InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FHFA announces updates for implementation of GSE credit score requirements
On February 29, FHFA announced updates related to the implementation of new credit score requirements for single-family loans acquired by Freddie Mac and Fannie Mae (GSEs). As previously covered by InfoBytes, FHFA released a two-phase plan for soliciting stakeholder input on the agency’s proposed process for updating credit score requirements. The new process, called the FICO 10T model, will, among other things, require two credit reports (a “bi-merge” credit report) from the national consumer reporting agencies, rather than the traditional three (covered by InfoBytes here). After considering stakeholder input, FHFA expects to transition from the Classic FICO credit score model to the bi-merge credit reporting requirement in Q1 2025. The GSEs will also move up the publication of VantageScore 4.0 historical data to Q3 2024 “to better support market participants” and provide pertinent historical data before the transition. FHFA will provide more details on the timing for FICO 10T implementation once this initial process is complete.
CFPB warns lead generators, digital comparison-shopping tool operators of potential CFPA violations
On February 29, the CFPB issued a circular to law enforcement agencies and regulators explaining how operators of digital comparison-shopping tools or lead generators can potentially violate the CFPA’s prohibition on abusive acts or practices by steering consumers towards options that best serve the operator or the lead generator. The circular further discussed “how law enforcement agencies and regulators can evaluate operators of comparison-shopping tools… to manipulate results” to appease consumer preferences.
The Bureau explained that while consumers often use these tools to research, compare, and select financial products, some intermediaries also functioned as lead generators that sold consumer information to lenders. These intermediaries may have received compensation, the CFPB said, often termed as “bounties,” from financial providers for preferential treatment or lead generation. The circular recognized that operators of these tools may have engaged in commercial arrangements with financial providers and may have received compensation based on user actions or bids.
The CFPB stated that both digital comparison-shopping tool operators and lead generators can qualify as “covered persons” under CFPA section 1031(d)(2)(C) which prohibits them from engaging in unfair, deceptive, or abusive acts or practices, particularly those that “take unreasonable advantage” of consumers so they may act in the “covered person’s” best interests. The circular outlined elements of CFPA Section 1031(d)(2)(C) and applied the elements including reasonable reliance by consumers on covered entities to act in their interests, to an evaluation of the operator or lead generator activities. Notably, the circular warned that reasonable consumer reliance could be created based on the representations of the tool operator or lead generator, as well as implicit or explicit communications. Further, the Bureau added that steering consumers towards certain products or providers for the financial benefit of the operator or lead generator, rather than consumer interest, constituted unreasonable advantage-taking.
Finally, the circular included a non-exhaustive list of examples of preferencing or steering arrangements and advised law enforcement agencies and regulators to scrutinize bounty or bidding schemes and decision-making processes to identify abusive conduct.
White House orders DOJ and CFPB to better protect citizens’ sensitive personal data
On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”
A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.
Fed’s Bowman speaks on current trends in banking regulation
On February 27, Michelle Bowman, a member of the Federal Reserve Board of Governors, gave a speech reflecting on the state of the broader U.S. economy and banking regulation in Tampa, Florida. Bowman highlighted the need for the Fed to focus on “efficiency in how we deliver on our safety and soundness goals.” On capital reform, Bowman noted that since the closure of the comment period for the Basel III “Endgame” reforms, the federal banking agencies have been reviewing the feedback and identifying areas of concern: she hopes that the agencies will take this opportunity to revise the proposal in a way that addresses the concerns raised by the public. After voicing her non-support for the recently adopted Community Reinvestment Act (CRA) final rule, Bowman shared that while the new rule provided some positive changes, the changes are still “unnecessarily complex, overly prescriptive,” and have greater costs than benefits. Bowman highlighted that the final rule treats a wide range of community banks with more than $2 billion in assets as “large banks, and would have resulted in a “nearly tenfold increase in banks with a ‘Need to Improve’ CRA rating” if applied to the period from 2018 to 2020. On Regulation II and debit card interchange fees, Bowman noted that the comment period has been extended until May 12, adding that the proposed permanent decrease in debit card interchange fees will have “consequences for banks of all sizes.” Bowman ended with discussion on bank mergers, climate change, and liquidity.
VA issues circular to address loan holder fees on assuming a VA-guaranteed loan
On February 26, the Department of Veterans Affairs published a circular to address assumption fees, specifically permitting a loan holder to charge an additional assumption-related fee based on the location of the relevant property when the assumption of a VA-guaranteed loan closes. This additional fee is in addition to the previously permitted assumption fees which must be less than $300 for loan holders with maximum authority or $250 for loan holders without automatic authority. The VA set the amount of the additional assumption fee allowed in Exhibit A to the circular, which can be found here.
FTC takes action against tax prep company for alleged unfair and deceptive practices
On February 23, the FTC announced an action against a tax preparation company for alleged unfair and deceptive acts and practices related to the sale of tax preparation products and services. The FTC alleged in its redacted administrative complaint that the defendant unfairly pushed consumers into paying for more expensive tax preparation products. The FTC further alleged the company made it unnecessarily difficult to downgrade the consumer’s tax preparation plan, both by requiring the consumer to first speak with a representative and by requiring the consumer to re-input the data if the consumer chooses to downgrade to the lower-priced product. The FTC also stated that the company’s upgrade policy, in contrast, is notably simple compared to its downgrade policy, and consumers’ “data seamlessly moves to the more expensive product instantly.” The FTC also claimed that the company’s “file for free” advertisements are deceptive because not all consumers’ tax situations are eligible for the free service.
This action follows the FTC’s action against another tax preparation software provider last month (covered by InfoBytes here).
FTC alleges a common enterprise’s software misrepresented consumers’ sensitive browsing data
On February 22, the FTC released a complaint and decision against multiple software companies operating as a common enterprise for allegedly violating three counts of Section 5 of the FTC Act for (1) unfairly collecting consumers’ browsing information; (2) deceptively failing to disclose tracking of consumers; and (3) stating false representations on data aggregation and anonymization. From 2014 to 2020, the FTC alleged that the companies distributed software with several privacy claims including that the software would block cookies and prevent browser tracking without obtaining consumers’ consent and deceiving consumers about the true nature of their actions.
The FTC alleged the companies collected browser information through browser extensions and antivirus software. While the companies claimed that these extensions provided security and privacy services, the companies used the extensions to collect browser information from users including URLs of visited webpages, URLs of background resources (e.g., cookies or images pulled from other domains), consumers’ search queries, and cookie values. While the companies made claims about the privacy and security of their products, they failed to disclose to consumers that their browsing information was sold to third parties and misrepresented how the data was shared. This browsing information can comprise sensitive data, possibly revealing a consumer’s religious beliefs, health information, political ideology, location, finances, and “interests in prurient content.” The FTC noted that when the companies in 2019 asked software users to opt-in to collect browser information, less than 50% of consumers agreed.
Under the FTC’s Decision, the companies must pay $16.5 million in monetary relief. Additionally, the FTC enjoined the companies from licensing or selling any browsing data from branded products to third parties for advertising purposes, and the companies are required to (a) obtain consent from consumers before selling consumers’ browsing data from non-branded products for advertising; (b) delete consumer web browsing information and certain products or algorithms derived from that data; (c) notify consumers whose information was previously sold without their consent; and (d) implement a privacy program.
CFPB claims special, risk-based oversight over lender
On February 23, the CFPB released a supervisory designation over a nonbank, small-loan consumer finance company (the Company). This is the first time the CFPB has used its authority under Section 1024(a)(1)(C) of the Consumer Financial Protection Act (CFPA) to designate a company for supervision based on a determination that the company’s conduct poses “risk to consumers” after a contested proceeding. This provision of the CFPA only required the CFPB to have “reasonable cause to determine” that a covered person’s conduct posed risks to consumers––which the CFPB stated is a “less demanding” legal standard than the preponderance-of-the-evidence standard generally used in civil proceedings.
The CFPB described the relevant statutory framework of the proceeding with particularity since this proceeding was “one of the first” under Section 1024(a)(1)(C). The CFPB found the company to be a covered person and stated that the CFPB had reasonable cause to determine that the Company’s conduct poses risks to consumers, including its alleged bundling of loans with insurance coverage, harmful collection practices, inaccurate credit reporting, and serial refinancing. The CFPB alleged that consumer complaints are sufficient to establish reasonable cause that the Company’s actions put consumers at risk.
FTC provides its 2023 ECOA activities to CFPB
On February 12, the FTC provided the CFPB with an annual summary of its 2023 enforcement, research and policy development, and educational-related initiatives on ECOA, as Dodd-Frank allows the Commission to enforce ECOA and any CFPB rules applicable to entities within the FTC’s jurisdiction. The letter emphasized the commitment of each agency to enforce laws protecting civil rights, fair competition, consumer protection, and equal opportunity in the development and use of automated systems and artificial intelligence. Additionally, the letter stated the FTC continued its involvement in initiatives such as military outreach and participation in interagency task forces on fair lending. Its initiatives focused on consumer and business education regarding issues related to Regulation B and guiding fair lending practices. The Commission also highlighted (1) an enforcement action against a group of auto dealerships alleging ECOA and its implementing Regulation B violations in connection with the sale of add-on products; (2) refund checks sent as a result of the settlement of two enforcement actions against auto dealerships in which it was alleged that the dealerships violated ECOA and Regulation B by discrimination against Black and Latino consumers by charging them higher financing costs; and (3) an amicus brief submitted to an appeals court in support of the CFPB’s appeal to the U.S. Court of Appeals for the Seventh Circuit of the lower court’s decision regarding the applicability of ECOA to individuals other than “applicants.”
CFPB revises its supervisory appeals process
On February 16, the CFPB issued a procedural rule updating its process for financial institutions that appeal the Bureau’s supervisory findings. The CFPB examined financial institutions to ensure they followed federal consumer financial law. After an examination or targeted review, supervised entities may appeal their compliance rating or any other findings.
First, the procedural rule expanded the pool of potential members for the appeals committee within the CFPB. Now, any CFPB manager with relevant expertise who did not participate in the original matter being appealed can be considered, rather than previously only managers from the Supervision department. The CFPB’s General Counsel will assign three CFPB managers and legal counsel to advise them. Second, the revised process introduced a new option for resolving appeals—in addition to upholding or rescinding the original finding, matters can now be remanded back to supervision staff for further consideration, potentially resulting in a modified finding. The Bureau also recommended in its procedural rule that entities engage in “open dialogue” with supervisory staff to discuss their preliminary findings to attempt to resolve disputes before an examination is final.
Third, institutions now can appeal any compliance rating issued to them, not just negative ratings, as was the case previously. Fourth, the updated process included additional clarifications and specifies that it applied to pending appeals at the time of its publication.