InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB Issues Request for Information on Small Business Lending; Prepares to Implement Section 1071 of Dodd Frank Act
On May 10, the CFPB announced the issuance of a Request for Information on various aspects of the market for small business loans as the Bureau prepares to implement Section 1071 of the Dodd-Frank Act, which amends the Equal Credit Opportunity Act (ECOA) to require financial institutions to compile, maintain, and report information concerning credit applications made by women-owned, minority-owned, and small businesses. The Request includes questions grouped in five categories: (i) defining what constitutes a small business; (ii) data points the Bureau will require to be submitted and collected; (iii) types of lenders involved in small business lending and the appropriate institutional coverage for the data collection requirements; (iv) types of financial products offered to small businesses generally, and those owned by women and minorities in particular; and (v) privacy concerns related to the data collection.
The CFPB also released Director Cordray’s prepared remarks in advance of a field hearing on small business lending where he introduced the Request for Information and issued a related press release. Comments are due 60 days after the Request for Information is published in the Federal Register. The Bureau also released a report, entitled “Key Dimensions of the Small Business Lending Landscape,” which presents the CFPB's perspective on the market for lending to small, minority-owned and woman-owned firms and gaps in its understanding.
A couple of industry groups have already weighed in regarding expected difficulties with the application of Section 1071. In a letter sent Tuesday in advance of the field hearing, the National Association of Federally-Insured Credit Unions (NAFCU) urged the CFPB to exempt its members from any rulemaking that compels disclosure of business loan information. NAFCU Regulatory Affairs Counsel Andrew Morris cites the unique characteristics of credit unions, and that such data collection “may yield confusing information about credit unions and further restrict lending activity as a result of increased compliance costs.” The letter notes that “[c]redit unions serve distinct fields of membership, and as a result, institution-level data related to women-owned, minority-owned and small business lending substantially differs in relation to other lenders.”
And, in a white paper provided to the Treasury Department, the American Bankers Association criticizes what amounts to Section 1071’s conflation of consumer and commercial lending, “recommend[ing] the elimination of any vestige of Bureau regulatory, supervisory, or enforcement authority over commercial credit or other commercial account and financial services.”
Boston Fed President Speaks on Trends and Risks in Commercial Real Estate and GSE Exposure
On May 9, Boston Fed President Eric S. Rosengren delivered a speech entitled “Trends in Commercial Real Estate” at a conference in New York. Mr. Rosengren’s remarks addressed a variety of factors influencing the market, analyzing favorable conditions as well as potential concerns.
Mr. Rosengren noted the “tailwinds” that have allowed for rising commercial real estate valuations, including low and stable inflation, accommodative monetary policy, and the relative economic strength in the U.S. compared with the rest of the world. In addition, with respect to multifamily commercial real estate in particular, Mr. Rosengren discussed the positive impact of several broader societal trends – including later marriage age, “greater urbanization and a preference among the large cohort of millennials to seek multifamily accommodations.” The Boston Fed President cautioned, however, that the conditions may not warrant the extent of the price increase in the market, and pointed to the “significant exposures” that leveraged institutions and the GSEs—whose holdings include significant guarantees of multifamily loans— have to commercial real estate. He also noted that the commercial real estate market could suffer further shock if regulatory and legislative proposals require the GSEs to reduce their holdings of multifamily loans.
DOJ Enters $18 Million Settlement with Healthcare Providers Following False Claims Act Whistleblower Action
On April 27, the Department of Justice announced that two Indiana-based healthcare providers agreed to settle allegations that financial arrangements between the two entities violated the federal and state False Claims Act and the federal Anti-Kickback Statute. DOJ alleged that one of the providers made available to the other an interest-free line of credit consistently in excess of $10 million, the balance of which such other provider “was allegedly not expected to substantially repay” as a means of inducing referrals for obstetrics and gynecology patients to seek medical attention at a particular hospital. The Anti-Kickback Statute prohibits “the knowing and willful payment of any remuneration to induce the referral of services or items that are paid for by a federal health care program, such as Medicaid,” and claims that are submitted to federal health care programs in violation of the Anti-Kickback Statute can also constitute false claims under the False Claims Act. The settlement resolves a qui tam case filed by an individual under the whistleblower provisions of the False Claims Act. Under the terms of the settlement, the providers agreed to pay a total of $18 million, with each of them paying $5.1 million to the United States and $3.9 million to the State of Indiana.
Eleventh Circuit Rules that Return of a Certified Mail Receipt Satisfies Regulation X of RESPA
In a per curiam opinion issued on March 1, 2017, the Eleventh Circuit Court of Appeals affirmed the dismissal of a complaint alleging that a mortgage servicer had violated Regulation X of the Real Estate Settlement Procedures Act (“RESPA”) by failing to “correctly or timely acknowledge receipt of his [written request for information (“RFI”)].” See Meeks v. Ocwen Loan Servicing LLC, [Order] No. 16-15536 (11th Cir. Mar. 1, 2017). Regulation X requires that, within five days of receiving an RFI, mortgage servicers must “provide to the borrower a written response acknowledging receipt of the information request.” 12 C.F.R. § 1024.36(c). Plaintiff alleged that the mortgage servicer violated 12 C.F.R. § 1024.36(c) when it signed and sent a Certified Receipt on the same day as receiving the RFI and when it sent a substantive response nine days later. Plaintiff sought actual damages of less than $100 and attorneys’ fees and costs.
The Eleventh Circuit ruled, as a matter of first impression, that the mortgage servicer’s return of the Certified Receipt , which the plaintiff’s attorney “unquestionably received,” satisfied Regulation X. Alternatively, the Court affirmed the district court’s decision because the plaintiff “did not suffer any compensable damages from [the] alleged violation” and plaintiff’s counsel’s notice of error “falsely question[ed] the servicer’s receipt in order to create a claim for damages.” As to the claim for statutory damages, the Eleventh Circuit held that the plaintiff lacked Article III standing because he did not suffer a concrete injury-in-fact. Rather, because the plaintiff (and his attorney) “had undisputed actual knowledge of receipt of the RFI,” plaintiff “suffered at most ‘a bare procedural violation.’”
Legislation Proposed to Require Study on Homeowners’ Privacy of Collected HMDA Information
On April 27, Reps. Randy Hultgren (R-Ill.) and Andy Barr (R-Ky.) reintroduced legislation to “protect against the misuse of consumers’ sensitive financial information” collected under the Home Mortgage Disclosure Act (HMDA). According to a May 5 press release issued by Rep. Hultgren’s office, the Homeowner Information Privacy Protection Act (H.R. 2204) would require the Comptroller General of the United States to conduct a study to determine whether the data required to be published, made available, or disclosed under HMDA could result in: (i) exposing the mortgagor’s or applicant’s identity; (ii) exposing the mortgagor or applicant to identity theft or loss of personal, sensitive information; (iii) marketing or selling unfair, deceptive, or abusive financial products based on such information; (iv) personal financial loss or emotional distress resulting from the exposure to identify theft or the loss of sensitive personal financial information; and (v) “the potential legal liability facing the Bureau and market participants in the event the data required to be published, made available, or disclosed under the final rule leads or contributes to identity theft or the capture of sensitive personal financial information.” The bill further provides that the Comptroller will submit reports detailing the findings and conclusions as well as any recommendations for legislative and regulatory actions to the Committee on Financial Services of the House of Representatives and the Committee on Banking, Housing, and Urban Affairs of the Senate. In addition, the bill proposes to delay the effective date of the new reporting requirements set forth in the 2015 HMDA rule to January 1, 2019.
As previously covered in InfoBytes Special Alerts (see here and here), the CFPB has proposed amendments to the 2015 HMDA rule, which clarifies the collection and reporting requirements for several data points, among other things.
Vermont Enacts Law Expanding Requirements for Certain Businesses Regulated by Department of Financial Regulation
On May 4, Vermont Governor Phil Scott signed into law H. 182, which amends a number of laws relating to businesses regulated by the state’s Department of Financial Regulation. Among other things, the law: (i) amends registration requirements for consumer litigation funding companies; (ii) amends the licensing requirements for licensed lenders, money transmitters, check cashers and currency exchangers, debt adjusters, and loan servicers; (iii) amends the mortgage loan originator prelicensing and relicensing education requirements; (iv) defines the term “virtual currency” under the Money Services chapter and provides that “virtual currency” is a permissible investment for licensees; and (v) sets forth requirements for money transmitters related to receipts and refunds. The law also creates new types of licenses (and other related requirements (e.g., disclosures, record retention)) for “loan solicitation” activity, which includes, among other things, lead generation. The law took effect May 4, 2017, with the exception of provisions relating to money transmitter receipts and refunds, lead generator disclosure requirements, and loan solicitor disclosure requirements, which take effect July 1, 2017.
D.C. Circuit Holds CID Unenforceable Due to “Perfunctory” Notification of Purpose
On April 21, the U.S. Court of Appeals for the D.C. Circuit held that a civil investigative demand (“CID”) did not advise a non-profit organization that accredits for-profit colleges of “’the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation.’ 12 U.S.C. § 5562(c)(2).” See CFPB v. Accrediting Council for Indep. Colls.& Schs., [Order] No. 16-5174 (D.C. Cir. Apr. 21, 2017). The CID described “the nature of the conduct” as simply “unlawful acts and practices in connection with accrediting for-profit colleges.” Because this “broad and non-specific” language did not describe the purpose of the CFPB’s investigation, the Court determined that it could not ascertain whether the information sought was reasonably relevant or “the link between the relevant conduct and the alleged violation.” The Court also found that the description of the laws applicable to the violation was inadequate. The CID identified 12 U.S.C. §§ 5531 and 5536 and “any other Federal consumer financial protection law,” but the Court concluded that the citations “tell … nothing about the statutory basis for the Bureau’s investigation” considering the CFPB’s failure to identify “the specific conduct under investigation.” Notably the Court explicitly limited its ruling to the particular CID at issue and declined to address the broader question of whether the CFPB may investigate accreditation of for-profit schools.
President Issues Executive Order Directing Agencies to Focus on Cybersecurity
On May 11, the Trump Administration issued an Executive Order, directing federal agencies to increase their efforts to mitigate cyber risks. The order, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” mandates that agencies follow the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity to manage cybersecurity risk. Among other things, the EO tasks agency heads with submitting a risk management report to the Department of Homeland Security and the OMB within 90 days. In addition, the order also directs defense agencies, the office of the Attorney General and the FBI, to provide the White House with recommendations on how to improve cybersecurity standards among critical infrastructure industries. Notably, the EO includes the financial services industry in its list of critical infrastructure industries. The report is due in 180 days.
Second Circuit Holds Purported Class Action Plaintiff Failed to Establish Article III Standing in Data Breach Case
In a summary order handed down May 2, the Second Circuit Court of Appeals held that a plaintiff in a purported class action lacked Article III standing to bring claims against a retailer for breach of an implied contract and for violation of New York General Business Law § 349 arising out of a data breach of the retailer’s systems. See Whalen v. Michaels Stores, Inc., __ Fed. App’x __, Nos. 16-260, 16-352 (2d Cir. May 2, 2017). The consumer-plaintiff had made purchases with her credit card at one of the defendant’s stores, and following the data breach, her credit card was physically presented to pay for two unauthorized charges in Ecuador. The fraudulent charges occurred on consecutive days, with the plaintiff canceling her card on the same day as the second charge. The defendant offered 12 months’ credit monitoring and there was no indication that personally identifying information such as plaintiff’s date of birth or social security number was stolen. Plaintiff argued that she was injured by: (i) the theft of her credit card information and the two fraudulent-purchase attempts, (ii) the risk of future identity fraud, and (iii) the time and money she spent resolving the attempted fraudulent charges and monitoring her credit.
Citing Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138 (2013), the court concluded that plaintiff did not allege a concrete and particularized injury sufficient to confer Article III standing. As to plaintiff’s first argument, the Court reasoned that she was never “asked to pay, nor did pay, any fraudulent charge.” As to the second argument, the Court stated that there was no threat of future fraud because the plaintiff’s stolen credit card was “promptly canceled,” and “no other personally identifying information—such as her birth date or Social Security number—is alleged to have been stolen.” The third argument was likewise inadequate because the plaintiff “pleaded no specifics about any time or effort that she herself has spent monitoring her credit.”
The court also noted that these shortcomings distinguished the plaintiff from plaintiffs in other data breach cases held to have adequately established Article III standing. See Galaria v. Nationwide Mut. Ins. Co., 663 Fed. App’x 384 (6th Cir. 2016); Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016); Remijas v. Neiman Marcus Grp., 794 F.3d 688 (7th Cir. 2015).
Treasury Unveils New Website to Track Federal Spending
On May 9, the Treasury Department launched beta.usaspending.gov, a website designed to track agency expenditures and link relevant agency expenditure data with awards distributed by the government. Treasury reports that it developed the “next generation” of USAspending.gov in accordance with requirements contained in the Digital Accountability and Transparency Act (DATA Act) of 2014. The beta site indicates that it will run concurrently with the previous version of the USAspending.gov website over the summer to minimize disruptions to users' data access and provide more time to add user-centered enhancements. Once fully operational, Treasury touts that the new site will allow for searches across all federal spending data by location (state, city, county), by federal agency or by keyword for a specific policy, type of spending, or recipient.