InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB announces civil money penalty against nonbank, alleges EFTA and CFPA violations
On October 17, the CFPB announced an enforcement action against a nonbank international money transfer provider for alleged deceptive practices and illegal consumer waivers. According to the consent order, the company facilitated remittance transfers through its app that required consumers to sign a “remittance services agreement,” which included a clause protecting the company from liability for negligence over $1,000. The Bureau alleged that such waiver violated the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E, including Subpart B, known as the Remittance Transfer Rule, by (i) requiring consumers sign an improper limited liability clause to waive their rights; (ii) failing to provide contact and cancellation information in disclosures, and other required terms; (iii) failing to provide a timely receipt when payment is made for a transfer; (iv) failing to develop and maintain required policies and procedures for error resolution; (v) failing to investigate and determine whether an error occurred, possibly preventing consumers from receiving refunds or other remedies they were entitled to; and (vi) failing to accurately disclose exchange rates and the date of fund availability. The CFPB further alleged that the company’s representations regarding the speed (“instantly” or “within seconds”) and cost (“with no fees”) of its remittance transfers to consumers were inaccurate and constituted violations of CFPA. The order requires the company to pay a $1.5 million civil money penalty and provide an additional $1.5 in consumer redress. The company must also take measures to ensure future compliance.
FDIC’s crypto risk oversight criticized in OIG report
On October 18, the FDIC Office of Inspector General released a report on the FDIC’s strategies addressing the risks posed by crypto assets. According to the report, the FDIC has started to develop and implement strategies that address crypto risks but has not assessed the significance and potential impact of the risks. Additionally, although the FDIC requested that financial institutions provide information pertaining to their crypto‑related activities, its process for providing supervisory feedback is unclear. Between March 2022 and May 2023, the FDIC sent pause letters to several institutions related to their crypto activities, but it had not provided supervisory feedback to all of those institutions, it did not have an expected timeline for reviewing information and responding to institutions, and its procedures did not describe what constitutes the end of the review process for supervised institutions that received a pause letter.
The OIG report recommends that the FDIC set a timeframe for assessing risks pertaining to related activities and update and clarify the supervisory feedback process related to its review of supervised institutions’ crypto-related activities. The FDIC agreed with both recommendations and plans to complete corrective actions by January 30, 2024.
CFPB proposes rule to accelerate a shift toward open banking
On October 19, the CFPB announced a proposed rule that it said would accelerate a shift toward open banking, would give consumers more control over their financial data, and would offer new protections against companies misusing consumer data. The proposed Personal Financial Data Rights rule activates a dormant provision of law enacted by Congress more than a decade ago, Section 1033 of the Consumer Financial Protection Act. According to the CFPB, the rule would “jumpstart competition” by prohibiting financial institutions from “hoarding” a person’s data and requiring companies to share data with other companies at the consumer’s direction about their use of checking and prepaid accounts, credit cards, and digital wallets. This would allow consumers to access competing products and services while ensuring that their data would be used only for their own preferred purpose. Among other things, the proposed rule would ensure that consumers: (i) can obtain their personal financial data at no cost; (ii) have a legal right to grant third parties access to information associated with their credit card, checking, prepaid, and digital wallet accounts; and (iii) can walk away from bad service. Comments on the proposed rule must be received on or before December 29, 2023.
Fed governor speaks on responsible innovation in money and payments
On October 17, Federal Reserve Board Governor Michelle Bowman provided remarks on innovation in money and payments, including crypto assets, central bank digital currency (CBDC), and the development of instant payments, in which she laid out her vision for “responsible innovation,” which recognizes the important role of private-sector innovation and leverages the U.S. banking system supported by clear prudential supervision and regulation. With respect to CBDC, Bowman said that she has yet to see a compelling argument that CBDC could address frictions within the payment system, promote financial inclusion, or provide the public with access to safe central bank money any more effectively or efficiently than alternatives. She explained that, given that the U.S. has a safe and well-functioning banking system, the potential uses of a U.S. CBDC remain unclear and, at the same time, could introduce significant risks and tradeoffs. Bowman also expressed skepticism over stablecoins, stating that in practice they have been less secure, less stable, and less regulated than traditional forms of money. Finally, Bowman discussed technological innovations in wholesale payments, which are large-value, interbank transactions. Bowman said that the Fed is researching emerging technologies that could enable or be supported by future Fed-operated payment infrastructures, including depository institutions transacting with “tokenized” forms of digital central bank money. Bowman noted that banks and other eligible institutions already hold central bank money as digital balances at the Fed. She also stressed that wholesale payment infrastructures operated by the Fed “underpin domestic and international financial activities” by serving as a “foundation” for payments and the broader financial system. Because these wholesale systems function “safely and efficiently” today, it is necessary to investigate and understand the potential opportunities, risks, and tradeoffs for wholesale payment innovation to support a safe and efficient U.S. payment system.
Find continuing InfoBytes coverage on CBDCs here.
FHFA revises policies for Covid-19 forbearance on GSE mortgages
On October 16, the Federal Housing Finance Agency (FHFA) announced it will revise how Fannie Mae and Freddie Mac (GSE) single-family mortgages are treated for borrowers who have entered Covid-19 forbearance under the GSEs’ representations and warranties framework. Under the revised policies, loans for which borrowers elected Covid-19 forbearance will be treated similarly to loans for which borrowers obtained forbearance due to a natural disaster. The GSEs’ current representations and warranties framework for natural disaster forbearance allows for consideration of the period during which a borrower is in forbearance as part of their demonstrated satisfactory payment history for the initial 36 months after the loan's origination. This framework will now be extended to loans with Covid-19 forbearance. FHFA Director Sandra L. Thompson said, "Servicers went to great lengths to implement forbearance quickly amid a national emergency, and the loans they service should not be subject to greater repurchase risk simply because a borrower was impacted by the pandemic."
The updates will be effective on October 31.
CFPB sues nonbank mortgage lender for alleged HMDA and CFPA violations
On October 10, the CFPB filed a lawsuit against a Florida-based nonbank mortgage originator for allegedly failing to accurately report mortgage data in violation of the Home Mortgage Disclosure Act (HMDA). According to the complaint, in 2019 the Bureau found that the lender violated HDMA by intentionally misreporting data regarding applicants’ race, ethnicity and gender from 2014-2017, which resulted in the lender paying a civil money penalty and taking corrective action. In this action, the Bureau alleges that during its supervision process, it found the lender submitted HMDA data for 2020 contained “widespread errors across multiple data fields” including 51 errors in 159 files and the lender violated a 2019 consent order condition that required it to improve its data practices. The alleged errors include (i) mistakes in inputting data concerning subordinate lien loans and acquired loans; (ii) inclusion of loans in HMDA reporting that did not meet the HMDA criteria for reportable applications; (iii) incorrect characterization of purchaser type for tens of thousands of loans; (iv) erroneous rate spread calculations, leading to errors in interconnected fields; (iv) inaccurate data related to lender credits; and (v) incorrect categorization of specific loan applications as “approved but not accepted” when they were, in fact, withdrawn, resulting in discrepancies in associated fields. Along with the HDMA violations and the violations of the 2019 consent order, the CFPB also alleges violations of the CFPA and requests that the court permanently enjoin the lender from committing future violations of HMDA, require the lender to take corrective action to prevent further violations of HMDA, injunctive relief, and the imposition of a civil money penalty.
FTC settles with bankrupt crypto company and bans asset management
On October 12, the FTC announced it has reached a settlement with a bankrupt crypto company, which will permanently ban the company from managing consumer assets. According to the federal court complaint, the FTC alleged that from at least 2018, respondent attracted customers by promising their deposits would be secure, but when the company failed, consumers lost access to significant assets, resulting in over $1 billion in cryptocurrency asset losses. The FTC alleges violations of the FTC Act and the Gramm-Leach-Bliley Act's prohibition on obtaining financial information through false statements. Respondent allegedly misled consumers by claiming their assets were safe on the platform, stating that "YOUR USD IS FDIC INSURED." However, respondent is not a bank and the deposits were not eligible for FDIC insurance. The FTC complaint also alleged that the FDIC does not insure cryptocurrency assets, and consumers' cash deposits were placed in an account held by respondent at a traditional bank. Consumers' funds were protected only if that bank failed, but their cryptocurrency was not protected at all.
The proposed settlement with respondent and its affiliates permanently bans them from offering, marketing, or promoting any product or service related to depositing, exchanging, investing, or withdrawing assets. Respondent and its affiliates have agreed to a judgment of $1.65 billion, which will be suspended to allow the bankrupt company to return its remaining assets to consumers through bankruptcy proceedings. The proposed settlement also prohibits respondent and its affiliates from managing consumer assets, misrepresenting product benefits, making false representations to obtain financial information, and disclosing nonpublic personal information without consent.
The FTC also announced that it is filing a lawsuit against the respondent’s CEO for making false claims that consumer accounts were FDIC-insured. Respondent’s CEO has not agreed to a settlement, and the FTC's case against him will proceed in federal court. “In a parallel action, on October 12, the Commodity Futures Trading Commission separately charged [respondent’s CEO] with fraud and registration failures,” the FTC added.
HUD expands access to mortgages with ADUs
On October 16, HUD introduced a new policy that aims to make it easier for borrowers to finance Accessory Dwelling Units (ADUs) in their primary residences. ADUs are small living units built inside, attached to, or on the same property as, the main home. This policy change allows lenders to consider ADU rental income when assessing a borrower's eligibility for an FHA mortgage.
The new policies provide:
- Income Flexibility: Borrowers with limited incomes can use 75% of their estimated ADU rental income to qualify for an FHA-insured mortgage for properties with existing ADUs.
- New ADUs: For new ADUs that borrowers plan to attach to an existing structure, such as a garage or basement conversion, 50% of the estimated rental income can be used for qualification under FHA's Standard 203(k) Rehabilitation Mortgage Insurance Program.
- Appraisal Requirements: The policy includes ADU-specific appraisal guidelines to accurately assess the market value of properties with ADUs, making it easier for appraisers to report on ADU characteristics and expected rental generation.
- New Construction: The policy also allows FHA mortgages to finance new homes built with ADUs, expanding ADU production beyond the rehabilitation of existing structures.
The White House concurrently released a statement on the policy, noting that it is allowing rental income from ADUs to qualify for FHA-insured mortgages. HUD added that FHA-approved lenders can start offering borrowers mortgages on properties with ADUs under the new policies effective immediately.
FDIC seeks comments on proposed and stricter governance guidelines for regional banks
On October 11, the FDIC published a request for comment on proposed corporate governance and risk management guidelines that would apply to all insured state nonmember banks, state-licensed insured branches of foreign banks, and insured state savings associations that are subject to Section 39 of the Federal Deposit Insurance Act (FDI Act), with total consolidated assets of $10 billion or more on or after the effective date of the final guidelines.
The proposed guidelines cover board of director’s obligations, composition, duties, and committee structure that must be met to meet the standard of good corporate governance. The proposed guidelines state that the board will ultimately be responsible for the affairs of the covered institution and each individual member must abide by certain legal duties. Under the proposed guidelines, the board of directors must, among other things: (i) evaluate and approve a strategic plan covering at least a three-year period; (ii) establish policies and procedures by which the covered institution operates; (iii) establish a code of ethics covering legal requirements, such as insider information, disclosure, and self-dealing; (iv) provide active oversight of management; (v) exercise independent judgement; and (vi) select and appoint qualified executive officers. Additionally, the board will be required to maintain a majority of independent directors on the board and should consider diversity of demographic representation, opinion, experience, and ownership level when choosing its board members. The proposed guidelines would also require that the board have an audit committee, a compensation committee, a trust committee (if the covered institution has trust powers), and a risk committee.
Comments must be received by the FDIC by December 11, 2023.
Chopra foreshadows expanding oversight over digital payments
On October 6, CFPB Director Rohit Chopra spoke at a digital payments event where he described the risks posed by private digital currencies and digital payments systems and provided steps that would increase the CFPB oversight so as to help protect consumers from these risks.
Chopra stated that from a consumer regulator’s perspective, it is important to safeguard against the risks of private currencies issued by nonbanks, which include the potential for sudden devaluation of the digital currency, intrusive data surveillance, censorship, private regulations that favor the issuer’s commercial interests, challenges with error resolution, and consumer fraud.
Further, Chopra shared what he believes are warranted steps to ensure that private digital dollars and payments systems do not harm consumers:
- The CFPB will issue supplemental orders to certain large technology platforms to acquire more data and information to better ascertain their business practices, especially with respect to the use of sensitive personal data and any issuance of private currencies.
- To reduce the harms of errors, hacks, and unauthorized transfers, the Bureau will explore providing additional guidance on the applicability of the Electronic Fund Transfer Act with respect to private digital dollars and other virtual currencies for consumer and retail use.
- The CFPB will use appropriate authorities to conduct supervisory examinations of nonbanks operating consumer payment platforms, including the authority over service providers to large depository institutions and the authority over large participants, which would subject nonbanks meeting a particular size threshold to CFPB supervision.
- The Bureau will publish a proposed rule regarding personal financial data rights pursuant to Section 1033 of the Consumer Financial Protection Act, which will seek to accelerate America’s shift to open, competitive, and decentralized banking, while also seeking to safeguard against misuse of personal financial data.
Additionally, Chopra stated the Financial Stability Oversight Council should consider exercising its authority under Title VIII of the Dodd-Frank Act to designate activity as, or as likely to become, a systemically important payment, clearing, or settlement activity so as to provide other agencies with critical oversight and tools to ensure that a stablecoin is actually stable.