Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • CFPB Clarifies Remittance Transfer Rule Compliance

    Agency Rule-Making & Guidance

    As previously covered in InfoBytes, the CFPB recently released its summer 2017 Supervisory Highlights (Highlights) outlining its supervisory progress this year. Included among the issues highlighted by the Bureau is its recent activity in the remittance transfer rule (RTR) space under Regulation E. The Highlights indicate that the CFPB intends to continue its focus on RTR compliance at both large and small institutions. Of particular note, the Bureau—for the first time—has provided informal guidance on international mobile top-up products for telephone airtime. Prior to the Highlights, it was unclear to what extent these products were subject to the RTR. The Highlights confirm that the CFPB will take the position that these products fall within the scope of the rule and has taken supervisory action against at least one institution for that institution’s failure to treat international mobile top-ups in excess of $15 as remittance transfers subject to the RTR.

    This edition of the Highlights helps to clear up prior confusion around the industry regarding international mobile top-ups and bill pay products, as discussed in a recent article.

    Agency Rule-Making & Guidance CFPB Remittance Remittance Transfer Rule Regulation E Mobile Top-Ups Compliance

    Share page with AddThis
  • CFPB Publishes Small Entity Compliance Guide on Arbitration Rule

    Agency Rule-Making & Guidance

    On September 15, the CFPB published a small entity compliance guide concerning the Bureau’s final arbitration rule that became effective this month. Compliance is required for “pre-dispute arbitration agreements” entered into on or after March 19, 2018. This guide provides a summary of the rule and highlights the parties and consumer financial products and services covered by the rule, as well as exclusions from the rule’s requirements. In addition, the guide includes descriptions of provisions to be included in pre-dispute arbitration agreements, clarifies the rule’s prohibition on relying on pre-dispute arbitration agreements to block class actions, and explains the record submission requirements under the rule.

    However, as previously discussed in InfoBytes, while the arbitration rule went into effect September 18, the House earlier passed a disapproval resolution, in July, to repeal the rule, with a similar measure set for discussion in the Senate.

    Agency Rule-Making & Guidance CFPB Arbitration Compliance Class Action

    Share page with AddThis
  • CFPB’s Summer Edition of Supervisory Highlights Discloses Findings Across Many Financial Services Areas

    Consumer Finance

    On September 12, the CFPB released its summer 2017 Supervisory Highlights, which outlines its supervisory and oversight actions in areas such as auto loan servicing, credit card account management, debt collection, deposit account supervision, mortgage origination and servicing, remittances, service provider programs, short-term small-dollar lending, and fair lending. According to the Supervisory Highlights, recent supervisory resolutions have “resulted in total restitution payments of approximately $14 million to more than 104,000 consumers during the review period” between January 2017 and June 2017.

    As examples, in the area of auto loan servicing, examiners discovered vehicles were being repossessed even though the repossession should have been cancelled. Coding errors, document mishandling, and failure to timely cancel the repossession order were cited causes. Regarding fair lending examination findings, the CFPB discovered, in general, “deficiencies in oversight by board and senior management, monitoring and corrective action processes, compliance audits, and oversight of third-party service providers.” Examiners also conducted ECOA Baseline Reviews on mortgage servicers and discovered weaknesses in servicers’ fair lending compliance management systems. Findings in other areas include the following:

    • consumers were provided inaccurate information about when bank checking account service fees would be waived, and banks misrepresented overdraft protection;
    • debt collectors engaged in improper debt collection practices related to short-term, small-dollar loans, including attempts to collect debts owed by a different person or contacting third parties about consumers’ debts;
    • companies overcharged mortgage closing fees or wrongly charged application fees that are prohibited by the Bureau’s Know Before You Owe mortgage disclosure rules; and
    • borrowers were denied the opportunity to take full advantage of the mortgage loss mitigation options, and mortgage servicers failed to “exercise reasonable diligence in collecting information needed to complete the borrower’s application.”

    The Bureau also set forth new examination procedures for HMDA data collection and reporting requirements as well as student loan servicers, in addition to providing guidance for covered persons and service providers regarding pay-by-phone fee assessments.

    Consumer Finance CFPB Enforcement Auto Finance Credit Cards Debt Collection Fair Lending ECOA Compliance Mortgage Origination Mortgage Servicing HMDA Student Lending

    Share page with AddThis
  • NYDFS Issues Reminder on Cybersecurity Regulation Compliance Effective August 28

    State Issues

    On August 28, the New York Department of Financial Services (NYDFS) issued an announcement reminding all NYDFS-regulated banks, insurance companies, and other financial services institutions that they must now begin complying with the state’s “first-in-nation cybersecurity regulation.” As previously covered in Infobytes, the regulation took effect March 1, 2017, but August 28 was the first compliance date. Covered entities are now required to implement the following: (i) a cybersecurity program designed to protect consumers’ private data; (ii) board/senior officer-approved written policy or policies; (iii) a designated Chief Information Security Officer to help protect an entity’s data and systems; and (iv) “controls and plans in place to help ensure the safety and soundness of New York’s financial services industry.” Furthermore, covered entities must begin reporting cybersecurity events through NYDFS’ online cybersecurity portal. (See previous InfoBytes coverage here.) Notices of exemption may be filed within “30 days of the determination that the covered entity is exempt,” and covered entities must file a certificate of compliance confirming compliance for the previous calendar year no later than February 15, 2018. NYDFS also released a series of frequently asked questions to provide assistance to institutions when complying with the regulation’s requirements.

    State Issues Privacy/Cyber Risk & Data Security NYDFS Compliance Bank Regulatory

    Share page with AddThis
  • OCC Announces Recent Enforcement Actions and Terminations

    Federal Issues

    On August 18, the OCC released a list of new enforcement actions taken against national banks, federal savings associations, and institution-affiliated parties as well as a list of existing enforcement actions that were terminated recently. The actions include cease and desist orders, civil money penalties, removal/prohibition orders and restitution orders.

    Cease and Desist Order. On July 18, the OCC issued a consent order against a Florida-based bank for deficiencies related to its Bank Secrecy Act (BSA) rules and regulations. The consent order, among other things, requires the bank to: (i) appoint a compliance committee responsible for ensuring the bank adheres to the order; (ii) appoint a BSA officer who will “ensure compliance with the requirements of the [BSA] . . . and regulations of the Office of Foreign Assets Control (OFAC)”; (iii) acquire an independent third-party consultant to conduct a formal written assessment of the bank’s BSA oversight infrastructure to determine BSA/Anti-Money Laundering (AML) compliance; (iv) review and update a comprehensive BSA/AML compliance action plan and monitoring system, including implementing processes to timely identify and analyze suspicious activity and file suspicious activity reports (SARs); (v) create a comprehensive training program for “appropriate operational and supervisory personnel to ensure their awareness of their specific assigned responsibilities for compliance with” the BSA; (vi) develop policies and procedures related to the collection of customer due diligence and enhanced due diligence; (vii) monitor accounts for “high-risk customers/transactions”; (viii) implement an independent BSA/AML audit program and written risk assessment program; and (ix) conduct a “Look-Back” plan to determine whether suspicious activity was timely identified and reported by the bank and whether additional SARs should be filed for unreported suspicious activity. The bank, while agreeing to the terms of the consent order, has not admitted or denied any wrongdoing.

    Federal Issues OCC Enforcement Bank Secrecy Act Anti-Money Laundering Compliance SARs

    Share page with AddThis
  • OCC Updates Bank Accounting Guidance

    Agency Rule-Making & Guidance

    On August 15, the Office of the Comptroller of the Currency (OCC) released the annual update to its long-running Bank Accounting Advisory Series (BAAS). Intended to “promote[] consistent application of accounting standards among OCC-supervised banks and federal savings associations,” the BAAS “represents the OCC’s Office of the Chief Accountant’s interpretations of generally accepted accounting principles and regulatory guidance.” The 2017 edition of the BAAS updates guidance on a range of accounting standards issued by the Financial Accounting Standards Board (FASB), and “includes recent answers to frequently asked questions from the industry and examiners.” Several FAQs are updated or deleted, and new FAQs cover the following topics: investments in debt and equity securities; lessee classification and accounting; and transfers of financial assets and servicing.

    This edition of the BAAS also introduces a new approach to recently issued accounting standards. Previous editions covered new accounting standards only after they became effective. But since many FASB Accounting Standard Updates (ASUs) now have different effective dates for public business entities (PBEs) and private companies, this edition also covers ASUs issued through March 31, 2017 that (i) “while not yet effective for all institutions, must be adopted by PBEs beginning in 2018 and may be adopted early by other institutions”; or (ii) “are not yet effective for any institutions but early adoption is allowed.” Accordingly, lavender text boxes include alternative content for both PBEs and early adopters, and gold text boxes include alternative content for early adopters only.

    Agency Rule-Making & Guidance OCC Compliance Banking

    Share page with AddThis
  • Oregon Governor Enacts Law Regarding Compliance Requirements for Debt Collection Licensees

    State Issues

    On August 2, Oregon Governor Kate Brown signed into law House Bill 2356 (HB 2356), which establishes provisions relating to debt collection practices in the state. Among other things, the law (i) details the practices a debt buyer, or debt collector acting on behalf of a debt buyer, is required to follow to legally collect debt; (ii) specifies the type of notice and documents that a debt buyer must provide to a debtor; (iii) requires persons engaged in debt buying to obtain or renew their licenses through the Department of Consumer and Business Services; and (iv) specifies duties of licensees, outlines prohibited conduct, and identifies unlawful collection practices. The law takes effect January 1, 2018.

    State Issues State Legislation Debt Collection Debt Buyer Compliance

    Share page with AddThis
  • FINRA to Host AML Seminars

    Agency Rule-Making & Guidance

    On August 2, the Financial Industry Regulatory Authority (FINRA) announced that it will host a series of anti-money laundering (AML) seminars for compliance professionals, led by managers of the FINRA AML Unit. The seminars on October 19 (Dallas, Texas), November 7 (Boca Raton, Florida), and November 13 (New York, NY) will discuss money laundering fundamentals and typologies, applicable rules and regulations, and guidelines for monitoring for suspicious activity.

    Agency Rule-Making & Guidance FINRA Compliance Anti-Money Laundering

    Share page with AddThis
  • NYDFS Launches New Cybersecurity Portal, Sets Compliance Deadlines

    Privacy, Cyber Risk & Data Security

    On July 31, the New York Department of Financial Services (NYDFS) announced the launch of an online cybersecurity portal for businesses to securely report cybersecurity events as required by the state’s cybersecurity regulation that took effect March 1. (See previous InfoBytes summary here.) The regulation, Cybersecurity Requirements for Financial Services Companies, requires all banks, insurance companies, and other financial services institutions regulated by NYDFS to establish and maintain cybersecurity programs to safeguard consumers’ private data. The cyber portal is designed to facilitate easy reporting of cybersecurity events and will allow regulated entities to file compliance certifications. Starting August 28, 2017, all entities required to comply with NYDFS cybersecurity regulations “must file certain notifications to the [Financial Services] Superintendent including notices of certain cybersecurity events within 72 hours from a determination that a reportable event has occurred.” A cybersecurity event is reportable if it: (i) “impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body”; or (ii) “has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity.” Additionally, covered entities are required to file a certificate of compliance confirming compliance for the previous calendar year no later than February 15, 2018.

    Privacy/Cyber Risk & Data Security NYDFS State Issues Bank Regulatory Compliance

    Share page with AddThis
  • FTC Approves Modifications to COPPA Safe Harbor Program

    Privacy, Cyber Risk & Data Security

    On July 31, the FTC announced it has approved TRUSTe’s proposed modifications to its Children’s Online Privacy Protection Rule's (COPPA) safe harbor program. As previously covered in InfoBytes, COPPA regulates what websites and online services are required to do to ensure the protection of children’s privacy and safety online. The safe harbor program allows the FTC to review and approve “self-regulatory guidelines” submitted by industry groups that implement “the same or greater protections for children” as those contained in the COPPA Rule, and subjects approved groups to safe harbor review and disciplinary procedures instead of formal enforcement action. Among the approved modifications is a change which requires all participants to conduct a comprehensive annual internal assessment of any third-party or service provider that collects personal information from children on their websites or through online services.

    Privacy/Cyber Risk & Data Security Agency Rule-Making & Guidance FTC Compliance Vendor Management

    Share page with AddThis

Pages