InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Barr says AI should not create racial disparities in lending
On February 7, Federal Reserve Board Vice Chair for Supervision, Michael S. Barr, delivered remarks during the “Banking on Financial Inclusion” conference, where he warned financial institutions to make sure that using artificial intelligence (AI) and algorithms does not create racial disparities in lending decisions. Banks “should review the underlying models, such as their credit scoring and underwriting systems, as well as their marketing and loan servicing activities, just as they should for more traditional models,” Barr said, pointing to findings that show “significant and troubling disparities in lending outcomes for Black individuals and businesses relative to others.” He commented that “[w]hile research suggests that progress has been made in addressing racial discrimination in mortgage lending, regulators continue to find evidence of redlining and pricing discrimination in mortgage lending at individual institutions.” Studies have also found persistent discrimination in other markets, including auto lending and lending to Black-owned businesses. Barr further commented that despite significant progress over the past 25 years in expanding access to banking services, a recent FDIC survey found that the unbanked rate for Black households was 11.3 percent as compared to 2.1 percent for White households.
Barr suggested several measures for addressing these issues and eradicating discrimination. Banks should actively analyze data to identify where racial disparities occur, conduct on-the-ground testing to identify discriminatory practices, and review AI or other algorithms used in making lending decisions, Barr advised. Banks should also devote resources to stamp out unfair, abusive, or illegal practices, and find opportunities to support and invest in low- and moderate-income (LMI) communities, small businesses, and community infrastructure. Meanwhile, regulators have a clear responsibility to use their supervisory and enforcement tools to make sure banks resolve consumer protection weaknesses, Barr said, adding that regulators should also ensure that rules provide appropriate incentives for banks to invest in LMI communities and lend to such households.
OCC revises guidance on branch closings
On February 7, the OCC released an updated version of the “Branch Closings” booklet of the Comptroller’s Licensing Manual. According to OCC Bulletin 2023-6, the revised licensing booklet, which outlines policies and procedures for filings and customer notices relating to the closing of national bank and federal savings association branches, removes references to outdated guidance, provides current references, and makes other minor modifications and corrections throughout.
Special Alert: CFPB’s RESPA advisory addresses online mortgage-comparison platforms
The Consumer Financial Protection Bureau (CFPB) issued guidance yesterday making clear that those who operate or participate in online mortgage-comparison shopping platforms will be closely scrutinized for compliance with the prohibition on payments for referrals to mortgage lenders. “Companies operating these digital platforms appear to shoppers as if they provide objective lender comparisons, but may illegally refer people to only those lenders paying referral fees,” the agency said. Here’s what you need to know:
What happened?
The CFPB issued an Advisory Opinion on how the Real Estate Settlement Procedures Act (RESPA) applies to online mortgage-comparison platforms. The agency said platform operators violate RESPA “when they steer shoppers to lenders by using pay-to-play tactics rather than providing shoppers with comprehensive and objective information.” Specifically, the agency said operators receive a prohibited referral fee when they use or present information in a way that steers consumers to mortgage lenders in exchange for a payment or something else of value.
Bipartisan Senate legislation would offer stronger ISA protections
On January 31, Senators Mark Warner (D-VA), Todd Young (R-IN), Marco Rubio (R-FL), and Chris Coons (D-DE) reintroduced legislation to strengthen protections for students who enter into income share agreements (ISAs). The senators explained that ISAs are an innovative way for students to finance postsecondary education and serve as an alternative to high-interest student loans. Under an ISA, students agree to pay a percentage of their income over an agreed upon time period in exchange for tuition payments from nongovernmental sources. When the time period ends, students stop payments regardless of whether they have paid back the full amount.
The ISA Student Protection Act of 2023 would, among other things, (i) prevent ISA providers from requiring payments higher than 20 percent of a student’s income; (ii) exempt students from making payments towards their ISA should their income fall below an affordability threshold; (iii) establish a maximum number of payments and limit payment obligations to the end of a fixed window; (iv) set a minimum number of voluntary payment relief pauses; (v) require ISA providers to give detailed payment disclosures to students who may be considering entering into an ISA (including how payments under an ISA compare to payments under a comparable loan); (vi) provide strong bankruptcy protections for students who enter into an ISA “by omitting the higher ‘undue hardship’ standard for discharge required under private loans”; (vii) prevent funders from accelerating defaulted ISAs; (viii) ensure that ISA obligations end in the event of death or total and permanent disability; (ix) ensure that ISAs fall under federal consumer protection laws, including the FCRA, FDCPA, MLA, SCRA, and ECOA; (x) grant regulatory authority over ISAs to the CFPB; and (xi) clarify how ISA contributions should be treated for tax purposes for both funders and recipients.
Luetkemeyer accuses DOJ of incomplete BSA/AML data
On February 1, Representative Blaine Luetkemeyer (R-MO) sent a letter to Attorney General Merrick Garland asking for an explanation as to why the DOJ has not complied with a provision in the 2021 National Defense Authorization Act (2021 NDAA), which requires the Department to report metrics on its use of Bank Secrecy Act (BSA) data to the Treasury Department. According to Luetkemeyer, section 6201 of the 2021 NDAA requires the DOJ to also report “on the use of data derived from financial institutions reporting under the [BSA]” in order to increase transparency on the usefulness of BSA data filed with FinCEN from financial institutions and ensure bad actors are not using the U.S. financial system to fund illicit activities.
Specifically, the DOJ is required by the 2021 NDAA to examine how often the reported data contains actionable information, the number of legal entities and individuals identified within the reported data, and information on investigations resulting from the reported data that are conducted by state and federal authorities, the letter said. Citing a Government Accountability Office report (which found that the DOJ’s report failed to “include new statistics on the use and impact of BSA reports, including the summary statistics required under the act”), Luetkemeyer claimed the lack of transparency “begs the question if the burdensome reporting is worthwhile” and prevents “FinCEN and Congress from determining the effectiveness of the U.S. anti-money laundering regime.” Luetkemeyer asked the DOJ for an explanation as to why it failed to provide the required information.
FTC bans health vendor from sharing consumer info with advertiser
On February 1, the DOJ filed a complaint on behalf of the FTC against a telehealth and prescription drug discount provider for allegedly violating the FTC Act and the Health Breach Notification Rule by failing to notify consumers that it was disclosing their personal health information to third parties for advertising purposes. As a vendor of personal health records, the FTC stated that the company is required to comply with the Health Breach Notification Rule, which imposes certain reporting obligations on health apps and other companies that collect or use consumers’ health information (previously covered by InfoBytes here).
According to the complaint filed in the U.S. District Court for the Northern District of California, the company—which allows users to keep track of their personal health information, including saving, tracking, and receiving prescription alerts—shared sensitive personal health information with advertisers and other third parties for years, even though it allegedly promised users that their health information would never be shared. The FTC maintained that the company also monetized users’ personal health information and used certain shared data to target its own users with personalized health- and medication-specific advertisement on various social media platforms. The company also allegedly: (i) permitted third parties to use shared data for their own internal purposes; (ii) falsely claimed compliance with the Digital Advertising Alliance principles (which requires companies to obtain consent prior to using health information for advertising purposes); (iii) misrepresented its HIPAA compliance; (iv) failed to maintain sufficient formal, written, or standard privacy or data sharing policies or procedures to protect personal health information; and (v) failed to report the unauthorized disclosures.
Under the terms of the proposed court order filed by the DOJ, the company would be required to pay a $1.5 million civil penalty, and would be prohibited from engaging in the identified alleged deceptive practices and from sharing personal health information with third parties for advertising purposes. The company would also be required to implement several measures to address the identified violations, including obtaining users’ affirmative consent before disclosing information to third parties (the company would be prohibited from using “dark patterns,” or manipulative designs, to obtain consent), directing third parties to delete shared data, notifying users about the breaches and the FTC’s enforcement action, implementing a data retention schedule, and putting in place a comprehensive privacy program to safeguard consumer data.
Agencies remind banks of HMDA reporting changes on closed-end mortgages
On February 1, the OCC reminded banks and OCC examiners that the loan origination threshold for reporting HMDA data on closed-end mortgages has changed due to a court decision issued last year, which addressed challenges made by a group of consumer fair housing associations to changes made in 2020 by the CFPB that permanently raised coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit under HMDA (covered by InfoBytes here.) Due to a court order vacating the 2020 HMDA Final Rule as to the loan volume reporting threshold for closed-end mortgage loans, the OCC explained that the loan origination threshold for reporting HMDA data on closed-end mortgage loans reverted to the threshold established by the 2015 HMDA Final Rule.
According to Bulletin 2023-5, the threshold for reporting HMDA data is now 25 closed-end mortgage loans originated in each of the two preceding calendar years rather than the 100-loan threshold set by the 2020 HMDA Final Rule. “Banks that originated at least 25 closed-end mortgage loans in each of the two preceding calendar years but fewer than 100 closed-end mortgage loans in either or both of the two preceding calendar years (referred to collectively as affected banks) may need to make adjustments to policies and procedures to comply with reporting obligations,” the OCC said. The agency added that it does not plan to assess penalties for failures to report closed-end mortgage loan data on reportable transactions conducted in 2022, 2021 or 2020 for affected banks that meet other coverage requirements under Regulation C.
The FDIC and Federal Reserve Board also issued similar guidance (see FIL-06-2023 and CA 23-1).
CFPB proposal targets late fees on cards
On February 1, the CFPB issued a notice of proposed rulemaking (NPRM) to amend Regulation Z, which implements TILA, and its commentary to better ensure that late fees charged on credit card accounts are “reasonable and proportional” to the late payment as required under the statute, the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act). The NPRM would (i) adjust the safe harbor dollar amount for late fees to $8 for any missed payment—issuers are currently able to charge late fees of up to $41—and eliminate a higher safe harbor dollar amount for late fees for subsequent violations of the same type (a company would be able to charge above the immunity provision provided it could prove the higher fee is necessary to cover the incurred collection costs); (ii) eliminate the automatic annual inflation adjustment for the immunity provision amount (the Bureau would instead monitor market conditions and make adjustments as necessary); and (iii) cap late fees at 25 percent of the consumer’s required minimum payment (issuers are currently able to potentially charge a late fee that is 100 percent of the cardholder’s minimum payment owed).
The NPRM also seeks feedback on other possible changes to the CARD Act regulations, including “whether the proposed changes should apply to all credit card penalty fees, whether the immunity provision should be eliminated altogether, whether consumers should be granted a 15-day courtesy period, after the due date, before late fees can be assessed, and whether issuers should be required to offer autopay in order to make use of the immunity provision.” Comments on the NPRM are due by April 3, or 30 days after publication in the Federal Register, whichever is later.
According to the CFPB, the Federal Reserve Board “created the immunity provisions to allow credit card companies to avoid scrutiny of whether their late fees met the reasonable and proportional standard.” As a result, the CFPB stated that immunity provisions have risen (due to inflation) to $30 for an initial late payment and $41 for subsequent late payments, resulting in consumers being charged approximately $12 billion in late fees in 2020. Based on CFPB estimates, the NPRM could reduce late fees by as much as $9 billion per year. CFPB Director Rohit Chopra issued a statement commenting that the current immunity provisions are not what Congress intended when it passed the CARD Act.
The Bureau also released an unofficial, informal redline of the NPRM to help stakeholders review the proposed changes, as well as a report titled Credit Card Late Fees: Revenue and Collection Costs at Large Bank Holding Companies, which documents findings on the relationship between late fee revenue and pre-charge-off collection costs for certain large credit card issuers. According to the report, “revenue from late fees has consistently far exceeded pre-charge-off collection costs over the last several years.”
The NPRM follows several actions initiated by the Bureau last year, including a request for comments on junk fees, a research report analyzing credit card late fees, and an advance notice of proposed rulemaking that solicited information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses (previously covered by InfoBytes here and here).
Senators exploring bank’s dealings with collapsed crypto exchange
On January 30, Senators Elizabeth Warren (D-MA), John Kennedy (R-LA), and Roger Marshall (R-KS) sent a follow-up letter to a California-based bank asking for additional responses to questions related to the bank’s relationship with several cryptocurrency firms founded by the CEO of a now-collapsed crypto exchange. As previously covered by InfoBytes, the senators pressed the CEO for an explanation for why the bank failed to monitor for and report suspicious transactions to the Financial Crimes Enforcement Network, and asked for information about how deposits it was holding on behalf of the collapsed exchange and related firm were being handled. The senators stressed that the bank has a legal responsibility under the Bank Secrecy Act to maintain an effective anti-money laundering program that may have flagged suspicious activity.
In the letter, the senators accused the bank of evading their previous questions in its December response, writing that while the bank’s answers confirm the extent of its failure to monitor and report suspicious financial activity, it failed “to provide key information needed by Congress to understand why and how these failures occurred.” The bank’s “repeated reference to ‘confidential supervisory information’” as a justification for its refusal to provide the requested information “is simply not an acceptable rationale,” the senators said. They also noted that the bank’s recent advance from the Federal Home Loan Bank of San Francisco—intended “to ‘stave off a further run on deposits’”—has introduced additional crypto market risks into the traditional banking system, especially should the bank fail. The bank was asked to explain how it plans to use the $4.3 billion it received.
The senators further commented that additional findings have revealed that neither the Federal Reserve nor the bank’s independent auditors were able to identify the “extraordinary gaps” in the bank’s due diligence process. The senators asked the bank to provide responses to questions related to its risk management policies, as well as how many safety and soundness exams were conducted, and whether any of the bank’s executives were “held accountable” for the failures related to the collapsed exchange, among other things.
Biden administration presents roadmap for mitigating crypto risks
On January 27, the Biden administration presented a roadmap for mitigating cryptocurrency risks to ensure that cryptocurrencies do not undermine financial stability, investors are protected, and bad actors are held accountable. At President Biden’s direction, the administration previously laid out a comprehensive framework for developing digital assets in a safe, responsible way that also identifies clear risks. (Covered by InfoBytes here.) The administration identified clear risks taken by some crypto entities, such as ignoring applicable financial regulations and basic risk controls, misleading consumers, having conflicts of interest, failing to provide adequate disclosures, or committing fraud. The roadmap also outlined actions taken by the federal banking agencies, including a recently issued joint interagency statement that highlighted key risks banks should consider when choosing to engage in crypto-related services and a notice of proposed rulemaking issued by the FDIC warning companies against making false or misleading claims about digital assets being insured by the agency (covered by InfoBytes here and here). The administration also noted that agencies across the government are developing public-awareness programs to help consumers understand the risks associated with digital assets.
The administration stressed, however, that further action is needed. Priorities for digital asset research and development will be unveiled in the coming months, the administration said, adding that Congress should also step up efforts in this space. This includes expanding regulators’ powers to prevent misuses of customers’ assets, “strengthen[ing] transparency and disclosure requirements for cryptocurrency companies so that investors can make more informed decisions about financial and environmental risks,” “strengthen[ing] penalties for violating illicit-finance rules and subject cryptocurrency intermediaries to bans against tipping off criminals,” and limiting crypto risks to the financial system by following steps outlined in a recent Financial Stability Oversight Council report (covered by InfoBytes here), the administration said.