Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB Issues Principles for the Future of Loss Mitigation

    Lending

    On August 2, the CFPB released consumer protection principles for mortgage servicers to use as they develop new foreclosure relief solutions in anticipation of Treasury’s Home Affordable Modification Program’s (HAMP) upcoming expiration date (CFPB Principles). The CFPB Principles echo those summarized in FHFA’s, HUD’s, and Treasury’s recently published white paper, “Guiding Principles for the Future of Loss Mitigation: How the Lessons Learned from the Financial Crisis Can Influence the Path Forward.” As previously covered in InfoBytes, the white paper recommends that future loss mitigation programs promote accessibility, affordability, sustainability, transparency, and accountability. The CFPB Principles address accessibility, affordability, sustainability, and transparency, and cite to separate CFPB mortgage servicing rules for standards concerning accountability. In its press release, the CFPB notes that the four principles “do not establish binding legal requirements but instead are intended to complement ongoing discussions among industry, consumer, groups, and policymakers.”

    CFPB Foreclosure Mortgage Servicing HUD FHFA Department of Treasury HAMP Loss Mitigation

  • FDIC Advises Bank Management to Maintain Ongoing Communication with Examination Staff

    Consumer Finance

    On July 29, the FDIC issued FIL-51-2016 to remind and encourage bank management to maintain open communications with FDIC personnel regarding supervisory findings. FIL-51-2016 is a re-issuance of and update to the March 1, 2011 FIL-13-2011, and emphasizes that “open dialogue with bank management is critical to ensuring the supervisory process is effective in promoting an institution’s strong financial condition and safe-and-sound operation.” If an institution has concerns about FDIC examination findings, the letter advises the institution to (i) discuss the issues with the FDIC examiner-in-charge, or contact the field or regional office representative; (ii) utilize the FDIC’s formal appeals process for material supervisory determinations; or (iii) contact the FDIC Office of the Ombudsman for “confidential, neutral, and independent” information and assistance if disagreements were not resolved informally at the Division-level. According to the letter, FDIC policy prohibits any retaliation, abuse, or retribution by any FDIC examiner or other personnel against an institution. The letter further emphasizes that “[s]uch behavior against an institution constitutes unprofessional conduct and will subject the examiner or other personnel to appropriate disciplinary or remedial action.”

    FDIC Examination

  • FTC Updates Consumer Information Page with New Online Tracking Guidance

    Privacy, Cyber Risk & Data Security

    Recently, the FTC updated its “Consumer Information” page with new online tracking guidance. The new guidance details how web browsers use first- and third-party “cookies” as an online tracking method to save consumers’ online preferences, eventually customizing their browsing experience and delivering ads targeted toward a specific consumer. Additional online tracking devices described in the FTC’s guidance include (i) flash cookies, which use Adobe Flash technology to store information about consumers’ online browsing activities; (ii) device fingerprinting, which identifies a specific consumer’s device based on browser configurations and settings and “can be used to track [consumers] on all kinds of internet-connected devices that have browsers, such as smart phones, tablets, laptops, and desktop computers”; and (iii) device identifiers, which monitor “different applications used on a particular device.” The guidance notes that consumers can limit the use of online tracking technologies by turning on “private browsing” in their browser settings, opting out of targeted advertising, and selecting the “Do Not Track” option, which is available in most browsers. Finally, the guidance also recommends that consumers “learn about tracker-blocking browser plugins,” which “prevent companies from using cookies or fingerprinting to track [consumers’] internet behavior.”

    FTC

  • FTC Determines Medical Testing Lab's Data Security Practices Unreasonable

    Privacy, Cyber Risk & Data Security

    On July 29, the FTC announced the issuance of an Opinion and Final Order reversing an Administrative Law Judge (ALJ) Initial Decision to dismiss a 2013 FTC complaint against a Georgia-based medical testing laboratory (Respondent). In a 3-0 vote, the Commission determined that Respondent “failed to implement reasonable security measures to protect the sensitive consumer information on its computer network and therefore that its data security practices were unfair under Section 5 of the [FTC] Act.” In reversing the Initial Decision, the Commission concluded that Respondent’s security practices lacked “even basic precautions” to protect consumers’ sensitive information by, among other things, failing to (i) “use an intrusion detection system or file integrity monitoring”; (ii) “monitor traffic coming across its firewalls”; (iii) provide adequate data security training to its employees, finding that “essentially no data security training” was provided; and (iv) delete “any of the consumer data it had collected.” According to the Commission, such failures led to the exposure of medical and other sensitive information for 9,300 consumers on a peer-to-peer (P2P) network to which millions of users had access. The Commission reasoned that “the privacy harm resulting from the unauthorized disclosure of sensitive health or medical information is in and of itself a substantial injury under Section 5(n),” further noting that Respondent’s practices were also “likely to cause substantial injury,” as reasonably interpreted under Section 5(n), because (i) they led to the exposure of consumers’ sensitive information to the millions of P2P users; and (ii) “Complaint Counsel’s expert witnesses identified a range of harms that can and do result from the unauthorized disclosure of consumers’ sensitive personal information of the type maintained by [Respondent] on its computer network.” The Commission’s Final Order requires that Respondent, among other things, establish “a comprehensive information security program,” give notice to those consumers and companies affected by the disclosure on the P2P network, and obtain periodic independent, third-party assessments regarding the implementation of the new security program. After service of the Commission’s Opinion and Final Order, Respondent has 60 days to file a petition for review with a U.S. Court of Appeals.

    FTC Privacy/Cyber Risk & Data Security

  • FTC to Host FinTech Forum on Crowdfunding and Peer-to-Peer Payment Systems

    Fintech

    On October 26, the FTC will host the second in a series of FinTech forums in Washington, D.C. Industry participants, consumer groups, researchers, and government representatives will gather to discuss the potential effects of crowdfunding and peer-to-peer payment systems on the consumer finance industry. Forum participants will “look at how the FTC Act and other existing consumer protection laws might apply to companies participating in these areas.” The FTC expects to release a complete schedule and other forum details in the near future.

    FTC Fintech Marketplace Lending

  • OCC Updates Comptroller's Handbook to Include New Corporate and Risk Governance Booklet

    Consumer Finance

    On July 29, the OCC released the “Corporate and Risk Governance” booklet to update, consolidate, and rescind various booklets in the Comptroller’s Handbook. The new booklet is intended to provide examiners with a summary of corporate and risk governance, related risks, the board’s and management’s respective roles and responsibilities in corporate and risk governance, and examination procedures. The new booklet identifies the following as the primary risk categories associated with corporate and risk governance: (i) strategic; (ii) reputation; (iii) compliance; and (iv) operational. The booklet advises banks to maintain corporate and risk governance structures and practices that align with their changes in size, risk profile, and complexity. According to the booklet, an effective corporate and risk governance framework is key to the safe and sound operation of a financial institution and stimulates public confidence in the financial system.

    Examination OCC Risk Management Comptroller's Handbook

  • Federal Banking Agencies Urge Financial Institutions to Conduct Diversity Self-Assessments

    Consumer Finance

    On August 2, the Federal Reserve, OCC, and FDIC released FAQs regarding their standards for assessing the diversity policies and practices of regulated entities. Following the June 10, 2015 Federal Register publication titled “Final Interagency Policy Statement Establishing Joint Standards for Assessing the Diversity Policies and Practices of Entities Regulated by the Agencies” (Policy Statement), the FAQs seek to clarify the agencies’ standards for entities conducting self-assessments of their diversity policies. Although self-assessments are voluntary, the banking agencies strongly encourage financial institutions to disclose their diversity policies, diversity practices, and self-assessment information on their websites and provide the same to their primary federal financial regulator.

    FDIC Federal Reserve OCC Diversity

  • CSBS Announces Dates for Community Banking Research Conference

    State Issues

    On August 2, the CSBS announced that it will co-host with the Federal Reserve System the fourth annual “Community Banking in the 21st Century” research and policy conference on September 28 and 29. The two-day event will take place in St. Louis and will feature, among other things, the release of the 2016 Community Banking in the 21st Century national survey and a panel discussion of its findings. Federal Reserve Governor Jerome Powell and Federal Reserve Bank of Chicago President Charles Evans are among the speakers scheduled to deliver keynote speeches.

    Federal Reserve CSBS Community Banks

  • Foreclosure Law Firms and Title Companies to Pay $1.8 for Violations of Colorado Consumer Protection Laws

    Consumer Finance

    On August 3, Colorado AG Cynthia H. Coffman announced that certain Colorado foreclosure law firms and title insurance companies must pay, pursuant to a court order, $1.8 million in penalties to resolve allegations that they participated in a scheme to defraud consumers. According to AG Coffman’s announcement, between 2008 and 2013, the law firms and title companies violated the Colorado Consumer Protection Act (CPA) and the Colorado Fair Debt Collection Practices Act (CFDCPA) by charging “false and misleading costs for title insurance policies” on more than 2,000 foreclosures. The court originally imposed penalties of $2,291,000 for violations of the CPA and $1,374,600 for violations of the CFDCPA, but the penalties were reduced to a combined $1.8 million because of a statutory maximum penalty cap.

    Foreclosure State Attorney General Title Insurance

  • FHA Updates Initial and Annual Lender Certification Language

    Lending

    On August 1, HUD announced that FHA updated its lender-level certification statements. Pursuant to the Single Family Housing Policy Handbook 4000.1, all lenders seeking FHA approval must complete the Initial Certification as part of the online application process, and all FHA-approved lenders must complete the Annual Certification at each fiscal year’s end thereafter. As outlined in FHA INFO 16-51, use of the revised certifications is mandatory beginning August 1, 2016. After that date, all new LEAP recertification packages will reflect the revised Annual Certification statements, and all lenders applying anew for FHA approval must complete the revised Initial Certification statements. FHA INFO 16-51 further notes that the revised language “may also affect some in-process applications.” FHA released separate documents for supervised/non-supervised mortgagees and investing and government mortgagees to outline the changes implemented. The changes included in the certification statements range from  rewording, reformatting, and the refining of policy citations to adding instructions, new requirements, and certain exemptions/qualifiers.

    HUD FHA

Pages

Upcoming Events