Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • President Trump Releases 2018 Budget Proposal; Key Areas of Reform Target Financial Regulators, Cybersecurity, and Student Loans

    Federal Issues

    On May 23, the White House released its fiscal 2018 budget request, A New Foundation for American Greatness, along with Major Savings and Reforms, which set forth the President’s funding proposals and priorities. The mission of the President’s budget is to bring spending under control by proposing savings of $57.3 billion in discretionary programs, including $26.7 billion in program eliminations and $30.6 billion in reductions.

    Financial Regulators. The budget stresses the importance of reducing the cost of complying with “burdensome financial regulations” adopted by independent agencies under the Dodd-Frank Act. However, the proposal provides few details about how the reform applies to federal financial services regulators. Identifying the CFPB specifically, the budget states that restructuring the Bureau is necessary in order to “ensure appropriate congressional oversight and to refocus [the] CFPB’s efforts on enforcing the law rather than impeding free commerce.” Major Savings and Reforms assert that subjecting the Bureau to the congressional appropriations process would “impose financial discipline and prevent future overreach of the Agency into consumer advocacy and activism.” The budget projects further savings of $35 billion through the end of 2027, resulting from legal, regulatory, and policy changes to be recommended by the Treasury once it completes its effectiveness review of existing laws and regulations in collaboration with the Financial Stability Oversight Council. The Treasury review is being performed as a result of the Executive Order on Core Principals.

    Dept. of Housing and Urban Development. As previously reported in InfoBytes, the budget proposes that funding be eliminated for the following: (i) small grant programs such as the Self-Help Homeownership Opportunity Program, which includes, among others, the Capacity Building for Community Development and Affordable Housing Program (a savings of $56 million); (ii) the CHOICE Neighborhoods program (a savings of $125 million), stating state and local governments should fund strategies for neighborhood revitalization; (iii) the Community Development Block Grant (a savings of $2.9 billion), over claims that it “has not demonstrated results”; and (iv) the HOME Investment Partnerships Programs (a savings of $948 million). The budget also proposes reductions to the Native American Housing Block Grant and plans to reduce costs across HUD’s rental assistance programs through legislative reforms. Rental assistance programs generally comprise about 80 percent of HUD’s total funding.

    Cybersecurity. The budget states that it “supports the President’s focus on cybersecurity to ensure strong programs and technology to defend the Federal networks that serve the American people, and continues efforts to share information, standards, and best practices with critical infrastructure and American businesses to keep them secure.” Law enforcement and cybersecurity personnel across the Department of Homeland Security (DHS), Department of Defense, and the FBI will see budget increases to execute efforts to counter cybercrime. Furthermore, the National Cybersecurity and Communications Integration Center—which DHS uses to respond to infrastructure cyberattacks—will receive an increase under the budget.

    Student Loan Reform. Under the proposed budget, a single income driven repayment plan (IDR) would be created that caps monthly payments at 12.5 percent of discretionary income—an increase from the 10 percent cap some current payment plans offer. Furthermore, balances would be forgiven after a specific number of repayment years—15 for undergraduate debt, 30 for graduate. In doing so, the Public Service Loan Forgiveness program and subsidized loans will be eliminated, and reforms will be established to “guarantee that borrowers in IDR pay an equitable share of their income.” These proposals will only apply to loans originated on or after July 1, 2018, with the exception of loans provided to borrowers in order to finish their “current course of study.”

    Dept. of the Treasury. The budget proposes to, among other things: (i) eliminate funding for new Community Development Financial Institutions Fund grants (a savings of $220 million); and (ii) reduce funding for the Troubled Asset Relief Program by 50 percent, “commensurate with the wind-down of TARP programs” (a savings of $21 million).

    Response from Treasury. In a statement released by the Treasury, Secretary Steven T. Mnuchin said the budget “prioritizes investments in cybersecurity, and maintains critical funding to implement sanctions, combat terrorist financing, and protect financial institutions from threats.” Furthermore, it also would “achieve savings through reforms that prevent taxpayer bailouts and reverse burdensome regulations that have been harmful to small businesses and American workers.”

    Federal Issues Treasury Department POTUS HUD budget Privacy/Cyber Risk & Data Security Student Lending Bank Regulatory FSOC

    Share page with AddThis
  • Fannie, Freddie to Allow Electronically Recorded Mortgage Copies

    FinTech

    On May 10, Fannie Mae announced it would begin accepting copies of electronically recorded mortgages rather than original wet-signed documents. This follows a prior September 2016 announcement from Freddie Mac, which changed its policy on the electronic recording of paper closing documents.

    Fannie Mae. As set forth in Section A2-5.2-01 of its Servicing Guide, Fannie Mae says that electronic records may be delivered and retained as part of an electronic transaction by the seller/servicer to the servicer, document custodian or Fannie Mae, or by a third party, as long as the methods are compatible with all involved parties. Additionally, the electronic records must be in compliance with the requirements and standards set forth in ESIGN and, when applicable, the Uniform Electronic Transactions Act, as “adopted by the state in which the subject property secures by the mortgage loan associated with the electronic record is located.”

    Freddie Mac. A bulletin released last September updated Sections 1401.14 and 15 of Freddie Mac’s Servicing Guide by removing the requirement that a seller/servicer retain the original paper security instrument signed by the borrower if an electronic copy of the original security instrument is electronically recorded at the recorder’s office, provided the following conditions are met:

    • The seller securely stores along with the other eMortgage documents either (i) “the electronically recorded copy of the original security instrument,” or (ii) “the recorder’s office other form of recording confirmation with the recording information thereon”; and
    • Storage of the original security instrument signed by the borrower is not required by applicable law.

    According to Freddie Mac, “Removing this requirement addresses one of the barriers for eMortgage adoption in the industry, permitting more [m]ortgage file documents to be [e]lectronic and reducing some storage costs for [s]eller/[s]ervicers.”

    Fintech Electronic Signatures Fannie Mae Freddie Mac ESIGN

    Share page with AddThis
  • Fed Releases List of Small Issuers Exempt from Debit Card Interchange Fees

    Federal Issues

    On May 22, the Federal Reserve Board announced its lists of institutions that either are or are not exempt from the its debit card interchange fee standards found in Regulation II, which implements section 920 of the Electronic Fund Transfer Act (EFTA). The lists are intended to facilitate compliance by assisting payment card networks and others in determining which issuers qualify for the statutory exemption. The lists were generated from available data and contain institutions in existence on Dec. 31, 2016. Exempt institutions, together with their affiliates, have reported assets of less than $10 billion and are not subject to the interchange fee standards under the statute. Institutions that are not exempt have, either individually or together with their affiliates, reported assets of $10 billion or more, and therefore must comply with the interchange fee standards under the statute. Debit card issuers that do not appear on either of the lists must certify to their participating payment card networks that they are exempt from the interchange fee standards. The EFTA requires the Fed to biennially report on interchange fee revenue and costs incurred by debit card issuers and payment card networks. The Fed’s last report—for calendar-year 2015—cites interchange fees across all debit and general-use prepaid cards totaled $18.41 billion.

    Federal Issues Federal Reserve Debit Cards EFTA

    Share page with AddThis
  • OCC Updates Guidance on Violations of Laws and Regulations in Comptroller’s Handbook

    Federal Issues

    On May 23, the OCC issued OCC Bulletin 2017-18 announcing updated guidance on its policies and procedures regarding violations of laws and regulations for its examiners. The updates will be reflected in its “Bank Supervision Process,” “Community Bank Supervision,” “Federal Branches and Agencies Supervision,” and “Large Bank Supervision” booklets as well as other sections of the Comptroller’s Handbook and internal guidance. According to the Bulletin, an International Peer Review Report from 2013 noted that the OCC could improve its supervisory effectiveness. In response, the OCC released Bulletin 2014-52 to address the report’s concerns. These latest updates are an extension of the 2014 Bulletin to support the OCC’s mission of ensuring a safe and sound federal banking system by “emphasizing timely detection and correction of violations before they affect a bank’s condition.”

    The OCC’s updated guidance implements certain goals and practices, including:

    • ensuring the consistency of the purpose, processes, and procedures within and across all OCC lines of business, including: community, midsize, and large banks; federal branches and agencies; and banks overseen by the OCC’s Special Supervision group;
    • communicating violations using a consistent format such as: (i) using legal citation and description; (ii) summarizing relevant statutory or regulatory requirements; (iii) including facts supporting the violation and root causes; (iv) outlining required corrective actions; and (v) noting commitments to corrective action by board and management;
    • reinforcing the importance of timely and thorough follow-up and tracking of bank management’s corrective actions and milestones;
    • conveying the relationship of violations to “matters requiring attention, CAMELS/ITCC or ROCA ratings, and the bank’s risk appetite and profile;” and
    • emphasizing the need for examiners to timely and effectively communicate with the bank’s board of directors and management team as well as with OCC supervisors.

    The policy goes into effect July 1, 2017.

    Federal Issues OCC Bank Supervision Community Banks

    Share page with AddThis
  • DOL Announces No Additional Delay for Fiduciary Rule

    Securities

    On May 22, the U.S. Department of Labor (DOL) issued a news brief providing  Fiduciary Rule guidance in anticipation of the upcoming June 9 partial effectiveness date. The Fiduciary Rule—a 2016 final rule expanding the definition of who qualifies as a “fiduciary” under ERISA and the Internal Revenue Code—will go into effect as planned with full implementation on January 1, 2018. DOL Secretary Alexander Acosta wrote in a Wall Street Journal op-ed that the Administrative Procedures Act, which governs federal rulemaking, would not allow a further delay. “We...have found no principled legal basis to change the June 9 date while we seek public input,” Acosta wrote. “Respect for the rule of law leads us to the conclusion that this date cannot be postponed.” The DOL’s release also includes Frequently Asked Questions, which provides clarification on the release dates of the provisions and related prohibited transaction exemptions. Although Acosta declined to authorize a further delay, he said that the DOL will continue its review of the final rule pursuant to the President’s February 3 Presidential Memorandum on Fiduciary Duty Rule. (See previous InfoBytes summary here.)

    Notably, the DOL asserted that its general approach to implementation will be marked by an emphasis on compliance assistance (rather than citing violations and imposing penalties). Accordingly, during the phased implementation period, the DOL will not pursue claims against “fiduciaries who are working diligently and in good faith to comply with the fiduciary duty rule and exemptions,” or treat those fiduciaries as being in violation of the fiduciary duty rule and exemptions.

    Securities Department of Labor DOL Fiduciary Rule

    Share page with AddThis
  • NYDFS Issues Interpretative Guidance Regarding Banking Law Approval Requirements

    Agency Rule-Making & Guidance

    On May 22, the New York State Department of Financial Services (NYDFS) announced it was issuing interpretative guidance regarding the New York Banking Law requirement that mandates prior NYDFS approval for an acquisition or change of control of a banking institution. The guidance was released in response to a request by the New York Bankers Association amid concerns that some investors have been developing non-transparent methods of acquiring and controlling banking institutions without obtaining NYDFS’ review and approval. According to the guidance, “control” is achieved by having direct or indirect power to direct or cause the direction of a banking institution’s management and policies through the ownership of voting stocks or otherwise, and that control is achieved when individuals or entities work together or act in concert to acquire control of a banking institution but with each individual or entity staying below the threshold required for seeking NYDFS’ prior review and approval. The Superintendent of Financial Services, Maria T. Vullo issued a reminder to state-chartered banks that “all proposed changes of control in any banking institution must be submitted to the Department for prior approval under our mandate to safeguard the institutions we supervise and regulate, and to protect the public they serve.”

    The guidance was released the same day Vullo testified at a New York State Assembly hearing on the “Practices of the Online Lending History,” which sought to “explore . . . predatory online lending practices which need to be mitigated, and potential regulatory or legislative action which may be needed to address [this issue].” Vullo urged legislators to clarify the statutory definition of “making loans” to include a wider range of companies and “to include situations where an entity, in addition to soliciting a loan, is arranging or facilitating the funding of a loan, or ultimately purchasing or acquiring the loan.”

    Agency Rulemaking & Guidance Online Lending NYDFS

    Share page with AddThis
  • New York AG Settles Charges with Tech Company Over WiFi Lock Vulnerabilities

    Privacy, Cyber Risk & Data Security

    On May 22, New York Attorney General Eric T. Schneiderman announced that a Utah-based tech company agreed to settle allegations that, among other things, its wireless doors and padlocks failed to protect consumers’ personal information, leaving consumers vulnerable to hacking and theft. This action marks the first time the Attorney General’s office has taken legal action against a wireless security company for failing to protect private data. Results from an August 2016 study, conducted by independent security researchers, reveal that the tech company’s Bluetooth-enabled locks “transmitted passwords between the locks and the user’s smartphone . . . without encryption” and also contained “weak default passwords.” Both issues allowed perpetrators to intercept passwords and undo the locks. Under the terms of the settlement, the company agreed to reform its data security practices and implement a comprehensive security program.

    Privacy/Cyber Risk & Data Security Enforcement State AG

    Share page with AddThis
  • California-Based Financial Institution Reaches Agreement with DOJ, Forfeits Over $97 Million for Bank Secrecy Act Violations

    Financial Crimes

    On May 22, the U.S. Department of Justice announced that a California-based financial institution and its parent company have agreed to forfeit over $97 million to resolve an investigation into alleged Bank Secrecy Act (BSA) violations. The May 18 agreement between the Bank and the DOJ included a Statement of Facts in which the Bank admitted to criminal violations for willfully failing to maintain an effective anti-money laundering compliance program with appropriate policies, procedures, and controls to guard against money laundering, as well as willfully failing to file suspicious activity reports (SARs). It further admitted that from at least 2007 until at least 2012, it processed more than 30 million remittance transactions to Mexico with a total value of more than $8.8 billion, but, while its monitoring system issued more than 18,000 alerts involving more than $142 million in potentially suspicious remittance transactions, it conducted fewer than 10 investigations and filed only nine SARs. Notably, the nine SARs covered only 700 transactions totaling overall approximately $341,307. Furthermore, the financial institution recognized that over the same time period it needed to improve its monitoring of its money services businesses’ (MSBs) remittances but failed to provide appropriate staffing and resources, which led to its BSA department being unable to “conduct appropriate transaction monitoring.” This resulted in a failure to file SARs on suspicious remittance transactions. Although the financial institution recognized the need to enhance its monitoring process as early as 2004, it continued to expand its MSB business without adding staffing resources and failed to make necessary improvements to its transaction monitoring controls.

    However, the DOJ stated its decision to enter into a non-prosecution agreement with the financial institution was based on evidence of extensive remedial actions. According to the DOJ’s press release, the financial institution devoted significant resources to remediation of its BSA and anti-money laundering (AML) deficiencies, exited its MSB business entirely, and ultimately ceased all banking operations. It was further credited for its cooperation with the DOJ’s criminal investigation by: (i) providing factual presentations; (ii) voluntarily making available foreign-based employees for interviews in the U.S.; (iii) producing foreign documents without implicating foreign data privacy laws; and (iv) collecting, analyzing, and organizing voluminous evidence and information for the DOJ. Under the terms of the agreement, the financial institution and its parent company have agreed to fully cooperate in this and any future DOJ investigations relating to violations of the BSA and AML statutes, as well as report, for a period of one year, any evidence or allegations of such violations. The parent company has also agreed to report to the DOJ “regarding [the] implementation of compliance measures to improve oversight of its subsidiaries’ BSA compliance.”

    Financial Crimes Anti-Money Laundering Bank Secrecy Act DOJ SARs

    Share page with AddThis
  • U.S. Retailer Settles States’ Investigation Over 2013 Data Breach, Fined $18.5 Million in Settlement

    Privacy, Cyber Risk & Data Security

    On May 23, a major U.S. retailer reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the states’ investigation into the retailer’s 2013 data breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. According to multiple state attorneys general, this represents the largest multistate data breach deal to date. According to the states’ investigation, the November 2013 security breach occurred when cyberattackers accessed the retailer’s customer service database to install malware that was able to capture consumers’ personal information, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs. Under the terms of the Assurance of Voluntary Compliance, the retailer agreed to do the following, including:

    • develop, implement, and maintain a comprehensive Information Security Program (Program) and required safeguards;
    • employ an executive or officer with information security experience responsible for executing the Program and advising the CEO and Board of Directors of security-related issues;
    • develop and implement risk-based policies and procedures for auditing vendor compliance with the Program;
    • maintain and support software on its network for data security purposes;
    • maintain appropriate encryption policies, particularly as they pertain to cardholder and personal information data;
    • segment its cardholder data environment from the rest of its computer network;
    • undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication;
    • deploy and maintain a file integrity monitoring solution; and
    • hire a third-party to conduct a comprehensive security assessment.

    The majority of the terms last five years.

    States involved issued press releases announcing their portions of the settlement. California Attorney General Xavier Becerra stated that California will be receiving more than $1.4 million from the settlement, the largest share of any state. Illinois, which co-led the investigation with the state of Connecticut, will receive more than $1.2 million from the settlement, according to Attorney General Lisa Madigan, who stated, “Today’s settlement . . . establishes industry standards for companies that process payment cards and maintain secure information about their customers.” Connecticut Attorney General George Jepsen noted that the retailer “deserves credit for its actions in response to this breach, including its cooperation with our investigation and negotiations that led to this settlement. I'm also hopeful that this settlement will serve to inform other companies as to what is expected of them in terms of the security of their consumers' information.”

    Privacy/Cyber Risk & Data Security Enforcement State AG

    Share page with AddThis
  • SFO Charges Additional Individual Defendant in Connection with German-Based Company North Sea Investigation

    Financial Crimes

    The United Kingdom’s Serious Fraud Office (SFO) has reportedly charged the former chief commercial officer of a German-based company with two counts of conspiracy to make corrupt payments to assist the company with attaining or retaining contracts for freight forwarding services to the North Sea oil exploration project Jasmine. The former executive is the seventh individual charged, in addition to the company, with violations of section 1 of the UK Prevention of Corruption Act 1906 and section 1 of the Criminal Law Act 1977 for alleged conduct between January 2010 and May 2013 in connection with the Jasmine project.

    The charges follow on the heels of separate corruption charges against the company and other individuals related to an Angolan project. Last July, the SFO charged the company and seven individuals with violation of section 1 of the Prevention of Corruption Act 1906 and section 1 of the Criminal Law Act 1977 through conspiring to make corrupt payments between January 2005 and December 2006 to an agent of the Angolan state oil company, Sonangol, in order to facilitate the company’s freight forwarding business operations and contracts in Angola.

    Financial Crimes FCPA Enforcement Action UK SFO UK Prevention of Corruption Act

    Share page with AddThis

Pages