Federal Issues

HUD Issues Final Rule Implementing SAFE Act. On June 30, the United States Department of Housing and Urban Development (HUD) published in the Federal Register its "Final Rule" implementing the Secure and Fair Enforcement for Mortgage Licensing Act of 2008 (SAFE Act). Among other things, the Final Rule clarifies: (i) the minimum standards that states must meet in licensing mortgage loan originators, (ii) HUD’s oversight responsibilities under the SAFE Act, and (iii) ambiguous or undefined terms appearing in the SAFE Act.

HUD published its proposed rule in the Federal Register on December 15, 2009. During the notice and comment period that followed, HUD received more than 5,000 comments on the proposed rule. The preamble to the Final Rule provides responses to many of these comments that should be helpful in applying the rule to various business models.

The following are highlights from the text of the Final Rule, as well as the supplemental information to the Final Rule:

Clarifications of Trigger Terms

  • "In the business." Only those individuals that engage in the "business of a loan originator" are required to be licensed as loan originators under the SAFE Act, recognizing that not every individual that acts as a loan originator is necessarily subject to the SAFE Act’s loan originator licensing requirement. HUD has determined that, for an individual to engage in the "business of a loan originator," he or she must act as a loan originator in a commercial context (i.e., for the purpose of obtaining profit for any other individual or entity). The individual must also act with a degree of habitualness or repetition or, alternatively, the source of the prospective financing must provide such financing or perform other phases of mortgage originations with a degree of habitualness or repetition.
  • Compensation. The phrase "for compensation or gain," as it appears in the definition of "loan originator" set forth under the SAFE Act is to be construed broadly, and is not limited to payments that are contingent upon the closing of a loan. Distinctions regarding how payments or prospective payments are described or characterized by the payor or payee are irrelevant.
  • Appendix A provides examples of "taking a loan application," "offering or negotiating terms of a loan," and "for compensation or gain," as those phrases appear in the SAFE Act definition of "loan originator." An individual that offers or negotiates residential mortgage loan terms for compensation or gain cannot avoid the SAFE Act’s loan originator licensing requirement by directing another person to physically receive the prospective borrower’s application and to then pass the application to the individual. According to HUD, this clarification "merely prevents subversion of the SAFE Act’s licensing regime through use of a ‘straw man,’ and recognizes that it is the act of offering or negotiating residential mortgage loan terms for compensation or gain in conjunction with receipt of an application that subjects an individual to licensing requirements."
  • Appendix B further explains "engaging in the business of a loan originator."
  • Appendix C provides a list of examples of independent contractor, loan processor, and underwriter activities that require a loan originator license.
  • Appendix D identifies circumstances that require a licensed attorney who engages in loan originator activities to be state licensed as a loan originator.

Excluded Persons

  • Government/Nonprofit Employees. Employees of government agencies, housing finance agencies, and bona fide nonprofit organizations are not subject to the SAFE Act’s loan originator licensing requirement because, among other reasons, they do not act as loan originators with the purpose of obtaining profit for any other individual or entity. Bona fide nonprofit organizations must meet specified criteria.
  • Housing Counselors. While housing counselors generally do not engage in activities that would subject them to the SAFE Act’s loan originator licensing requirement, it is foreseeable that some housing counselors would engage in activities that would subject them to the requirement. HUD pointed out that any such individual would not be "engaged in the business" of a loan originator, if he or she were employed by a government agency, housing finance agency, or bona fide nonprofit organization.
  • Sellers. An individual selling his or her own residence is not subject to the SAFE Act’s loan originator licensing requirement, on account of the absence of the required commercial and habitualness contexts in any such transaction. HUD chose not to issue a hard line opinion regarding whether a seller financing the sale of his or her own properties, other than his or her own residence, vacation home or property, or inherited property, would be required to be licensed as a loan originator under the SAFE Act.
  • Loan Processors/Underwriters. A loan processor or underwriter is not subject to loan originator licensing under the SAFE Act, so long as the loan processor or underwriter performs his or her duties at the direction of and subject to the supervision and instruction of a state licensed loan originator or registered loan originator. Such individual may be able to effectively direct, supervise, and instruct multiple loan processors or underwriters, perhaps even those overseas, depending on the facts and circumstances. Nothing in the SAFE Act or the Final Rule requires that such individual be the processor or underwriter’s direct or immediate supervisor, but there must be an actual nexus between the direction, supervision, and instruction of such individual and the performance of the loan processor or underwriter. 

Federal De Minimis Licensing Exception

  • HUD indicated that it does not have authority to grant a de minimis exemption to licensure. HUD noted that, while the SAFE Act expressly provides such authority to the federal banking agencies, it does not provide comparable authority to HUD. That said, HUD did not expressly address whether states have the authority to adopt such de minimis exemptions paralleling the federal banking agency standard.

Loan Modification/Loss Mitigation Personnel

  • The Final Rule does not require individuals engaged in loan modifications or loss mitigation to be licensed as loan originators under the SAFE Act, but instead defers to the CFPB on the question of whether persons engaged in such activities should be required to be licensed. HUD noted, however, that any such individuals involved in a refinance transaction are subject to the SAFE Act’s loan originator licensing requirement.

Federal Registration

  • For purposes of determining which individuals are eligible for federal loan originator registration, "employee" is defined as an individual whose (i) manner and means of performance of work are subject to the right of control of, or are controlled by, a person, and (ii) whose compensation for federal income tax purposes is reported, or required to be reported, on a W-2 form issued by the controlling person. The federal banking agencies may trump this definition of "employee" vis-à-vis there own rules implementing the SAFE Act.

Financial Advisors

  • Financial advisors that routinely refer clients to mortgage lenders affiliated with the advisors’ companies would likely not trigger the third prong of the definition of "offers or negotiates terms of a residential mortgage loan for compensation or gain," assuming that they do not also "take an application."

Loan Originator Qualifications

  • Credit Scores. A state is not precluded from considering a loan originator license applicant’s credit score in making a determination regarding the applicant’s overall character and fitness. The Nationwide Mortgage Licensing System and Registry (NMLSR) is authorized to obtain credit reports and records of administrative, criminal, and civil disciplinary and enforcement actions.
  • Convictions. Pardoned and expunged convictions do not "in themselves" operate as a barrier to loan originator licensure under the SAFE Act.
  • Formerly Licensed. A formerly state licensed loan originator that fails to maintain a valid license for five years or longer (excluding any time that such individual was federally registered as a loan originator) is required to retake the national and state components of the SAFE Act mortgage loan originator test developed by the NMLSR in order to reinstate his or her license.

State Authority

  • A state must provide that a state licensed loan originator can only receive credit for the completion of a continuing education course in the year in which the course was completed. This means that a state licensed loan originator cannot apply excess courses taken in a previous year to relieve him or her from taking courses required for a future year.
  • Given the variability in state laws, reciprocity for out-of-state licensees is not required. However, a state is not prohibited from taking into consideration or relying upon the findings made by other states in considering whether an individual is eligible for loan originator licensure under its own laws.
  • HUD will work with states to establish reasonable timeframes for implementing coverage of any individuals that previously did not have a reasonable basis for determining whether they were required to be licensed as loan originators under the SAFE Act. The Final Rule provides a method for states to request extensions for such individuals or classes of individuals.

HUD’s authority under the SAFE Act will transition to the Consumer Financial Protection Bureau (CFPB) on July 21, 2011, as required by the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). The Final Rule will take effect on August 29, 2011. Click here for a copy of the Final Rule.

OCC Issues Risk Management Guidance for Prepaid Access Programs. On June 28, the Office of the Comptroller of the Currency (OCC) issued OCC Bulletin 2011-27 providing guidance to national banks for assessing and managing risks associated with prepaid access programs. Prepaid access programs allow persons to obtain access to funds that have been paid in advance through an electronic device, including reloadable cards, payroll cards, government benefit cards, retail gift cards, mobile phones, and Internet sites. The OCC noted that banks face a variety of risks in offering prepaid access programs, including fraud and money laundering, and the risks increase when the prepaid access program has more advanced functionality, such as international funds transfers and card-to-card funds transfers. The OCC guidance provides that national banks that offer prepaid access programs should have a comprehensive risk management program, which would clearly define objectives, expectations and risk limits for the products offered, assess the objectives and risk parameters of the program, define and implement policies, procedures and due diligence for the program, review the bank’s audit and compliance functions, and plan to generate periodic reports to the board of directors on the performance of the program. For a copy of the bulletin, please click here.

FFIEC Releases Updated Guidance on Internet Banking Authentication. On June 28, the agencies comprising the Federal Financial Institutions Examination Counsel (FFIEC) issued the Supplement to Authentication in an Internet Banking Environment (Supplement) that updates and clarifies guidance issued by the FFIEC to financial institutions in 2005 regarding customer authentication for Internet-based financial products and services. Specifically, the Supplement identifies evolving threats to online financial services accounts and transactions and directs financial institutions conducting high risk transactions to implement enhanced security features and fraud detection and monitoring systems to authenticate both commercial and retail customers. The Supplement further establishes minimum authentication controls required for layered security programs, and sets forth elements that must be incorporated into a financial institution’s customer awareness and education programs. For a copy of the Supplement, please see 
http://www.fdic.gov/news/news/press/2011/pr11111a.pdf.

OCC Advises of Amendments to Regulations CC and Q. On June 24, the Office of the Comptroller of the Currency (OCC) issued OCC Bulletin 2011-25 addressing two provisions included in the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) that become effective July 21, 2011: (i) Section 1086 of Dodd-Frank which amends the Expedited Funds Availability Act is implemented by Regulation CC, and (ii) Section 627 of Dodd-Frank which amends the Home Owners’ Loan Act and Federal Reserve Act is implemented by Regulation Q. The OCC advises that the Federal Reserve Board may not finish drafting new regulations prior to the July 21, 2011 effective date, but national banks should still comply with the statutory provisions. The Expedited Funds Availability Act was amended to raise the amount of funds which must be made available for withdrawal on the business day after funds are deposited by certain checks. The OCC advises that banks should (i) change their practices to ensure that the first $200 of funds deposited by certain checks into an account will be made available on the business day after banking day the deposit is made; (ii) change related notices and disclosures; and (iii) provide customers a change-of-terms notice within 30 days after the change is implemented. The Home Owners’ Loan Act and the Federal Reserve Act were amended to remove the prohibition on payment of interest on demand deposit accounts, and the Federal Reserve Board has therefore proposed repealing Regulation Q. The OCC advises that if banks make changes to their products after July 21, 2011 to pay interest on demand deposit accounts, they must notify affected customers that the account is no longer eligible for full deposit insurance coverage, and should make appropriate changes to their policies, practices, procedures, and disclosures. For a copy of the bulletin, please click here.

CFPB Requests Comments on Definition of Nonbank "Larger Participants." On June 23, the Consumer Financial Protection Bureau (CFPB) announced the release of a Notice and Request for Comment regarding the definition of "larger participants" in certain consumer financial products and services markets. The Dodd-Frank Wall Street Reform and Consumer Financial Protection Act (Dodd-Frank) requires the CFPB to supervise certain nonbank entities, including nonbank mortgage companies, payday lenders, and private education lenders of all sizes. For other markets, the supervision program will generally apply only to larger participants in those markets. Dodd-Frank requires the CFPB to define who is a larger participant of a market for other consumer financial products or services no later than July 21, 2012. The CFPB seeks comments regarding a number of questions related to the definition of a larger participant, including what criteria to use, whether to use a single test for all markets or tests tailored to individual markets, what relevant data are available, what time period to use, and which consumer financial markets to include in the initial rule. Comments are due 45 days after publication of the notice in the Federal Register. Click here for a copy of the press release. Click here for a copy of the Notice and Request for Comment.

SEC Amends Rules to Delegate Authority to the Director of the Division of Enforcement. The Securities and Exchange Commission (SEC) recently amended Rule 30-4(a)(14) to delegate authority to the Director of the Division of Enforcement (Division) to issue witness immunity orders to compel individuals to give testimony or provide other information pursuant to 18 U.S.C. §§ 6002-6004. The delegation follows the SEC’s previous delegation, effective January 19, 2010, of the authority to submit witness immunity requests to the Department of Justice. The delegation is intended to further conserve the SEC’s resources, improve the success of its enforcement actions, and enhance the Division’s ability to detect violations of federal securities laws and improve the effectiveness and efficiency of its investigations. The amendment became effective on June 17, 2011, and will remain in effect for a period of 18 months, at which time the SEC will evaluate whether to extend the delegation to issue immunity orders. For a copy of the release and text of the amendment, please see http://www.sec.gov/rules/final/2011/34-64649.pdf.

FRB Issues Proposed Rule Regarding Regulation B. On June 20, the Federal Reserve Board (Board) issued a proposed rule pursuant to Regulation B to clarify that motor vehicle dealers are not required to comply with certain data collection requirements in the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) until the Board issues final regulations. Dodd-Frank amended the Equal Credit Opportunity Act to require creditors to collect and report information concerning credit applications made by women-owned or minority-owned businesses and small businesses. Public comment on the proposed rules must be submitted by July 29, 2011. Click here for a copy of the press release. Click for a copy of the notice of proposed rule.

State Issues

North Carolina Amends Methods for Recording Satisfaction of a Security Instrument. On June 23, North Carolina House Bill 312 (Bill) was approved, which amends the methods for recording a satisfaction of a security instrument with the register of deeds, clarifies the requirements for electronically registering plats with the register of deeds, and amends restrictions on access to military discharge documents recorded with the register of deeds. The section of the Bill regarding access to military discharge documents became effective when the Bill became law, and the remainder of the Bill will become effective October 1, 2011. Click here for a copy of the Bill.

Nevada Amends Escrow Agent, Mortgage Banker, Mortgage Broker, and Mortgage Agent Laws. On June 17, Nevada Assembly Bill 77 (Bill) was signed into law, revising various provisions governing mortgage lending and the conduct and supervision of related professionals, including escrow agents and agencies, mortgage bankers, brokers, and agents, and providers of certain covered services. The Bill sets forth a requirement that certain escrow agency licensees designate a qualified employee, and provides new requirements and restrictions applicable to mortgage brokers arranging or servicing loans for private investors. The Bill amends the definition of "mortgage agent" and makes changes to the license eligibility requirements applicable to such persons, and exempts additional entities (for example, certain nonprofit agencies) from the purview of the Nevada Mortgage Brokers and Mortgage Agents Act and the Nevada Mortgage Bankers Act. The Bill requires that mortgage broker licensees undertake an annual review of impound trust accounts, and amends provisions pertaining to mortgage banker, broker, and agent license expiration dates, change of control reporting requirements applicable to mortgage broker licensees, and surety bonds requirements for escrow agency and mortgage broker licensees. Finally, the bill amends the definition of covered service to include, among other things, providing the services of a loan modification or foreclosure consultant, and specifies that such a provider of covered services may not request or receive payment of any fee from a homeowner until the requirements of the federal Mortgage Assistance Relief Services Rule and any other applicable law or federal regulation have been met. The Bill takes effect on July 1, 2011. Click here for a copy of the Bill.

Courts

FTC Files Amicus Brief Opposing Proposed Class Action Settlement with Midland Funding LLC. The Federal Trade Commission (FTC) filed an amicus brief in Vassalle v. Midland Funding, Case No. 3:11-cv-00096 (N.D. Ohio), opposing a proposed class action settlement that the FTC believes would require consumers to surrender the right to challenge affidavits used by creditors in connection with debt collection lawsuits in exchange for minimal payments. In Vassalle v. Midland Funding, the proposed settlement would resolve several private class action lawsuits that consumers filed against Midland Funding and related entities Encore Capital Group, Inc. and Midland Credit Management, Inc., that accuse the companies of violating the Fair Debt Collection Practices Act (FDCPA) and similar state statutes. The FTC explains in the amicus brief that the proposed settlement raises concerns in three areas: (i) FDCPA and debt collection, (ii) privacy and data collection, and (iii) class action fairness. Consistent with concerns expressed by state Attorneys General and consumer protection advocates, the FTC’s amicus brief argues that if the court accepts the settlement, class members will have to give up too much in exchange for too little. The brief further notes that nothing in the settlement limits Midland’s uses of personal information that consumers provide in connection with the proposed settlement, but the FTC asserts that consumer information obtained in connection with a class action settlement should be used solely to process settlement payments. Click here for a copy of the press release. Click here for a copy of the amicus brief.

Firm News

Andrew Sandler and Jonice Gray Tucker will speak during an American Bar Association webinar on mortgage servicing issues on July 21 at 1:00 p.m. The webinar, which is entitled "Mortgage Servicing Under Fire: Regulatory, Litigation, and Enforcement Trends Stemming from the Foreclosure Crisis and More" will also feature Terry Goddard, the former Arizona Attorney General, as a speaker.

Andrew Sandler will be teaching the Litigation Strategy Session: Developing Strong Protocols, Admissible Documentation & Comprehensive Strategies in Order to Survive Regulatory Enforcement Actions & Litigation Workshop on July 26, in Chicago. This workshop precedes ACI’s Consumer Finance Class Actions & Litigation Conference taking place on July 27-28 at the Sutton Place Hotel in Chicago.

Andrew Sandler will be speaking at the ACI’s Consumer Finance Class Actions & Litigation Conference on July 28. Mr. Sandler’s panel is: "Class Action Developments: What Recent Cases and Pending Policy Changes Mean for Your Litigation, Investigation and Settlement Strategies."

James Parkinson will speak on the Foreign Corrupt Practices Act as a Visiting Lecturer at Universidad Panamericana, Mexico on August 25.

Jonice Gray Tucker will be moderating a panel focusing on Regulatory and Litigation Developments in Servicing at the California Mortgage Bankers’ Servicing Conference on August 29 in Las Vegas.

Firm Publications

John Kromer and Melissa Klimkiewicz authored OCC Issues Proposed Rule to Implement Dodd-Frank Preemption, which was published in the June 22 issue of Consumer Financial Services Law Report.

David Baris authored Approving Loans Is a Risky Role for Bank Directors, which was published in the June 14 issue of American Banker.


Miscellany

Consumer Reporting Agency Must Pay $1.8 Million to Settle FTC Charges. On June 27, the Federal Trade Commission (FTC) issued a press release announcing that Teletrack, Inc. agreed to pay $1.8 million to settle charges that it violated the Fair Credit Reporting Act (FCRA) by selling credit reports to marketers. In its complaint, the FTC alleged that Teletrack used its credit reporting business to create a marketing database, and then sold information in this database to marketers. FCRA makes it illegal to sell credit reports without a permissible purpose. The FTC alleged that marketing is not a permissible purpose, and therefore Teletrack violated the FCRA. Click here for a copy of the press release. Click here for a copy of the final judgment and order.

Payment Card Industry Security Standards Council (PCI SSC) Publishes Virtualization Guidelines. On June 14, the PCI SSC ("Council") announced the findings of its Virtualization Special Interest Group. The Council is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security requirements and the Payment Application Data Security Standard. The Council developed Special Interest Groups (SIGs) to help clarify elements of the PCI DSS that might be considered challenging or open for interpretation, for stakeholders seeking to secure cardholder data. The Council’s Virtualization SIG has published a PCI DSS Virtualization Guidelines Information Supplement (Information Supplement) to provide guidance on the use of virtualization technology in cardholder data environments, in accordance with the PCI DSS. The Information Supplement is meant to help merchants, service providers, processors and vendors understand how PCI DSS applies to virtual environments. It also includes an appendix with examples of virtualization implications for specific PCI DSS requirements, and suggested best practices for dealing with them. The Virtualization SIG’s findings highlighted that there is no single method for securing virtualized systems, and that the security controls for one implementation may not be suitable for another. Click here for the text of the Council’s news release concerning the Information Supplement. Click here for a copy of the Information Supplement.


Mortgages

North Carolina Amends Methods for Recording Satisfaction of a Security Instrument. On June 23, North Carolina House Bill 312 (Bill) was approved, which amends the methods for recording a satisfaction of a security instrument with the register of deeds, clarifies the requirements for electronically registering plats with the register of deeds, and amends restrictions on access to military discharge documents recorded with the register of deeds. The section of the Bill regarding access to military discharge documents became effective when the Bill became law, and the remainder of the Bill will become effective October 1, 2011. Click here for a copy of the Bill.

Nevada Amends Escrow Agent, Mortgage Banker, Mortgage Broker, and Mortgage Agent Laws.  On June 17, Nevada Assembly Bill 77 (Bill) was signed into law, revising various provisions governing mortgage lending and the conduct and supervision of related professionals, including escrow agents and agencies, mortgage bankers, brokers, and agents, and providers of certain covered services. The Bill sets forth a requirement that certain escrow agency licensees designate a qualified employee, and provides new requirements and restrictions applicable to mortgage brokers arranging or servicing loans for private investors. The Bill amends the definition of "mortgage agent" and makes changes to the license eligibility requirements applicable to such persons, and exempts additional entities (for example, certain nonprofit agencies) from the purview of the Nevada Mortgage Brokers and Mortgage Agents Act and the Nevada Mortgage Bankers Act. The Bill requires that mortgage broker licensees undertake an annual review of impound trust accounts, and amends provisions pertaining to mortgage banker, broker, and agent license expiration dates, change of control reporting requirements applicable to mortgage broker licensees, and surety bonds requirements for escrow agency and mortgage broker licensees. Finally, the bill amends the definition of covered service to include, among other things, providing the services of a loan modification or foreclosure consultant, and specifies that such a provider of covered services may not request or receive payment of any fee from a homeowner until the requirements of the federal Mortgage Assistance Relief Services Rule and any other applicable law or federal regulation have been met. The Bill takes effect on July 1, 2011. Click here for a copy of the Bill.

Banking

OCC Issues Risk Management Guidance for Prepaid Access Programs. On June 28, the Office of the Comptroller of the Currency (OCC) issued OCC Bulletin 2011-27 providing guidance to national banks for assessing and managing risks associated with prepaid access programs. Prepaid access programs allow persons to obtain access to funds that have been paid in advance through an electronic device, including reloadable cards, payroll cards, government benefit cards, retail gift cards, mobile phones, and Internet sites. The OCC noted that banks face a variety of risks in offering prepaid access programs, including fraud and money laundering, and the risks increase when the prepaid access program has more advanced functionality, such as international funds transfers and card-to-card funds transfers. The OCC guidance provides that national banks that offer prepaid access programs should have a comprehensive risk management program, which would clearly define objectives, expectations and risk limits for the products offered, assess the objectives and risk parameters of the program, define and implement policies, procedures and due diligence for the program, review the bank’s audit and compliance functions, and plan to generate periodic reports to the board of directors on the performance of the program. For a copy of the bulletin, please click here.

FFIEC Releases Updated Guidance on Internet Banking Authentication. On June 28, the agencies comprising the Federal Financial Institutions Examination Counsel (FFIEC) issued the Supplement to authentication in an Internet Banking Environment (Supplement) that updates and clarifies guidance issued by the FFIEC to financial institutions in 2005 regarding customer authentication for Internet-based financial products and services. Specifically, the Supplement identifies evolving threats to online financial services accounts and transactions and directs financial institutions conducting high risk transactions to implement enhanced security features and fraud detection and monitoring systems to authenticate both commercial and retail customers. The Supplement further establishes minimum authentication controls required for layered security programs, and sets forth elements that must be incorporated into a financial institution’s customer awareness and education programs. For a copy of the Supplement, please see 
http://www.fdic.gov/news/news/press/2011/pr11111a.pdf.

OCC Advises of Amendments to Regulations CC and Q. On June 24, the Office of the Comptroller of the Currency (OCC) issued OCC Bulletin 2011-25 addressing two provisions included in the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) that become effective July 21, 2011: (i) Section 1086 of Dodd-Frank which amends the Expedited Funds Availability Act is implemented by Regulation CC, and (ii) Section 627 of Dodd-Frank which amends the Home Owners’ Loan Act and Federal Reserve Act is implemented by Regulation Q. The OCC advises that the Federal Reserve Board may not finish drafting new regulations prior to the July 21, 2011 effective date, but national banks should still comply with the statutory provisions. The Expedited Funds Availability Act was amended to raise the amount of funds which must be made available for withdrawal on the business day after funds are deposited by certain checks. The OCC advises that banks should (i) change their practices to ensure that the first $200 of funds deposited by certain checks into an account will be made available on the business day after banking day the deposit is made; (ii) change related notices and disclosures; and (iii) provide customers a change-of-terms notice within 30 days after the change is implemented. The Home Owners’ Loan Act and the Federal Reserve Act were amended to remove the prohibition on payment of interest on demand deposit accounts, and the Federal Reserve Board has therefore proposed repealing Regulation Q. The OCC advises that if banks make changes to their products after July 21, 2011 to pay interest on demand deposit accounts, they must notify affected customers that the account is no longer eligible for full deposit insurance coverage, and should make appropriate changes to their policies, practices, procedures, and disclosures. For a copy of the bulletin, please click here.

Consumer Finance

Securities

SEC Amends Rules to Delegate Authority to the Director of the Division of Enforcement. The Securities and Exchange Commission (SEC) recently amended Rule 30-4(a)(14) to delegate authority to the Director of the Division of Enforcement (Division) to issue witness immunity orders to compel individuals to give testimony or provide other information pursuant to 18 U.S.C. §§ 6002-6004. The delegation follows the SEC’s previous delegation, effective January 19, 2010, of the authority to submit witness immunity requests to the Department of Justice. The delegation is intended to further conserve the SEC’s resources, improve the success of its enforcement actions, and enhance the Division’s ability to detect violations of federal securities laws and improve the effectiveness and efficiency of its investigations. The amendment became effective on June 17, 2011, and will remain in effect for a period of 18 months, at which time the SEC will evaluate whether to extend the delegation to issue immunity orders. For a copy of the release and text of the amendment, please see http://www.sec.gov/rules/final/2011/34-64649.pdf.


Litigation

FTC Files Amicus Brief Opposing Proposed Class Action Settlement with Midland Funding LLC. The Federal Trade Commission (FTC) filed an amicus brief in Vassalle v. Midland Funding, Case No. 3:11-cv-00096 (N.D. Ohio), opposing a proposed class action settlement that the FTC believes would require consumers to surrender the right to challenge affidavits used by creditors in connection with debt collection lawsuits in exchange for minimal payments. In Vassalle v. Midland Funding, the proposed settlement would resolve several private class action lawsuits that consumers filed against Midland Funding and related entities Encore Capital Group, Inc. and Midland Credit Management, Inc., that accuse the companies of violating the Fair Debt Collection Practices Act (FDCPA) and similar state statutes. The FTC explains in the amicus brief that the proposed settlement raises concerns in three areas: (i) FDCPA and debt collection, (ii) privacy and data collection, and (iii) class action fairness. Consistent with concerns expressed by state Attorneys General and consumer protection advocates, the FTC’s amicus brief argues that if the court accepts the settlement, class members will have to give up too much in exchange for too little. The brief further notes that nothing in the settlement limits Midland’s uses of personal information that consumers provide in connection with the proposed settlement, but the FTC asserts that consumer information obtained in connection with a class action settlement should be used solely to process settlement payments. Click here for a copy of the press releaseClick here for a copy of the amicus brief.

E-Financial Services

FFIEC Releases Updated Guidance on Internet Banking Authentication. On June 28, the agencies comprising the Federal Financial Institutions Examination Counsel (FFIEC) issued the Supplement to Authentication in an Internet Banking Environment (Supplement) that updates and clarifies guidance issued by the FFIEC to financial institutions in 2005 regarding customer authentication for Internet-based financial products and services. Specifically, the Supplement identifies evolving threats to online financial services accounts and transactions and directs financial institutions conducting high risk transactions to implement enhanced security features and fraud detection and monitoring systems to authenticate both commercial and retail customers. The Supplement further establishes minimum authentication controls required for layered security programs, and sets forth elements that must be incorporated into a financial institution’s customer awareness and education programs. For a copy of the Supplement, please see 
http://www.fdic.gov/news/news/press/2011/pr11111a.pdf.

Payment Card Industry Security Standards Council (PCI SSC) Publishes Virtualization Guidelines. On June 14, the PCI SSC ("Council") announced the findings of its Virtualization Special Interest Group. The Council is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security requirements and the Payment Application Data Security Standard. The Council developed Special Interest Groups (SIGs) to help clarify elements of the PCI DSS that might be considered challenging or open for interpretation, for stakeholders seeking to secure cardholder data. The Council’s Virtualization SIG has published a PCI DSS Virtualization Guidelines Information Supplement (Information Supplement) to provide guidance on the use of virtualization technology in cardholder data environments, in accordance with the PCI DSS. The Information Supplement is meant to help merchants, service providers, processors and vendors understand how PCI DSS applies to virtual environments. It also includes an appendix with examples of virtualization implications for specific PCI DSS requirements, and suggested best practices for dealing with them. The Virtualization SIG’s findings highlighted that there is no single method for securing virtualized systems, and that the security controls for one implementation may not be suitable for another. Click here for the text of the Council’s news release concerning the Information SupplementClick here for a copy of the Information Supplement.

Privacy/Data Security

Payment Card Industry Security Standards Council (PCI SSC) Publishes Virtualization Guidelines. On June 14, the PCI SSC ("Council") announced the findings of its Virtualization Special Interest Group. The Council is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security requirements and the Payment Application Data Security Standard. The Council developed Special Interest Groups (SIGs) to help clarify elements of the PCI DSS that might be considered challenging or open for interpretation, for stakeholders seeking to secure cardholder data. The Council’s Virtualization SIG has published a PCI DSS Virtualization Guidelines Information Supplement (Information Supplement) to provide guidance on the use of virtualization technology in cardholder data environments, in accordance with the PCI DSS. The Information Supplement is meant to help merchants, service providers, processors and vendors understand how PCI DSS applies to virtual environments. It also includes an appendix with examples of virtualization implications for specific PCI DSS requirements, and suggested best practices for dealing with them. The Virtualization SIG’s findings highlighted that there is no single method for securing virtualized systems, and that the security controls for one implementation may not be suitable for another. Click here for the text of the Council’s news release concerning the Information SupplementClick here for a copy of the Information Supplement.