Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • CFPB Announces Final Rule Modifying ECOA Regulations, Seeks Public Comment on Proposed Disclosure of HMDA Data

    Agency Rule-Making & Guidance

    On September 20, the CFPB announced its Final Rule amending Regulation B, which implements the Equal Credit Opportunity Act (ECOA), as well as a notice of proposed policy guidance requesting public comment on modifications to loan-level HMDA data that will be made publicly available beginning in 2019.

    Amendments to Regulation B. The Final Rule, among other things, permits institutions not subject to HMDA reporting requirements to choose, on an “application-by-application basis,” between two approaches to collecting race and ethnicity data from applicants for certain dwelling-secured loans: either collect such data in the aggregate or use the disaggregated and more expansive categories required for HMDA-reporting institutions under revisions to Regulation C effective in 2018.  According to the Final Rule, this means that creditors that are not HMDA reporters could transition to using the 2016 Uniform Residential Loan Application, which was updated to comply with the upcoming changes to Regulation C. As previously covered in InfoBytes, the justification for the change was to provide consistency and clarity with respect to other Bureau rules.

    Proposed Policy Guidance Regarding Publicly Available Loan-Level HMDA Data. The CFPB has issued a notice of proposed policy guidance with a request for public comment concerning modifications that it intends to apply to publicly available loan-level HMDA data that financial institutions will be required to report in connection with the new HMDA data reporting requirements that become effective January 1, 2018. The CFPB is specifically seeking comment on whether certain data fields should be included or modified in the publicly available loan-level HMDA data; these fields include the universal loan identifier, application date, loan amount, action taken date, property address, age, credit score, debt-to-income ratio, and property value, among others. As previously covered in InfoBytes, the CFPB issued its final rule amending Regulation C in August. Comments on the proposed guidance are due 60 days after publication in the Federal Register.

    Agency Rule-Making & Guidance Consumer Finance CFPB ECOA HMDA Mortgages Regulation B Regulation C

    Share page with AddThis
  • CFPB Publishes Small Entity Compliance Guide on Arbitration Rule

    Agency Rule-Making & Guidance

    On September 15, the CFPB published a small entity compliance guide concerning the Bureau’s final arbitration rule that became effective this month. Compliance is required for “pre-dispute arbitration agreements” entered into on or after March 19, 2018. This guide provides a summary of the rule and highlights the parties and consumer financial products and services covered by the rule, as well as exclusions from the rule’s requirements. In addition, the guide includes descriptions of provisions to be included in pre-dispute arbitration agreements, clarifies the rule’s prohibition on relying on pre-dispute arbitration agreements to block class actions, and explains the record submission requirements under the rule.

    However, as previously discussed in InfoBytes, while the arbitration rule went into effect September 18, the House earlier passed a disapproval resolution, in July, to repeal the rule, with a similar measure set for discussion in the Senate.

    Agency Rule-Making & Guidance CFPB Arbitration Compliance Class Action

    Share page with AddThis
  • Data Breach Fallout Continues: Lawsuit Filed by Massachusetts AG, NYDFS Cybersecurity Regulation to Possibly Include Credit Reporting Agencies, and Joint Letter Sent From 34 States Requesting Fee-Based Credit Monitoring Service Be Disabled

    Privacy, Cyber Risk & Data Security

    The impact from the September 7 announcement that a major credit reporting agency suffered a data breach continues to be far reaching. On September 15, the agency issued a press release announcing additional information concerning its internal investigation, as well as responses to consumer concerns about arbitration and class-action waiver provisions in the Terms of Use applicable to its support package and regarding security freezes.

    Massachusetts AG Lawsuit. On September 19, Massachusetts Attorney General Maura Healey announced it had filed the first enforcement action in the nation against the credit reporting agency. The complaint, filed in Massachusetts Superior Court, alleges that the agency ignored cybersecurity vulnerabilities for months before the breach occurred and claims that the agency could have prevented the data breach had it “implemented and maintained reasonable safeguards, consistent with representations made to the public in its privacy policies, industry standards, and the requirements of [the Massachusetts Data Security Regulations],” which went into effect March 1, 2010. The failure to secure the consumer information in its possession, the complaint asserts, constitutes an “egregious violation of Massachusetts consumer protection and data privacy laws.” Causes of action under the complaint arise from (i) the agency’s failure to provide prompt notice to the commonwealth or the public; (ii) the agency’s failure to safeguard consumers’ personal information; and (iii) the agency engaging in unfair and deceptive acts and practices under Massachusetts law. The commonwealth seeks, among other things, civil penalties, disgorgement of profits, and restitution.

    NYDFS Cybersecurity Regulation. On September 18, New York Governor Andrew M. Cuomo released a notice directing the New York Department of Financial Services (NYDFS) to issue a proposed regulation that would expand the state’s “first-in-the-nation” cybersecurity standard to include credit reporting agencies and to require the agencies to register with NYDFS. The annual reporting obligation would, according to a press release issued by NYDFS, grant it the authority to deny or revoke a credit reporting agency’s authorization to do business with New York’s regulated financial institutions should the agency be found in violation of certain prohibited activities, including engaging in unfair, deceptive or predatory practices. Under the proposed regulation, credit reporting agencies would be subject to compliance examinations by NYDFS, would be required to initially register with NYDFS by February 1, 2018 and annually thereafter, and would be required to comply with cybersecurity regulations starting on April 4, 2018, in accordance with a phased-in compliance schedule. On the same day, NYDFS issued a separate press release urging New York state chartered and licensed financial institutions to take immediate action to protect consumers in light of the recent credit reporting agency data breach. The guidance presented in the release by the NYDFS is provided in conjunction with the state’s cybersecurity regulations.

    State Attorneys General Request. On September 15, a letter co-authored by 34 state attorneys general was sent to the credit reporting agency’s legal counsel. The letter expresses concern over the agency’s conduct since the disclosure of the breach, including the offer of both fee-based and a free credit monitoring services, the waiver of certain consumer rights under the agency’s terms of service, and the charges incurred by consumers for a security freeze with other credit monitoring companies. Specifically, the attorneys general objected to the agency “using its own data breach as an opportunity to sell services to breach victims,” and argued that “[s]elling a fee-based product that competes with [the agency’s] own free offer of credit monitoring services to [data breach victims] is unfair, particularly if consumers are not sure if their information was compromised.” Accordingly, the letter requests that the agency temporarily disable links to fee-based services and extend the offer of free services until at least January 31, 2018. Further, the letter also expresses concern that consumers must pay for a security freeze with other credit monitoring companies and states that the agency should reimburse consumers who incur fees to completely freeze their credit.

    Privacy/Cyber Risk & Data Security Credit Reporting Agency State AG NYDFS Enforcement

    Share page with AddThis
  • CFPB Takes Action Against Delaware Trusts, Debt Collector for Allegedly Filing Illegal Student Loan Debt Collection Lawsuits

    Consumer Finance

    On September 18, the CFPB announced it had filed a complaint in the U.S. District Court for the District of Delaware against a collection of 15 Delaware statutory trusts and their debt collector for, among other things, allegedly filing lawsuits against consumers for private student loan debt that they could not prove was owed or that was outside the applicable statute of limitations. According to the CFPB, between 2001 and 2007, the trusts bought and securitized more than 800,000 private student loans, while the trusts contracted with the debt collector to collect on delinquent and defaulted loans. The complaint alleges that the trusts and debt collector engaged in deceptive and unfair practices between November 2012 and the end of April 2016 by: (i) filing false and misleading affidavits, including more than 25,000 affidavits that were notarized by notaries who had not witnessed the documents being signed; (ii) filing at least 2,000 suits to collect loans without the necessary documentation to show that the trusts owned the loans or to prove that a debt was owed; (iii) filing at least 486 collection suits after the statute of limitations had expired; and (iv) in some instances, providing court testimony consistent with the false affidavit statements. As a result, the trusts and the debt collector allegedly obtained over $21.7 million in judgments against consumers and collected an estimated $3.5 million in payments in cases where they lacked the intent or ability to prove the claims, if contested.

    According to the proposed consent judgment, which must be approved by a judge in the district court, the trusts are required to pay at least $3.5 million in restitution to more than 2,000 consumers who made payments resulting from the improper collection suits, to pay $7.8 million in disgorgement to the Treasury Department, and to pay an additional $7.8 million civil money penalty to the CFPB. In addition, the trusts must: (i) hire an independent auditor, subject to the Bureau’s approval, to audit all 800,000 student loans in the portfolio to determine if collection efforts must be stopped on additional accounts; (ii) cease collection attempts on loans that lack proper documentation or that are time-barred; and (iii) ensure false or misleading documents are not filed and that documents requiring notarization are handled properly.

    A separate consent order issued against the debt collector orders the company to pay a $2.5 million civil money penalty to the CFPB.

    Consumer Finance CFPB Student Lending Debt Collection Enforcement

    Share page with AddThis
  • FinCEN Issues Advisory Regarding FATF-Identified Jurisdictions With AML/CFT Deficiencies

    Financial Crimes

    On September 15, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to financial institutions based on June 23, 2017 updates to the Financial Action Task Force’s (FATF) list of jurisdictions identified as having “strategic deficiencies” in their anti-money laundering/combatting the financing of terrorism (AML/CFT) regimes. FinCEN urges financial institutions to consider this list when reviewing due diligence obligations and risk-based policies, procedures, and practices.

    The current jurisdictions (as further described in the Improving Global AML/CFT Compliance: On-going Process) that have AML/CFT deficiencies for which they have developed an action plan are: Bosnia and Herzegovina; Ethiopia; Iraq; Syria; Uganda; Vanuatu; and Yemen. Notably, Afghanistan and Lao PDR have been removed from this list for making “significant technical progress in improving [their] AML/CFT regime[s] and . . . establish[ing] the legal and regulatory framework to meet [their] commitments in [their] action plan[s].” North Korea, officially known as the Democratic People’s Republic of Korea, and Iran remain the two jurisdictions subject to countermeasures and enhanced due diligence (or EDD) due to AML/CFT deficiencies.

    Financial Crimes FinCEN Anti-Money Laundering FATF Combating the Financing of Terrorism

    Share page with AddThis
  • SEC Reaches Settlement With Investment Adviser for Allegedly Overcharging Clients

    Securities

    On September 14, the SEC announced a settlement in an administrative proceeding against a national bank’s investment adviser subsidiary that allegedly overcharged more than 4,500 clients a total of over $1.1 million for costlier mutual fund share classes that carried 12b-1 marketing and distribution fees when shares of the same mutual funds were available without such fees. The SEC alleged that, from at least December 2011 through approximately June 2015, the investment adviser breached its fiduciary duties, made inadequate disclosures regarding conflicts of interest between the investment adviser and its representatives (who ultimately shared in the gains from the 12b-1 fees as compensation), and did not update its compliance policies and procedures to require its investment adviser representatives to identify or evaluate available share classes. The order cites violations of the Investment Advisers Act of 1940, as well as Rule 206(4)-7. While the investment adviser has neither admitted nor denied the allegations, it has, among other things, agreed to pay a penalty of more than $1.1 million, will provide disgorgement plus interest on any 12b-1 fees that have not yet been refunded to customers, and has been censured.

    Securities SEC Investment Adviser Settlement Enforcement

    Share page with AddThis
  • Illinois Authorizes the Electronic Delivery of Documents in Connection With Premium Finance Agreements

    State Issues

    On September 8, Illinois Governor Bruce Rauner signed into law amendments to the state’s insurance code to authorize the electronic storage, presentment, and delivery of notices and other documents required in connection with premium finance agreements. Public Act 100-0495 provides that a premium finance company can electronically deliver notices and other documents if the receiving party has provided its consent and the premium finance company has made certain required disclosures. The amendments take effect January 1, 2018.

    State Issues State Legislation Electronic Records

    Share page with AddThis
  • FHFA Releases July 2017 Refinance Report

    Lending

    On September 14, the Federal Housing Finance Agency (FHFA) published its Refinance Report for July 2017. As previously reported by the FHFA and other sources, interest rates continued to increase for 30-year fixed-rate mortgages in July (from 3.9 percent in June to 3.97 percent), while overall refinance volume decreased. Specific to the Home Affordable Refinance Program (HARP), the report found, among other things, that borrowers completed 2,305 HARP refinances in July, bringing the total HARP refinances to 3,473,109. Consistent with recent Refinance Reports, the report also notes that borrowers who refinanced through HARP had a lower delinquency rate compared to borrowers eligible for HARP who did not refinance through the program. Last month, the FHFA extended HARP until December 31, 2018.

    Lending FHFA Mortgages Refinance Home Affordable Refinance Program

    Share page with AddThis
  • CFPB UDAAP Claim in Structured Settlement Factoring Case Moves Forward

    Courts

    On September 13, the U.S. District Court for the District of Maryland allowed a UDAAP claim brought by the CFPB to move forward in which the defendants allegedly employed abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. The court also dismissed several UDAAP claims related to an attorney acting as a financial advisor in the transactions. The 2016 complaint alleged that defendants violated the Maryland Consumer Financial Protection Act (CFPA) by encouraging consumers to take advances on their structured settlements and falsely representing that the consumers were obligated to complete the structured settlement sale, “even if they [later] realized it was not in their best interest.” According to the complaint, many of the consumers “’did not understand the risks or conditions of the advances, including that the advances did not bind them to complete the transactions.” The CFPB also alleged several counts based on the conduct of an attorney acting as a financial advisor for the transactions, who allegedly provided “virtually no advice,” and whose services were arranged and directly paid by the structured settlement buyer.

    In the order and memorandum, the court rejected several of the defendants’ arguments to dismiss based on procedural grounds and allowed the CFPB’s UDAAP claim against the structured settlement buyer and its officers to proceed. However, the court dismissed the claims related to the financial advisor, finding that he satisfied the requirements for an exemption under the CFPA for attorneys engaged in the practice of law.

    Courts CFPB UDAAP Litigation Structured Settlement CFPA

    Share page with AddThis
  • CSBS Files Motion in Opposition to OCC’s Motion to Dismiss Fintech Charter Challenge

    FinTech

    On September 13, the Conference of State Bank Supervisors (CSBS) filed its response to the OCC’s motion to dismiss a lawsuit brought against the agency, which challenged its statutory authority to create a special purpose national bank (SPNB) charter for fintech companies. As previously discussed in InfoBytes, the OCC argued in its motion to dismiss that the CSBS lawsuit was premature because the agency has not reached a decision on whether it will make SPNB charters available to fintech companies or other nonbank firms. The OCC further asserted that under the National Bank Act (NBA), its interpretation of “the business of banking” deserves Chevron deference. In its response, CSBS disagreed and argued that in December 2016 the OCC “formally announced” its decision to begin chartering nonbanks, and that with the publication of a supplement to its Licensing Manual—which both stated its authority to issue SPNP charters to “institutions that neither take deposits nor are insured by the [FDIC]” and “invited interested parties to initiate the application process”—the OCC “crystalized its position.”

    In addressing other issues raised by the OCC in support of dismissal of the lawsuit, CSBS argued that:

    • CSBS has sufficient injury for standing because the OCC’s decision to grant charters interferes with states’ sovereignty and the ability to oversee and enforce state licensing and consumer protection laws;
    • the court must test the underlying legal premise, which is that the “OCC lacks the requisite statutory authority under the [NBA] to encroach upon the regulation of nonbanks by issuing national bank charters to institutions that do not take deposits, and therefore do not engage in the ‘business of banking’” because “there is no point in either [the] OCC or its charter applicants devoting resources to ultra vires charters that will be invalidated”;
    • the OCC’s position that CSBS has “failed to state a claim” concerning the interpretation of the “business of banking” is unsupported, and the court “must consider the statutory context of the term, including a regulatory regime that encompasses not only the NBA, but also other federal banking statutes” to conclude that the “business of banking” necessarily includes the taking of deposits; and
    • if the OCC seeks to expand its authority “into areas traditionally occupied by states, courts require a clear showing that Congress, acting through the agency, has approved such a result”—which the OCC has not shown.

    Fintech Courts CSBS OCC Litigation

    Share page with AddThis

Pages