InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB releases regulatory agenda
Recently, the Office of Information and Regulatory Affairs released the CFPB’s fall 2022 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft and NSF fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges. According to the Bureau, the rules, which were created when Regulation Z was adopted in 1969, have remained largely unchanged despite the fact that the nature of overdraft services has significantly changed over the years. The Bureau is also considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. As previously covered by InfoBytes, on January 3, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA). The outline presents items under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” (Covered by InfoBytes here.) The Bureau anticipates issuing a SBREFA report in February.
- Amendments to FIRREA concerning automated valuation models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by Dodd-Frank to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline and report in February and May 2022 respectively (covered by InfoBytes here), and estimates that the agencies will issue a notice of proposed rulemaking (NPRM) in March.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an advance notice of proposed rulemaking (ANPRM) in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act Section 307 in April.
- Nonbank registration. The Bureau issued an NPRM in December to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) In a separate agenda item, the Bureau states that the NPRM would also require supervised nonbanks to register with the Bureau and provide information about their use of certain terms and conditions in standard-form contracts. The Bureau proposes “to collect information on standard terms used in contracts that are not subject to negotiating or that are not prominently advertised in marketing.”
- Credit card penalty fees. The Bureau issued an ANPRM last June to solicit information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. Calling the current credit card late fees “excessive,” the Bureau stated it intends to review the “immunity provision” to understand how banks that rely on this safe harbor set their fees and to examine whether banks are escaping enforcement scrutiny “if they set fees at a particular level, even if the fees were not necessary to deter a late payment and generated excess profits.” The Bureau is considering comments received on the ANPRM as it develops an NPRM that may be released this month.
- Small business rulemaking. Section 1071 of Dodd-Frank amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. An NPRM was issued in August 2021 (covered by InfoBytes here). The Bureau anticipates issuing a final rule later this month.
CFPB releases 2023 rural or underserved counties list
Recently, the CFPB released its annual lists of rural counties and rural or underserved counties for lenders to use when determining qualified exemptions to certain TILA regulatory requirements. In connection with these releases, the Bureau also directed lenders to use its web-based Rural or Underserved Areas Tool to assess whether a rural or underserved area qualifies for a safe harbor under Regulation Z.
Agencies extend Reg. O relief for some companies controlled by funds
On December 22, the Federal Reserve Board, FDIC, and OCC extended Regulation O relief for certain investment fund-controlled companies. The agencies issued a temporary no-action position in 2019 to allow time for the Federal Reserve, in consultation with the FDIC and OCC, “to consider whether to amend Regulation O to address concerns about unintended consequences of the application of Regulation O to companies that sponsor, manage, or advise investment funds and institutional accounts that invest in voting securities of banking organizations.” The interagency statement extends the no-action relief under Regulation O for another year to the sooner of either January 1, 2024, or the effective date of a final Federal Reserve rule revising Regulation O “that addresses the treatment of extensions of credit by a bank to fund complex-controlled portfolio companies that are insiders of the bank.” Specifically, the agencies state that action will not be taken against banks extending credit to fund complex-controlled portfolio companies that would otherwise violate Regulation O, provided the company controls (directly or indirectly) less than 15 percent of the bank’s voting securities (or 20 percent under certain circumstances) and has not or does not plan to place representatives in the bank or seek to exercise a controlling influence over the bank. Extensions of credit to these companies must be on “substantially the same terms as those prevailing for comparable transactions with unaffiliated third parties” and may not “involve more than normal risk of repayment or present other unfavorable features,” the agencies explained, noting that the relief applies only to fund complex-controlled portfolio companies, not the fund complexes.
CFPB report on credit bureaus hints at rulemaking
On January 3, the CFPB released its annual report, pursuant to Section 611(e)(5) of the FCRA, on information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). According to the report, the Bureau received 488,000 consumer complaints about the CRAs from October 2021 through September 2022. The Bureau’s analysis revealed that 93 percent of consumers reported having previously attempted to fix their problem with the company. The report also noted that the use of problematic response types has decreased, and most complaints now receive “more substantive and tailored” responses. The report found that most responses from the CRAs describe the outcomes of consumers’ complaints. The Bureau highlighted areas that the CRAs should prioritize given the “challenges facing market participants and policy makers,” including: (i) considering consumer burden when implementing automated processes; (ii) recognizing how current processes will need to evolve in light of new technologies that can generate similar-sounding complaints that are in fact unique; and (iii) considering how to transition the market from control and surveillance to consumer participation. According to CFPB Director Rohit Chopra, the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”
FHA seeks feedback on changing reconsideration of valuation requests
Recently, FHA published a draft mortgagee letter (ML) proposing policy changes to its requirements for processing and documenting reconsideration of valuation (ROV) requests, specifically when requests are initiated by a borrower for the review of appraisal results. According to the ML, FHA provided proposed guidance to improve the process when prospective borrowers applying for FHA-insured Title II forward or Home Equity Conversion Mortgages (HECM) request an ROV on a property if the initial valuation is lower than expected, or that there is indication of illegal bias, that Fair Housing regulations have been violated, or that there may be unlawful discrimination. The draft also proposed updated appraisal review standards, which are intended to provide mortgagees and appraisers with clarifying guidance on the quality of an appraisal report and the ROV process and responsibilities. Public comments are due by February 2.
CFPB and New York say auto lender misled consumers
On January 4, the CFPB and New York attorney general filed a complaint against a Michigan-based auto finance company accused of allegedly misrepresenting the cost of credit and deceiving low-income consumers into taking out high-interest loans on used vehicles. (See also AG’s press release here.) The joint complaint alleges, among other things, that the defendant based the price of a loan (and then artificially inflated the principal amount) and the payment to the dealer on the projected amount that may be collected from the consumer during the life of the loan (without factoring in whether consumers could actually afford the loan).
The Bureau and AG further argued that the true cost of credit is hidden in inflated principal balances in order to evade state interest rate caps. An investigation conducted by the AG found that while the defendant’s loan agreements in New York claimed an APR of 22.99 percent or 23.99 percent (just below the 25 percent usury cap), the defendant actually charged on average more than 38 percent (and on many occasions charged an APR in excess of 100 percent). These high-interest loans, the AG claimed, often caused consumers to accrue additional fees and become delinquent on their loans.
The complaint also alleged the defendant failed to consider consumers’ ability to repay their loans in full, engaged in aggressive debt collection tactics, and created financial incentives for dealers to add on extra products, such as vehicle service contracts. Add-on products generated roughly $250 million in revenue for the defendant in 2020, the complaint said, adding that these alleged deceptive lending practices lowered consumers’ credit scores and cost borrowers millions of dollars. The complaint further maintained that the defendant packaged the consumer loans into securities that were sold to investors on the premise that the underlying loans complied with applicable law. These alleged false representations, the complaint said, constituted securities fraud under New York’s Martin Act.
The complaint — which also alleges violations of the Consumer Financial Protection Act’s prohibition against deceptive and abusive acts or practices, New York usury limits, and other state consumer and investor protection laws — seeks, among other things, injunctive relief, monetary relief, disgorgement, and civil money penalties of $1,000,000 for each day of violations.
The defendant was previously targeted for violating consumer protection laws in 2021 by the Massachusetts attorney general, who announced a $27.2 million settlement to resolve allegations of predatory lending and deceptive debt collection practices. (Covered by InfoBytes here.)
Agencies warn banks of crypto-asset risks
On January 3, the FDIC, Federal Reserve Board, and OCC issued a joint interagency statement highlighting key risks banks should consider when choosing to engage in cryptocurrency-related services. Risks flagged by the agencies include: (i) the possibility of fraud and scams among crypto-asset sector participants; (ii) legal uncertainties related to custody practices, redemptions, and ownership rights; (iii) misleading disclosures made by crypto firms that may be unfair, deceptive, or abusive; (iv) volatility in crypto-asset markets, including the susceptibility of stablecoins to run risk, which could impact deposit flows; (v) contagion risks resulting from interconnections among crypto-asset participants that may present concentration risks for banks with exposure to the crypto-asset sector; (vi) lack of maturity in risk management and governance practices within the crypto-asset sector; and (vii) elevated risks associated with open, public, and/or decentralized networks.
The agencies commented that while they will continue to take a cautious approach to current or proposed crypto-asset-related activities (and are not prohibiting nor discouraging banks from providing crypto services to customers, as permitted by law or regulation), they currently “believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe-and-sound banking practices.” Moreover, the agencies expressed “significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.” Agencies have developed processes for banks to engage in robust supervisory discussions with their supervisory office about any proposed or existing crypto-asset-related activities, the agencies advised, adding that before launching any activities, banks should take appropriate risk management measures and assess whether the activity can be performed in a safe and sound manner, is legally permissible, and complies with applicable laws and regulations. Additional statements will be released in the future by the agencies.
“The events of the past year have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector,” the agencies said as they stressed the importance of keeping crypto-asset risks that cannot be mitigated or controlled from migrating to the banking system.
The OCC separately issued a bulletin advising supervised banks to follow processes outlined in OCC Interpretive Letter 1179 (covered by InfoBytes here) before engaging in certain crypto-asset-related activities.
FDIC issues November enforcement actions
On December 30, the FDIC released a list of orders of administrative enforcement actions taken against banks and individuals in November. The FDIC made public nine orders consisting of “two consent orders; two orders terminating deposit insurance; three orders to pay civil money penalties; one order terminating consent order; and one Section 19 order.” Among the orders is a civil money penalty against a Wisconsin-based bank related to violations of the Flood Disaster Protection Act. The FDIC determined that the bank had engaged in a pattern or practice of violations that included the bank’s failure to: (i) obtain adequate flood insurance on the building securing a designated loan at the time of loan origination; (ii) obtain adequate flood insurance at the time of the origination; (iii) notify borrowers that the borrower should obtain flood insurance where a determination had been made that flood insurance had lapsed or a loan was not covered with the required amount of insurance; (iv) provide borrowers with a Notice of Special Flood Hazard and Availability of Federal Disaster Relief Assistance when making, increasing, extending or renewing a loan; and (v) provide borrowers with a Notice of Special Flood Hazard and Availability of Federal Disaster Relief Assistance within a reasonable time before the completion of the transaction. The order requires the payment of a $39,000 civil money penalty.
The FDIC also issued a civil money penalty against an Oregon-based bank for allegedly violating Section 8(a) of RESPA “by entering into mortgage lead generation arrangements with the operator of a real estate website and the operator of an online loan marketplace that were used to facilitate and disguise referral payments for mortgage business.” The FDIC also determined that the bank violated the FTC Act “by making deceptive and misleading representations in three of the bank’s prescreened offers of credit” and violated the FCRA “by obtaining the consumer reports of former loan clients with recent credit inquiries without a legally permissible purpose.” The order requires the payment of a $425,000 civil money penalty.
Additionally, the FDIC issued a consent order against a Tennessee-based bank alleging the bank engaged in “unsafe or unsound banking practices relating to weaknesses in capital, asset quality, liquidity, and earnings.” The bank neither admitted nor denied the allegations but agreed, among other things, that its board would “increase its participation in the affairs of the bank by assuming full responsibility for the approval of the bank’s policies and objectives and for the supervision of the bank’s management, including all the bank’s activities.” The bank also agreed to maintain a Tier 1 Leverage Capital ratio equal to or greater than 8.50 percent and a Total Capital ratio equal to or greater than 11.50 percent. The FDIC also issued a consent order against a New Jersey-based bank claiming the bank engaged in “unsafe or unsound banking practices relating to, among other things, management supervision, Board oversight, weaknesses in internal controls, interest rate sensitivity, and earnings.” The bank neither admitted nor denied the allegations but agreed, among other things, that it would retain a third-party consultant “to develop a written analysis and assessment of the bank’s board and management needs (Board and Management Report) for the purpose of ensuring appropriate director oversight and providing qualified management for the bank.”
FCC proposes $300 million fine against auto warranty scam robocaller
On December 21, the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations, “which is the largest robocall operation the FCC has ever investigated.” According to the announcement, the two individuals in charge of the operation ran a complex robocall sales lead generation scheme, which was designed to sell vehicle service contracts that were deceptively marketed as car warranties. This “scheme made more than 5 billion robocalls to more than half a billion phone numbers during a three-month span in 2021, using pre-recorded voice calls to press consumers to speak to a ‘warranty specialist’ about extending or reinstating their car’s warranty.” As previously covered by InfoBytes, in July, the FCC took initial action by ordering “phone companies to stop carrying traffic regarding a known robocall scam marketing auto warranties.” The FCC noted that the operation is also the target of an ongoing investigation by the FCC’s Enforcement Bureau and a lawsuit by the Ohio attorney general. The Ohio AG filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation (covered by InfoBytes here). The complaint, filed in the U.S. District Court for the Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” In addition to the fine, among other things, the individuals who allegedly ran the operations are prohibited from making telemarketing calls pursuant to FCC actions.
FTC orders card company to let merchants use other debit networks
On December 23, the FTC ordered a payment card company to stop blocking merchants from using competing debit payment networks. According to an agency investigation, the company allegedly violated provisions of the Durbin Amendment, which requires “banks to enable at least two unaffiliated networks on every debit card, thereby giving merchants a choice of which network to use for a given debit transaction,” and “bars payment card networks from inhibiting merchants from using other networks.” The FTC claimed that the company’s policy requires the use of a token when a cardholder loads a company-branded debit card into an ewallet. Ewallets are used to make online and in-app transactions, the FTC explained, adding that because competing networks cannot access the company’s token vault, merchants are dependent on the company to convert the token to process ewallet transactions using company-branded debit cards. Moreover, since the company allegedly did not provide conversion services to competing networks for remote ewallet debit transactions, the FTC asserted that it is impossible for merchants to route their ewallet transactions on other payment networks.
Under the terms of the proposed order, the company will be required to (i) provide other payment networks with customer account information in order to process ecommerce debit payments, and prohibit any efforts that may prevent other networks from serving as token service providers; (ii) provide notice to affected persons; (iii) provide 60-days advance written notice to the FTC before launching any pilot programs or new debit products that would require merchants to route electronic debit transactions only to the company; (iv) file regular compliance reports with the FTC; and (v) notify the FTC of any events that may affect compliance with the order.