InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FTC Orders Data Brokers to Provide Consumer Data Practices Information
On December 18, the FTC issued orders requiring nine data brokerage companies to provide information about (i) the nature and sources of the consumer information the data brokers collect, (ii) how they use, maintain, and disseminate the information, and (iii) the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold. The FTC states that it plans to use the data to study privacy practices in the data broker industry, and to make recommendations as to how the industry could improve its privacy practices. Earlier this year, members of the House and Senate issued separate requests for similar material. The brokers targeted by the various requests and orders overlap only in part.
FTC Finalizes Children's Online Privacy Rule Amendments
On December 19, the FTC announced final amendments to the Children’s Online Privacy Protection Act Rule. According to the FTC’s release, the final amendments (i) include geolocation information, photographs, and videos in the list of “personal information” that cannot be collected from children under 13 without parental notice and consent, (ii) offer companies a streamlined, voluntary, and transparent approval process for new ways of getting parental consent, (iii) close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent, (iv) require compliance by such third parties in some of those cases, (v) require compliance by persistent identifiers that can recognize users over time and across different websites or online services, (vi) require that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential, (vii) require that covered website operators adopt reasonable procedures for data retention and deletion, and (viii) strengthen the FTC’s oversight of self-regulatory safe harbor programs. The amendments also modify several other key definitions in the rule. Notably, the revised definition of “operator” clarifies that the rule covers a child-directed site or service that integrates outside services that collect personal information from its visitors, but it does not extend liability to platforms that merely offer the public access to child-directed apps. FTC Commissioner Maureen Ohlhausen voted against the amendments and issued a dissenting statement in which she argued that the new definition of “operator” goes beyond what Congress authorized by imposing obligations on websites or online services that do not collect personal information from children or have access to or control of such information collected by a third party.
CFPB Seeks Public Input on Impacts of CARD Act
On December 19, the CFPB issued a notice and request for information about the impact of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act or Act) on the consumer credit card market. The request seeks information about: (i) how the CARD Act has changed the substantive terms and conditions of credit card agreements, (ii) the effectiveness of disclosure of terms, fees, and other expenses of credit card plans, (iii) the adequacy of protections against unfair or deceptive acts or practices relating to credit card plans, and (iv) whether the Act has affected the cost and availability of credit, the safety and soundness of any credit card issuers, the use of risk-based pricing, or the innovation of new products. The CFPB explained that it will use the data gathered to prepare a publicly available report to Congress on the state of the consumer credit card market, and to inform future policy decisions regarding credit cards. The CFPB will accept comments for 60 days following publication of the notice in the Federal Register.
CFPB Announces Mortgage Policy Field Hearings
On December 18, the CFPB announced field hearings on mortgage policy to be held on January 10, 2013 in Baltimore, MD, and on January 17, 2013, in Atlanta, GA. The CFPB is expected to finalize a series of mortgage-related rules by January 21, 2013. In the past, the CFPB has issued final rules or announced other policy initiatives in connection with field hearings.
CFPB Releases Student Lending Examination Procedures
On December 17, the CFPB released its Student Lending Examination Procedures, which are an extension of the CFPB’s General Supervision and Examination Manual and will be used as a field guide by CFPB examiners to review student lender compliance with federal consumer financial laws. The Student Lending Examination Procedures are organized in seven modules: (i) Advertising, Marketing, and Lead Generation, (ii) Application, Qualification, Loan Origination, and Disbursement, (iii) Loan Repayment, Account Maintenance, Payoff Processing, and Payment Plans, (iv) Customer Inquiries and Complaints, (v) Collections, Accounts in Default, and Credit Reporting, (vi) Information Sharing and Privacy, and (vii) Examination Conclusion and Wrap-up. Under the first module, for example, CFPB examiners will assess whether a lender’s advertising and marketing practices are deceptive, misleading, or discriminatory by sampling all of the lender’s marketing and advertising materials, including print, electronic and other media, such as the Internet, email and text messages, telephone solicitation scripts, agreements and disclosures. With regard to borrower complaints, examiners will assess, among other things, the systems, procedures, and policies used by a lender for tracking, handling, investigating, and resolving consumer inquiries, disputes, and complaints. The CFPB has the authority to supervise large bank and nonbank student lenders, and, as with its other procedures, the CFPB will use the same examination procedures across both types of institutions.
CFPB Realigns Supervision Team
On December 17, the CFPB announced a reorganization of part of its Division of Supervision, Enforcement, and Fair Lending. Effective immediately, CFPB staff members responsible for supervision activities are organized in two offices: Examinations and Policy. Previously, supervision staff were organized into offices for Nonbank Supervision and Large Bank Supervision. According to the CFPB’s announcement, the Examinations team will (i) recruit, train, and commission examiners, (ii) ensure policies and procedures are followed, and (iii) plan and execute examinations appropriately in light of resources and priorities. The CFPB’s four regional offices will report to the Examinations team, which is being led, on an acting basis, by Paul Sanford. Mr. Sanford had been Acting Assistant Director for Large Bank Supervision. The CFPB explains that its Policy team will ensure that policy decisions for supervision are consistent with both the law and the CFPB’s mission, and that such decisions are consistent across markets, charters, and regions. The Policy team will be further organized by product or service market, rather than by the type of financial institution. Each market team will be responsible for developing supervision strategy and policy across both bank and nonbank markets. Peggy Twohig, formerly the head of the CFPB’s Nonbank Supervision office, will be the Assistant Director of Supervision Policy.
CFPB Proposes Trial Consumer Disclosure Program
On December 13, as part of its Project Catalyst, the CFPB proposed a new policy that will allow financial institutions to conduct trial consumer disclosure programs. Participating firms would receive time-limited exemptions from federal disclosure laws in exchange for sharing with the CFPB the results of their trial disclosures. According to the proposed policy, firms seeking to participate in the program will need to submit to the CFPB information about the proposed disclosure program, including (i) the type of disclosure and laws to be waived in connection with the program, (ii) the proposed changes, expected improvements from the changes, and metrics for evaluating the improvements, (iii) the duration of the test and the size, location, and nature of the consumer population involved in the test, and (iv) the names and planned roles of any third-party vendors. In considering proposed trial disclosures, the CFPB will evaluate, among other factors, (i) how effectively and efficiently the proposed trial will test for potential improvements to consumer understanding about the costs, benefits, and risks of products and services, (ii) how the proposed trial will help develop more cost-effective disclosure rules or policies, (iii) the extent to which the program is designed to mitigate any risk to consumers, (iv) the extent to which the program may help the CFPB develop rules or policies to correct or mitigate market failure, and (v) the strength of the company’s compliance management system relative to the size, nature, and complexity of the company’s consumer business. The proposal is subject to a 60-day notice and comment period, which begins once the proposal is published in the Federal Register.
U.S. Law Enforcement Authorities and Regulators Resolve Significant Money Laundering and Sanctions Investigations
On December 11, a major international bank holding company announced agreements with U.S. law enforcement authorities and federal bank regulators to end investigations into alleged inadequate compliance with anti-money laundering and sanctions laws by the holding company and its U.S. subsidiaries (collectively the banks). Under these agreements, the banks will make payments totaling $1.92 billion, will continue to cooperate fully with regulatory and law enforcement authorities, and will take further action to strengthen its compliance policies and procedures. As part of the resolution, the bank entered into a deferred prosecution agreement (DPA) with the DOJ pursuant to which the banks will forfeit $1.256 billion, $375 million of which satisfies a settlement with the Office of Foreign Assets Control (OFAC). The four-count criminal information filed in conjunction with the DPA charges that the banks violated the Bank Secrecy Act by failing to maintain an effective anti-money laundering program and to conduct appropriate due diligence on its foreign correspondent account holders. The DOJ also alleged that the banks violated the International Emergency Economic Powers Act and the Trading with the Enemy Act by illegally conducting transactions on behalf of customers in certain countries that were subject to sanctions enforced by OFAC. The banks agreed to pay a single $500 million civil penalty to satisfy separate assessments by the OCC and FinCEN related to the same alleged conduct, as well as a $165 million penalty to the Federal Reserve Board. The banks already have undertaken numerous voluntary remedial actions, including to (i) substantially increase AML compliance spending and staffing, (ii) revamp their Know Your Customer program, (iii) exit 109 correspondent relationships for risk reasons, and (iv) claw back bonuses for a number of senior officers. The banks also have undertaken a comprehensive overhaul of their structure, controls, and procedures, including to (i) simplify the control structure, (ii) create new compliance positions and elevate their roles, (iii) adopt a set of guidelines limiting business in those countries that pose a high financial crime risk, and (iv) implement a single global standard shaped by the highest or most effective anti-money laundering standards available in any location where the banks operates. Pursuant to the DPA, an independent monitor will evaluate the banks’ continued implementation of these and other enhanced compliance measures.
In a separate matter, on December 10, Manhattan District Attorney Cyrus R. Vance, Jr. and the DOJ announced the resolution of a joint investigation into a British bank’s alleged movement of more than $200 million through the U.S. financial system primarily on behalf of Iranian and Sudanese clients by removing information that would have revealed the payments as originating with a sanctioned country or entity, and thereby avoiding OFAC scrutiny. To resolve the matter, the bank was required to pay $227 million in penalties and forfeiture, and to enter into a DPA and corresponding Statement of Facts. Through the DPA, the bank admitted that it violated New York State law by falsifying the records of New York financial institutions and by submitting false statements to its state and federal regulators about its business conduct, and agreed to certain enhanced compliance practices and procedures. The payment also satisfies a settlement with OFAC over the same practices, while the Federal Reserve Board required an additional $100 million penalty to resolve its parallel investigation. The settlement follows an earlier settlement between this British bank and the New York Superintendent of Financial Services regarding the same alleged conduct.
Ninth Circuit Holds Mortgage Servicers Have No RESPA Duty To Respond to Request for Loan Terms
On December 11, the U.S. Court of Appeals for the Ninth Circuit held that letters sent by two borrowers challenging the monthly payment due on their mortgage loan were not “qualified written requests” and therefore did not trigger the servicer’s duty under RESPA to respond. Medrano v. Flagstar Bank, FSB, No. 11-55412, 2012 WL 6183549 (9th Cir. Dec. 11, 2012). The borrowers alleged that their mortgage servicer failed to respond adequately to three letters in which the borrowers challenged the monthly payment due on their loan. RESPA grants borrowers a private right of action against servicers who fail to respond to a “qualified written request.” Following the Seventh Circuit’s decision in Catalan v. GMAC Mortgage Corp., 629 F.3d 676 (7th Cir. 2011), the court held that RESPA provides that such requests must (i) reasonably identify the borrower’s name and account, (ii) either state the borrower’s reasons for the belief that the account is in error or provide sufficient detail to the servicer regarding other information sought, and (iii) seek information relating to the servicing of the loan. The court held that because the letters did not seek information relating to the servicing of the loan, but rather challenged the loan’s terms, the letters were not qualified written requests and the servicer had no duty to respond. The court affirmed the district court’s dismissal of the borrowers’ RESPA claims and remand of the borrowers’ remaining state law claims.
CFPB Publishes White Paper on Largest Consumer Reporting Agencies
On December 13, the CFPB issued a white paper on its review of 2011 data to determine how the three largest consumer reporting agencies (CRAs) manage consumer data and complaints. According to the CFPB press release, its review of the data revealed that more than half of the trade lines (the accounts in a consumer’s name reported by creditors) in the CRAs databases are supplied by the credit card industry, with 40 percent related to bank cards, such as general credit cards, and 18 percent from retail credit cards. Only seven percent comes from mortgage lenders or servicers, and only four percent comes from auto lenders. The CFPB also reported that (i) almost 40 percent of disputes have to do with collections, and debt in collection is five times more likely to be disputed than mortgage information, (ii) fewer than one in five people obtain copies of their credit report each year, (iii) most information contained in credit reports comes from a few large companies, and (iv) most complaints are forwarded to the furnishers that provided the original information, while the CRAs resolve an average of 15 percent of consumer disputed items internally. The report adds that certain documentation provided by consumers to support their cases may not be getting passed on to the data furnishers for them to properly investigate and report back to the CRA, but the report does not offer any policy prescriptions.