InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Latest CFPB Rulemaking Agenda Adds Some New Initiatives, Updates Timelines For Others
On December 3, the CFPB released its fall 2013 rulemaking agenda, part of the broader government Unified Agenda initially published last week. The CFPB’s latest agenda pushes back the timelines on several key initiatives, but offers relatively few new initiatives. One notable exception is that the CFPB included planned activities related to a potential rule on overdraft products, which will build off of the CFPB’s overdraft white paper released earlier this year.
The CFPB agenda also indicates that the Bureau plans additional activities related to the mortgage rules issued earlier this year and updated throughout the year. For example, the agenda states the CFPB will consider additional guidance that would facilitate the development of automated underwriting systems for purposes of calculating debt-to-income ratios in connection with qualified mortgage determinations. Also, as expected, the CFPB plans to conduct further analysis to consider possible amendments to the definitions of "rural" and "underserved" for purposes of certain exemptions from the mortgage rules.
With regard to timelines, for example, “prerule activities” related to the eventual HMDA rule have again been delayed, with no public action expected before February 2014. Similarly, a proposed rule related to GPR prepaid cards now is expected no sooner than May 2014. The CFPB also promised to return to its prior efforts to streamline and modernize regulations that it inherited from other agencies, including the Gramm-Leach-Bliley Act's annual privacy notice requirements.
Special Alert: CFPB Finalizes Rule Combining TILA and RESPA Mortgage Disclosures
UPDATED OCTOBER 14, 2014: Updated to reflect amendments proposed by the CFPB on October 10, 2014.
On November 20, 2013, the CFPB finalized its long-awaited rule combining the mortgage disclosures consumers receive under the Truth in Lending Act (“TILA”) and the Real Estate Settlement Procedures Act (“RESPA”). For more than 30 years, the TILA and RESPA mortgage disclosures had been administered separately by, respectively, the Federal Reserve Board (“FRB”) and the U.S. Department of Housing and Urban Development (“HUD”). In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) transferred authority over TILA and RESPA to the Bureau and directed the Bureau to create “rules and model disclosures that combine the disclosures required under [TILA] and sections 4 and 5 of [RESPA], into a single, integrated disclosure for mortgage loan transactions covered by those laws.” Congress did not, however, amend TILA and RESPA provisions governing timing, responsibility, and liability for the disclosures, leaving it to the Bureau to resolve the inconsistencies. The final rule generally applies to covered transactions for which the creditor or mortgage broker receives an application on or after August 1, 2015.
Click here to read our Special Alert. (Updated 10/15/14)
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Jeffrey P. Naimon, (202) 349-8030
- Clinton R. Rockwell, (310) 424-3901
- John P. Kromer, (202) 349-8040
- Joseph M. Kolar, (202) 349-8020
- Jeremiah S. Buckley, (202) 349-8010
OCC, FDIC Finalize Deposit Advance Guidance
On November 21, the OCC and the FDIC separately issued guidance that establishes numerous expectations for institutions offering deposit advance products, including with regard to consumer eligibility, capital adequacy, fees, compliance, management oversight, and third-party relationships. For example, under the guidance the agencies expect banks to offer a deposit advance product only to customers who (i) have at least a six month relationship with the bank; (ii) do not have any delinquent or adversely classified credits; and (iii) meet specific financial capacity standards. The guidance also establishes, among other things, that (i) each deposit advance loan be repaid in full before the extension of a subsequent loan; (ii) banks refrain from offering more than one loan per monthly statement cycle and provide a “cooling-off period” of at least one monthly statement cycle after the repayment of a loan before another advance is extended; and (iii) banks reevaluate customer eligibility every six months. The final guidance is substantially the same as the versions proposed in April. However, the agencies added language to clarify that eligibility and underwriting expectations do not require the use of credit reports, and to emphasize that the guidance applies to all deposit advance products regardless of how the extension of credit is offered. Acknowledging the demand for short-term, small-dollar credit products, and dismissing the concerns that the guidance might restrict such credit, the FDIC encouraged banks to continue to offer “properly structured products” and to develop new or innovative programs to effectively meet the need for small-dollar credit. As a reminder, the Federal Reserve Board did not propose similar guidance, but instead issued a policy statement.
OCC Continues OTS Integration, Rescinds OTS Compliance Documents
On November 20, the OCC announced in Bulletin 2013-34 that as part of its ongoing implementation of the Dodd-Frank Act’s mandate that the OCC integrate Office of Thrift Supervision (OTS) policies with existing OCC policies, the OCC is rescinding the OTS compliance documents listed in an appendix provided with the announcement. A second appendix lists OCC policy guidance that the OCC is applying to federal savings associations in cases where policy guidance did not already exist. The announcement does not cover OTS policies and guidance related to the FCRA, the CRA, UDAP, or mortgage regulations, which the OCC plans to address at a later date.
Banking Regulators Finalize Revised CRA Guidance
On November 15, the Federal Reserve Board, the FDIC, and the OCC finalized revisions to the “Interagency Questions and Answers Regarding Community Reinvestment” (Q&As). The agencies adopted the revisions largely as proposed, with some minor changes in response to comments. The new Q&As, which include revisions to five questions and answers and two new questions, generally are intended to: (i) clarify how the agencies consider community development activities that benefit a broader statewide or regional area that includes an institution’s assessment area; (ii) provide guidance related to CRA consideration of, and documentation associated with, investments in nationwide funds; (iii) clarify the consideration of certain community development services, such as service on a community development organization’s board of directors; (iv) address the treatment of loans or investments to organizations that, in turn, invest those funds and use only a portion of the income from their investment to support a community development purpose; and (v) clarify that community development lending performance is always a factor considered in a large institution’s lending test rating. The new Q&As take effect when they are published in the Federal Register.
OCC Establishes Standards For Independent Consultants Required Under Enforcement Actions
On November 12, the OCC issued Bulletin 2013-33, which establishes the standards the OCC uses when it requires banks to employ independent consultants as part of an enforcement action. The Bulletin explains that when conducting its initial assessment of the need for an independent consultant, the OCC considers, among other factors: (i) the severity of the violations; (ii) the criticality of the function requiring remediation; (iii) confidence in bank management’s ability to identify violations and take corrective action in a timely manner; (iv) the expertise, staffing, and resources of the bank to perform the necessary actions; (v) actions already taken by the bank to address the violations or issues; and (vi) the services to be provided by an independent consultant. The bulletin outlines the OCC’s process for reviewing a consultant selected by a bank, including its expectations for a bank’s due diligence process when retaining an independent consultant. The bulletin also describes the OCC’s oversight of the performance of the consultant, the nature of which can be impacted by, among other things: (i) the nature of deficiencies or violations the independent consultant is engaged to identify, including with respect to recommendations regarding remediation; (ii) the scope and duration of work; and (iii) the potential for and materiality of harm to consumers and the bank.
CFPB Considers New Debt Collection Rules
On November 6, the CFPB announced an advance notice of proposed rulemaking (ANPR) to solicit input on a wide array of issues related to consumer protection in the debt collection market. With the release of the ANPR, the CFPB also announced the publication of approximately 5,000 debt collection complaints in its consumer complaint database.
The ANPR marks the Bureau’s first step toward exercising its rulemaking authority under the Fair Debt Collection Practices Act (FDCPA). Notably, although the FDCPA generally applies only to third-party debt collectors, the CFPB’s regulations could extend to original creditors as well. In addition to the CFPB’s express authority to make substantive rules under the FDCPA, the Bureau made all creditors subject to debt collection guidance issued earlier this year pursuant to its general authority to regulate unfair, deceptive, and abusive practices.
The 162 questions contained in the ANPR focus primarily on the accuracy of information used by debt collectors, how to ensure consumers know their rights, and the communication tactics collectors employ to recover debts.
- Information Accuracy—Due to concern over how information is transferred, the CFPB seeks input on current processes for transferring records and ensuring the integrity of information transmitted. Specifically, the CFPB inquires about how account holders are identified and verified, how claims of improper identification are handled, how amounts of indebtedness are confirmed, and how claims of indebtedness are supported.
- Informed Consumers—Based on its belief that consumers may not sufficiently understand debt collection processes, the CFPB seeks input on the quality of information and disclosures provided to debtors. Specifically, the CFPB inquires about the information and disclosures provided with respect to the specific debt being collected and the debtors’ legal rights, including the rights to dispute debt and limit certain communications.
- Communication Tactics—Based on its concern that harmful communication tactics continue in the debt collection market, the CFPB seeks input on tactics not addressed by the FDCPA. Specifically, the CFPB inquires about frequency of contact with debtors, the means of communication employed, and the use and prevalence of threats by collectors.
The deadline for comments is 90 days from publication of the ANPR in the Federal Register.
CFPB Mortgage Disclosure Rule Now Expected on November 20, 2013
On November 1, the CFPB announced a field hearing on “Know Before You Owe: Mortgages,” to be held on Wednesday, November 20 at 11 a.m. EST in Boston. In conjunction with the hearing, the Bureau is expected to release its long-awaited final rule combining the Good Faith Estimate and HUD-1 with the mortgage disclosures under the Truth in Lending Act.
The CFPB has stated that the event will feature remarks from CFPB Director Richard Cordray, as well as testimony from consumer groups, industry representatives, and members of the public. The final rule, which was originally expected in October, will not only replace the forms that consumers receive during the mortgage origination process but will also fundamentally alter the regulations governing the preparation and provision of – and liability for – those disclosures. As a result, lenders, settlement agents, and service providers will be required to make extensive changes to their systems, compliance programs, and contractual relationships.
In September, BuckleySandler hosted a webinar covering the key issues in this rulemaking and discussing what industry can do to start preparing now. The webinar featured a discussion with Jeff Naimon, who has spent years assisting the industry with the existing forms. Please contact Jeff for a copy of the webinar materials or with any questions about the expected rule.
Special Alert: OCC Updates Third-Party Risk Management Guidance
On October 30, the OCC issued Bulletin 2013-29 to update guidance relating to third-party risk management. The Bulletin, which rescinds OCC Bulletin 2001-47 and OCC Advisory Letter 2000-9, requires banks and federal savings associations (collectively “banks”) to provide comprehensive oversight of third parties, including joint ventures, affiliates or subsidiaries, and payment processors. It is substantially more prescriptive than CFPB Bulletin 2012-3, and incorporates third-party relationship management principles underlying recent OCC enforcement actions.
The Bulletin warns that failure to have in place an effective risk management process commensurate with the risk and complexity of a bank’s third-party relationships “may be an unsafe and unsound banking practice.” It outlines a “life cycle” approach and provides detailed descriptions of steps that a bank should consider taking at five important stages:
Planning: A third party relationship should begin with an internal assessment of risks relating to third parties in general, and to the intended third party in particular. Such planning should focus on both the potential impact to the bank and the bank’s customers, as well as potential security, regulatory, and legal ramifications.
Due Diligence and Third Party Selection: The Bulletin requires that the bank conduct an adequate due diligence review of the third party prior to entering a contract. Proper due diligence includes a thorough evaluation of all potential third parties, and the degree of diligence should be commensurate with the level of risk and complexity. In particular, banks should look to external organizations such as trade associations, the Better Business Bureau, the FTC, and state regulators when performing diligence on consumer-facing third parties. While prior Bulletin 2001-47 contained a list of potential items for due diligence review, Bulletin 2013-29 describes them in more detail and adds to the specific areas that due diligence should focus on, including:
- Legal and regulatory compliance: The bank should “evaluate the third party’s legal and regulatory compliance program to determine whether the third party has the necessary licenses to operate and the expertise, processes and controls to enable the bank to remain compliant with domestic and international laws and regulations;”
- Fee structure and incentives: The bank should determine if the fee structure and incentives would create burdensome upfront fees or result in inappropriate risk taking by the third party or the bank;
- Risk management systems: The bank should have adequate policies, procedures, and internal controls, as well as processes to escalate, remediate, and hold management accountable for audit and independent testing reviews;
- Human resource management: The bank should review the third party’s training program and processes to hold employees accountable for compliance with policies and procedures; and
- Conflicting contractual arrangements: The bank should check a third-party vendor’s contractual arrangements with other third parties, which may indemnify the vendor and may therefore expose the bank to additional risk.
Contract Negotiation: All relationships should be documented by a written contract that clearly defines the responsibilities of both the bank and the third party. Among other things, the contract should provide for performance benchmarks, information retention, the right to perform an audit, and OCC supervision. Bulletin 2013-29 expands upon Bulletin 2001-47 with respect to the following areas:
- Legal and regulatory compliance: Contracts should require compliance with applicable laws and regulations, including GLBA, BSA/AML, OFAC, and fair lending, as well as other consumer protection laws and regulations;
- Audits and remediation: Contracts should provide for the bank’s right to conduct audits and periodic regulatory compliance reviews, and to require remediation of issues identified;
- Indemnification: Contracts should include indemnification as appropriate for noncompliance with applicable law, and for failure to obtain any necessary intellectual property licenses;
- Consumer complaints: The bank should specifically require the third party to submit “sufficient, timely, and usable information on consumer complaints to enable the bank to analyze customer complaint activity and trends for risk management purposes;” and
- Subcontractor management: The bank should incorporate provisions specific to the third party’s own use of subcontractors, including obligations to report on conformance with performance measures and compliance with laws and regulations, and should reserve the right to terminate the contract if the subcontractors do not meet the third party’s obligations to the bank.
Ongoing Monitoring: The bank should dedicate sufficient staff to monitor the third party’s activities throughout the relationship as it may change over time. Bulletin 2013-29 expands upon Bulletin 2001-47 in the following notable ways:
- Legal and regulatory compliance: The bank should monitor third-party vendors for compliance with all applicable laws and regulations;
- Early identification of issues: The bank should consider whether the third party has the ability to effectively manage risk by self-identifying and addressing issues;
- Subcontractor management: The bank should continuously monitor a third-party vendor’s reliance on or exposure to subcontractors and perform ongoing monitoring and testing of subcontractors; and
- Consumer complaints: The bank should monitor the “volume, nature, and trends” of consumer complaints relating to the actions of third-party vendors, particularly those that may indicate compliance or risk management deficiencies.
Termination: The Bulletin specifies for the first time a termination “stage” in the third-party relationship management life cycle. Banks should develop a contingency plan for the end of the relationship, either through the normal course or in response to default. The contingency plan may transfer functions to a different third party or in-house.
The Bulletin defines as “critical” any activities involving significant bank functions (payments, clearing, settlements, and contingency planning); significant shared services (information technology); or other activities that (i) could cause a bank to face significant risk as a result of third-party failures, (ii) could have significant customer impacts, (iii) involve relationships that require significant investments in resources to implement and manage, and (iv) could have a major impact on bank operations if an alternate third party is required or if the outsourced activity must be brought in-house.
These “critical” activities should be the focus of special, enhanced risk management processes. Specifically, the bank should conduct more extensive due diligence on the front end, provide summaries of due diligence to the board of directors, ensure that the board of directors reviews and approves third-party contracts, engage in more comprehensive ongoing monitoring of the third party’s performance and financial condition (including, potentially, a look comparable to the analysis the bank would perform when extending credit), ensure that the board of directors reviews the results of ongoing monitoring, and periodically arrange for independent testing of the bank’s risk controls.
Finally, the Bulletin sets forth obligations and responsibilities relating to third-party relationships from the bank employees who manage them to the board of directors, including retention of due diligence results, findings, and recommendations, as well as regular reports to the board and senior management relating to the bank’s overall risk management process.
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Jeffrey P. Naimon, (202) 349-8030
- Christopher M. Witeck, (202) 349-8051
- Jon David Langlois, (202) 349-8045
Prudential Regulators Issue Joint Agreement On Classification And Appraisal Of Securities Held By Financial Institutions
On October 29, the FDIC, the Federal Reserve Board, and the OCC issued a joint agreement to update and revise the 2004 Uniform Agreement on the Classification of Assets and Appraisal of Securities Held by Banks and Thrifts. The updated agreement reiterates the importance of a robust investment analysis process and the agencies' longstanding asset classification definitions. It also replaces references to credit ratings with alternative standards of creditworthiness consistent with sections 939 and 939A of the Dodd-Frank Act, which directed the agencies to remove any reference to or requirement of reliance on credit ratings in the regulations and replace them with appropriate standards of creditworthiness. The agencies adopted those new standards in 2012 (see, e.g., the OCC’s final rule). The joint agreement provides examples to demonstrate the appropriate application of the new standards to the classification of securities.