.” The ANPR requests public comment on changes that will, among other things, (i) minimize regulatory burden; (ii) create a process focused on accomplishing positive results; (iii) provide for greater local control; (iv) encourage actions that will increase housing choice; and (v) efficiently utilize HUD resources. The ANPR also details a list of substantive questions HUD is interested in commenters responding to, including “[w]hat type of community participation and consultation should program participants undertake in fulfilling their AFFH obligations?” and “[h]ow should HUD evaluate the AFFH efforts of program participants?” Comments on the ANPR must be received by October 15.
CFPB Succession: Bureau reportedly no longer examining for MLA compliance
According to reports citing “internal agency documents,” acting Director of the CFPB Mick Mulvaney intends to cease supervisory examinations of the Military Lending Act (MLA), contending the law does not explicitly prescribe the Bureau the authority to examine financial institutions for compliance with the MLA. In 2013, amendments to the MLA granted enforcement authority to the same agencies with administrative enforcement power under TILA, including the Bureau, but these amendments did not also provide these same agencies with the statutory authority to supervise institutions for compliance with the MLA. The Bureau currently includes the MLA in the statutory- and regulation-based procedures section of the Supervision and Examination Manual and has not released a formal statement in response to reports of this supervisory change.
Federal Reserve Board fines national bank $8.6 million for legacy mortgage documentation deficiencies
On August 10, the Federal Reserve Board (Board) announced a settlement with a national bank for legacy mortgage servicing issues related to the improper preparation and notarization of lost note affidavits. Under the consent order, the Board assessed an $8.6 million civil money penalty for alleged safety and soundness violations under Section 8 of the Federal Deposit Insurance Act. The Board emphasized that the bank’s servicing subsidiary replaced the documents with properly executed and notarized affidavits and, as of September 2017, the subsidiary no longer participated in the mortgage servicing business. The Board also announced the termination, due to “sustainable improvements,” of a 2011 enforcement action against the national bank and its subsidiary related to residential mortgage loan servicing.
District Court rules student loan servicer must turn over Department of Education borrower records to Bureau
On August 10, the U.S. District Court for the Middle District of Pennsylvania ordered a loan servicer hired by the Department of Education (Department) to service loans it owns to turn over certain Department-owned student loan borrower documents to the CFPB, which relate to the servicer’s collection and management of its federal student loan borrowers’ payments. During the course of the ongoing litigation (see previous InfoBytes coverage here), the servicer withheld the documents in discovery on the grounds that they belonged to the Department and were therefore protected from disclosure by the Privacy Act. Moreover, the servicer asserted that the dispute was really between the Bureau and the Department because, in order to turn over the documents, the servicer would first have to obtain permission from the Department.
However, according to the opinion issued by the court, turning over the documents would not violate the defendants’ agreement with the Department or violate federal privacy law. Specifically, the court stated that “there is no dispute that the borrower documents at issue are in the possession of [d]efendants, even if, as [d]efendants assert, they are owned by the Department,” and as such, under the Federal Rules of Civil Procedure, “requests can be made for production of documents, electronically stored information, and things in ‘the responding party’s possession, custody or control.’” Furthermore, the court stated that “the Privacy Act’s general prohibition on disclosure of records . . . does not create a qualified discovery privilege” and cannot be used as a means to “block the normal course of court proceedings, including court-ordered discovery.”
Conference of State Bank Supervisors announces single, national exam for mortgage loan originator licensing
On August 8, the Conference of State Bank Supervisors announced that all states and U.S. territories now use a single, common exam to assess mortgage loan originators (MLOs) in order to simplify the licensing process and streamline the mortgage industry. MLSs who pass the National SAFE MLO Test with Uniform State Content (National Test) will no longer be required to take additional state-specific tests in order to be licensed within any state or U.S. territory. The National Test is part of CSBS’ Vision 2020, which is geared towards streamlining the state regulatory system to support business innovation and harmonize licensing and supervisory practices, while still protecting the rights of consumers.
Find continuing InfoBytes coverage on CSBS’ Vision 2020 here.
Ohio governor enacts legislation recognizing blockchain transactions as enforceable electronic transactions
On August 3, the governor of Ohio signed into law SB 220, which codifies that records or contracts and signatures secured through blockchain technology are enforceable electronic transactions. Specifically, SB 220 amends Ohio’s Uniform Electronic Transactions Act to state that “a record or contract that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature” and that a “signature that is secured through blockchain technology is considered to be in an electronic form and to be an electronic signature.” The amendments also create an affirmative defense or “safe harbor” to tort actions against businesses alleged to have failed to implement reasonable information security controls leading to a data breach of personal or restricted information. To qualify for the safe harbor, a business must implement and comply with a written cybersecurity program that contains specific safeguards for either the protection of personal information or the protection of both personal and restricted information.
NYDFS reminds covered entities of upcoming cybersecurity regulation compliance dates; updates FAQs
On August 8, the New York Department of Financial Services (NYDFS) issued a reminder for regulated entities required to comply with the state’s cybersecurity requirements under 23 NYCRR Part 500 that the third transitional period ends September 4. Banks, insurance companies, and other financial services institutions (collectively, “covered entities”) that are required to implement a cybersecurity program to protect consumer data must be in compliance with additional provisions of the cybersecurity regulation by this date. As of September 4, a covered entity must (i) start presenting annual reports to the board by the Chief Information Security Officer on “critical aspects of the cybersecurity program”; (ii) create an “audit trail designed to reconstruct material financial transactions” in case of a breach; (iii) institute policies and procedures to ensure the use of “secure development practices for IT personnel that develop applications”; and (iv) implement encryption to protect nonpublic information it holds or transmits. Covered entities are also required to have policies and procedures in place “to ensure secure disposal of information that is no longer necessary for the business operations, and must have implemented a monitoring system that includes risk based monitoring of all persons who access or use any of the company’s information systems or who access or use the company’s nonpublic information.” Covered entities are further reminded that they have until March 1, 2019, to assess the risks presented by the use of a third-party service provider to ensure the protection of their security systems and data.
In coordination with the reminder, NYDFS provided new updates to its FAQs related to 23 NYCRR Part 500. The original promulgation of the FAQs was covered in InfoBytes, as were the last updates in February and March. The four new updates to the FAQs add the following guidance:
- Clarifies that in certain circumstances, an entity can be a covered entity, an authorized user, and a third party service provider, and therefore must comply fully with all applicable provisions;
- Outlines specific compliance provisions for covered entities that have limited exemptions from the NYDFS cybersecurity requirements;
- Identifies a covered entity’s responsibilities when addressing cybersecurity risks with respect to bank holding companies; and
- Clarifies situations and requirements for when a covered entity can rely upon the cybersecurity program that another covered entity has implemented for a common trust fund.
Find continuing InfoBytes coverage on NYDFS’ cybersecurity regulations here.
District Court dismisses ADA claim against credit union on standing grounds
On August 7, the U.S. District Court for the Northern District of Illinois dismissed claims that a credit union’s website violated the Americans with Disabilities Act (ADA), holding that the plaintiff lacked standing because he was not (and was ineligible to be) a member of the credit union. According to the opinion, the plaintiff is permanently blind and alleged that the credit union’s website did not comply with ADA requirements that are applicable to online website accessibility. The district court granted the credit union’s motion to dismiss on standing grounds, finding the plaintiff had no plausible reason to use the credit union’s website because the website was directed at members of the credit union, and the plaintiff was not (and was ineligible to be) a member.
Fannie Mae issues updated mortgage industry alert in California
Recently, Fannie Mae’s Mortgage Fraud Program issued an industry alert to mortgage companies operating in California regarding the use of false employment information by mortgage loan applicants. (See previous coverage in InfoBytes here). Fannie Mae extended its alert to Northern California and identified additional employers whose existence could not be verified by Fannie Mae. The alert provides “red flags” to help lenders and originators identify potential mortgage fraud when reviewing employment information.
CFPB settles unauthorized payday loan allegations
On August 10, the CFPB announced a settlement with multiple defendants that allegedly made unauthorized payday loans. The settlement results from a 2014 complaint that alleged, among other things, that the defendants accessed consumer checking accounts to illegally deposit the proceeds of payday loans and withdraw related fees without consumer consent. The stipulated final judgment and order, among other things, (i) imposes a penalty of up to approximately $69 million if the defendants fail to fully comply with the operative terms of the settlement; (ii) prohibits the defendants from performing similar activities in the future; and (iii) assesses a civil money penalty of $1, in part based on the defendants’ inability to pay.
On July 23, as previously covered by InfoBytes, a court approved a stipulated final judgment and order against one of the defendants, who neither admitted nor denied the Bureau’s allegations, for a civil money penalty of $1 (based, in part, on his inability to pay) and agreement to fully cooperate with the Bureau.