InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DFPI orders crypto platform to halt operations
On June 27, the California Department of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a digital asset trading platform and two of its promoters for allegedly selling unqualified securities and making material misrepresentations and omissions to investors, a violation of California securities laws.
DFPI alleges that the platform leveraged a “multi-level marketing scheme” to award its promoters who sold unqualified securities to investors in the form of investment contracts and received cash investments ranging from $5,000-$20,000. Allegations also include that the platform “purported” to provide educational classes designed to empower the Latino community with respect to crypto asset trading. The order details that through these efforts to garner more investors, “misrepresentations of material fact [were made] to investors and potential investors, namely that investors would receive a return on their initial investment every three months.” Investors have allegedly not received any return on their initial investment. The commissioner found that the platform “fail[ed] to provide the promised returns on their purported investments” and that “[d]espite multiple requests, investors have not had their funds returned.”
The order requires the platform to desist and refrain from the offer and sale of securities and stop making misrepresentations about returns in California.
Waters asks Treasury, SEC to comment on crypto framework
On June 23, Representative Maxine Waters solicited viewpoints, analysis, and recommendations in letters sent to the Department of Treasury and the SEC regarding a recently introduced discussion draft of cryptocurrency framework. In her letters, Waters requested insight on how the proposed legislation would impact the federal regulators’ ability to conduct oversight, among other things. Waters specifically asked the SEC for recommended amendments to existing law, outside of the bill, to further protect investors in the digital assets space. In her letter to the Treasury, she asked for insight on how the bill would address or conflict with its policy recommendations, and if the bill or specific provisions of it are needed. Waters requested that both regulators provide a written response by June 30 and be prepared to brief the House Financial Services Committee.
Introduced on June 2, the discussion draft to which Waters referred would impact the jurisdiction of the CFTC over digital commodities and the SEC’s authority over digital assets. Committee Chairman Patrick McHenry is a co-author of the discussion draft and also the primary sponsor of newly proposed bills regarding financial statement requirements of emerging growth companies that if passed, will indirectly impact regulators’ oversight in the crypto space. HR 2608 would limit the financial information an emerging growth company would be required to submit to the SEC, among other things. Specifically, “an emerging growth company is not required to present a financial statement for any period prior to the earliest audited period of the emerging growth company in connection with its initial public offering, such as a statement for an acquired company.” Additionally, HR 2610 would amend the Securities Exchange Act of 1934, so emerging growth companies would only need to submit the last 2 years of their profit and loss statements (previously 3 years). Among other things, the bill allows an issuer of securities to submit a draft registration statement to the SEC for confidential review prior to a public filing. Both bills have passed the House.
CFPB levies $25 million penalty for EFTA violations
On June 27, the CFPB entered a consent order against a Nebraska-based payment processor and its Delaware-based subsidiary for alleged violations of the EFTA (Regulation E), and the Consumer Financial Protection Act’s prohibition against unfair acts and practices. According to the Bureau, in 2021 the respondent’s employees allegedly used sensitive consumer financial information while conducting internal testing, without employing the proper information safety protocols. The internal tests allegedly created payment processing files that were treated as containing legitimate consumer bill payment orders. According to the Bureau, the erroneous bill payment orders were allegedly sent to consumers’ banks for processing, which resulted in approximately $2.3 billion in mortgage payments being debited from nearly 500,000 borrower bank accounts without their knowledge or authorization. The Bureau alleged in its order that some consumers accounts were depleted, “depriving Affected Consumers of the use of their funds, including by being prevented from making purchases or completing other legitimate transactions, and many were charged fees, including fees for insufficient funds or overdrawn accounts.” While neither admitting nor denying any of the allegations, the respondent has agreed to pay a $25 million penalty, stop activities the Bureau deemed unlawful, and adopt and enforce reasonable information security practices.
Texas has new licensing requirements for digital-asset platforms
In June, the Texas governor signed HB 1666 (the “Act”) to add practice restrictions to digital asset service providers, defined as electronic platforms that facilitate the trading of digital assets on behalf of a digital asset customer and maintain custody of the customer’s digital assets. The Act applies to a digital asset service provider conducting business in Texas that holds a money transmission license and either services more than 500 digital asset customer in the state or has at least $10 million in customer funds. Digital asset service providers are required to comply with certain provisions in order to obtain and maintain a money transmission license including provisions relating to the commingling of funds, customer access to funds, accounting requirements, annual reporting requirements. The Texas Department of Banking has the authority to suspend and revoke a license if these requirements are not met and may impose a penalty for violations of the Act. The commissioner also has examination authority and may promulgate rules to administer and enforce the Act’s provisions. The Act is effective September 1. Certain financial institutions and entities not required to hold a money transmission license are exempt.
Louisiana amends virtual currency licensing
On June 13, the Louisiana governor signed SB 185 (the “Act”), which amends provisions relating to the regulation and licensure of virtual currency businesses and is effective immediately. The Act adds and amends several definitions, including “acting in concert,” “affiliate,” “blockchain,” “mining,” “non-fungible token,” “responsible individual,” “unsafe or unsound act or practice” “virtual currency business activity,” and “virtual currency network.” With respect to licensure, the Act now requires applicants to provide a copy of their business plan, detailing, among other things, the anticipated volume of virtual currency business activities in the state, the expected number of virtual currency locations (including kiosks) in the state, and information on surety bonds and tangible net worth. Applicants must also provide audited financial statements and certificates of coverage for each liability, casualty, business interruption, and cybersecurity insurance policies (applicable policies for affiliates, agents, and control persons are required as well) with respect to an applicant’s virtual currency business activities. The Act also adds numerous licensing conditions and includes new requirements relating to background checks/criminal records/character fitness and fees and costs. Applicants will now be required to provide their financial services-related regulatory history, including information concerning money transmission, securities, banking, insurance, and mortgage-related industries. The Act extended the time that the state’s office of financial institutions has after the completion of an application to notify an applicant of its decision from 30 days to 60 days. If the office denies a license application, an advanced change of control notice, or an advanced change of responsible individual notice, an applicant has 30 days to appeal. Information on submitting annual licensing renewal applications, as well as guidance on providing appropriate disclosures is also included.
Furthermore, the Act outlines provisions to protect residents’ assets, including prohibitions on selling, transferring, and assigning virtual currency and commingling assets belonging to a resident with assets belonging to a licensee. Also stipulated within the Act are authorities granted to the commission relating to examinations, investigations, and enforcement activity, as well as the authority to coordinate and share information and conduct joint examinations with other state regulators of virtual currency business activities.
Unregistered crypto platform to pay $1.8 million to New York
On June 15, the New York attorney general announced a settlement with a Hong Kong-based cryptocurrency platform to resolve allegations that the company failed to register as a securities and commodities broker-dealer and falsely represented itself as a crypto exchange. The respondent’s platform enables investors to buy and sell cryptocurrency. An investigator was able to create an account on the platform using a New York-based IP address to buy and sell tokens even though the respondent was not registered with the state. (Under New York law, securities and commodities brokers are required to be registered.) The respondent is ordered to refund more than one million dollars to investors and pay more than $600,000 to the state. According to the settlement, investors will receive their refunds in the form of cryptocurrency within 90 days. Additionally, the respondent must cease operating in the U.S., and implement geoblocking to prevent New York IP addresses from accessing its platform. The platform is also banned from offering, selling, or purchasing securities and commodities in New York, and must send weekly emails to its investors in New York, advising them to withdraw their funds from their accounts, or their funds will be transferred to the AG’s office. “Unregistered crypto platforms pose a risk to investors, consumers, and the broader economy,” the AG said, further warning of the serious consequences to other crypto platforms that do not follow New York law. This settlement follows other crypto-related legislation and suits from the New York AG (covered by InfoBytes here).
Hsu tells banks to approach AI cautiously
On June 16, Acting Comptroller of the Currency Michael J. Hsu warned that the unpredictability of artificial intelligence (AI) can pose significant risks to the financial system. During remarks presented at the American Bankers Association’s Risk and Compliance Conference, Hsu cautioned that banks must manage risks when adopting technologies such as tokenization and AI. Although Hsu reiterated his skepticism of cryptocurrency (covered by InfoBytes here), he acknowledged that AI and blockchain technology (where most tokenization efforts are currently focused) have the potential to present “significant” benefits to the financial system. He explained that trusted blockchains may improve settlement efficiency through tokenization of real-world assets and liabilities by minimizing lags and thereby reducing related frictions, costs, and risks. However, he warned that legal frameworks and risk and compliance capabilities for tokenizing real-world assets and liabilities at scale require further development, especially considering cross-jurisdictional situations and ownership and property rights.
With respect to banks’ adoption of AI, Hsu flagged AI’s “potential to reduce costs and increase efficiencies; improve products, services and performance; strengthen risk management and controls; and expand access to credit and other bank services.” But there are significant challenges, Hsu said, including bias and discrimination challenges in consumer lending, fraud, and risks created from the use of “generative” AI. Alignment is also the core challenge, Hsu said, explaining that because AI systems are built to learn and may not do what they are programed to do, governance and accountability challenges may become an issue. “Who can and should be held accountable for misaligned, unexpected, and harmful outcomes?” Hsu asked, pointing to banks’ use of third parties to develop and support their AI systems as an area of concern.
Hsu advised banks to approach innovation “responsibly and purposefully” and to proceed cautiously while keeping in mind three principles for managing risks: (i) innovate in stages, expand only when ready, and monitor, adjust and repeat; (ii) “build the brakes while building the engine” and ensure risk and compliance professionals are part of the innovation process; and (iii) engage with regulators early and often during the process and ask for permission, not forgiveness.
CFPB finds issues in servicemember use of payment apps
On June 20, the CFPB released its Office of Servicemember Affairs Annual Report, highlighting financial threats associated with military families’ use of digital payment apps. The report analyzed complaints submitted by military families, veterans, and servicemembers (totaling 66,400 complaints in 2022 alone, a 55 percent increase from 2021). Notably, servicemembers’ complaints exceeded the percentage filed by all consumers for topics including debt collection, credit cards, mortgages, and more.
Top complaints are linked to: (i) fraud and scams when using digital payment apps; (ii) identity theft and unauthorized account access; and (iii) failure of digital payment app providers to provide timely solutions to servicemember complaints. The Bureau explained that servicemembers can be exposed to greater risks of fraud and scams when using a digital payment app—“[o]ften during a permanent change of duty station, servicemembers face the need to secure housing, a new automobile, or daycare during a short window, which often requires them to conduct more online transactions using digital payment apps.” The Bureau also found that servicemembers are prime targets for identity theft, noting that servicemembers complained that digital payment service providers give insufficient support in response to their complaints.
To address the emerging risks, the Bureau recommended that digital payment app providers invest in privacy and security technology for their apps to combat fraudulent activity. The Bureau also suggested providers improve their responsiveness, especially in the case of military families who may be on a tight timeline during a permanent change of station or deployment. The Bureau also recommended that providers implement tailored policies on fraud losses and automatic fraud detection in recognition of the unique circumstances military families face.
CFPB releases regulatory agenda
The Office of Information and Regulatory Affairs recently released the CFPB’s spring 2023 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. In January, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.” (Covered by InfoBytes here.)
- Insufficient funds fees. The Bureau is considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- Amendments to FIRREA concerning automated valuation models. On June 1, the Bureau issued a joint notice of proposed rulemaking (NPRM) with the Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations to implement quality control standards mandated by the Dodd-Frank Act concerning automated valuation models used by mortgage originators and secondary market issuers. (Covered by InfoBytes here.) Previously, the Bureau released a Small Business Regulatory Enforcement Fairness Act (SBREFA) outline and report in February and May 2022 respectively. (Covered by InfoBytes here.)
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the SBREFA and the issuance of a final report examining the impact of the Bureau’s proposals to address consumers’ personal financial data rights. (Covered by InfoBytes here.) Proposed rulemaking may be issued in October.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an NPRM last month to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The proposed effective date is at least one year after the final rule is published in the Federal Register (“but no earlier than the October 1 which follows by at least six months Federal Register publication”), with the possibility of a further extension to ensure compliance with a TILA timing requirement.
- Supervision of Larger Participants in Consumer Payment Markets. The Bureau is considering whether to engage in pre-rulemaking activity next month to define larger participants in consumer payment markets and further the scope of the agency’s nonbank supervision program.
- Nonbank registration. The Bureau announced its intention to identify repeat financial law offenders by establishing a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
- Terms and conditions registry for supervised nonbanks. At the beginning of the year, the Bureau issued an NPRM that would create a public registry of terms and conditions used in non-negotiable, “take it or leave it” nonbank form contracts that “claim to waive or limit consumer rights and protections.” Under the proposal, supervised nonbank companies would be required to report annually to the Bureau on their use of standard-form contract terms that “seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce or exercise their rights” and would appear in a publicly accessible registry. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
- Credit card penalty fees. The Bureau issued an NPRM in February to solicit public feedback on proposed changes to credit card late fees and late payments and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. A final rule may be issued later this year.
- LIBOR transition. In April, the Bureau issued an interim final rule, amending Regulation Z, which implements TILA, to update various provisions related to the LIBOR transition. Effective May 15, the interim final rule further addresses LIBOR’s sunset on June 30, by incorporating references to the SOFR-based replacement—the Fed-selected benchmark replacement for the 12-month LIBOR index—into Regulation Z. (Covered by InfoBytes here.)
CFPB highlights problems with chatbots in banking
On June 6, the CFPB released an Issue Spotlight exploring the adoption and use of chatbots by financial institutions. According to the report, financial institutions implement chatbots to reduce the costs of customer service, which is sometimes poorly deployed and can lead to customer frustration, reduced trust, and even violations of the law.
The report found that the use of chatbots raised several risks including: (i) noncompliance with federal consumer financial protection laws; (ii) diminished customer service and trust; and (iii) harm to customers. The Bureau said it has received several complaints from customers who claimed they cannot get the answers they need from such chatbots. The agency reported that about 37 percent of the U.S. population has interacted with chatbots, which is a figure projected to grow, and cautioned that chatbots should not be the primary source of customer service delivery when it is reasonably clear that a chatbot is unable to meet customer needs.
The Bureau said it will continue to monitor the market and encourages people who are having trouble getting the answers they need due to lack of human interaction to submit their complaints to the agency. It also encourages financial institutions to ensure new technology is increasing the quality of customer care.