InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC proposes amendments to electronic filing requirements
On November 4, the SEC announced two proposed amendments (Updating EDGAR Filing Requirements and Electronic Submission of Applications for Orders under the Advisers Act and the Investment Company Act, Confidential Treatment Requests for Filings on Form 13F, and Form ADV-NR; Amendments to Form 13F), which update electronic filing requirements. These proposed amendments are intended to increase efficiency, transparency, and operational resiliency by modernizing how information is submitted to the SEC and disclosed. The proposed rule and form amendments would require, among other things, certain forms to be filed or submitted electronically and would make technical amendments to certain forms to require structured data reporting and eliminate outdated references. According to the SEC, the Commission currently allows, and at times requires, certain forms to be filed or submitted in paper format. The SEC also noted that publicly filed electronic submissions would be more readily accessible to the public and would be available in a searchable format on the SEC’s website. The public comment period will be open for 30 days after publication in the Federal Register.
The same day, the SEC published a fact sheet clarifying, among other things, how the rule applies and what is required under the proposed amendments. According to a statement released by SEC Chair Gary Gensler, “just as we are hoping to update our rules for market participants in the face of rapidly changing technology, it’s also important that we update our rules to make filing obligations more efficient.”
CFPB seeks comments on recent orders to U.S. tech companies
On November 5, the CFPB published a notice in the Federal Register seeking public comments on recently issued orders to six large U.S. technology companies requesting information and data on their payment system business practices (covered by InfoBytes here). According to the notice, the Bureau invites comments from “any interested parties, including consumers, small businesses, advocates, financial institutions, investors, and experts in privacy, technology, and national security.” The notice is “one of many efforts within the Federal Reserve System to plan for the future of realtime payments and to ensure a fair and competitive payments system in our country.” Comments are due by December 6.
CFPB deputy director discusses future rulemaking research efforts
On November 5, CFPB Deputy Director Zixta Martinez spoke before the Bureau’s Academic Research Council (ARC) meeting, in which she discussed recent research efforts taken to inform future rulemaking and identify root causes of challenges facing consumers. Martinez highlighted Section 1022 orders recently sent to several big tech payment platforms seeking information on their products, plans, and practices (covered by InfoBytes here). She noted that the evaluation of these companies’ payments platform data will help inform the Bureau on the future of the payments system as well as potential emerging risks, and will provide insights that may impact future rulemaking under Section 1033 concerning the disclosure of consumer data by regulated entities. Among other things, Martinez also discussed the importance of small business lending research to better understand whether these businesses provide fair and equitable access to credit and referred to the Bureau’s Section 1071 notice of proposed rulemaking issued in September (covered by a Buckley Special Alert). Martinez also noted that one of the Bureau’s priorities is ensuring access to fair and affordable credit for low-income, minority, or traditionally underserved communities, and said the Office of Research will solicit “suggestions and advice for ways to integrate racial and economic equity analyses into the CFPB’s research agenda.”
FATF updates virtual assets and service provider guidance
On October 28, the Financial Action Task Force (FATF) updated pre-existing guidance on its risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The updated guidance revises guidance originally released in 2019. According to FATF standards, countries are required to “assess and mitigate their risks associated with virtual asset financial activities and providers; license or register providers and subject them to supervision or monitoring by competent national authorities.” The guidance includes updates on certain key areas, such as: (i) expanding the definitions of VAs and VASPs; (ii) applying FAFT standards to stablecoins; (iii) adding guidance regarding the risks and the tools available to countries for the purpose of addressing money laundering and terrorist financing risks for peer-to-peer transactions; (iv) revising VASP licensing and registration guidance; (v) adding guidance for the public and private sectors on the implementation of the “travel rule”; and (vi) adding a section for principles of information-sharing and co-operation amongst VASP Supervisors. FATF also noted that the “guidance addresses the areas identified in the FATF’s 12-Month Review of the Revised FATF Standards on virtual assets and VASPs requiring further clarification and also reflects input from a public consultation in March - April 2021.”
NYDFS issues proposed amendments to debt collection rules for third-parties
On October 29, NYDFS issued draft proposed amendments to 23 NYCRR 1, which regulates third-party debt collectors and debt buyers. Among on things, the proposed amendments:
- Define “communication” as “the conveying of information regarding a debt directly or indirectly to any person through any medium.”
- Amend the definition of a “debt collector” to include “as any creditor that, in collecting its own debts, uses any name other than its own that would suggest or indicate that someone other than such creditor is collecting or attempting to collect such debts.”
- Require collectors to clearly and conspicuously send written notification within five days after an initial communication with a consumer letting the consumer know specific information about the debt, including (i) the name of the creditor to which the debt was originally owed or alleged to be owed; (ii) account information associated with the debt; (iii) merchant/affinity/facility brand association; (iv) the name of the creditor to which the debt is currently owed; (v) the date of alleged default; (vi) the date the last payment (including any partial payment) was made; (vii) the statute of limitations, if applicable; (viii) an itemized accounting of the debt, including the amount currently due; and (ix) notice that the consumer “has the right to dispute the validity of the debt, in part or in whole, including instructions for how to dispute the validity of the debt.”
- State that disclosures may not be sent exclusively through an electronic communication, and that a formal pleading in a civil action shall not be treated as an initial communication.
- Prohibit collectors from communicating by telephone or other means of oral communication when attempting to collect on debts for which the statute of limitations has expired.
- Require collectors to provide consumer written substantiation of a debt within 30 days of receiving a written request via mail (consumers who consent to receiving electronic communications must still receive substantiation via mail).
- Limit collectors to three contact attempts via telephone in a seven-day period. Only one conversation with a consumer is permitted unless a consumer requests to be contacted.
- Permit collectors to communicate with consumers through electronic channels only if the consumer has voluntarily provided consent directly to the debt collector.
Comments on the proposal are due November 8.
CFPB publishes Regulation F debt collection compliance guidance
On October 29, the CFPB released information on validation notices to help facilitate compliance with requirements in the Regulation F debt collection final rule. As previously covered by InfoBytes, in October 2020 the CFPB issued its final rule (effective November 30) amending Regulation F, which implements the Fair Debt Collection Practices Act, addressing debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. The CFPB released guidance for debt collectors offering instructions on how to provide certain validation information, including using the “Itemization Table” in the model validation notice as well as examples of how the table might be completed for different types of debts. The guidance also provides, among other things, examples of itemization tables for the collection of multiple debt owned by the same consumer.
The Bureau also issued new FAQs related to Regulation F that address validation information generally and validation information related to residential mortgage debt. Among other things, the FAQs: (i) specify the validation information debt collectors must provide consumers who owe or allegedly owe a debt; (ii) clarify that while the use of the model validation notice provided in Appendix B of the final rule is not required, debt collectors must comply with the validation information content and format requirements in Regulation F; (iii) specify that a debt collector can make changes to the model validation notice and still obtain the validation information content and format safe harbor with certain limitations; (iv) state that a debt collector does not need to provide the itemization-related information in a validation notice provided the debt collector follows a special rule for certain residential mortgage debt; (v) outline validation information that may be omitted if using the Mortgage Special Rule, and clarify that generally if a debt collector uses the Mortgage Special Rule with the model validation notice, the debt collector may still receive a safe harbor as long as certain criteria is met; (vi) define “most recent periodic statement” for purposes of the Mortgage Special Rule; and (vii) clarify that under the Mortgage Special Rule, a debt collector “uses the date of the periodic statement provided under that Special Rule as the itemization date.” As previously covered by InfoBytes, the Bureau issued FAQs last month discussing limited-content messages and the call frequency provisions under the Debt Collection Rule in Regulation F.
OCC updates Retail Lending booklet
On October 28, the OCC issued Bulletin 2021-52 announcing the issuance of version 2.0 of the “Retail Lending” booklet of the Comptroller’s Handbook. The booklet rescinds OCC Bulletin 2017-15, “Retail Lending: New Comptroller's Handbook Booklet” (covered by InfoBytes here) and the “Retail Lending” booklet of the Comptroller’s Handbook, version 1.1. Among other things, the revised booklet: (i) reflects changes to laws and regulations since the last update of this booklet; (ii) reflects OCC issuances published and rescinded since the last update of this booklet; (iii) clarifies supervisory guidance, sound risk management practices, and legal language; and (iv) alters some content for clarity purposes.
FTC updates Safeguards Rule for financial institutions
On October 27, the FTC announced a final rule updating the Safeguards Rule to strengthen data security protections for consumer financial information following widespread data breaches and cyberattacks. The final rule follows a 2019 notice of proposed rulemaking (covered by InfoBytes here) and makes the following modifications to the existing rule:
- Adds specific criteria financial institutions must undertake when conducting a risk assessment and implementing an information security program, including provisions related to access controls, data inventory and classification, authentication, encryption, disposal procedures, and incident response, among others. The final rule also adds measures to ensure employee training and service provider oversight are effective.
- Requires financial institutions to designate a single qualified individual to oversee the information security program. Periodic reports must also be made to an institution’s board of directors or governing bodies.
- Provides an exemption from requirements related to written risk assessments, incident response plans, and annual reporting to the board of directors, for financial institutions that collect information on fewer than 5,000 consumers.
- Expands the definition of “financial institution” to include “entities engaged in activities that the Federal Reserve Board determines to be incidental to financial activities.” Included in the definition are “finders” (i.e. companies that bring together buyers and sellers of products or services that fall within the scope of the Safeguards Rule).
- Adds several definitions and related examples into the Safeguards Rule itself instead of incorporating them through a reference from a related FTC rule.
Provisions of the final rule under Section 314.5 are effective one year after the date of publication in the Federal Register. The remainder of the provisions are effective 30 days following publication.
Additionally, the FTC issued a supplemental notice of proposed rulemaking seeking comments on a proposal to further amend the Safeguards Rule to require financial institutions to report security events to the Commission where a determination has been made that consumer information has been misused, or is reasonably likely to be misused, in an event affecting at least 1,000 consumers. Comments are due 60 days after publication in the Federal Register.
The FTC also announced a final rule adopting largely technical changes to its authority under the Privacy of Consumer Financial Information Rule (Privacy Rule) under the Gramm-Leach-Bliley Act, which requires financial institutions to inform consumers about their information-sharing practices and allow consumers the ability to opt out of having their information shared with certain third parties. The Privacy Rule is amended to revise the rule’s scope, modify the definitions of “financial institution” and “federal functional regulator,” and update requirements pertaining to annual customer privacy notices. The FTC noted that these changes align the Privacy Rule with changes made under Dodd-Frank and the FAST Act.
OCC to focus supervisory efforts on non-SOFR rates after LIBOR ends
On October 26, acting Comptroller of the Currency Michael J. Hsu warned banks not to be complacent when transitioning away from LIBOR. Hsu reiterated that federal regulators will not allow new contracts that use LIBOR as a reference rate after December 31. Hsu stressed that banks must look outside of activities that directly involve LIBOR exposure, such as lending, derivatives activities, and market-making capacities, to screen for LIBOR exposure in other contexts, such as LIBOR-based loan participation interests or as part of an instrument for a bank’s investment or liquidity portfolio paying LIBOR-based income or otherwise reflecting LIBOR exposures. As previously covered by InfoBytes, the CFPB, Federal Reserve Board, FDIC, NCUA, and OCC recently released a joint statement providing supervisory considerations for institutions when choosing an alternative reference rate. Hsu addressed the use of these alternative reference rates and reminded banks that they are expected to be able to demonstrate that their replacement rate is robust and appropriately tailored to their risk profile. He further commented that because the Secured Overnight Financing Rate (SOFR) “provides a robust rate suitable for use in most products, with underlying transaction volumes that are unmatched by other alternatives,” the OCC will initially focus its supervisory efforts on non-SOFR rates.
CFPB adjusts annual dollar threshold for Regulation Z, CLA
On October 25, the CFPB announced the annual dollar threshold adjustments that govern the application of Regulation Z (Truth in Lending Act). The final rule revises the dollar amounts, where appropriate, for provisions implementing TILA and amendments to TILA, including under the CARD Act, the Home Ownership and Equity Protection Act of 1994 (HOEPA), and Dodd-Frank. Each year the thresholds must be readjusted based on the annual percentage increase in the Consumer Price Index for Urban Wage Earners and Clerical Workers (CPI-W), which took effect June 1. Effective January 1, 2022, the threshold that triggers requirements to disclose minimum interest charges for open-end consumer credit plans under TILA will remain unchanged at $1.00. The adjusted dollar amount for a safe harbor for a first violation penalty fee will increase to $30 in 2022, and the adjusted dollar amount for a safe harbor for a subsequent violation penalty fee will increase to $41 for open-end consumer credit plans under the CARD Act amendments to TILA. With respect to HOEPA, the adjusted total loan amount threshold for high-cost mortgages in 2022 will be $22,969, whereas the adjusted points and fees dollar trigger for high-cost mortgages will be $1,148. The final rule also specifies 2022 pricing thresholds for the spread between a qualified mortgage’s annual percentage rate and the average prime offer rate, and identifies points and fees limits for all categories of qualified mortgages.
Additionally, the Bureau and the Federal Reserve Board finalized the annual dollar threshold adjustment that governs the application of the Consumer Leasing Act (Regulation M), as required by the Dodd-Frank Act. The exemption threshold for 2022, based on the annual percentage increase in the CPI-W, will increase from $58,300 to $61,000.