InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Biden administration launches NIST working group on AI
On June 22, the Biden administration announced that the National Institute of Standards and Technology (NIST) launched a new public working group on generative AI. The Public Working Group on Generative AI will reportedly help NIST develop guidance surrounding the special risks posed by AI in order to help organizations and support initiatives to address the opportunities and challenges associated with generative AI’s creation of code, text, images, videos, and music. “The public working group will draw upon volunteers, with technical experts from the private and public sectors, and will focus on risks related to this class of AI, which is driving fast-paced changes in technologies and marketplace offerings” NIST stated. NIST also outlined the immediate, midterm, and long-term goals for the group. Initially, the working group will research how the NIST AI Risk Management Framework can be used to support AI technology development. The working group’s midterm goal will be to support NIST in testing, evaluation and measurement related to generative AI. In the long term, the group will explore the application of generative AI to address challenges in health, environment, and climate change. NIST encourages those interested in joining the working group to submit a form no later than July 9.
Yellen discusses development banks in Paris speech
On June 23, U.S. Treasury Secretary Janet L. Yellen attended the Summit for a New Global Financing Pact in Paris, during which she delivered remarks on the continuing evolution of global financial architecture. Yellen first touched upon an initiative to evolve multilateral development banks’ (MDBs) ability to tackle global challenges, including climate change, pandemics, poverty, and conflicts. She highlighted a recent achievement handled by a broad coalition of shareholders, which, according to Yellen, has the potential to unlock as much as $50 billion in additional lending capacity over the next decade and may lead to MDBs, as a system, unlocking “$200 billion in new lending capacity over the same timeframe through balance sheet measures that are either already under implementation or being deliberated.” Yellen also touched upon other initiatives relating to debt and macroeconomic stability, as well as private capital mobilization, during the summit.
CFPB puts spotlight on “banking deserts” in the south
On June 21, the CFPB published a data spotlight, titled Banking and Credit Access in the Southern Region of the U.S., addressing banking and credit access, particularly mortgage lending, in in the south (Alabama, Arkansas, Georgia, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee). Considering the prevalence of “banking deserts” in the south, the report seeks to identify gaps and opportunities to increase financial access in the region. The report also includes a comparative analysis of rural and nonrural areas. For example, in rural communities and communities of color, the Bureau reports that “even though 23 percent of the population lives in a rural county, only 14 percent of home purchase loans in 2021 went to those areas. Between 2018 and 2021, only 9 percent of home purchase loans went to Black rural borrowers in the region, even though they represent 24 percent of the region’s rural population.” Moreover, the report notes that home loan applications from rural southerners are more likely to be denied than in the rest of the country. The Bureau also states that mortgage interest rates further set the rural south apart, as they tend to be higher, on average, than interest rates nationally. The Bureau’s initial analysis shows that credit scores alone do not explain these lower levels of lending.
With respect to banking access, the data spotlight highlights the association between the presence of a bank branch and access to necessary financial services—a common concern reported from stakeholders from the south. The Bureau reports that with only 3.6 branches per 10,000 people in the south (as compared to 5.0 branches per 10,000 people nationally), financial services access is limited, particularly when combined with inaccessible online banking due to limited broadband. The report also highlights how small businesses employ nearly half of the region’s workforce; thus, small business lending is a crucial resource to the south. In support of small business lending, the report references resources for business owners to leverage. (As previously covered by InfoBytes, when the Small Business Lending Rule goes into effect, the Bureau believes that it will provide “visibility” into small business lending.) The report further includes a reminder that “lenders have the ability to create Special Purpose Credit Programs, which enable the development of directed lending programs to reach historically underserved populations.” The Bureau goes on to state that even when branch locations are present, top barriers include minimum balance requirements, distrust of banks, high fees, and barriers to meeting identification requirements.
A second report, the Consumer Finances in Rural Areas of the Southern Region, was also published the same day. The report analyzes southern consumer financial profiles, compared to other geographies, including credit scores, financial distress, medical debt, and other debt categories. Among other things, the report highlights the unique position of mortgage borrowers from the rural south. Findings include that the share of chattel loans (for which the land underneath the home is not used as collateral) is seven times higher in the rural south than in other parts of the country. These borrowers are reportedly more venerable to both repossession and rent hikes or eviction. Also, student loan borrowers in the rural south tend to have lower monthly payments and delinquent balance amounts than the respective national averages, but given the area’s lower median incomes, borrowers in this region face a much higher student loan debt burden. Other findings include that rural southerners are less likely to have a credit card or an outstanding mortgage, which is partially reflective of the lower likelihood of successfully taking out credit, even within credit score tiers. According to the report, rural southerners are also more likely to pay higher interest rates on average and are more likely to have medical collections, with medical collections as the most common type of delinquency. These findings, the Bureau says, are an attempt to provide a “starting point” to better understand the financial situations, needs, and challenges of consumers in the south.
FDIC revises NSF guidance
On June 16, the FDIC updated its Supervisory Guidance on Multiple Re-Presentment NSF Fees to clarify its supervisory approach for addressing violations of law. This new guidance, FIL-32-2023, updates FIL-40-2022 (originally issued last August and covered by InfoBytes here), which warned supervised financial institutions that charging customers multiple non-sufficient funds (NSF) fees on re-presented unpaid transactions may increase regulatory scrutiny and litigation risk. The FDIC noted that since the issuance of FIL-40-2022, the agency has received additional data relating to the amount of consumer harm associated with NSF fees at particular institutions, as well as information regarding extensive, ongoing challenges institutions face to accurately identify re-presented transactions. Consequently, the FDIC made changes to its supervisory guidance to specify that it “does not intended to request an institution to conduct a lookback review absent a likelihood of substantial consumer harm.”
Hsu tells banks to approach AI cautiously
On June 16, Acting Comptroller of the Currency Michael J. Hsu warned that the unpredictability of artificial intelligence (AI) can pose significant risks to the financial system. During remarks presented at the American Bankers Association’s Risk and Compliance Conference, Hsu cautioned that banks must manage risks when adopting technologies such as tokenization and AI. Although Hsu reiterated his skepticism of cryptocurrency (covered by InfoBytes here), he acknowledged that AI and blockchain technology (where most tokenization efforts are currently focused) have the potential to present “significant” benefits to the financial system. He explained that trusted blockchains may improve settlement efficiency through tokenization of real-world assets and liabilities by minimizing lags and thereby reducing related frictions, costs, and risks. However, he warned that legal frameworks and risk and compliance capabilities for tokenizing real-world assets and liabilities at scale require further development, especially considering cross-jurisdictional situations and ownership and property rights.
With respect to banks’ adoption of AI, Hsu flagged AI’s “potential to reduce costs and increase efficiencies; improve products, services and performance; strengthen risk management and controls; and expand access to credit and other bank services.” But there are significant challenges, Hsu said, including bias and discrimination challenges in consumer lending, fraud, and risks created from the use of “generative” AI. Alignment is also the core challenge, Hsu said, explaining that because AI systems are built to learn and may not do what they are programed to do, governance and accountability challenges may become an issue. “Who can and should be held accountable for misaligned, unexpected, and harmful outcomes?” Hsu asked, pointing to banks’ use of third parties to develop and support their AI systems as an area of concern.
Hsu advised banks to approach innovation “responsibly and purposefully” and to proceed cautiously while keeping in mind three principles for managing risks: (i) innovate in stages, expand only when ready, and monitor, adjust and repeat; (ii) “build the brakes while building the engine” and ensure risk and compliance professionals are part of the innovation process; and (iii) engage with regulators early and often during the process and ask for permission, not forgiveness.
FDIC tells three companies to stop claims about deposit insurance
On June 15, the FDIC sent letters ordering three companies and certain of their officers to cease and desist from using the agency’s logo and making false and misleading statements about FDIC deposit insurance. The companies are required to take immediate corrective action to address the allegedly misleading statements. The FDIC maintained that the banks and/or its officers made false and misleading statements in English and Spanish suggesting that they are FDIC-insured. For one of the companies, the FDIC alleged that the company stated that insurance would protect customers’ cryptocurrency assets; that it had and that the company claimed a partner relationship with an FDIC-insured bank without identifying the insured institution in its consumer-facing materials; and that its false FDIC insurance claims were made through social media posts by the company and its chief marketing officer. Under the Federal Deposit Insurance Act, the announcement added, persons are prohibited “from representing or implying that an uninsured product is FDIC-insured or from knowingly misrepresenting the extent and manner of deposit insurance.” The FDIC requested a response within 15 days for two of the companies and 5 days for one.
CFPB looking at privacy implications of worker surveillance
On June 20, the CFPB released a statement announcing it will be “embarking on an inquiry into the data broker industry and issues raised by new technological developments.” The Bureau requested information in March about entities that purchase information from data brokers, the negative impacts of data broker practices, and the issues consumers face when they wish to see or correct their personal information. (Covered by InfoBytes here.) The findings from this inquiry will help the Bureau understand how employees’ personal information can find its way into the data broker market.
With similar intentions, the White House Office of Science and Technology Policy (OSTP) released a request for information (RFI) to learn more about the automated tools employers use to monitor, screen, surveil, and manage their employees. The OSTP blog post cited to an increase in the use of technologies that handle employees’ sensitive information and data. The OSTP also highlighted the Biden administration’s Blueprint for an AI Bill of Rights (covered by InfoBytes here), which underscored the importance of building in protections when developing new technologies and understanding associated risks. Responses to the RFI will be used to “inform new policy responses, share relevant research, data, and findings with the public, and amplify best practices among employers, worker organizations, technology vendors, developers, and others in civil society,” the OSTP said.
The CFPB’s response to the RFI described the agency’s concerns regarding risks to employees’ privacy, noting that it has long received complaints from the public about the lack of transparency and inaccuracies in the employment screening industry. Specifically mentioned are FCRA protections for consumers and guidelines around the sale of personal data. The Bureau also commented that employees may not be at liberty to determine how their information is used, or sold, and have no opportunity for recourse when inaccurately reported information affects their earnings, access to credit, ability to rent a home or buy a car, and more.
McHenry objects to FSOC’s proposed designation framework
On June 15, House Financial Services Committee Chairman Patrick McHenry sent a letter to Treasury Secretary Janet Yellen urging the Financial Stability Oversight Council (FSOC), which Yellen chairs, to “revisit” its proposals on nonbank financial firm risks. As previously covered by InfoBytes, in April, FSOC released a proposed analytic framework for financial stability risks to provide greater public transparency on how it identifies, assesses, and addresses potential risks “regardless of whether the risk stems from activities or firms.” The same day, FSOC also released for public comment proposed interpretive guidance relating to procedures for designating systemically important nonbank financial companies for Federal Reserve supervision and enhanced prudential standards.
McHenry’s letter raised concerns with FSOC’s decision to evaluate risks based on an entity’s size and not its activities. According to McHenry, FSOC’s April proposals will essentially undo changes it made in 2019, which incorporated principles considering a financial institution’s systematic risk rather than merely its size. In his announcement accompanying the letter, McHenry elaborated on his concerns, stating that “allowing FSOC to extend its supervisory reach beyond prudential institutions to nonbank entities in this way could pose significant regulatory consequences for our financial system.” McHenry claimed these institutions may engage in different activities, thus presenting different risks, and said the proposals do not take this into account. McHenry also argued that expanding the Fed’s oversight jurisdiction is not a “panacea for financial stability.”
SBA clarifies PPP eligibility of payroll costs
On June 13, the SBA added question #72 to its Paycheck Protection Program (PPP) Frequently Asked Questions clarifying whether “the amounts paid by a borrower to a third-party payer for the third-party payer’s employees to operate the borrower considered eligible payroll expenses for the purpose of calculating the maximum loan amount.” Previous guidance released in 2020 (FAQ #10) relayed that “payroll documentation provided by the payroll provider that indicates the amount of wages and payroll taxes reported to the IRS by the payroll provider for the borrower’s employees will be considered acceptable PPP loan payroll documentation.” However, because FAQ #10 was issued three days after the PPP began accepting applications and there have been conflicting interpretations of the guidance, the SBA administrator determined additional clarification was necessary.
After reviewing a September 2022 decision issued by the SBA Office of Hearings and Appeals, the administrator published FAQ #72, stating “payroll costs paid by a borrower to a third-party payer for the third-party’s employees to operate the borrower are eligible payroll costs for the purpose of calculating the borrower’s maximum loan amount, as long as the employees were not otherwise counted towards payroll costs on a PPP loan received by the third-party payer.” The administrator further explained that “payroll cost documentation which shows that a borrower paid a third-party payer for the employees of the third-party to operate the borrower will be permitted to support eligible payroll costs for the purpose of calculating the maximum loan amount as long as the employees were not otherwise counted towards payroll costs on another PPP loan, and all other PPP requirements are met, including the submission of payroll documentation that indicates the amount of wages and payroll taxes reported to the IRS by the third-party payer.”
FTC sues genetic testing company over privacy failures
On June 16, the FTC filed an administrative complaint against a California-based genetic testing company for allegedly deceiving consumers about its privacy and data security practices. Marking the FTC’s first case to focus on both the privacy and security of genetic information, the complaint claims the respondent (which sells DNA health test kits and provides health reports to consumers that include personal information) failed to secure genetic and health data and misled consumers about its ability to delete consumers’ data. These alleged actions contradicted claims made by the respondent on its website that personal health information is collected, processed, and stored “in a responsible, transparent and secure environment.” Additionally, the FTC alleged that the respondent failed to implement a policy to ensure DNA samples were destroyed by contract laboratories and made changes to its privacy policy that retroactively expanded the types of third parties authorized to share consumers’ data without notifying consumers or obtaining their consent. “The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said in the announcement.
The respondent is further accused of storing unencrypted personal health information on a publicly accessible cloud storage repository. Several warnings about storing unencrypted data were allegedly sent to the respondent before customers were notified.
Under the terms of the proposed consent order, the respondent will be required to pay $75,000 to go towards consumer refunds. The respondent must also strengthen its protection measures, cease misrepresenting the extent of its security or privacy practices, and instruct third-party contract laboratories to delete all DNA samples that have been retained longer than 180 days. Additionally, the respondent must obtain consumers’ affirmative express consent before sharing health data with third parties, notify the FTC should consumers’ personal health information be compromised, and implement a comprehensive information security program to address the identified alleged security failures.