InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FFIEC releases 2022 HMDA data
On March 20, the CFPB announced the release of the 2022 HMDA modified loan application register (LAR) data. The LAR data, available on the Federal Financial Institutions Examination Council’s HMDA platform, contains modified loan-level information on approximately 4,394 HMDA filers. The Bureau also announced plans to produce the 2022 HMDA data “in other forms to provide users insights into the data,” including through a nationwide loan-level dataset, which will provide all publicly available data from all HMDA reporters, as well as aggregate and disclosure reports with summary information by geography and lender, to allow users the ability to create custom datasets and reports. The Bureau also said it plans to publish a Data Point article highlighting key trends in the annual HMDA data.
Banking company pleads guilty to mortgage fraud
On March 15, a Michigan-headquartered bank holding company agreed to plead guilty to securities fraud for filing misleading statements related to its 2017 initial public offering (IPO) and its 2018 and 2019 annual filings. According to the DOJ’s announcement, the bank holding company and its wholly owned subsidiary were under investigation over allegations that loan officers were encouraged to increase the volume of residential mortgage loan originations in order to artificially inflate bank revenue leading up to and following the IPO. The DOJ explained that the bank filed false securities statements about its residential mortgage loan program in its IPO, as well as in subsequent annual filings that “contained materially false and misleading statements that touted the soundness of the [] loans.” These loans were actually “rife with fraud,” the DOJ said and cost non-insider victim-shareholders nearly $70 million. Senior management allegedly knew that loan officers were falsifying loan documents and concealing the fraudulent information from the bank’s underwriting and quality control departments, the DOJ maintained, noting that the actions caused the bank to originate loans and extend credit to borrowers who would have otherwise not qualified.
Under the terms of the plea agreement (which must be accepted by the court), the bank holding company will “be required to serve a term of probation through 2026, submit to enhanced reporting obligations to the department, and pay more than $27.2 million in restitution to its non-insider victim-shareholders.” The DOJ considered several factors when determining the criminal resolution, including the nature and seriousness of the offense and the pervasiveness of the misconduct at the most senior levels. The bank holding company received credit for its cooperation and for implementing extensive remedial measures, and has agreed to continue to fully cooperate with the DOJ in all matters relating to the covered conducts and other conduct under investigation. It is also required to self-report criminal violations and must continue to implement a compliance and ethics program to detect and deter future violations of U.S. securities law.
As previously covered by InfoBytes, the bank holding company’s subsidiary paid a $6 million civil money penalty to the OCC last September for alleged unsafe or unsound practices related to the residential mortgage loan program.
U.S., German law enforcement disable darknet crypto mixer
On March 15, U.S. law enforcement, along with German criminal authorities, disabled a darknet cryptocurrency “mixing” service used to allegedly launder more than $3 billion in cryptocurrency underlying ransomware, darknet market activities, fraud, cryptocurrency heists, hacking schemes, and other activities. According to the DOJ’s announcement, law enforcement agencies seized two domains and back-end servers, as well as more than $46 million in cryptocurrency. The DOJ claimed the mixing service allowed criminals to obfuscate the source of stolen cryptocurrency by commingling users’ cryptocurrency in a way that made it difficult to trace the transactions. In conjunction with the action taken against the mixing service, a Vietnamese national responsible for creating and operating the online infrastructure was charged with money laundering, operating an unlicensed money transmitting business, and identity theft connected to the mixing service. Separate actions have also been taken by German law enforcement authorities, the DOJ said. “Criminals have long sought to launder the proceeds of their illegal activity through various means,” Special Agent in Charge Jacqueline Maguire of the FBI Philadelphia Field Office said in the announcement. “Technology has changed the game, though[.] In response, the FBI continues to evolve in the ways we ‘follow the money’ of illegal enterprise, employing all the tools and techniques at our disposal and drawing on our strong partnerships at home and around the globe.”
Fed to launch FedNow in July
On March 15, the Federal Reserve Board announced a July launch date for its FedNow Service. (Covered by a Special Alert here.) Beginning the first week of April, the Fed will start formally certifying participants, with early adopters completing a customer testing and certification program in preparation for sending live transactions through the system. The certification process “encompasses a comprehensive testing curriculum with defined expectations for operational readiness and network experience,” the Fed explained. “We couldn’t be more excited about the forthcoming FedNow launch, which will enable every participating financial institution, the smallest to the largest and from all corners of the country, to offer a modern instant payment solution,” said Ken Montgomery, First Vice President of the Federal Reserve Bank of Boston and FedNow program executive. “With the launch drawing near, we urge financial institutions and their industry partners to move full steam ahead with preparations to join the FedNow Service,” Montgomery added.
In addition to certifying early adopters for the July launch, the Fed said it will continue to engage with financial institutions and service providers to complete the testing and certification program throughout 2023 and beyond. FedNow “will launch with a robust set of core clearing and settlement functionality and value-added features,” the agency said, explaining that “[m]ore features and enhancements will be added in future releases to continue supporting safety, resiliency and innovation in the industry as the FedNow network expands in the coming years.”
Fed governor says transparency is key for promoting innovation in the banking system
On March 14, Federal Reserve Governor Michelle W. Bowman presented thoughts on innovation trends within the U.S. financial system during a conference held by the Independent Community Bankers of America. Bowman commented that innovation has always been a priority for banks of all sizes and business models, and that regulators—often accused of “being hostile to innovation” within the regulated financial system—are continually trying to learn and adapt to new technologies, which often introduce new risks and vulnerabilities. In order to address these challenges, which are often amplified for community banks, Bowman said banks must be prepared to make improvements to risk management, cybersecurity, and consumer compliance measures, and regulators—playing a complementary role—must ensure rules are clear and transparent. She further stressed that “[i]t is absolutely critical that innovation not distract banks and regulators from the traditional risks that are omnipresent in the business of banking, particularly credit, liquidity, concentration, and interest rate risk.” Noting that these types of risks are present in all bank business models, Bowman said they “can be especially acute for banks engaging in novel activities or exposed to new markets, including crypto-assets.”
Explaining that transparency is important for promoting a safe, sound, and fair banking system, particularly when it comes to innovation, Bowman stated that insufficient clarity or transparency or disproportionately burdensome regulations may “cause new products and services to migrate to the shadow banking system.” Bowman went on to discuss ways bank regulation and supervision can support responsible innovation, and highlighted unique challenges facing smaller banks, as well as key actions taken by regulators to date relating to crypto assets, third-party risk management, cybersecurity, Community Reinvestment Act reform, bank mergers, and overdraft fees, among others.
FHFA delays effective date of DTI ratio-based fee
On March 15, FHFA delayed the implementation of a new debt-to-income ratio-based fee to August 1, in order to ensure lenders have sufficient time to prepare. In January, FHFA made several changes relating to upfront fees for certain borrowers with debt-to-income (DTI) ratios above 40 percent. The updated and recalibrated pricing grids also include the upfront fee eliminations announced last October to increase pricing support for purchase borrowers limited by income or by wealth, FHFA said. The agency made the decision to delay the effective date by three months based on feedback from mortgage industry stakeholders who raised concerns about the operational challenges of implementing the DTI ratio-based fee. FHFA also confirmed that “lenders will not be subject to post-purchase price adjustments related to this DTI ratio-based fee for loans acquired by [Fannie Mae and Freddie Mac] between August 1, 2023, and December 31, 2023.” The agency explained that this temporary exception “will not alter any other quality control review decisions by [Fannie Mae and Freddie Mac].”
CFPB scrutinizes discharged private student loan billing and collection practices
On March 16, the CFPB released a compliance bulletin discussing student loan servicers’ practice of collecting on private student loans discharged in bankruptcy. The bulletin also notified regulated entities on how the Bureau intends to exercise its enforcement and supervisory authorities on this issue. Bulletin 2023-01: Unfair Billing and Collection Practices After Bankruptcy Discharges of Certain Student Loan Debts addressed the treatment of certain private student loans following bankruptcy discharge. The Bureau explained that in order to secure a discharge of a qualified education loan in bankruptcy, a borrower must demonstrate that the loan would impose an undue hardship if not discharged. Loans that do not meet this qualification (“non-qualified student loans”) can be discharged under standard bankruptcy discharge orders, the Bureau said.
Bureau examiners found, however, that several servicers failed to determine whether a borrower’s loan was qualified or non-qualified. As a result, non-qualified student loans were returned to repayment after a bankruptcy concluded, wherein servicers continued to bill and collect payments on the loans even through the borrower was released from this debt through the bankruptcy discharge. According to the Bureau, many borrowers, when faced with collection activities in violation of a bankruptcy court order, continued to make payments on debts they no longer owed.
The Bureau explained that servicers who collected on student loans that were discharged by a bankruptcy court violate the prohibition on unfair, deceptive, or abusive acts or practices under the Consumer Financial Protection Act. The bulletin described unfair practices observed by examiners, such as servicers relying entirely on loan holders to distinguish among the loans and not ensuring that such holders had in fact done so. The bulletin also provided examples of student loans that are eligible for standard bankruptcy discharge, including loans made to students attending schools that are ineligible for federal student aid and loans made to students attending school less than half time. Bureau examiners instructed servicers to immediately stop collecting on discharged loans and take remedial action, including conducting a multi-year lookback and issuing refunds to affected borrowers.
CFPB issues 2023 HMDA institutional and transactional coverage charts
On March 15, the CFPB released the 2023 HMDA institutional and transactional coverage charts. The charts update the reporting thresholds for transactions that involve a closed-end mortgage loan, pursuant to an order issued last September by the U.S. District Court for the District of Columbia in National Community Reinvestment Coalition v. CFPB. (Covered by InfoBytes here.) As previously covered by InfoBytes, in 2020 the CFPB issued a final rule, which amended Regulation C and permanently increased the reporting threshold from the origination of at least 25 closed-end mortgage loans in each of the two preceding calendar years to 100, and permanently increased the threshold for collecting and reporting data about open-end lines of credit from the origination of 100 lines of credit in each of the two preceding calendar years to 200.
The 2023 HMDA Institutional Coverage Chart outlines criteria for determining whether an institution is covered by Regulation C. Additionally, the 2023 HMDA Transactional Coverage Chart explains that under HMDA/Regulation C, a transaction is reportable only if it is an application for, an origination of, or a purchase of a covered loan. The chart explains how to determine whether a transaction involves a covered loan and whether it meets the applicable loan-volume thresholds.
Design firm to settle False Claims Act allegations related to cybersecurity failures
On March 14, the DOJ announced a $293,771 settlement with a design company to resolve alleged False Claims Act (FCA) violations related to failures in its cybersecurity practices. According to the DOJ, the company failed to secure personal information on a federally-funded Florida children’s health insurance website that was created, hosted, and maintained by the company. “Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division, said in the announcement. “We will use the [FCA] to hold accountable companies and their management when they knowingly fail to comply with their cybersecurity obligations and put sensitive information at risk.” In this case, the Florida entity (which receives federal Medicaid funds, as well as state funds to provide children’s health insurance programs) contracted with the design company for the provision of a hosting environment that complied with HIPAA’s personal information protection requirements. The company also agreed to adapt, modify, and create code on the webserver to support the secure communication of data. However, between January 1, 2014, and Dec. 14, 2020, the company allegedly failed to provide secure hosting of applicants’ personal information and failed to implement necessary updates. In December 2020, the website experienced a data breach that potentially exposed more than 500,000 applicants’ personal identifying information and other data. In response to the data breach and the company’s cybersecurity failure, the Florida entity shut down the website’s application portal.
CFPB seeks input on data broker businesses
On March 15, the CFPB issued a Request for Information (RFI) seeking public input on data broker business practices in order to inform planned rulemaking under the FCRA and help the agency understand the current state of the industry. “Modern data surveillance practices have allowed companies to hover over our digital lives and monetize our most sensitive data,” CFPB Director Rohit Chopra said in the announcement. He added, “[o]ur inquiry will inform whether rules under the [FCRA] reflect these market realities.” The Bureau explained that the FCRA—which covers data brokers such as credit reporting companies and background screening firms, as well as parties who report information to these firms—provides several protections, including accuracy standards, dispute rights, and restrictions on how data can be used. The RFI seeks feedback on business models and practices used by the data broker market, including information about the types of data being collected and sold and the sources data brokers rely upon. In particular, the Bureau seeks information on consumer harm and market abuses, and wants to understand “whether companies using these new business models are covered by the FCRA, given the FCRA’s broad definitions of ‘consumer report’ and ‘consumer reporting agency.’” The Bureau stated it is also interested in learning about consumers’ direct experiences with data brokers, including when consumers try to remove, correct, or regain control of their data. Comments on the RFI are due by June 13.