InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Seven state regulators agree to streamline money service licensing process for fintech companies
On February 6, the Conference of State Bank Supervisors (CSBS) announced that financial regulators from seven states have agreed to a multi-state compact that will offer a streamlined licensing process for money services businesses (MSB), including fintech firms. The seven states initially participating in the MSB licensing agreement are Georgia, Illinois, Kansas, Massachusetts, Tennessee, Texas and Washington. The CSBS expects other states to join the compact. According to the CSBS, “[i]f one state reviews key elements of state licensing for a money transmitter—IT, cybersecurity, business plan, background check, and compliance with the federal Bank Secrecy Act—then other participating states agree to accept the findings.” CSBS noted that the agreement is the first step in efforts undertaken by state regulators to create an integrated system for licensing and supervising fintech companies across all 50 states.
The announcement of the MSB licensing agreement follows a May 2017 CSBS policy statement, which established the 50-state goal, and—as previously covered by InfoBytes—is a part of previously announced “Vision 2020” initiatives designed to modernize and streamline the state regulatory system to be capable of supporting business innovation while still protecting the rights of consumers.
Massachusetts attorney general launches data breach reporting portal
On February 1, Massachusetts Attorney General Maura Healey launched a Data Breach Reporting Online Portal, which is available through the agency’s Security Breaches site. Organizations can use the online portal to provide notice to the attorney general’s office of a data breach as required by the Massachusetts Data Breach Notification Law (law), M.G.L. c. 93H. According to the announcement, the law requires any entity that “owns or licenses a consumer’s personal information” to notify the attorney general’s office, among others, “any time personal information is accidentally or intentionally compromised.” The announcement notes that organizations are not required to use the online portal and may still send written notice to the attorney general’s office through the mail.
The online portal announcement follows other recent actions by Healey in response to consumer data breaches. In September, Healey filed the first enforcement action in the nation against a major credit reporting agency after its significant data breach announcement (previously covered by InfoBytes here) and introduced proposed legislation, SB 130/HB 134, which, among other things, would eliminate fees for credit freezes and mandate encryption of personal information in credit reports.
CFPB Succession: Senators express concern over CFPB’s investigation into data breach; Otting praises Mulvaney; & more
On February 7, a bipartisan group of 32 senators wrote to the CFPB expressing concerns over reports that the Bureau may have halted an investigation into a large credit reporting agency’s significant data breach. The letter requests specific information related to agency’s oversight over the issue, such as, (i) whether the CFPB has stopped an on-going investigation into the data breach and if so, why; (ii) whether the CFPB intends to conduct on-site exams of the credit reporting agency at issue; and (iii) if an investigation is on-going, details related to the steps taken in that investigation. Additionally, on February 6, during a House Financial Services Committee hearing on the Financial Stability Oversight Council (FSOC), Representative David Scott, D-Ga., addressed rumors that the CFPB has scaled back its investigation of a large credit reporting agency’s significant data breach. In response to Scott, Treasury Secretary Steven Mnuchin noted that, while he has not done so yet, he intends to discuss the matter with acting Director Mulvaney and at FSOC. According to reports, a spokesperson for the Bureau noted that Mulvaney takes data security issues “very seriously” but that the Bureau does not comment on open enforcement or supervisory matters. It has also been reported that the CFPB may be deferring to the FTC’s on-going investigation.
Comptroller of the Currency, Joseph Otting, issued a statement on February 6 after meeting with Mulvaney about ways the CFPB and the OCC can work together to pursue each agency’s mission. Otting praised Mulvaney’s leadership of the agency and noted that the recent announcements regarding HMDA compliance and the payday rule reconsideration have “helped to reduce the burden on the banking system.” (Previously covered by InfoBytes here and here).
On the same day, the CFPB announced that Kirsten Sutton Mork was selected as the new chief of staff for the agency. Mork had been serving as staff director of the House Financial Services Committee under Chairman Jeb Hensarling, R-Texas. Leandra English previously held the role of chief of staff, prior to her appointment as deputy director in late November. English’s litigation against the appointment of Mulvaney as acting director continues with the U.S. Court of Appeals for the D.C. Circuit and oral arguments have been set for April 12.
CFPB releases RFI on enforcement process
On February 7, the CFPB released its third Request for Information (RFI) in a series seeking feedback on the bureau’s operations. This RFI solicits public comment on “information to help assess the overall efficiency and effectiveness of [the bureau’s] processes related to the enforcement of federal consumer financial law.” The RFI broadly requests feedback on all aspects of the enforcement process but also highlights specific topics on which comment is requested, including (i) timing and frequency of communication from the Bureau during investigations, including information about the status of the investigation; (ii) length of investigations; (iii) the Notice and Opportunity to Respond and Advise (NORA) process, including whether invocation of the NORA should be mandatory and whether the bureau should afford subjects of potential enforcement actions the right to make an in-person presentation to bureau personnel prior to the bureau determining whether to initiate legal proceedings; (iv) civil money penalty (CMP) amounts, including whether the bureau should adopt a CMP matrix; (v) the standard provisions of consent orders; and (vi) how the bureau should coordinate its enforcement activity with federal or state agencies with overlapping jurisdictions. The RFI is expected to be published in the Federal Register on February 12. Comments will be due 60 days from publication.
InfoBytes coverage of previous RFIs can be found here and here.
OCC requests comments on registration of mortgage loan originators
On February 6, the OCC published a notice and request for comment in the Federal Register concerning its information collection entitled, “Registration of Mortgage Loan Originators.” Under the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act), any person employed by a regulated entity, who is engaged in the business of residential mortgage loan origination, must register with the Nationwide Mortgage Licensing System and Registry (NMLS), obtain a unique identifier, and adopt policies and procedures to ensure compliance with the SAFE Act’s requirements. The NMLS is structured to, among other things, (i) improve information sharing between regulators; (ii) increase mortgage loan originator accountability; and (iii) provide consumers easy access to background information on mortgage loan originators, including publicly adjudicated disciplinary and enforcement actions. The OCC retains enforcement authority under the SAFE Act for financial institutions (including federal branches of foreign banks) with total assets of $10 billion or less. Comments on the notice must be received by April 9.
FTC releases report on military consumer finance
On February 2, the FTC released a new Staff Perspective (perspective) which highlights takeaways from a July 2017 FTC workshop focused on examining the array of financial issues that may affect military consumers (defined as servicemembers, veterans, and their families). The perspective notes, among other things, that servicemembers may struggle during auto financing transactions because of a lack of time to shop and lack of credit history, which may result in disadvantageous credit terms. Additionally, the perspective highlights that debt collection problems may result in a servicemember not qualifying for a security clearance and that debt collectors may threaten to contact servicemembers’ commanding officers. The perspective also summarized the additional legal rights that may apply to military consumers, such as the Military Lending Act (MLA) and the Servicemembers Civil Relief Act (SCRA), and emphasized the FTC’s focus on financial education for servicemembers throughout the various stages of their military career.
Federal Reserve blocks national bank’s growth, cites internal governance and risk management oversight failures
On February 2, the Federal Reserve Board (Fed) cited compliance breakdowns and widespread consumer abuses as the primary factors behind its decision to issue an order to cease and desist against a national bank. In addition to blocking the bank from growing beyond $1.95 trillion in assets until the Fed approves internal governance and risk management reforms, the order also requires the bank to take actions in the areas of board effectiveness, risk management program improvement, third party reviews of plans and improvements, and reports on progress. The bank must, among other things, (i) create “separate and independent reporting lines” to the chief risk officer and the board, and (ii) enhance risk management oversight and functions, which includes creating “an effective risk identification and escalation framework.” The bank concurrently agreed to replace four current board members in 2018, with three replaced by April. Notably, the order does not require the bank to cease current activities such as accepting customer deposits or making consumer loans.
The Fed also sent letters to the bank’s former lead independent director and former chair of the board of directors (see letters here and here) to address the “many pervasive and serious compliance and conduct failures” that occurred during their tenures. Citing ineffective oversight following awareness of alleged consumer abuses, the Fed stated that the former directors failed to initiate any serious inquiry or request that the board do so. Further, the Fed asserted that the former chair of the board continued to support the sales goals that were a major cause of the identified sales practice problems and failed to initiate a serious investigation or inquiry. A third letter sent to the current board of directors outlines steps the board must take to improve senior management reporting, maintain an effective risk management structure, and ensure compensation and other incentive programs are “consistent with sound risk management objectives and promote . . . compliance with laws and regulations.” (See here and here for previous InfoBytes coverage on the alleged improper sales practices.)
In response, the bank issued a press release stating it will commit to the Fed’s requirements and will provide a compliance plan for oversight, compliance, and operational risk management to the Fed within 60 days. The plan will also outline measures already completed by the bank, and if approved by the Fed, the bank will engage independent third parties to review its adoption and implementation of the plan.
OFAC issues sanctions against persons involved in Hizballah financial network
On February 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against six individuals and seven entities for providing financial support to terrorists or acts of terrorism. Issued pursuant to Executive Order 13224, which “provides a means by which to disrupt the financial support network for terrorists and terrorist organizations by authorizing the U.S. government to designate and block the assets of foreign individuals and entities that commit, or pose a significant risk of committing, acts of terrorism,” the sanctions target the business operations of Hizballah and serve to further Treasury’s continued measures to “sever Hizballah from the international financial system.” OFAC stressed that, pursuant to the Hizballah Financial Sanctions Regulations, it has the authority to “prohibit or impose strict conditions on the opening or maintaining in the [U.S.] of a correspondent account or a payable-through account by a foreign financial institution that knowingly facilitates a significant transaction for Hizballah, or a person acting on behalf of or at the direction of, or owned or controlled by, Hizballah.” All property, or interests in property, held by the sanctioned individuals and entities within U.S. jurisdiction will be blocked, and transactions between the sanctioned individuals and entities and Americans are also “generally prohibited.”
District court grants motion to compel arbitration, cites failure to dispute scope of clause
On January 29, the U.S. District Court for the Western District of Pennsylvania granted a motion to compel arbitration, finding that an arbitration clause set forth under extension agreements with an automobile finance company to refinance and extend the plaintiff’s loan obligation is “valid and enforceable.” Additionally, the court ruled that alternative motions to dismiss filed by other defendants were moot, and then stayed and administratively closed the matter pending the resolution of the claims subject to arbitration. The plaintiff alleged violations of her Fourth and Fourteenth Amendment rights, the Fair Debt Collections Practices Act, and several other state and federal credit statutes, when defendants—including the automobile finance company—repossessed her vehicle despite having signed extension agreements. In response to the defendants’ assertion that her claims were subject to the arbitration clause, the plaintiff argued that the extension agreements were unenforceable due to the unavailability of the “designated arbitrators,” and that defendants were barred from trying to obtain “alternative relief” by relying on additional terms outlined in a second extension agreement that released defendants from liability. However, the court ruled that the plaintiff’s failure to dispute the scope of the arbitration clause meant that the defendants were “entitled to enforcement of the arbitration clause with respect to all claims and defenses asserted,” so long as the designated arbitrators are available.
VA issues guidance for IRRRL loans
On February 1, the Department of Veterans Affairs released Circular 26-18-1, which informs lenders about new policy guidance for Interest Rate Reduction Refinance Loans (IRRRL) disclosures. Effective April 1, lenders are required to provide the Veteran’s Statement disclosure and the Lender Certification disclosure (if applicable) with the initial disclosure documents, which should be no later than three business days after receiving an application, and should confirm delivery in the Loan Guaranty Certificate process. According to the circular, the early disclosure of the Veteran’s Statement will assist the borrower in making informed decisions about whether the IRRRL is in their best interest. The circular also provides details for lenders about what specific information needs to be included in the Veteran’s Statement throughout the loan process.