Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • ABA, CFPB to Host Webinar for Financial Institutions on New HMDA Submission Platform

    Agency Rule-Making & Guidance

    On July 17, the ABA and CFPB announced a joint webinar on August 8 at 2:00 pm EDT, which will instruct compliance, operations, and loan processing professionals on how to use the new platform for submitting HMDA data. The webinar will provide an overview of the new tool and data collection process that all financial institutions must use to submit HMDA data beginning January 1, 2018 for data collected during 2017 and going forward.

    Notably, however, on July 14, the CFPB issued a request for comments on proposed amendments to its HMDA reporting threshold for calendar years 2018 and 2019 to ease the burden on small-volume lenders. The comment period ends July 31, 2017. (See previous InfoBytes summary here.)

    Agency Rule-Making & Guidance CFPB ABA HMDA Mortgages Bank Compliance

    Share page with AddThis
  • Senate Banking Committee to Host July 20 Hearing on Mortgage Reform

    Federal Issues

    On July 20, the Senate Banking Committee will hold a hearing on mortgage reform for small lenders. The hearing, entitled “Housing Finance Reform: Maintaining Access for Small Lenders,” will feature witnesses from the American Bankers Association, the Credit Union National Association, the Independent Community Bankers of America, the National Association of Federally-Insured Credit Unions, the Community Mortgage Lenders of America, and the Community Home Lenders Association.

    Federal Issues Senate Banking Committee Mortgages ABA NCUA CUNA ICBA Mortgage Lenders

    Share page with AddThis
  • ABA, State Banking Associations Request HMDA Implementation Delay

    Lending

    Following up on comments submitted to the CFPB on its proposal to amend the 2015 HMDA rule (see previous InfoBytes coverage here), the American Bankers Association (ABA)—along with state banking associations representing all 50 states and Puerto Rico—sent a letter on July 12 to the Bureau requesting that the new “complex” and “substantive” requirements scheduled to take effect January 1, 2018 be delayed to allow banks time to comply. The associations claim the Bureau (i) failed to sufficiently conduct industry research to identify and address questions and proposed solutions concerning the proposed changes, and (ii) inadequately addressed issues related to the protection of borrower data. The ABA also stresses that the software systems banks need to incorporate into their platforms to ensure compliant data collection will not be available in time “because the industry and systems vendors are still awaiting rule changes that will necessitate system adaptations.” The Bureau has been asked to announce its intention for a delay within the next month.

    Lending HMDA ABA CFPB Bank Compliance Mortgages Agency Rule-Making & Guidance

    Share page with AddThis
  • ABA, State Bankers Associations Respond to HUD’s Request for Comment; Discuss Need to Clarify Disparate Impact

    Agency Rule-Making & Guidance

    On May 15, HUD issued a request for comment on its review of regulations as required by Executive Order 13777, which compels each agency to review and carry out regulatory reform. According to the request for comment, the self-assessment will address suggestions for “specific current regulations that may be outdated, ineffective, or excessively burdensome, and therefore, warranting repeal, replacement, or modification.” The request, which closed for public comment on June 14, received 100 comments from state bankers associations, financial institutions, and individuals.

    American Bankers Association (ABA) and State Bankers Associations. On June 14, a joint comment letter was sent on behalf of the ABA and state bankers associations representing all 50 states. A key issue raised by the letter was that HUD adopted an incorrect and improper standard for disparate impact liability in its rule implementing the Fair Housing Act’s discriminatory effects standard—a rule the groups calls “outdated and legally wrong.” Under the terms of the rule, HUD provided that “[l]iability may be established under the Fair Housing Act based on a practice’s discriminatory effect . . . even if the practice was not motivated by a discriminatory intent” and then articulated a burden shifting framework for such claims in which a plaintiff can establish a prima facie case using statistics alone. However, the groups claim that the burden shifting framework conflicts with a Supreme Court decision in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, and assert that “a case premised on statistics alone is a prime example of an abuse of disparate impact.” The groups further wonder if HUD will “maintain the supervisory view that statistics alone can establish a prima facie case, as stated in the [r]ule[.]” It is the opinion of the groups that the Supreme Court enforced strict limitations of the use of disparate impact—“in stark contrast to the Rule’s approach”—in order to “avoid injecting the consideration of race into decision making and . . . address important constitutional concerns.” Thus, “[a] rule that creates, rather than eliminates, confusion undermines its own purpose and is entirely ineffective.” Furthermore, the letter (i) indicates that the groups are willing to engage in discussions with HUD on the topic of disparate impact, and (ii) raises the issue of whether a revised rule or a reopening of comments on the existing rule are in order.

    Agency Rule-Making & Guidance ABA HUD Fair Housing Disparate Impact

    Share page with AddThis
  • Financial Services Associations Comment on CFPB’s HMDA Proposal

    Agency Rule-Making & Guidance

    As previously covered in an InfoBytes Special Alert, the CFPB issued a request for comment on its proposal to amend the 2015 HMDA rule, which would incorporate changes primarily for the purpose of clarifying data collection and reporting requirements. The request, which closed for public comment on May 25, received 46 public comments from several banking and credit union industry associations.

    Mortgage Bankers Association (MBA). On May 25, the MBA—a national association representing the real estate financial industry—submitted a comment letter outlining outstanding issues and calling upon the Bureau to provide clarifying and technical corrections to Regulation C, which implements HMDA. The MBA outlined the following points, among others, for consideration:

    • delay the effective date of the Final Rule and amendments pending completion of key actions in the following areas: “HMDA data collection portals; publication and implementation of data quality edits; geocoder production release and integration specs; data privacy concerns; resubmission expectations; updated filing instructions guides; guidance on reporting and collection issues; impacts of the proposed amendments; uniform residential loan application; government monitoring information”;
    • address recommendations pertaining to multifamily lending: (i) “multifamily loans should not be subject to HMDA reporting”; (ii) “purchases and assumptions of multifamily loans should be exempt from introductory rate period reporting”; (iii) “the CFPB should accept simplified reporting from smaller-volume HMDA reporters, particularly smaller-volume multifamily reporters”; and (iv) “further consideration and clarification of the multifamily definition is needed”; and
    • a one-year delay would allow the CFPB to address privacy concerns that “might dictate that certain data not be disclosed publicly,” thereby giving the Bureau time to “reconsider whether the many data points required under Dodd-Frank . . . should be required.”

    According to the CFPB’s request for comment, most of the amendments in the Final Rule are to go into effect January 1, 2018; however, the MBA noted that data collection must commence in 2017 for loan applications that may become reportable in 2018. Therefore, the MBA urged the Bureau to delay implementation for at least one year to allow sufficient time for data collection and reporting which would give the CFPB “time to provide much-needed information and materials, and to allow HMDA reporters more time to finalize and implement the changes effectively.”

    American Bankers Association (ABA). Separately, on May 25, the ABA submitted a comment letter opining that many of the Bureau’s “technical corrections, clarifying amendments or minor changes” are “substantive in nature” and require a more comprehensive and formal process to “identify industry questions and proposed solutions.” Specifically, among other things, the ABA emphasized the following recommendations:

    • the January 1, 2018 effective date of the Final Rule should be “suspended immediately” in order to “promote the orderly, coordinated, and thorough consideration and resolution of all the interrelated issues presented and to make sure that all of the privacy and security issues are adequately addressed”;
    • the CFPB should consider updating, rather than discontinuing, its reference tool for lenders entitled A Guide to HMDA: Getting it Right;
    • several categories require further clarification: loans in process or loans originated before but purchased after the rule’s effective date; multifamily dwellings; home improvement loans; temporary financing; the threshold for reporting; counteroffers; applicant or borrower’s reported income; the annual percentage rate; rate spreads and rate set dates; reporting when there are no closing disclosures; corrected disclosures; the unique loan identifier; the geocoding tool’s use; and information pertaining to ethnicity and race; and
    • pending guidance on error resolution and software required for reporters should be finalized “as soon as possible,” and regulations on privacy and data security should be proposed “with the utmost speed.”

    “Piecemeal corrections based on informal and anecdotal evidence only adds to regulatory burden, which adds costs to borrowers and reduces access to mortgage credit,” the ABA noted.

    Agency Rule-Making & Guidance Lending HMDA Mortgage Origination CFPB ABA

    Share page with AddThis
  • CFPB Closes Public Comments on Remittance Transfer Rule; Industry Groups Submit Responses

    Consumer Finance

    As previously covered in InfoBytes, the CFPB issued a request for comment on its plan for assessing the effectiveness of its May 2013 final rule governing consumer remittance transfers (Remittance Rule). The request, which closed for public comment on May 23, focused on, among other things: (i) “whether the market for remittances has evolved . . . in ways that promote access, efficiency, and limited market disruption”; and (ii) whether the Remittance Rule (and other CFPB regulatory activity) has “brought more information, transparency, and greater predictability of prices to the market.” The CFPB received over 35 public comments from a vast array of large and small credit unions, as well as some of the leading providers of money transfer by volume. The consensus among these institutions was that implementing and maintaining the Remittance Rule’s new disclosures, cancellation windows, and audits are costly and the benefits to consumers are negligible. Specifically, one commenter noted increased consumer confusion, increased consumer delays in receiving their funds, and some have discontinued offering money transfers altogether.

    On May 23, the American Bankers Association (ABA) submitted a comment letter calling upon the Bureau to conduct an evidence-based assessment on whether the rule has preserved consumers’ access to remittance services. According to a survey conducted by the ABA of 75 member banks of varying asset sizes and cited in the comment letter, the rule—intended to “provide additional information to help consumers shop for remittances and establish error resolution procedures and protections”—has “restricted consumers’ access to remittances, increased fees for use of the service, and unnecessarily delayed remittance requests.” As explained in the letter, the ABA expressed concern about the rule, stating that there is “little evidence that the final rule has improved consumer decision-making or facilitated comparison shopping.” Furthermore, the ABA has asked the CFPB to examine the following issues: (i) whether consumers, including those in rural areas, have access to remittance transfer services; (ii) whether consumers are provided information about remittance services that inform rather than confuse; and (iii) whether regulation of remittances is not unnecessarily burdensome to the financial institutions that provide this service.

    Separately, on May 23, The Clearing House, the Consumer Bankers Association, the Bankers Association for Finance and Trade, and the ABA (Associations), issued a joint letter urging the CFPB to examine the effects of the rule from the perspective of both consumer-senders of remittance transfers and the providers of those services. The Associations outlined recommendations for the CFPB including: (i) continuing to permit depository institutions to provide estimates of third-party fees and exchange rates rather than actual fees and rates in cases where obtaining exact data is not feasible; (ii) excluding from the rule high-value transfers in excess of a certain dollar amount as well as excluding from coverage transfers effectuated through reloadable prepaid cards; (iii) modifying disclosure requirements and cancellation and resend rights; and (iv) making changes to the rule’s error resolution provisions to hold the sender responsible for transaction costs resulting from sender error.

    Consumer Finance CFPB Remittance ABA

    Share page with AddThis
  • Ransomware Attack Has Global Impact, Bipartisan Legislation Introduced to Counter Hacking

    Privacy, Cyber Risk & Data Security

    On May 12, a cyberattack spread around the world, affecting more than 230,000 computers in roughly 150 countries, according to a statement issued by the American Bankers Association. The ransomware, known as “WannaCry,” was used to exploit a vulnerability that affects computers running Microsoft Windows (see Department of Homeland Security Alert). Users of infected computers received a message that their files had been encrypted and that they must pay a ransom in bitcoin in order to decrypt their files. However, as conveyed in a press release issued by the Financial Services - Information Sharing and Analysis Center (FS-ISAC), it appears that the majority of the attacks seem to be targeting and impacting non-financial sector entities globally. FS-ISAC “believes the current attacks utilize known vulnerabilities for which there are available software patches,” but that firms and service providers need to implement the patches. Agencies continue to monitor what may be the first in a series of attacks.

    SEC Office of Compliance and Examinations (OCIE) and FBI Issue Responses. The OCIE released a statement cautioning registrants to be vigilant in mitigating risk, and noted a recent OCIE study that determined a substantial number of registrants did not conduct periodic risk assessments, penetration tests, or vulnerability scans, while a smaller number had not updated critical security patches. The OCIE also provided links to guidance on cybersecurity risk management. Likewise, the FBI issued a bulletin providing guidance on additional protection measures following the attack.

    Bipartisan Legislation Introduced. On May 17, bipartisan legislation was introduced in the House and Senate to add transparency and accountability to the federal government process for retaining or disclosing vulnerabilities in technology products, services, applications, and systems. The bill, Protecting our Ability To Counter Hacking (PATCH) Act, follows the apparently leaked NSA hacking tool which opened the door to the global “WannaCry” ransomware attack. It is sponsored by Senators Brian Schatz (D-Haw.),  Ron Johnson (R-Wis.), and Cory Gardner (R-Colo.), and Representatives Ted Lieu (D-Cal.) and Blake Farenthold (R-Tex.). As described in a release issued by Sen. Schatz’s office, the proposed legislation would make the Vulnerabilities Equities Process (VEP) more permanent, while altering its structure. It would also make the Department of Homeland Security the chair of the interagency board overseeing the VEP. Under the bill, the NSA and other security agencies would still be a permanent part of the board, while other agencies and the White House's National Security Council could attend meetings if the board deems it necessary. The established board would also produce a report for Congress on the policies it establishes regarding the disclosure of vulnerabilities no later than 180 days after the enactment of the Act. An unclassified version of the report will be publically available as well. “Striking the balance between U.S. national security and general cybersecurity is critical, but it's not easy,” Sen. Schatz noted. “This bill strikes that balance. Codifying a framework for the relevant agencies to review and disclose vulnerabilities will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.”

    Coalition for Cybersecurity Policy and Law. The legislation has already received support. The Coalition issued the following statement in support of the proposed bill: “We support the goals of the PATCH Act and we look forward to working with Chairman Johnson, Senators Schatz and Gardner, and Reps. Lieu and Farenthold as it moves forward in both chambers. The events of the past week clearly demonstrate the real-world consequences of exploited vulnerabilities. Governments have a critical role in getting vulnerability information to organizations capable of acting to protect security in a timely manner upon discovery.”

    Privacy/Cyber Risk & Data Security ABA SEC Congress Federal Legislation

    Share page with AddThis
  • CFPB Issues Request for Information on Small Business Lending; Prepares to Implement Section 1071 of Dodd Frank Act

    Agency Rule-Making & Guidance

    On May 10, the CFPB announced the issuance of a Request for Information on various aspects of the market for small business loans as the Bureau prepares to implement Section 1071 of the Dodd-Frank Act, which amends the Equal Credit Opportunity Act (ECOA) to require financial institutions to compile, maintain, and report information concerning credit applications made by women-owned, minority-owned, and small businesses. The Request includes questions grouped in five categories: (i) defining what constitutes a small business; (ii) data points the Bureau will require to be submitted and collected; (iii) types of lenders involved in small business lending and the appropriate institutional coverage for the data collection requirements; (iv) types of financial products offered to small businesses generally, and those owned by women and minorities in particular; and (v) privacy concerns related to the data collection.

    The CFPB also released Director Cordray’s prepared remarks in advance of a field hearing on small business lending where he introduced the Request for Information and issued a related press release. Comments are due 60 days after the Request for Information is published in the Federal Register. The Bureau also released a report, entitled “Key Dimensions of the Small Business Lending Landscape,” which presents the CFPB's perspective on the market for lending to small, minority-owned and woman-owned firms and gaps in its understanding.

    A couple of industry groups have already weighed in regarding expected difficulties with the application of Section 1071. In a letter sent Tuesday in advance of the field hearing, the National Association of Federally-Insured Credit Unions (NAFCU) urged the CFPB to exempt its members from any rulemaking that compels disclosure of business loan information. NAFCU Regulatory Affairs Counsel Andrew Morris cites the unique characteristics of credit unions, and that such data collection “may yield confusing information about credit unions and further restrict lending activity as a result of increased compliance costs.” The letter notes that “[c]redit unions serve distinct fields of membership, and as a result, institution-level data related to women-owned, minority-owned and small business lending substantially differs in relation to other lenders.”

    And, in a white paper provided to the Treasury Department, the American Bankers Association criticizes what amounts to Section 1071’s conflation of consumer and commercial lending, “recommend[ing] the elimination of any vestige of Bureau regulatory, supervisory, or enforcement authority over commercial credit or other commercial account and financial services.”

    Agency Rule-Making & Guidance CFPB Small Business Lending Dodd-Frank ECOA NAFCU ABA Treasury Department

    Share page with AddThis
  • American Bankers Association White Paper Addresses Concerns Over HMDA Expansion

    Agency Rule-Making & Guidance

    On May 2, the American Bankers Association (ABA) issued a white paper to the Treasury Department on the implementation of the 2015 Home Mortgage Disclosure Act (HMDA) rule as part of its continuing response to President Trump’s executive order outlining “core principles” for financial regulation (see previously issued Special Alert here). The white paper, HMDA – More Really is Less: The Data Fog Frustrates HMDA, presents several views held by the ABA including that the CFPB should (i) rescind requirements to collect any data fields not expressly required by HMDA; (ii) suspend the effective date of the 2015 HMDA rule until privacy and security concerns are addressed (see previously issued Special Alert here); (iii) exclude commercial loans from HMDA coverage; and (iv) revoke the new HMDA data elements added by the Dodd-Frank Act. The ABA noted that the Dodd-Frank Act added more than 13 new categories to the statutory HMDA data fields lenders are required to collect, and in the implementing regulation, Regulation C, the CFPB added 25 new data fields to the existing 23 fields. The ABA noted that the CFPB estimates that, in addition to existing costs of HMDA compliance, the additional annual costs of operations will be approximately $120.6 million conservatively (more if reporting quarterly) and lenders will incur a one-time additional cost of between $177 million and $326.6 million. Furthermore, the ABA states there still remains a need to address the “significant” privacy issues presented by the “vast trove of data points added by Dodd-Frank,” and that “the collection and transfer and warehousing of greatly increased and more sensitive data will necessitate even more robust and costlier private sector and government systems.” However, the ABA noted the Bureau has not initiated rulemaking to address the privacy issues presented.

    Notably, last month, the CFPB issued a proposal in the Federal Register to amend the 2015 HMDA rule (see previously issued Special Alert here). The changes are primarily for the purpose of clarifying data collection and reporting requirements, and most of the clarifications and revisions would take effect in January 2018. The deadline to submit comments on the CFPB’s proposal is May 25, 2017.

    Agency Rule-Making & Guidance HMDA CFPB ABA

    Share page with AddThis
  • American Bankers Association Argues for “Strong, Consistent” National Data Protection Standard

    Privacy, Cyber Risk & Data Security

    In a May 8 letter to Congress, the American Bankers Association (ABA) called on Congress to pursue national data protection standards for companies that handle consumers’ sensitive financial data. The letter notes that the financial sector has an excellent track record in protecting consumer data, citing data from the Identity Theft Resource Center indicating that only 0.2% of records exposed in data breaches were attributable to the financial sector, as opposed to the 81.3% of records exposed at businesses included retail, adding that the industry is highly motivated and under constant oversight to ensure that Federal privacy and data protection laws such as the Gramm-Leach-Bliley Act are followed.  On the other hand, the ABA notes, other industries are not required to protect consumer data under Federal law and have strongly opposed legislation that would add such requirements. The association concludes that a “strong, consistent national standard for fighting data breaches” is necessary to create a “security infrastructure that brings banks, payment networks and retailers together to safeguard sensitive financial data.”

    Privacy/Cyber Risk & Data Security Congress ABA

    Share page with AddThis

Pages