InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB releases TRID five-year lookback assessment
On October 1, the CFPB released the assessment report required by Section 1022(d) of the Dodd-Frank Act for the TILA-RESPA Integrated Disclosure Rule (TRID), concluding that the TRID Rule “made progress towards several of its goals.” The assessment report was conducted using the Bureau’s own research and external sources. In opening remarks, Director Kraninger noted that the Bureau was “unable to obtain or generate the data necessary” to include a cost-benefit analysis, but documented the benefits and costs when possible. In addition to studying the effectiveness of the TRID Rule, the report also summarized the public comments the Bureau received from its November 2019 request for information (covered by InfoBytes here).
The Bureau issued the TRID Rule in November 2013, and the Rule took effect on October 3, 2015. Among other things, the TRID Rule integrated TILA’s Good Faith Estimate (GFE) and RESPA’s settlement statement (HUD-1), as well as other Dodd-Frank required disclosures, into the “Loan Estimate” and “Closing Disclosure” forms. Key findings of the assessment include:
- The TRID disclosure forms improved borrower abilities to locate key mortgage information, and compare costs and features of different mortgage offers;
- Evidence was mixed as to whether the TRID disclosure forms improved borrower abilities to understand loan estimates and transactions, and the TRID Rule increased consumer shopping for mortgages;
- The median response for one-time costs for lenders of implementing the rule was roughly $146 per mortgage originated in 2015;
- Evidence was unclear regarding ongoing costs for lenders, noting that over the last decade, lenders’ costs have increased steadily, but the data does not show a clear increase from the time the TRID Rule took effect; and
- Purchases and refinances dropped notably (around 14 percent and eight percent, respectively) in the first two months after the effective date, and purchase closing times lengthened by about 13 percent. However, both changes returned to pre-TRID Rule amounts and durations.
Additionally, the Bureau released a Data Point report titled, “How mortgages change before origination,” which details how the terms and costs of a mortgage loan may change during the origination process. The Bureau examined about 50,000 mortgages originated between March 2016 and November 2017, and found, among other things, that (i) APR changes occurred in more than 40 percent of mortgages; (ii) loan amount and the loan to value ratio changed for nearly 25 percent of mortgages; and (iii) interest rate changed for eight percent of mortgages.
SEC: CARES Act, Federal Reserve facilities reduced impact of Covid-19 on U.S. credit market
On October 5, the SEC released issued a report addressing the economic effects of the Covid-19 pandemic on the U.S. credit markets. The report concludes that the immediate and multi-faceted actions taken by the Federal Reserve and under the CARES Act were instrumental in relieving stress in the credit market, stabilizing housing prices and sustaining consumer spending. The SEC will hold roundtable discussion with U.S. and international regulators on October 14 to discuss the report and related policy issues.
SEC has “record-setting” whistleblower fiscal year
On September 30, the SEC announced six new whistleblower awards to finish a “record-setting” fiscal year. In the first announcement, the SEC details an award of nearly $30 million to two whistleblowers. The first, received approximately $22 million for providing information that led SEC staff to open and investigation and subsequently “provided substantial, ongoing assistance.” The second whistleblower received approximately $7 million for providing “additional valuable information” during the investigation.
In the second announcement, the SEC details four whistleblower awards totaling nearly $5 million. In the first order, the SEC awarded a whistleblower almost $2.9 million for alerting the agency of “alleged wrongdoing, which would have been difficult to detect in the absence of [the information.” The second order awards a whistleblower more than $1.7 million for providing “ongoing and extensive assistance” to SEC staff. And the third order, awards nearly $400,000 to two whistleblowers for providing a joint tip and “continu[ed] corporation and assistance, including having numerous meetings and discussions with staff.”
Earlier on September 28, the SEC announced an over $1.8 million award to a whistleblower in connection with a successful agency enforcement action. The whistleblower—an unaffiliated company outsider—“expeditiously reported significant information to the Commission about ongoing securities law violations.” According to the SEC, the award illustrates the important role company outsider intelligence can play in halting ongoing violations.
The SEC announced on September 25 two separate whistleblower awards, totaling over $2.5 million, for information regarding overseas conduct. The first, an award for over $1.8 million, was given to a whistleblower for taking “personal and professional risks” by using an internal compliance system at a company to report information. The tip resulted in an internal investigation, revealing overseas conduct that “would otherwise have been hard to detect.” The company then subsequently reported the findings to the SEC. The second whistleblower was awarded $750,000 for reporting concerns internally about securities violations occurring overseas that led to a successful enforcement action.
The SEC has now paid a total of $562 million to 106 individuals since the inception of the program.
Health insurer to pay $48 million to resolve 2014 data breach
On September 30, a multistate settlement was reached between a health insurance company and a collation of 42 state attorneys general and the District of Columbia to resolve a 2014 data breach that allegedly comprised the personal information of more than 78 million customers nationwide. According to the states, cyber attackers infiltrated the company’s systems using malware installed through a phishing email. The data breach resulted in the exposure of consumers’ social security numbers, birthdays, and other personal data. Under the terms of the settlement, the health insurer must pay $39.5 million in penalties and fees, and is required to (i) not misrepresent the extent of its privacy and security protections; (ii) implement a comprehensive information security program, including “regular security reporting to the Board of Directors and prompt notice of significant security events to the CEO”; (iii) implement specific security requirements, including “anti-virus maintenance, access controls and two-factor authentication, encryption, risk assessments, penetration testing, and employee training”; and (iv) schedule third-party assessments and audits for three years.
Separately, the California AG reached a $8.69 million settlement, subject to court approval, in a parallel investigation, which requires the health insurer to, among other things, implement changes to its information security program and fix vulnerabilities to prevent future data breaches.
Previously in 2018, the health insurer reached a $115 million class action settlement, which provided for two years of credit monitoring, reimbursement of out-of-pocket costs related to the breach, and alternative cash payment for credit monitoring services already obtained (covered by InfoBytes here).
California enacts the Debt Collection Licensing Act
On September 25, California governor signed SB 908, which includes the “Debt Collection Licensing Act” (the Act). The Act requires a person engaging in the business of debt collecting in the state of California to be licensed and provides for the regulation and oversight of debt collectors by the Department of Financial Protection and Innovation (DFPI) (the legislation refers to the DFPI as its previous name Department of Business Oversight). Debt collection licenses will be required starting January 1, 2022. Debt collectors who submit applications before January 1, 2022 will be allowed to operate while their application is pending.
The Act details the process of licensure, including application fees and background checks, and requires each licensee to (i) file reports under oath with the Commissioner; (ii) maintain a surety bond; (iii) and pay to the Commissioner its pro rata share of all costs and expenses to administer the licensing provisions. The Act requires the Commissioner to “take all actions necessary” in preparation “to fully enforce the licensing and regulatory provisions of this division, including, but not limited to, adoption of all necessary regulations” by January 1, 2022.
Moreover, in addition to the FDCPA’s general prohibition on engaging in unfair or deceptive acts or practices in the collection of consumer debts, SB 908 also prohibits California debt collectors from, among other things, (i) using profane language; (ii) placing telephone calls without disclosing the caller’s identity; (iii) communicating with debtors at a frequency that is “unreasonable,” and would “constitute harassment of the debtor under the circumstances;” and (iv) sending written or digital communications without their California license number displayed in at least 12-point sized font.
California DBO now Department of Financial Protection and Innovation
On September 29, the California governor signed AB 107, an Assembly Budget Committee bill, which changes the name of the Department of Business Oversight (DBO) to the Department of Financial Protection and Innovation (DFPI), effective immediately. As previously covered in depth by a Buckley Special Alert, the California legislature passed AB 1864, which was signed by the governor on September 25 and enacts the California Consumer Financial Protection Law (CCFPL) and establishes the DFPI name change.
The DFPI name change is now live on their website.
Certain business and employment CCPA exemptions extended to 2022
On September 29, the California governor signed AB 1281, which extends certain exemptions under the California Consumer Privacy Act (CCPA) from January 1, 2021 to January 1, 2022. As previously covered by InfoBytes, the CCPA—enacted in June 2018 (covered by a Buckley Special Alert) and amended several times—became effective January 1, and provides consumers several rights regarding their personal information that is held by a business. Specifically, the exemptions at issue in AB 1281 apply to “information collected by a business about a natural person in the course of the natural person acting as a job applicant, employee, owner, director, officer, medical staff member, or contractor, as specified.” The exemptions also apply to certain personal information used in communications or transactions between a business and a consumer if the “consumer is a natural person who is acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietorship, nonprofit, or government agency and whose communications or transaction with the business occur solely within the context of the business conducting due diligence regarding, or providing or receiving a product or service to or from that company, partnership, sole proprietorship, nonprofit, or government agency.” However, the act will only take effect if a ballot proposition does not pass during the November statewide general election.
9th Circuit splits with 4th Circuit, concludes arbitration agreement does not apply to acquired company
On September 30, the U.S. Court of Appeals for the Ninth Circuit issued a split opinion affirming a district court’s decision against arbitration in a proposed class action, which accused a satellite TV provider (defendant) of violating the TCPA by allegedly placing unauthorized prerecorded messages to customers’ cell phones without prior express written consent. According to the opinion, the plaintiff signed a contract containing an arbitration agreement with a telecommunications company in 2011 that eventually acquired the defendant in 2015. After the plaintiff filed his complaint, the defendant moved to compel arbitration, arguing that as an affiliate of the telecommunications company, it was entitled to arbitration. The district court disagreed and ruled that the contract signed between the plaintiff and the telecommunications company “did not reflect an intent to arbitrate the claim that [the plaintiff] asserts against [the defendant].”
On appeal, the majority concluded that “under California contract law, looking to the reasonable expectations of the parties at the time of the contract, a valid agreement to arbitrate did not exist between plaintiff and [the defendant] because [the defendant] was not an affiliate of the [telecommunications company] when the contract was signed.” The majority acknowledged that its decision is contrary to a recent 4th Circuit opinion (covered by InfoBytes here), in which that majority concluded that that an arbitration agreement signed by the plaintiff with the telecommunications company in 2012 when she opened a new line of service was extended to potential TCPA allegations against the defendant when the telecommunications company acquired the defendant in 2015. However, the 9th Circuit majority held that under the defendant’s interpretation of the agreement, the plaintiff “would be forced to arbitrate any dispute with any corporate entity that happens to be acquired by [the telecommunications company], even if neither the entity nor the dispute has anything to do with providing wireless services to [the plaintiff]—and even if the entity becomes an affiliate years or even decades in the future.” Moreover, the majority concluded that to enforce an agreement the plaintiff signed with the telecommunications company before it acquired the satellite TV provider would lead to “absurd results.”
In dissent, the minority wrote that because the agreement with the telecommunications company covered its affiliates and there is nothing in the agreement’s wording stating that it would only “refer to present affiliates” on the day of signing, the defendant should be able to compel arbitration.
3rd Circuit: Section 13(b) of the FTC Act does not give the agency restitution power
On September 30, the U.S. Court of Appeals for the Third Circuit reversed a district court’s order of $448 million in disgorgement, concluding that disgorgement is not a remedy available under Section 13(b) of the FTC Act. According to the opinion, the FTC brought an action against the owners of a testosterone treatment patent (defendants) for allegedly “trying to monopolize and restrain trade over [the treatment],” in violation of Section 13(b) of the FTC Act. The district court dismissed the FTC’s claims related to the reverse-payment agreement the defendants entered into with another pharmaceutical company but held the defendants liable for the FTC’s sham-litigation allegations and ordered the defendants to pay $448 in disgorgement of ill-gotten gains. The district court denied the FTC’s request for an injunction.
On appeal, the 3rd Circuit concluded, among other holdings, that the court erred by ordering disgorgement, as it lacked the authority to do so under Section 13(b) of the FTC Act. Specifically, the appellate court noted that Section 13(b) “authorizes a court to ‘enjoin’ antitrust violations,” but is silent on disgorgement. The appellate court rejected the FTC’s contention that Section 13(b) “impliedly empowers district courts” to order disgorgement as well as injunctive relief, concluding that “the context of Section 13(b) and the FTC Act’s broader statutory scheme both support ‘a necessary and inescapable inference’ that a district court’s jurisdiction in equity under Section 13(b) is limited to ordering injunctive relief.” Thus the appellate court reversed the order of $448 million in disgorgement.
In reaching this conclusion, the appellate court noted its determination was consistent with the 7th Circuit’s decision FTC v. Credit Bureau Center (covered by InfoBytes here), which also held that the FTC does not have the power to order restitution under Section 13(b). As previously covered by InfoBytes, the U.S. Supreme Court granted consolidated review in Credit Bureau Center and in the 9th Circuit’s decision in FTC v. AMG Capital Management (covered by InfoBytes here). The Court will decide whether the FTC can demand equitable monetary relief in civil enforcement actions under Section 13(b) of the FTC Act.
FFIEC adopts revised interagency examination procedures for TILA
On September 30, On September 30, the OCC issued Bulletin 2020-84 announcing the Task Force on Consumer Compliance of the Federal Financial Institutions Examination Council’s adoption of revised interagency examination procedures for TILA, as implemented by Regulation Z. The updated interagency procedures reflect changes made to Regulation Z that relate to the TILA-RESPA Integrated Mortgage Disclosure Rule. Updates also reflect amendments to TILA that relate to the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA), such as (i) special provisions relating to high-cost loans, appraisals, and student lending; (ii) “an additional type of qualified mortgage for insured depository institutions with less than $10 billion in assets”; and (iii) “an additional type of escrow exemption for insured depository institutions with less than $10 billion in assets.” The bulletin rescinds the “Truth in Lending Act” booklet of the Comptroller’s Handbook, as well as OCC Bulletin 2018-31, “Truth in Lending Act: Revised Comptroller's Handbook Booklet and Rescissions.” Going forward, examiners should only rely on the revised interagency examination procedures.
The CFPB also updated its TILA examination procedures to reflect 2017 and 2018 amendments to Regulation Z and EGRRCPA on September 29.