InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC opens comment period on defining “exchange”
On April 14, the SEC reopened the comment period on proposed amendments to the statutory definition of “exchange” under Exchange Act rule 3b-16, which now includes systems that facilitate the trading of crypto asset securities. (See also SEC fact sheet here.) The comment period was reopened in response to feedback requesting information about how existing rules and the proposed amendments would apply to systems that trade crypto asset securities and meet the proposed definition of an exchange, or to trading systems that use distributed ledger or blockchain technology, including such systems characterized as decentralized finance (DeFi). The SEC also provided supplement information and economic analysis for systems that would now fall under the new, proposed definition of exchange. The reopened comment period allows an opportunity for interested persons to analyze and comment on the proposed amendments in light of the supplemental information. Comments are due 30 days after publication in the Federal Register.
“[G]iven how crypto trading platforms operate, many of them currently are exchanges, regardless of the reopening release we’re considering today,” SEC Chair Gary Gensler said. “These platforms match orders of multiple buyers and sellers of crypto securities using established, non-discretionary methods. That’s the definition of an exchange—and today, most crypto trading platforms meet it. That’s the case regardless of whether they call themselves centralized or decentralized.” He added that crypto-market investors must receive the same protections that the securities laws afford to all other markets. Commissioners Mark T. Uyeda and Hester M. Peirce voted against reopening the comment period. Uyeda cautioned against expanding the definition of an “exchange” in an “ambiguous manner,” saying it could “suppress further beneficial innovation.” Peirce also dissented, arguing that the proposal stretches the statutory definition of an “exchange” beyond a reasonable reading in an attempt to “reach a poorly defined set of activities with no evidence that investors will benefit.”
DFPI proposes new CCFPL modifications on complaints and inquiries
On April 14, the California Department of Financial Protection and Innovation (DFPI) released a third round of modifications to proposed regulations for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to consumer complaints and inquiries. DFPI modified the proposed text in December and March (covered by InfoBytes here and here) in response to comments received on the initially proposed text issued last year to implement Section 90008 subdivisions (a) (b), and (d)(2)(D) of the CCFPL (covered by InfoBytes here). Subdivisions (a) and (b) authorize the DFPI to promulgate rules establishing reasonable procedures for covered persons to provide timely responses to consumers and the DFPI concerning consumer complaints and inquiries, whereas subdivision (d)(2)(D) permits covered persons to withhold certain non-public or confidential information when responding to consumer inquiries.
DFPI considered comments on the most recent proposed modifications and is now proposing further additional changes:
- Amended definitions. The proposed modifications change “officer” to “complaint officer” and expand the definition to mean “an individual designated by the covered person with primary authority and responsibility for the effective operation and governance of the complaint process, including the authority and responsibility to monitor the complaint process and resolve complaints.” References to “officer” have been changed to “complaint officer” throughout.
- Complaint processes and procedures. The proposed modifications make clarifying edits to the requirements for annual notices issued to consumers (disclosures must be provided “in a clear and conspicuous manner”), and specify that complaints pertaining solely to entities not involved in the offering or providing of the financial product or service being reported on should not be included in the number of complaints received.
- Inquiry processes and procedures. The proposed modifications clarify that should an inquirer indicate any dissatisfaction “regarding a specific issue or problem” concerning a financial product or service or allege wrongdoing by the covered person or third party, the inquiry should be handled as a complaint.
Comments are due April 29.
FHFA rule targets GSE eligibility in colonias
On April 12, FHFA published a final rule amending its Enterprise Duty to Serve Underserved Markets regulation. The final rule, which was adopted without change from the proposed rule issued last year (covered by InfoBytes here), allows Fannie Mae and Freddie Mac (GSE) activities in all colonia census tracts to be eligible for Duty to Serve credit. Specifically, the amendment adds a “colonia census tract” definition to serve as a census tract-based proxy for a “colonia” (as generally applied to “unincorporated communities along the U.S.-Mexico border in California, Arizona, New Mexico, and Texas that are characterized by high poverty rates and substandard living conditions”). The final rule also amends the “high-needs rural region” definition by substituting “colonia census tract” for “colonia,” and revises the definition of “rural area” to include all colonia census tracts regardless of their location, in order to make GSE activities in all colonia census tracts eligible for duty to serve credit. The final rule takes effect July 1.
SBA creates new SBLC category and ends moratorium
On April 12, the SBA published a final rule in the Federal Register lifting the moratorium on licensing new nondepository small business lending companies (SBLCs) and adding a new type of entity called a “Community Advantage SBLC.” The moratorium was imposed in 1982, after the agency determined it lacked adequate resources to effectively service and supervise additional SBLCs participating in SBA’s 7(a) loan program beyond the 14 it was authorized to approve. According to SBA, while the majority of 7(a) lenders are federally-regulated depository institutions, “SBLCs are regulated, supervised, and examined solely by SBA” and “are subject to specific regulations regarding formation, capitalization, and enforcement actions.” SBA explained that there are capital market gaps in certain markets that “continue to struggle to obtain financing on non-predatory terms.” The final rule lifts the licensing moratorium and eliminates the cap on the number of nondepository institutions in the program. The final rule also creates the Community Advantage SBLC to help bridge the financing gap that small businesses face in the private market. Community Advantage SBLCs are nonprofit organizations that will be licensed to make 7(a) loans to small businesses and will help SBA meet the needs of underserved communities. SBA also revised its regulations to remove the requirement for a separate loan authorization document to “eliminate the duplication of effort and opportunity for a mismatch of information between multiple sources of the loan terms and conditions.” The final rule is effective May 12.
Treasury recommends stronger DeFi supervision
On April 6, the U.S. Treasury Department published a report on illicit finance risks in the decentralized finance (DeFi) sector, building upon Treasury’s other risk assessments, and continuing the work outlined in Executive Order 14067, Ensuring Responsible Development of Digital Assets (covered by InfoBytes here).
Written by Treasury’s Office of Terrorist Financing and Financial Crimes, in consultation with numerous federal agencies, the Illicit Finance Risk Assessment of Decentralized Finance is the first report of its kind in the world. The report explained that, while there is no generally accepted definition of DeFi, the term has broadly referred to virtual asset protocols and services that allow for automated peer-to-peer transactions through the use of blockchain technology. Used by a host of illicit actors to transfer and launder funds, the report found that “the most significant current illicit finance risk in this domain is from DeFi services that are not compliant with existing AML/CFT [anti-money laundering and countering the financing of terrorism] obligations.” These obligations include establishing effective AML programs, assessing illicit finance risks, and reporting suspicious activity, the report said.
The report made several recommendations for strengthening AML/CFT supervision and regulation of DeFi services, such as “closing any identified gaps in the [Bank Secrecy Act (BSA)] to the extent that they allow certain DeFi services to fall outside the scope of the BSA’s definition of financial institutions.” The report also recommended, “when relevant,” the “enforcement of virtual asset activities, including DeFi services, to increase compliance by virtual asset firms with BSA obligations,” and suggested continued research and engagement with the private sector on this subject.
In addition, the report pointed to a lack of implementation of international AML/CFT standards by foreign countries, “which enables illicit actors to use DeFi services with impunity in jurisdictions that lack AML/CFT requirements,” and commented that “poor cybersecurity practices by DeFi services, which enable theft and fraud of consumer assets, also present risks for national security, consumers, and the virtual asset industry.” To address these concerns, the report recommended “stepping up engagements with foreign partners to push for stronger implementation of international AML/CFT standards and advocating for improved cybersecurity practices by virtual asset firms to mitigate these vulnerabilities.” The report seeks input from the public sector to inform next steps.
FHFA updates GSE equitable housing finance plans
On April 5, FHFA announced updates to Fannie Mae and Freddie Mac’s (GSEs) equitable housing finance plans for 2023. (See plans here and here.) The updates include adjustments to plans first announced last year (covered by InfoBytes here), which faced pushback from several Republican senators who argued that the plans raised “significant legal concerns” and that “no law authorizes FHFA to use a GSE’s assets to pursue affirmative action in housing.” (Covered by InfoBytes here.) The senators also argued that the Biden administration was “conscripting the GSEs as instrumentalities of its progressive racial equity agenda to achieve outcomes it cannot achieve legislatively or even legally.”
According to FHA’s announcement, the updated plans provide the GSEs with a three-year roadmap to address barriers to sustainable housing opportunities. Updates include (i) taking actions to remove barriers faced by Latino renters and homeowners in Fannie Mae’s plan; (ii) an improved focus on ensuring existing borrowers are able to receive fair loss mitigation support and outcomes through monitoring and developing strategies to close gaps; (iii) providing financial capabilities coaching to build credit and savings; (iv) supporting locally-owned modular construction facilities in communities of color; and (v) increasing the reach of GSE special purpose credit programs to support homeownership attainment and housing sustainability in underserved communities.
FHA proposes earlier HECM claim submissions
On April 4, FHA issued FHA Info 2023-25, announcing proposed changes to the Home Equity Conversion Mortgage (HECM) program and documentation requirements for certain submission criteria. FHA explained that the documentation changes would apply to HECM Assignment Claim Type 22, which “is an option that allows a HECM servicer to assign a mortgage that is in good standing to FHA in exchange for payment of the loan balance, up to the maximum claim amount.” Specifically, the proposal would allow servicers to start submitting claim documentation for preliminary FHA review when a mortgage reaches 97 percent of the maximum claim amount (MCA), versus the 97.5 percent currently allowed. The change is intended “to expedite the payment of claim funds when the mortgage reaches 98 percent of the MCA, to mortgage servicers in light of current market liquidity considerations.” The proposal would also establish that the deadline for mortgagees to deliver original notes and mortgages to FHA is 90 days after the assignment claim payment date, and would align the deadline for delivering recorded assignments of mortgage for all HECMS by increasing the timeline to 12 months for HECMs with FHA case numbers assigned before September 19, 2017. Comments on the proposal are due April 11.
CFPB defines abusive conduct under the CFPA
On April 3, the CFPB issued a policy statement containing an “analytical framework” for identifying abusive conduct prohibited under the Consumer Financial Protection Act. The Bureau broadly defines abusive conduct as anything that obscures, withholds, de-emphasizes, renders confusing, or hides information about the important features of a product or service. The policy statement, which is intended to clarify Congress’s statutory definition of abusive practices, serves as the Bureau’s “first formal issuance” summarizing more than a decade’s worth of precedent on abusiveness.
Specifically, the policy statement highlights two categories of abusive prohibitions: (i) obscuring critical features that could materially interfere with or impede a consumer’s ability to understand terms or conditions that may prompt a consumer to reconsider signing up for certain products or services (e.g., burying or overshadowing important disclosures, filling disclosures with complex jargon, omitting material terms and conditions, physically preventing consumers from viewing notices, or engaging in digital interference through the use of “dark patterns” aimed at “making the terms and conditions materially less accessible or salient”); and (ii) leveraging a company’s knowledge or market power to take unreasonable advantage of a consumer relating to: gaps in understanding; unequal bargaining power; and consumer reliance (e.g., causing a consumer to face a range of potential harms, including monetary and non-monetary costs, taking advantage of a consumer’s lack of understanding as it relates to whether a debt is legally enforceable or when fees will be assessed, or preventing a consumer from switching service providers).
Additionally, the Bureau notes that in order to establish liability, the agency would not be required to show that “substantial injury” occurred—it only needs to show that a practice is considered “harmful or distortionary to the proper functioning of the market.”
Abusive acts or practices will focus on actions, CFPB Director Rohit Chopra explained in prepared remarks at the University of California Irvine Law School, whereas deception claims are more concerned with whether a company’s communications create a misleading net impression. “Congress prohibited companies from leveraging unequal bargaining power, and that includes consumer reporting companies, servicers, and debt collectors who use the fact that their customers are captive to force people into less advantageous deals, extract excess profits, or reduce costs by providing worse service than they would provide if they were competing in an open market,” Chopra added.
The Bureau will receive comments on the policy statement through July 3.
CFPB finalizes Section 1071 rule on small business lending data
On March 30, the CFPB released its final rule implementing Section 1071 of the Dodd-Frank Act. Consistent with Section 1071, the final rule will require financial institutions to collect and provide to the Bureau data on lending to small businesses, defined as an entity with gross revenue under $5 million in its last fiscal year, which the Bureau will ultimately publish. (See also an executive summary here.)
As explained in a corresponding fact sheet, the final rule is intended to foster transparency and accountability by requiring financial institutions—both traditional banks and credit unions, as well as non-banks—to collect and disclose data about small business loan recipients’ race, ethnicity, and gender, as well as geographic information, lending decisions, and credit pricing. The credit application information will be compiled in a comprehensive, publicly available database to help policymakers, borrowers, and lenders better address economic development needs and adapt to future challenges. The final rule also contains a sample data collection form that lenders can, but are not required to, use to collect applicants’ demographic data, and while small businesses are given the option not to provide this information, lenders must not discourage applicants from supplying this data (as explained in more detail in an accompanying policy statement). The Bureau also released a report detailing user testing research used to learn about lenders’ likely experience in filling out the sample data collection form, as well as a report describing the agency’s methodology for estimating how many lenders will be required to report under the final rule and for producing cost estimates associated with implementing the final rule.
The final rule contains important changes from the proposed rule issued in September 2021 (covered by a Special Alert here). Explaining that these changes are designed to make the final rule more effective and easier to follow, the Bureau stated that larger lenders will be required to collect and report data earlier than small lenders. The reporting requirements begin once a lender originates at least 100 covered small business loans in each of the two prior calendar years—a threshold that “accounts for more than 95 percent of small-business loans by banks and credit unions,” the Bureau said in its press release, noting that it was raised from the originally proposed 25-loans-per-year threshold.
While the final rule is effective 90 days after publication in the Federal Register, lenders will follow a tiered compliance date structure:
- Lenders that originate at least 2,500 covered small business loans in both 2022 and 2023, must begin collecting data on October 1, 2024.
- Lenders that originate at least 500 covered small business loans in both 2022 and 2023, must begin collecting data on April 1, 2025.
- Lenders that originate at least 100 covered small business loans in both 2022 and 2023 must begin collecting data on January 1, 2026.
- Lenders that did not originate at least 100 covered small business loans in both 2022 and 2023, but subsequently originated at least 100 transactions in two consecutive calendar years may begin collecting data no earlier than January 1, 2026.
- Lenders that originate between 100 and 500 small business loans in both 2024 and 2025, must begin collecting data on January 1, 2026.
Other changes from the proposal include allowing applicants to self-identify demographic information, including race and ethnicity, rather than requiring loan officers to make the determination. The final rule also now includes an exclusion for mortgage loans that must be reported under HMDA, and suggests that under the federal regulators’ forthcoming Community Reinvestment Act (CRA) reporting requirements, data submitted under the Bureau’s final rule will satisfy relevant CRA requirements. Additionally, financial institutions and other third parties will be allowed to develop services and technologies to assist lenders with collecting and reporting data. The Bureau noted that it is working on a supplementary proposal that would, if finalized, give more compliance time for small lenders that are already successful in meeting the needs of the local communities they serve.
CFPB Director Rohit Chopra commented that the final rule’s impact “will be in the comprehensive data that it produces, which can be used by lenders, borrowers, and the broader public to achieve better credit outcomes for small businesses and communities across the country.”
California OAL approves CCPA regulations
On March 30, the California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law (OAL) approved the agency’s first substantive rulemaking package for implementing the California Consumer Privacy Act (CCPA). The approved regulations are effective immediately. The CPPA noted that the approved regulations update existing CCPA regulations to harmonize them with amendments adopted under the California Privacy Rights Act (CPRA), which was approved by ballot measure in November 2020 to amend and build on the CCPA. In February, the CPPA voted unanimously to adopt and approve the regulations, which have not been substantively changed since the CPPA voted on modifications last year (covered by InfoBytes here). The final regulations and supporting materials are now available on the CPPA’s website.
The CPPA has already begun additional rulemaking. The agency issued a preliminary request for comments on cybersecurity audits, risk assessments, and automated decision-making to inform future rulemaking in February. Comments were due at the end of March.