InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB sets 2023 FCRA asset threshold
On November 22, the CFPB announced the annual adjustment to the maximum amount that consumer reporting agencies are permitted to charge consumers for making a file disclosure to a consumer under the FCRA. According to the rule, the ceiling on allowable charges under Section 612(f) of the FCRA will increase to $14.50, which is a $1.00 increase from the ceiling on allowable charges for 2022. The rule is effective January 1, 2023.
OCC, SEC comment on digital assets
On November 17, acting Comptroller of the Currency Michael J. Hsu delivered remarks at the Financial Literacy and Education Commission’s public meeting, where he commended the “quiet trustworthiness of banks” amid the recent volatility in the cryptocurrency market. Hsu pointed to the OCC’s “careful and cautious” approach to crypto activities by national banks, and noted that this approach “helped mitigate the risk of contagion from crypto to the banking system.” Reforms stemming from the 2008 financial crisis have strengthened the banking system, Hsu added, which has made it “more resilient, more fair, and more trustworthy” and has “proven valuable with the rapid rise and fall of crypto this past year.”
Earlier in the week, SEC Commissioner Jaime Lizárraga spoke before the Brooklyn Law School where he issued a reminder that it does not fall on the SEC to provide legal advice or analysis to digital asset market participants, but rather the responsibility lays with the issuer or the intermediary and their attorneys “to determine whether their products, business practices, or assets require compliance with the federal securities laws.” Lizárraga refuted arguments that the SEC engages in “regulation by enforcement,” stating that the “laws are well-established, and the cases brought to date have clear applications, as has been apparent in court rulings on these issues.” He also challenged assertions that the SEC has not provided guidance to the industry on whether digital assets qualify as securities. “The reality is that there’s an abundance of guidance, from the DAO Report, to the SEC FinHub Framework for ‘Investment Contract’ Analysis of Digital Assets, and multiple no-action letters issued by the staff of the Division of Corporation Finance,” Lizárraga said, explaining that it is not so much “a lack of guidance but more that the existing guidance may not be what many market participants want to hear.” He warned anyone considering purchasing or investing in digital assets to be as informed as possible about potential risks.
Senators urge FTC to investigate social media company’s privacy compliance
On November 17, seven Democratic senators sent a letter to FTC Chair Lina Khan requesting that the Commission investigate whether recent changes made to a global social media company will impact the company’s compliance with privacy and security regulations. The senators also encouraged Khan to investigate any breach of the company’s 2011 consent order, which prohibits misrepresentation and requires the company to maintain a comprehensive information security program. The FTC was already alerted to allegations made by a former security employee concerning the company’s supposedly inadequate security practices even prior to the company’s recent acquisition, the senators said, adding that the company also previously agreed to pay a $150 million penalty to the FTC and DOJ to settle allegations that it violated the FTC Act and the 2011 consent order related to misleading claims about its privacy and security practices. (Covered by InfoBytes here.) The senators urged the FTC “to vigorously oversee its consent decree with [the company] and to bring enforcement actions against any breaches or business practices that are unfair or deceptive, including bringing civil penalties and imposing liability on individual [company] executives where appropriate.”
Separately, Senator Charles E. Grassley (R-IA) sent a letter to the company’s CEO expressing concerns with its security practices. Citing an unanswered request for information sent to the former head of security related to alleged security failures, Grassley asked the current CEO to perform a threat assessment of the company’s security protocol to ensure user data and privacy is protected and requested that findings be submitted to the Senate Judiciary Committee.
DOJ, FTC, Wisconsin AG sue timeshare scammers
On November 22, the DOJ, FTC, and the Wisconsin attorney general announced a civil enforcement action against 16 defendants for allegedly using deceptive sales practices to sell timeshare “exit services” to consumers, mostly involving senior citizens. The complaint, which was filed in the U.S. District Court for the Eastern District of Missouri, alleged that the defendants failed to assist consumers in exiting their timeshare contracts while collecting large fees for the incomplete service. The complaint also alleged that the defendants deceived consumers into registering for timeshare exit services by, among other things, falsely claiming that consumers could not exit timeshare contracts on their own, and that the defendants were affiliated with legitimate companies. The complaint further alleged that the defendants failed to notify consumers of their rights under federal and state law to cancel their contracts with defendants within three business days. The complaint noted that the defendants allegedly deceived consumers into paying over $90 million to the defendant companies for services that were not delivered. The complaint also stated that the defendants’ actions violated the FTC Act, the FTC’s rule concerning the cooling-off period for sales made at home or other locations, and certain Wisconsin state laws concerning fraudulent misrepresentations and direct marketing. The complaint seeks monetary relief, civil penalties, and injunctive relief. According to the DOJ, the defendants’ timeshare exit services are also the subject of lawsuits filed by the Alaska and Missouri attorneys general in June 2022.
FCC says consent is required for ringless voicemails
On November 21, the FCC issued a declaratory ruling that entities using ringless voicemail products must first obtain a consumer's consent prior to using the product to leave voicemails. According to the FCC, it receives “dozens of consumer complaints annually related to ringless voicemail.” The unanimous ruling establishes that ringless voicemails are “calls” that require consumers’ prior express consent, and further clarifies that a ringless voicemail is a form of a robocall, and therefore subject to the TCPA robocall prohibition, which prohibits making any non-emergency call with an automatic telephone dialing system or an artificial or prerecorded voice to a wireless telephone number without the prior express consent of the called party.
The FCC’s declaratory ruling denied a 2017 petition filed by a company that distributes technology that permits voicemail messages to be delivered directly to consumers’ voicemail services. The petitioner argued that ringless messages, and the process by which the ringless voicemail is deposited on a carrier’s platform, is neither a call made to a mobile telephone number nor a call for which a consumer is charged and, therefore, is a service that is not regulated. The FCC rejected the petitioner’s argument that ringless voicemail is not a TCPA call because it does not pass through a consumer’s phone line and that the TCPA protects only calls made directly to a wireless handset, and does not result in a charge to the consumer for the delivery of the voicemail message. The ruling noted that “consumers cannot block these messages and consumers experience an intrusion on their time and their privacy by being forced to spend time reviewing unwanted messages in order to delete them.” The ruling also noted that a “consumer’s phone may signal that there is a voicemail message and may ring once before the message is delivered, which is another means of intrusion. Consumers must also contend with their voicemail box filling with unwanted messages, which may prevent other callers from leaving important wanted messages.” According to a statement by FCC Chairwoman Jessica Rosenworcel, the rule makes it “crystal clear" that ringless voicemails are subject to the TCPA and that the Commission's rules "prohibit[] callers from sending this kind of junk without consumers first giving their permission to be contacted this way.”
DOJ, DOE announce process for discharging federal student loans in bankruptcy
On November 17, the DOJ, in coordination with the Department of Education (DOE), announced a new process for handling cases involving individuals seeking to discharge their federal student loans in bankruptcy. According to the DOJ, the process will leverage DOE data and a new borrower-completed attestation form to assist the government in assessing a borrower’s discharge request. The DOJ also noted that the process “will help ensure consistent treatment of the discharge of federal student loans, reduce the burden on borrowers of pursuing such proceedings and make it easier to identify cases where discharge is appropriate,” and “help borrowers who did not think they could get relief through bankruptcy more easily identify whether they meet the criteria to seek a discharge.” The DOJ and the DOE will review the information provided, apply the factors that courts consider relevant to the undue-hardship inquiry, and determine whether to recommend that the bankruptcy judge discharge the borrower’s student loan debt. The DOJ also distributed guidance outlining the new process to all U.S. Attorneys.
Treasury seeks to mitigate digital asset financial risks
On November 18, Assistant Secretary for Terrorist Financing and Financial Crimes at the U.S. Department of Treasury Elizabeth Rosenberg spoke before the Crypto Council for Innovation. In her prepared remarks, Rosenberg discussed an Action Plan to Mitigate the Illicit Finance Risks of Digital Assets (the “Action Plan”), which, according to Rosenberg, is a roadmap for how the U.S. government, led by Treasury, will bring greater transparency to the digital asset sector. The Action Plan is issued pursuant to President Biden’s Executive Order 14067 “Ensuring Responsible Development of Digital Assets” (covered by InfoBytes here). Rosenburg noted that the Action Plan identifies seven priority actions, including improving global anti-money laundering/countering the financing of terrorism (AML/CFT) regulation and enforcement, strengthening U.S. supervision of the virtual asset service providers sector, and engaging with the private sector. She emphasized that it is “critical” to work with the private sector, and between private sector entities, to detect and counter illicit finance. Rosenberg noted that to deepen Treasury’s insight, the agency released a Request for Comment (RFC) in September, seeking feedback on the Action Plan, the assessment of illicit financing risks, and opportunities to strengthen public-private collaboration.
As previously covered by InfoBytes, the RFC also sought public feedback on AML/CFT regulation and supervision, global implementation of AML/CFT standards, and central bank digital currencies. Rosenberg discussed two issues addressed in the comment letters: (i) a need for regulatory clarity; and (ii) more public-private engagement. Specifically, she noted that “[m]any of the comments acknowledged that in the United States, virtual asset service providers are subject to a regulatory framework for AML/CFT and have sanctions obligations.” She further noted that “industry commenters identified specific areas, such as questions around decentralized finance (DeFi), where they could benefit from additional regulatory clarity or guidance.” Rosenberg also emphasized that Treasury wants to “ensure that safeguards are in place to promote the responsible development of virtual assets to maintain privacy and shield against arbitrary or unlawful surveillance.” She further noted that the goal and intention of Treasury “is not to deter the development of technologies that provide privacy for virtual asset transfers,” and that Treasury “welcome[s] opportunities to further engage with industry on how these technologies can both promote privacy while also mitigating illicit finance risks and complying with regulatory and sanctions obligations.”
CFPB aims to protect consumers at the local level
On November 18, the CFPB released a blog describing how CFPB complaint data can help cities and counties protect the public. According to the Bureau, one of the major ways it regulates consumer financial products and services and protects consumers from unfair, deceptive, or abusive acts or practices is through collecting, monitoring, and responding to consumer complaints. The complaints the Bureau receives help inform its policy and regulatory priorities and enforcement activities, according to the blog. The Bureau further noted that consumer complaints “can shine a light on trends and practices that could cause another financial calamity and once again inflict long-term havoc on consumers’ financial wellbeing.” The Bureau said it intends to increase the impact of its complaint data by sharing it with cities and counties to protect consumers at the local level, which will be "a win-win for consumers and the CFPB” because it “helps protect as many consumers as possible from predatory lending, barriers to credit, and other consumer harms.” For its initial engagement, the Bureau chose cities and counties that were best positioned to benefit from the CFPB’s complaint data, including “[l]ocal governments with civil or criminal prosecutorial authority to monitor and enforce their own consumer protection laws as well as force-multiply enforcement of federal consumer financial protection laws such as those available under the Consumer Financial Protection Act”; and “[l]ocal governments with, or that are working to create, financial empowerment offices and developing financial empowerment strategies to improve financial stability for low- and moderate-income households.”
The Bureau explained that after completing the review process, it onboarded the local governments to the CFPB’s Government Portal, which provides local, state, and federal government agencies access to more granular information about consumers’ complaints and companies’ responses through a secure interface. Onboarding to the Government Portal, which required the cities and counties to sign a confidentiality and data access agreement with strict personal data protection requirements, enables the cities and counties to, among other things: (i) view in real-time what consumers are experiencing in the financial marketplace and how companies are responding; (ii) download complaints to examine and enforce rules protecting consumers; and (iii) compare problems constituents are facing to other localities and nationwide. Through the Government Portal, local governments can directly submit constituents’ complaints and get responses from the companies. The Bureau noted that the complaint data can also help local government officials identify what gaps exist, and what fixes are needed, which therefore helps in its mission to foster increased consumer awareness and eventual empowerment.
FHA to accept private flood insurance for FHA-insured mortgages
On November 21, FHA published a final rule in the Federal Register to allow homeowners with FHA-insured mortgages to obtain flood insurance policies that meet FHA requirements from private insurance providers. Specifically, the Acceptance of Private Flood Insurance for FHA-Insured Mortgages final rule updates agency regulations to give borrowers the option to purchase a comparable private insurance policy that conforms to FHA requirements in lieu of a National Flood Insurance Program (NFIP) policy for FHA-insured mortgages secured by properties located in FEMA-designated special flood hazard areas (SFHAs). Previously, only flood insurance obtained through the NFIP was accepted. The final rule applies to all FHA-insured single family Title II mortgages, including home equity conversion mortgages, and loans insured under FHA Title I programs. Lenders should refer to Mortgagee Letter 2022-18 for guidance on implementing the final rule’s requirements, which are effective December 21.
Concurrently, HUD issued a press release stating that beginning December 21, “FHA will require lenders to provide detailed flood insurance coverage information when electronically submitting mortgages for FHA insurance on properties in SFHAs.” According to HUD, “[t]his data collection is an objective included in HUD’s Climate Action Plan and will allow FHA to capture and analyze flood insurance information on mortgages in its portfolio at a more granular level than has been possible previously.”
FINRA requests information on crypto asset retail communications
Recently, FINRA announced that it is conducting a targeted exam of firm practices regarding retail communications on crypto asset products and services for the time period of July 1, 2022 through September 30, 2022. In the targeted exam letters, FINRA requested, among other things, that firms or their affiliates provide: (i) all retail communications on the firm’s behalf that refer to, relate to, or concern a crypto asset or service involving the transaction or holding of a crypto asset; (ii) written supervisory procedures concerning the review, approval, record keeping, and dissemination of communications; and (iii) any compliance policies, manuals, training materials, compliance bulletins, and any other written guidance.