Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Federal Reserve releases Comprehensive Capital Analysis and Review results

    Federal Issues

    On June 28, the Federal Reserve released the results of the Comprehensive Capital Analysis and Review (CCAR) conducted for 35 firms. This is the eighth year the Fed has conducted the CCAR exercise for the largest U.S.-based bank holding companies. The Fed considers quantitative and qualitative factors in its evaluation, including projected capital ratios under hypothetical severe economic conditions and strength of the firm’s risk management, internal controls, and governance practices that support the capital planning process. This year, 18 firms were subject to both quantitative and qualitative assessments, and 17 firms were only subject to the quantitative assessment. The Fed objected to one firm’s capital plan based on qualitative concerns and issued conditional non-objections to two firms based on changes to the tax law that negatively affected capital levels. However, the one-time reductions are not considered a reflection of the firms’ performances under stress. Overall, U.S. firms have substantially increased their capital since 2009 when the first round of stress tests were conducted.

    Federal Issues Federal Reserve CCAR Stress Test

    Share page with AddThis
  • CFPB announces settlement with national bank to resolve alleged TILA violations


    On June 29, the CFPB announced a $335 million settlement with a national bank who allegedly violated the Truth in Lending Act by failing to properly implement annual percentage rate (APR) reevaluation requirements, which would reduce APRs for certain consumer credit card accounts, consistent with Regulation Z. According to the consent order, the Bureau also claimed the bank failed to put in place reasonable written policies and procedures to conduct the APR reevaluations. Under the terms of the consent order, the bank is required to pay $335 million in restitution to affected consumers and implement corrected policies and procedures to ensure proper APR reevaluation processes. The Bureau further noted that it did not assess civil monetary penalties due to efforts undertaken by the bank to self-identify and self-report violations to the Bureau. The bank also voluntarily corrected the deficiencies, took steps to initiate remediation to affected consumers, and implemented compliance management system enhancements.

    Lending TILA CFPB Credit Cards Settlement

    Share page with AddThis
  • FDIC releases May enforcement actions

    Federal Issues

    On June 29, the FDIC announced a list of orders of administrative enforcement actions taken against banks and individuals in May 2018. The 14 orders include “five Section 19 orders; two civil money penalties; one removal and prohibition order; two terminations of consent orders; two terminations of insurance; one order for restitution; one modification of removal and prohibition order; and one modification of civil money penalty order.” The order for restitution is for violations of certain laws, regulations, and a 2016 consent order “relating to statutory lending limits and restrictions on loans to borrowers classified as ‘substandard.’” The civil money penalty orders relate to (i) unsafe or unsound practices and breaches of fiduciary duty, and (ii) a violation of Regulation O concerning the handing of certain loans from the bank to the respondent. The announcement also notes that there are no administrative hearings scheduled for July 2018.

    Federal Issues FDIC Enforcement Civil Money Penalties

    Share page with AddThis
  • OCC issues updates to Comptroller’s Handbook

    Federal Issues

    On June 28, the OCC issued Bulletin 2018-18, which revises and updates certain booklets of the Comptroller’s Handbook. Among other things, the revisions and updates (i) clarify the applicability of each booklet to community, midsize, and large banks: (ii) incorporate Uniform Interagency Consumer Compliance Rating System revisions; (iii) provide asset management and Bank Secrecy Act/Anti-Money Laundering/Office of Foreign Assets Control risk assessment examiner guidance to ensure consistency with the Federal Financial Institutions Examination Council BSA/AML Examination Manual’s appendixes J and M; (iv) incorporate relevant aspects of the Dodd-Frank Act; (v) clarify the roles of banks’ boards of directors and management; and (vi) “include revised concepts and references regarding third-party risk management; new, modified, or expanded bank products or services; and corporate and risk governance.” The revised booklets are: Bank Supervision Process, Community Bank Supervision, Compliance Management Systems, Federal Branches and Agencies Supervision, and Large Bank Supervision.

    Federal Issues OCC Comptroller's Handbook Bank Secrecy Act Anti-Money Laundering Dodd-Frank Third-Party OFAC

    Share page with AddThis
  • FDIC, Federal Reserve seek comment on proposed 2019 resolution plan

    Federal Issues

    On June 29, the FDIC and Federal Reserve issued (here and here) a joint request for public comment on proposed revisions to resolution plan guidance for the eight largest and most complex U.S. banks. Resolution plans, also known as living wills, outline a bank’s strategy for rapid and orderly resolution under bankruptcy in the event of material financial distress or failure of the company, and help to reduce the risk that a bank’s failure will cause serious adverse effects on the financial stability of the U.S. The proposed guidance would apply beginning with the July 1, 2019 resolution plan submissions. The proposed guidance also would incorporate agency expectations for addressing derivatives, trading, payment, clearing, and settlement activities. The FDIC and Federal Reserve will accept comments on the proposed guidance for 60 days following publication in the Federal Register.

    Federal Issues FDIC Federal Reserve Living Wills

    Share page with AddThis
  • CFPB studies how borrowers transition out of student loan debt

    Federal Issues

    On June 29, the CFPB released a new Data Point report from the Office of Research titled, “Final Student Loan Payments and Broader Household Borrowing,” which examines how student borrowers transition out of their student loan debt and repayment patterns are interconnected with general household finances. Among other things, the report found (i) 94 percent of final payments exceed the scheduled payment, and the median final payment made is 55 times larger than the scheduled payment; (ii) student borrowers who pay off loans early are 31 percent more likely to take out their first mortgage in the year following the student loan payoff than in the previous year; and (iii) student borrowers who pay off loans on schedule are likely to use new monthly savings to pay down other debts. The CFPB’s findings suggest (i) the timing of student loan payoffs may be determined by life events such as increases in wealth and household formations, and (ii) continuing to study student loan payoffs may help predict the evolution of the student loan market.

    Federal Issues CFPB Research Student Lending Consumer Finance

    Share page with AddThis
  • Buckley Sandler Special Alert: California governor signs significant data privacy bill into law

    Privacy, Cyber Risk & Data Security

    On June 28, California Governor Jerry Brown signed the California Consumer Privacy Act (the “Consumer Privacy Act” or the “Act”) into law. The Act was enacted largely in response to a more restrictive ballot initiative (“Ballot Initiative”) that appeared to have gained a sufficient number of signatures to appear on the November 2018 ballot in the state. Both the Act and the Ballot Initiative were a reaction to high-profile news stories involving large-scale consumer data collection and sharing by online companies, often done without notice to or consent from consumers.

    The Ballot Initiative, driven and funded by a coalition of privacy advocates, proposed both expanding consumer privacy rights under existing state laws such as the California Online Privacy Protection Act and the “Shine the Light” law, and giving new consumer rights with regard to information sharing. The Ballot Initiative, which was withdrawn in response to the enactment of the Act, would have provided state residents with increased rights regarding the types of information online companies possess about them, the purposes for which the information is used, and the entities with which the information is shared. Consumers would also have been given the right to stop certain sharing of their personal information. Critics asserted that the Ballot Initiative was poorly crafted and would stifle innovation in data services. Last minute revisions to the language of the Act, which generally follows the requirements of the Ballot Initiative, sought to address some of these concerns and several industry groups that had opposed the Ballot Initiative did not lobby against the quick passage of the Act.


    * * *

    Click here to read the full special alert.

    If you have questions about the act or other related issues, please visit our Privacy, Cyber Risk & Data Security practice page, or contact a Buckley Sandler attorney with whom you have worked in the past.

    Privacy/Cyber Risk & Data Security State Issues Special Alerts

    Share page with AddThis
  • Credit reporting agency agrees to cybersecurity corrective action with eight state regulators

    Privacy, Cyber Risk & Data Security

    On June 27, the New York Department of Financial Services (NYDFS) announced that a major credit reporting agency has agreed to cybersecurity and internal control corrective action following its 2017 data breach, which reportedly affected 143 million American consumers. The consent order, which was entered into with NYDFS and seven other state regulators, requires a wide range of corrective actions. The company must: (i) review and approve a written risk assessment which identifies data breach risks and the likelihood of threats; (ii) establish and oversee a formal internal audit program; (iii) improve oversight of its information security program; and (iv) improve oversight and ensure sufficient controls are developed for critical vendors. The consent order does not include any monetary penalties.

    The consent order follows the June 25 announcement by NYDFS that credit reporting agencies will be required to register annually with the state and comply with the state’s cybersecurity regulation (covered by InfoBytes here).

    Privacy/Cyber Risk & Data Security State Issues Data Breach NYDFS

    Share page with AddThis
  • Connecticut governor signs amendments to state banking statutes

    State Issues

    On June 14, the governor of Connecticut signed HB 5490, which makes various amendments to the state’s banking statutes, including standardizing various requirements across several mortgage and nonmortgage licensing types. Among other things, the law (i) extends the commissioner’s authority over certain mortgage-related licensees (mortgage lenders, brokers, and originators; correspondent lenders, and processors or underwriters) to include small loan lenders, sales finance companies, sales finance companies, mortgage servicers, money transmitters, check cashers, debt adjustors, debt negotiators, consumer collection agencies, student loan servicers, and lead generators; (ii) outlines provisions concerning the commissioner’s authority to conduct investigations and examinations; (iii) establishes that for loans under $5,000, the maximum annual percentage rate (APR) shall not exceed the lesser of 36 percent or the maximum APR for interest “permitted with respect to the consumer credit extended under the Military Lending Act”; and (iv) requires sales finance companies to acquire, maintain, and report to the commissioner certain demographic information on ethnicity, race, and sex for any retail installment contract or application for such contract covering the sale of a motor vehicle. The law is effective October 1, with the exception of specified provisions.

    State Issues State Legislation Mortgages Licensing NMLS

    Share page with AddThis
  • New York regulation requires all credit reporting agencies to register with NYDFS

    State Issues

    On June 25, the New York governor announced the issuance by the New York Department of Financial Services (NYDFS) of a final regulation that requires consumer credit reporting agencies (CRAs) with significant operations in New York to register with NYDFS and to comply with New York’s cybersecurity standard. Specifically, the newly promulgated regulation, entitled “Registration Requirements & Prohibited Practices for Credit Reporting Agencies,” 23 NYCRR 201, requires CRAs that reported on 1,000 or more New York consumers in the preceding year to register annually with NYDFS, beginning on or before September 1, 2018 for 2017 reporting, and by February 1 for every year thereafter. Among other things, the regulation also (i) authorizes the NYDFS superintendent to refuse to renew a CRA’s registration for various reasons, including if the applicant or affiliate of the applicant fails to comply with the cybersecurity regulations; (ii) subjects the CRAs to examination by NYDFS at the superintendent’s discretion; and (iii) prohibits CRAs from engaging in any “unfair, deceptive, or predatory act or practice toward any consumer,” to the extent not preempted by federal law. Additionally, beginning on November 1, the regulation requires every CRA to comply with NYDFS’ cybersecurity regulation, which requires, among other things, covered entities have a cybersecurity program designed to protect consumers’ data and controls and plans to help ensure the safety and soundness of New York’s financial services industry. (Recent InfoBytes coverage on NYDFS’ cybersecurity regulation available here and here.)

    According to Governor Cuomo, the oversight of CRAs will help to ensure New York consumers’ information is less vulnerable to the threat of cyber-attacks, stating, “[a]s the federal government weakens consumer protections, New York is strengthening them with these new standards.”

    State Issues NYDFS Credit Reporting Agency Privacy/Cyber Risk & Data Security

    Share page with AddThis