InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CSBS and FHFA sign agreement to enhance information sharing on nonbank mortgage companies
On April 10, the Conference of State Bank Supervisors (CSBS) and the FHFA announced they have signed a memorandum of understanding (MOU) to enhance information sharing on nonbank mortgage companies. The MOU reportedly aimed to improve the ability to coordinate on market developments, identify and mitigate risks, and ultimately, further protect consumers, taxpayers, and the nation’s housing finance system. CSBS Board Chair, Lise Kruse, emphasized the value of collaboration between state and federal regulators to support a stable mortgage marketplace, given the distinct authority each supervisory agency maintained over the nonbank mortgage industry. According to the CSBS, state financial regulators primarily oversee nonbank mortgage companies, while the FHFA regulated significant entities like Fannie Mae and Freddie Mac, which served as important counterparties to the nonbank mortgage industry. According to FHFA Director, Sandra L. Thompson, the new information sharing protocols will enable both state and federal regulators to supervise the mortgage industry more effectively, leading to improved outcomes for all stakeholders.
Maryland finalizes money transmitter regulation; adds agent of the payee exemption
On November 17, the Maryland Commissioner of Financial Regulation recently adopted edits to proposed regulations, Code Md. Code Regs. 09.03.14.01, .03-.18, bringing Maryland generally in alignment with the CSBS Money Transmitter Model Law which has been recently adopted by several other states (covered by InfoBytes here, here, and here). Some provisions in the new regulation conform with the model law, while a few stand out as unique additions in Maryland.
For example, among the newly adopted regulations, amended Regulation .03 provides an exemption for persons appointed as an agent of the payee if (i) there is a written agreement between the payee and agent for payment processing, aligning with Maryland law; (ii) there is public recognition of the agent collecting payments on behalf of the payee; (iii) upon the agent’s receipt of payment, the payor’s obligation ends without risk; (iv) the agent is not serving in an escrow capacity; (v) the agent is not acting as an agent to more than one party; and (vi) the agent mandates prompt, unconditional payment without tying it to future events or performances. This agent of the payee exemption deviates from the model law’s version of the same exemption.
Additionally, amended Regulation .08 establishes corporate governance standards that require money transmitter licensees to maintain a framework that is commensurate with the size, operational complexity, and overall risk profile of the licensee. This standard also sets expectations around internal audit, external audit, and risk management functions of a license. While this concept is not provided for in the model money transmission law, it aligns with the CSBS model state regulatory prudential standards for nonbank mortgage servicers (covered by InfoBytes here).
The final regulation will be effective December 11, 2023.
CSBS offers guidance for licensees to prepare for NMLS renewal
On October 24, CSBS released tips for licensees to prepare for NMLS renewal. As previously covered by InfoBytes, NMLS announced it will be rolling out a new version of its mortgage call report which will include new requirements for many licensees. Kelly O'Sullivan, the chair of the NMLS Policy Committee and deputy commissioner of the Montana Division of Banking and Financial Institutions, advises licensees to proactively update their information in NMLS and make use of available training and resources to address their queries before the renewal period begins. This is particularly crucial for those individuals who typically only engage with NMLS during the license renewal phase.
CSBS recommended five essential tips for licensees:
- Licensees should log into NMLS and thoroughly review and update their profile record to ensure accuracy;
- Licensees should reset their NMLS password in advance to have a current password ready for accessing NMLS when needed;
- Licensees should provide and maintain a current email address to receive essential updates from NMLS during the renewal process;
- Licensees should review state-specific renewal requirements, as state agencies typically begin publishing details, including deadlines and fees, in September;
- Licensees are encouraged to take advantage of the free, on-demand renewal training resources provided by CSBS to become familiar with the renewal process.
CSBS announces release of NMLS MCR Version 6 in Q1 2024
On October 13, 2023, the Conference of State Bank Supervisors (CSBS) announced the Nationwide Multistate Licensing System & Registry (NMLS) will be rolling out a new version of its Mortgage Call Report (MCR). In an effort to standardize mortgage company data at the state level, and minimize the amount of reporting outside the system, NMLS will be launching an updated version of the MCR, Version 6 (FV6) on March 16, 2024.
Licensees will see three main improvements in Version 6:
- FV6 eliminates standard and expanded forms and consolidates them into one form. All servicers will complete the servicer schedule and all lenders will complete the lender schedule. Lenders and servicers will file financials quarterly, and brokers will file financials annually.
- Commercial and consumer lending licensees will complete a separate state-specific form, removing the obligation to report mortgage information.
- The revision of line-item definitions will improve the overall quality of the data and help implement more completeness and accuracy checks.
FV6 will go into effect for all data collected on transactions dated on and after January 1, 2024. Additionally, NMLS will provide companies with the XML specifications no later than October 23. CSBS estimates that approximately 24,000 brokers, lenders, and servicers will experience reduced requirements, and approximately 3,100 lenders will have additional filing requirements.
The Mortgage Bankers Association sent a letter to CSBS in July, raising concerns with the new version, including (i) the lack of technical specifications needed for full consideration of the proposal and its implementation; and (ii) the significant expansion and burden of reporting requirements on smaller filers resulting from the replacement of standard and expanded forms in favor of the new and more detailed FV6. CSBS noted mortgage industry concerns surrounding the timing of the rollout of FV6 ahead of Q1 2024, and shared that details for leniency to the filing deadline will be provided in future communications. NMLS will provide regular updates on the Mortgage Call Report page, targeted learning opportunities and Q&A sessions.
Visit here for additional guidance on FV6 from APPROVED.
Federal and state financial regulatory agencies issue joint statement on the effects of Hurricane Idalia on supervisory practices
On September 1, the FDIC, Fed, NCUA, OCC and CSBS issued a joint statement recognizing the serious impact of Hurricane Idalia on the customers and operations of many financial institutions in the effected area.
The guidance discusses the following aspects of financial institution operations:
- Lending: The agencies encourage financial institutions to work constructively with borrowers in affected communities, including prudent efforts to adjust existing loan terms, and declares that the agencies will not subject such efforts to examiner criticism. “The agencies recognize that efforts to work with borrowers in communities under stress can be consistent with safe-and-sound practices as well as in the public interest.”
- Temporary Facilities: The agencies understand that many financial institutions face staffing, power, telecommunications, and other challenges in re-opening facilities and will expedite, as appropriate, any request to operate in temporary facilities.
- Publishing Requirements: The agencies understand that the damage that the hurricane caused may affect compliance with publishing and other requirements for branch closings, relocations, and temporary facilities. Impacted institutions should contact their primary federal and/or state regulator.
- Regulatory Reporting Requirements: Impacted institutions that expect to encounter difficulty meeting the agencies' reporting requirements should contact their primary federal and/or state regulator to discuss their situation.
- Community Reinvestment Act: Financial institutions may receive CRA consideration for community development loans, investments or services that revitalize or stabilize federally designated disaster areas.
- Investments: The agencies encourage financial institutions to monitor municipal securities and loans affected by the hurricane, including those related to local government projects.
CSBS announces Nonbank Model Data Security Law
The Conference of State Bank Supervisors (CSBS) recently released a comprehensive framework for safeguarding sensitive information held at nonbank financial institutions. CSBS’s Nonbank Model Data Security Law is largely based on the FTC’s updated Safeguards Rule, which added specific criteria for financial institutions and other entities, such as mortgage brokers, motor vehicle dealers, and payday lenders, to undertake when conducting risk assessments and implementing information security programs. (Covered by InfoBytes here.) Adopting the Nonbank Model Data Security Law allows for a streamlined and efficient approach to data security regulations for nonbank financial institutions, CSBS explained, adding that by leveraging the existing Safeguards Rule’s applicability to state covered nonbanks, the model law imposes minimal additional compliance burdens and ensures smoother implementation for financial institutions. States can also choose an alternative approach by requiring nonbank financial institutions to conform to the Safeguards Rule, CSBS said.
The Nonbank Model Data Security Law outlines numerous provisions, which are intended to protect customer information, mitigate cyber threats, and foster a secure financial ecosystem. These include standards for safeguarding customer information, required elements that must be included in a nonbank financial institution’s information security program, and an optional section that requires entities to notify the commissioner in the wake of a security event. CSBS noted that because “the proposed rule on notification requirements for the FTC Safeguards Rule is still pending, the model law allows each state to establish their own customer threshold number, providing flexibility in determining the extent of impact that triggers the notification obligation.” CSBS also provided a list of resources for adopting the Nonbank Model Data Security Law.
Texas enacts Money Services Modernization Act
On May 29, the Texas governor signed SB 895 (the “Act”) to enact the Money Services Modernization Act, the money transmitter model law created by industry and state experts. The goal of the Act is to create a set of consistent and coordinated standards relating to the regulation of money service businesses. Among other things, the Act outlines networked supervision criteria to allow the commissioner to participate in multistate supervisory processes coordinated through the Conference of State Bank Supervisors, the Money Transmitter Regulators Association, and other related affiliates and successors for all money services licenses that hold licenses in Texas and other states. To efficiently minimize regulatory burden, the commissioner may, among other things, coordinate and share information with other state and federal regulators, enter into information-sharing contracts or agreements, conduct joint examinations or investigations, and accept examination or investigation reports made by other states. Texas now joins several other states in adopting common licensing and regulatory standards to add efficiencies to the multi-state process (continuing InfoBytes coverage here).
Additionally, the commissioner has enforcement, examination, and supervision authority, may adopt implementing regulations, and may recover costs and fees associated with applications, examinations, investigations, and other related actions. The Act also includes additional consumer protection provisions. The Act includes in the definition of “money” or “monetary value” a stablecoin that “(i) is pegged to a sovereign currency; (ii) is fully backed by assets held in reserve; and (iii) grants a holder of the stablecoin the right to redeem the stablecoin for sovereign currency from the issuer.” Among the various exemptions, the Act provides for an exemption for an agent of the payee to collect and process a payment from a payor to the payee for goods or services, other than money transmission services. The amendments also outline numerous licensing application and renewal procedures including net worth, surety bond, and permissible investment requirements. The Act is effective September 1.
Tennessee enacts Money Transmission Modernization Act
On April 4, the Tennessee governor signed HB 316 / SB 268 to enact the Money Transmission Modernization Act, the money transmitter model law created by industry and state experts. Provisions under the Act amend Tennessee Code Annotated, Title 45, and are intended to (i) reduce regulatory burden by promoting coordination among the states in areas of regulation, licensing, and supervision; (ii) protect the public from financial crime; (iii) standardize activities that are subject to, or otherwise exempt from, licensure; and (iv) modernize safety and soundness requirements to protect customer funds while supporting innovative and competitive business practices. Under the Act, persons may not engage in the business of money transmission, or advertise, solicit, or hold themselves out as providing money transmission without being licensed. In addition to exempting federal and state agencies and financial institutions organized under the laws of any state or the United States, the Act now exempts “authorized delegates”—persons designated by a licensee to engage in money transmission on behalf of the licensee, and persons that fall within an outlined exemption, including persons appointed as an agent of the payee.
The Act also provides the commissioner of financial institutions with the authority to exercise various powers, including the use of the Nationwide Multistate Licensing System and Registry, and the ability to participate in multistate supervisory processes coordinated through the Conference of State Bank Supervisors, Money Transmitter Regulator Association, and others for all licensees that hold licenses in Tennessee and other states. While retaining the ability to conduct examinations of licensees, the commissioner may now examine or investigate an authorized delegate. The Act also updates licensee liability requirements related to net worth assets and surety bonds and make various other changes related to audit reports and disclosure permissions. The Act further provides that “[a] person shall not engage in the business of money transmission on behalf of a person not licensed under this chapter or not exempt pursuant to § 45-7-104,” and stipulates that “[a] person that engages in such activity provides money transmission to the same extent as if the person were a licensee, and is jointly and severally liable with the unlicensed or nonexempt person.” The Act takes effect January 1, 2024.
CSBS seeks comments on uniform mortgage licensing standards
On March 16, the Conference of State Bank Supervisors (CSBS), on behalf of the NMLS Policy Committee, issued a request for public comments on proposed uniform state licensing standards for mortgage companies. The Proposal: Mortgage Business-Specific Requirements would create a national standard for mortgage industry licensing to help improve uniformity within the state system and streamline the licensing process for mortgagees seeking licensure in multiple states.
The proposal is broken down into eight components:
- Contacts. All licensees will be required to provide contacts within the company for accounting, legal, licensing, data breach/cybersecurity, exam billing, exam delivery, and mortgage call reports, in addition to a primary company contact and a primary consumer complaint contact. If a licensee chooses to list a third-party contact, “the company will be deemed to have expressly authorized a state agency to contact the third party without further approval from the company” and “the company is ultimately responsible for the area of responsibility.”
- Periodic reporting. All licensees will be required to complete periodic reports covering mortgage call reports, audited financial statements, and reportable incidents.
- Data requirements. All licensees will be required to “provide numbers for any approvals or designations the company holds[,]” as well as business bank account information for accounts held in the name of the applicant and used for mortgage activities.
- Document requirements. Required documentation includes financial statements; policies and certifications; current Bank Secrecy Act/anti-money laundering and Gramm-Leach Bliley Privacy Act policies; current disaster recovery or business continuity plans; a current consumer grievance/complaint policy (as well as the required certification); and documents used in the regular course of business such as operating agreements, consumer complaint notices, customer agreements, and third-party contracts.
- Required functionality. All licensees must abide by a three-party electronic surety bond agreement in order to guarantee “the surety’s performance or monetary compensation to the obligee should there be a failure by the principal to perform specified acts within a stated time period.” The surety bond will be electronically managed by NMLS.
- Location reporting. All licenses will be required to provide locations where licensed activity will be performed, where records will be stored, or where support staff for licensed activities will be located. Licensees must also provide the primary location for accounting services, regardless of whether they are provided in house or by a third-party accounting firm, cloud storage services (including services used to collect data from customers), and the primary location for legal services, regardless of whether they are provided in house or by a third-party law firm.
- Company operated work locations’ information. The proposal outlines information required for each company operated work location, including business activities, licensing authorities, addresses, books and records information, and “doing business as” names.
- Key individual requirements. Licensees will be required to identify key individuals in the areas of management, ownership, functional risk areas, and industry specific roles. The proposal explains that the key individual inquiry focuses on key risk and functional areas (operations, finance, compliance, and information security), rather than titles. Key individuals for mortgages must also submit credit reports and complete an FBI criminal background check. Key individuals who have lived outside the United States at any time in the past 10 years must also provide an investigative background report.
Comments on the proposal are due May 15.
CSBS says state regulators need access to FinCEN’s beneficial ownership database
On February 14, the Conference of State Bank Supervisors commented that FinCEN should be more explicit in its inclusion of state regulators as agencies that can request access to FinCEN’s forthcoming secure, non-public beneficial ownership information database. (See comment letter here.) As previously covered by InfoBytes, last December FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information (BOI). The NPRM proposed regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties, and also addressed aspects of the database that are currently in development. Agreeing that the new database would help enhance anti-money laundering and countering the financing of terrorism standards and help prevent the use of privacy to hide illicit activity from law enforcement and government authorities, CSBS asked that the final rule “explicitly define state regulators so that there is no confusion about their ability to access BOI when examining state-chartered banks and non-depository trust companies for compliance with customer due diligence requirements under the Bank Secrecy Act (BSA).” According to CSBS, state regulators conducted over 1,200 BSA exams in 2021. CSBS further pointed out that being able request BOI on an as needed basis would aid investigative and enforcement responsibilities for both state-chartered banks and state-licensed nonbank financial services providers.