InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC affirms three-call limit but permits oral consent
On December 21, the FCC issued an order on reconsideration and declaratory ruling under the TCPA, affirming a three-call limit and opt-out requirements for exempted residential calls. According to the FCC, the ruling is in response to requests from industry trade groups related to a 2020 order implementing portions of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act). The ruling upheld the three-call-limit for exempt calls made using automated telephone dialing systems to residential lines but revised the 2020 order’s requirement for “prior express written consent” to allow callers to obtain consent orally or in writing if they wish to make more calls than allowed. The FCC also granted a request to confirm that “prior express consent” for calls made by utility companies to wireless phones applies equally to residential landlines. The FCC noted that “limiting the number of calls that can be made to a particular residential line to three artificial or prerecorded voice calls within any consecutive thirty-day period strikes the appropriate balance between these callers reaching consumers with valuable information and reducing the number of unexpected and unwanted calls consumers currently receive.”
NCUA proposal looks to promote CU-fintech partnerships
On December 15, the NCUA issued a proposed rule seeking input on amendments to the agency’s regulations on the purchase of loan participations and the purchase, sale, and pledge of eligible obligations and other loans, including notes of liquidating credit unions. Among other things, the proposed rule would remove certain prescriptive limitations and other qualifying requirements to provide federal credit unions with additional flexibility to purchase eligible obligations of their members and engage with advanced technologies and other opportunities presented by fintechs. Improved flexibility and individual autonomy will allow federal credit unions “to establish their own risk tolerance limits and governance policies for these activities, while codifying due diligence, risk assessment, compliance and other management processes that are consistent with the Board’s long-standing expectations for safe, sound, fair and affordable lending practices,” the NCUA said. Comments on the proposed rule are due 60 days after publication in the Federal Register.
“As I have emphasized before, credit unions should recognize and harness the potential opportunities fintechs may offer them,” NCUA Chairman Todd Harper said. “However, we must also acknowledge the potential risks they pose to credit unions, their members, and the system and develop appropriate guardrails. This proposed rule strikes that balance. It provides flexibility, safety, and tailored relief to credit unions while fostering greater innovation.”
California privacy agency holds public meeting on CPRA
On December 16, the California Privacy Protection Agency (CPPA) Board held a public meeting to discuss the ongoing status of the California Privacy Rights Act (CPRA). As previously covered by InfoBytes, the CPRA (largely effective January 1, 2023, with enforcement delayed until July 1, 2023) was approved by ballot measure in November 2020 to amend and build on the California Consumer Privacy Act (CCPA). In July, the CPPA initiated formal rulemaking procedures to adopt proposed regulations implementing the CPRA, and in November the agency posted updated draft regulations (covered by InfoBytes here and here). The CPPA stated it anticipates conducting additional preliminary rulemaking in early 2023. After public input is received, the CPPA will discuss proposed regulatory frameworks for risk assessments, cybersecurity audits, and automated decisionmaking.
During the board meeting, the CPPA introduced sample questions and subject areas for preliminary rulemaking that will be provided to the public at some point in 2023, and finalized and approved at a later meeting. The questions and topics relate to, among other things, (i) privacy and security risk assessment requirements, including whether the CPPA should follow the approach outlined in the European Data Protection Board’s Guidelines on Data Protection Impact Assessment, as well as other models or factors the agency should consider; (ii) benefits and drawbacks for businesses should the CPPA accept a business’s risk assessment submission that was completed in compliance with GDPR’s or the Colorado Privacy Act’s requirements for these assessments; (iii) how the CPPA can ensure cybersecurity audits, assessments, and evaluations are thorough and independent; and (iv) how to address profiling and logic in automated decisionmaking, the prevalence of algorithmic discrimination, and whether opt-out rights with respect to a business’s use of automated decisionmaking technology differ across industries and technologies. The CPPA said it is also considering different rules for businesses making under $25 million in annual gross revenues.
GSEs must seek FHFA preapproval for new products
On December 20, FHFA announced a final rule requiring Fannie Mae and Freddie Mac to provide advance notice of new activities and to obtain prior approval before launching new products. (See also fact sheet here.) Among other things, the final rule establishes that FHFA will determine which new activities merit public notice and comment and would be treated as new products subject to prior approval. Specifically, the final rule establishes that once a Notice of New Activity is deemed received, FHFA has 15 calendar days to determine if the new activity is a new product that merits public notice and comment. Additionally, the final rule establishes a public disclosure requirement for FHFA to publish its determinations on new activity and new product submissions. Among other things, if the agency “determines that a new activity is a new product, the final rule requires FHFA to publish a public notice soliciting comments on the new product for a 30-day period.” The final rule is effective 60 days after publication in the Federal Register.
HUD seeks public input on disaster recovery funds
On December 20, HUD released two new requests for information (RFIs) seeking public input on how to simplify, modernize, and more equitably distribute critical disaster recovery funds. According to HUD, the RFIs are a broader element of HUD’s newly published Climate Action Plan, “which emphasizes both equity and resilience in disaster recovery, as well as the Biden-Harris Administration’s commitment to strengthening low- and moderate-income communities.” HUD noted that the Community Development Block Grant Disaster Recovery and Mitigation focus on long-term recovery and resilience efforts, targeted to families with low- and moderate-incomes in the most impacted and distressed areas. HUD also noted that both funds are “unique” from other federal disaster assistance programs by FEMA and the SBA, as well as private insurance, because it is the only federal resource with the primary purpose of benefiting low- and moderate-income communities. HUD further noted that the RFIs will inform the policy that will tear down barriers and eliminate unnecessary administrative burden, as to provide better and quicker assistance to those affected.
Agencies release annual CRA asset-size threshold adjustments
On December 19, the Federal Reserve Board, FDIC, and OCC announced (see here and here) joint annual adjustments to the CRA asset-size thresholds used to define “small bank” and “intermediate small bank,” which are not subject to the reporting requirements applicable to large banks unless they choose to be evaluated as one. A “small bank” is defined as an institution that, as of December 31 of either of the prior two calendar years, had less than $1.503 billion in assets. An “intermediate small” bank is defined as an institution that, as of December 31 of both of the prior two calendar years, had at least $376 million in assets, and as of December 31 of either of the past two calendar years, had less than $1.503 billion in assets. The joint final rule takes effect on January 1, 2023.
OCC rescinds FDCPA section of booklet
On December 15, the OCC announced that the Federal Financial Institutions Examination Council’s Task Force on Consumer Compliance adopted revised examination procedures for the FDCPA and its implementing regulation, Regulation F. Among other things, the revised interagency examination procedures incorporate the CFPB's 2020 and 2021 FDCPA that went into effect in November 2021. The announcement noted that the agency is rescinding the “Fair Debt Collection Practices Act” section of the “Other Consumer Protection Laws and Regulations” booklet of the Comptroller's Handbook. The revised interagency examination procedures address, among other things: (i) determinations of whether a bank is a debt collector under the FDCPA and Regulation F; (ii) prohibitions on certain communications with consumers in connection with debt collection; and (iii) requirements for a reasonable and simple method that consumers can use to opt out of additional communications and attempts to communicate.
FHA announces pandemic assistance on reverse mortgages
On December 15, FHA published Mortgagee Letter 2022-23, COVID-19 Home Equity Conversion Mortgage (HECM) Property Charge Repayment Plan, which provides requirements for a new property charge repayment plan option for senior homeowners with HECMs who have gotten behind on their property charge payments as a result of the Covid-19 pandemic. The eligibility policies of the new repayment plan include, among other things:
- Making the plan available to borrowers who have applied for Homeowner Assistance Fund (HAF) assistance, if the HAF funds combined with the borrower’s ability to repay will satisfy the servicer’s advances for the delinquent property charges;
- Permitting the Covid-19 HECM Repayment Plan regardless of whether the borrower has been unsuccessful on a prior repayment plan and whether the borrower owes over $5,000 in property charge advances; and
- Requiring a verbal attestation from the borrower that they have been impacted by Covid-19.
Additionally, borrowers may receive a repayment plan regardless of the dollar amount of property charge payments owed. Further, servicers can offer homeowners a repayment plan of up to five full years (60 months) regardless of whether a prior repayment plan has been used.
NYDFS reminds institutions to seek prior approval before engaging in virtual currency activities
On December 15, NYDFS released virtual currency guidance for regulated banking institutions and licensed branches and agencies of foreign banking organizations. NYDFS reminded covered institutions that they must seek prior approval at least 90 days before engaging in any new or significantly different virtual currency-related activity. The agency noted that this requirement also applies in situations where any portion of the activity will be handled by a third party. The guidance outlines the process institutions should observe for seeking prior approval and summarizes the following categories of information that the agency will consider when assessing proposals: business plan, risk management, corporate governance and oversight, consumer protection, financials, and legal and regulatory analysis. The guidance includes a supplemental checklist of initial documents and required information.
NYDFS reiterated that prior approvals “to engage in virtual currency-related activity does not constitute general consent for that institution to engage in other types of virtual currency-related activity, nor does it authorize other Covered Institutions to undertake that same activity.” Institutions already engaging in virtual-currency related activities should immediately notify NYDFS, if they have not already done so. The guidance, which is not intended to limit the scope or applicability of any law or regulation, is effective as of its release date and applies to all regulated institutions for all virtual currency-related activities.
FinCEN issues proposed beneficial ownership information access and safeguards rulemaking
On December 15, FinCEN issued a notice of proposed rulemaking (NPRM) to implement provisions of the Corporate Transparency Act (CTA) that govern the access to and protection of beneficial ownership information. (See also FinCEN fact sheet here.) The NPRM follows a final rule issued by FinCEN at the end of September (effective January 1, 2024), which establishes a beneficial ownership information reporting requirement (Reporting Rule) and requires most corporations, limited liability companies, and other entities created in or registered to do business in the U.S. to report information about their beneficial owners to FinCEN. (Covered by InfoBytes here.)
In accordance with CTA requirements related to beneficial ownership information access and safeguard provisions, FinCEN’s NPRM proposes regulations for establishing who may request beneficial ownership information, how the information must be secured, and non-compliance penalties. Specifically, the proposal would limit the disclosure of beneficial information to “[f]ederal agencies engaged in national security, intelligence, or law enforcement activities; state, local, and Tribal law enforcement agencies with court authorization; financial institutions with customer due diligence requirements and regulators supervising them for compliance with such requirements; foreign law enforcement agencies, prosecutors, judges, and other agencies that meet specific criteria; and Treasury officers and employees under certain circumstances.” The proposal would also require authorized recipients to maintain security and confidentiality protocols that align with the scope of access and use provisions.
Among other things, the NPRM addresses aspects of the secure, non-public beneficial ownership database that is currently in development, and specifies when and how reporting companies may report FinCEN identifiers tied to entities. Under the proposal, foreign requesters would be required to make their requests for beneficial ownership information through intermediary federal agencies, and financial institutions would only be allowed to request this information from FinCEN for purposes of complying with customer due diligence (CDD) requirements and only after receiving consent from the reporting company to which the information pertains.
Comments on the NPRM are due by February 14, 2023. FinCEN explained that this is the second of three rulemakings planned to implement the CTA. The third rulemaking, which will revise FinCEN’s CDD rule, will occur no later than one year after the effective date of the Reporting Rule.