InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Fed and Illinois regulator take action against bank on capital and management
On May 4, the Federal Reserve Board announced an enforcement action against an Illinois state-chartered community bank and its holding company related to alleged deficiencies identified in recent examinations. While the written agreement (entered into by the parties at the end of April) does not outline the specific deficiencies, it notes that the bank and the holding company have started taken corrective action to address the issues identified by the Federal Reserve Bank of St. Louis (FRB) and the Illinois Department of Financial and Professional Regulation (IDFPR). Among other things, the holding company’s board of directors must take appropriate steps to fully use its financial and managerial resources to ensure the bank complies with the written agreement and any other supervisory action taken by the bank’s federal or state regulator. The board is also required to submit a written plan to the FRB and the IDFPR describing actions and measures it intends to take to strengthen board oversight of the management and operations of the bank. The bank is required to submit a written plan outlining its current and future capital requirements and must notify the FRB and the IDFPR within 30 days after the end of any calendar quarter in which its capital ratios fall below the minimum ratios specified within the approved capital plan. Additionally, the bank is prohibited from taking on debt, redeeming its own stock, or paying out dividends or distributions without the prior approval of state and federal regulators.
District Court dismisses FTC’s privacy claims in geolocation action
On May 4, the U.S. District Court for the District of Ohio issued two separate rulings in a pair of related disputes between the FTC and a data broker. The disputes center around accusations made by the FTC last August that the data broker violated Section 5 of the FTC Act by unfairly selling precise geolocation data from hundreds of millions of mobile devices which can be used to trace individuals’ movements to and from sensitive locations (covered by InfoBytes here). The FTC sought a permanent injunction to stop the data broker’s practices, as well as additional relief. The data broker, upon learning that the FTC planned to filed a lawsuit against it, filed a preemptive lawsuit challenging the agency’s authority.
The court first dismissed the data broker’s preemptive bid to block the FTC’s enforcement action, ruling that the data broker has not identified any “viable cause of action” to support its request for injunctive relief. The court explained that injunctive relief is a “drastic remedy” that is only available if no other legal remedy is available. However, the data broker possesses an “adequate remedy at law,” the court said, “because it can seek dismissal of, and otherwise directly defend against, the FTC’s enforcement action.”
With respect to the FTC’s action, the court granted the data broker’s motion to dismiss the FTC’s complaint, but gave the agency leave to amend. The court agreed with the data broker that the FTC’s complaint lacks sufficient allegations to support its unfairness claim under Section 5 of the FTC Act. While the court disagreed with the data broker’s assertion that it did not have “fair notice that its sale of geolocation data without restrictions near sensitive locations could violate Section 5(a) of the FTC Act” or that the FTC had to allege a predicate violation of law or policy to state a claim, the court determined that the FTC failed to adequately allege that the data broker’s practices created “a ‘significant risk’ of concrete harm.” Moreover, the court found that “the purported privacy intrusion is not severe enough to constitute ‘substantial injury’ under Section 5(n).” The court noted, however that some of the deficiencies may be cured through additional factual allegations in an amended complaint.
FDIC announces Florida disaster relief
On May 5, the FDIC issued FIL-22-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Florida affected by severe storms, tornados, and flooding from April 12 to 14. The FDIC acknowledged the unusual circumstances faced by affected institutions and encouraged those institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements and instructed institutions to contact the Atlanta Regional Office if they expect delays in making filings or are experiencing difficulties in complying with publishing or other requirements.
CFPB examines high-cost financings that cover medical expenses
On May 4, the CFPB released a report examining high-cost alternative financing products targeted to patients as a way to cover medical expenses. Products offered by a growing number of financial institutions and fintech companies include medical credit cards and installment loans, which typically carry significantly higher interest rates than those associated with traditional consumer credit cards (26.99 percent annual percentage rate as compared to 16 percent), the Bureau found, adding that these products also often have deferred interest plans which can create significant financial burdens for patients. The report found that between 2018 and 2020, consumers used alternative financing products to pay for nearly $23 billion in healthcare expenses and paid $1 billion in deferred interest. The report further found that companies are primarily marketing their products directly to healthcare providers with promised incentives. While the companies service the credit cards and loans, the Bureau explained that the healthcare providers are responsible for offering the products to patients and disclosing terms and risks. Many of these healthcare providers are unable to adequately explain complex terms, such as deferred interest plans, leaving patients facing ballooned deferred interests and lawsuits, the Bureau warned. According to the Bureau’s announcement, “financing medical debt on a credit card may increase patients’ exposure to extraordinary credit actions that healthcare providers would typically not pursue,” as “there can be a greater incentive for creditors to pursue lawsuits because unlike many healthcare providers, creditors can pursue a debt’s principal plus interest and fees.”
FHA implements provisions for transitioning LIBOR-based ARMs
On May 2, FHA published Mortgagee Letter (ML) 2023-09 to implement provisions of the Adjustable Rate Mortgages (ARM): Transitioning from LIBOR to Alternative Indices final rule that was published in the Federal Register at the beginning of March. (Covered by InfoBytes here.) The final rule replaces LIBOR with the Secured Overnight Financing Rate (SOFR) as the approved index for newly-originated forward ARMs, codifies HUD’s approval of SOFR as an index for newly-originated home equity conversion mortgages (HECM) ARMs, and establishes “a spread-adjusted SOFR index as the Secretary-approved replacement index to transition existing forward and HECM ARMs off LIBOR.” The ML provides interest rate transition directions for mortgagees and announces the availability of updated HECM model loan documents, which have been revised to be consistent with the final rule and the ML. The provisions in the ML have various effective dates.
FDIC releases March enforcement actions
On April 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in March. The FDIC made public 11 orders including “four prohibition orders, three orders terminating deposit insurance, two consent orders, one order to pay civil money penalty (CMP), and one order terminating consent order.” Included is a civil money order issued against a Missouri-based bank related to alleged violations of the Flood Disaster Protection Act (FDPA). The FDIC determined that the bank had engaged in a pattern or practice of violating the FDPA by increasing, extending, or renewing a loan secured by property located or to be located in a special flood hazard area without timely notifying the borrower and/or the servicer as to whether flood insurance was available for the collateral.
House committee continues federal privacy legislation discussions
On April 27, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Addressing America’s Data Privacy Shortfalls: How a National Standard Fills Gaps to Protect Americans’ Personal Information” to continue discussions on the need for comprehensive federal privacy legislation. Subcommittee Chair Gus Bilirakis (R-FL) delivered opening remarks, commenting that the Committee has examined in depth how a federal privacy law is needed to protect Americans and balance the needs of business, government and civil society, what happens when malicious actors exploit access to data, where the FTC’s jurisdictional lines and authority lay and how that interplays with a comprehensive federal privacy law, and the role of data brokers and the lack of protections given to consumers to manage their data.
During the hearing, subcommittee members commented that one of the big debates about the American Data Privacy and Protection Act (ADPPA) as it came out of committee last year was the degree to which it should preempt state laws. There was push back on the bill from former Speaker Nancy Pelosi who was against the proposed preemption measures, as well as from the California attorney general and the California Privacy Protection Agency who expressed similar concerns and asked Congress to “allow states to provide additional protections in response to changing technology and data privacy protection practices.” The ADPPA was advanced through the committee last July by a vote of 53-2 (covered by InfoBytes here) and was sent to the House floor during the last Congressional session but never came up for a full chamber vote. The bill has not been reintroduced yet.
Subcommittee members said that while drafting a comprehensive national data privacy law is a priority, there are a lot of concerns over preemption of state laws. Certain Republican members also commented that it is very important for Congress to create a single national standard before the FTC proposes data privacy rules from its commercial surveillance rulemaking efforts. As previously covered by InfoBytes, FTC Chair Lina M. Khan and Commissioners Rebecca Slaughter and Alvaro Bedoya testified before the same committee in April, during which time they said they are currently reviewing comments on the proposed rulemaking but support federal privacy legislation.
While the ADPPA has not yet been reintroduced, House Financial Services Committee Chairman Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165) earlier this year, which would, among other things, modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape and ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time.
FTC obtains permanent ban against debt relief operators
On May 1, three individuals accused of allegedly participating in a credit card debt relief scheme agreed to court orders permanently banning them from telemarketing and selling debt relief products and services. As previously covered by InfoBytes, last November the FTC filed a lawsuit claiming the defendants and their affiliated companies violated the FTC Act and the Telemarketing Sales Rule by using telemarketers to pitch their deceptive scheme, in which they falsely claimed to be affiliated with a particular credit card association, bank, or credit reporting agency, and promised they could improve consumers’ credit scores after 12 to 18 months. The defendants also allegedly misrepresented that the upfront fee, which in some cases was as high as $18,000, was charged to consumers’ credit cards as part of the overall debt that would be eliminated, and therefore would not actually have to be paid. Without admitting or denying the allegations, the defendants agreed to the court orders (available here, here, and here) imposing numerous conditions, including (i) a permanent ban on advertising, selling, or assisting in any debt relief product or service or participating in telemarketing; (ii) a broad prohibition forbidding defendants from deceiving consumers about any other products or services they sell or market; and (iii) the surrender of certain property interests and assets that will be used to provide restitution to affected consumers. The orders impose a total monetary judgment of approximately $17.5 million, for which each defendant is jointly and severally liable, to be satisfied by defendants’ surrender of certain assets and subject to a partial suspension of the remainder of the judgment pursuant to defendants’ truthfulness regarding their financial status and ability to pay.
FDIC announces Oklahoma disaster relief
On April 28, the FDIC issued FIL-22-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Oklahoma affected by severe storms, straight-line winds, and tornados from April 19 to 20. The FDIC acknowledged the unusual circumstances faced by affected institutions and encouraged those institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements and instructed institutions to contact the Dallas Regional Office if they expect delays in making filings or are experiencing difficulties in complying with publishing or other requirements.
CFPB proposal would apply ATR requirements to PACE financing
On May 1, the CFPB announced a proposed rule which would prescribe ability-to-repay (ATR) rules to residential Property Assessed Clean Energy (PACE) financing and apply TILA’s civil liability provisions for violations. The proposal, required by Section 307 of the Economic Growth, Regulatory Relief, and Consumer Protection Act, would amend Regulation Z to address how TILA applies to PACE transactions to account for the unique nature of PACE loans. PACE loans are designed to finance clean energy improvements on a borrower’s home and are secured by that residence. The Bureau explained that the loans are repaid through a borrower’s property tax payments, which increase over time and which remain with the property even if the borrower sells the property.
If finalized, the proposed rule would require lenders to assess a borrower’s ability to repay a PACE loan and would (i) clarify an existing exclusion to Regulation Z’s definition of credit relating to tax liens and tax assessments to provide that this specific exclusion “applies only to involuntary tax liens and involuntary tax assessments”; (ii) make several adjustments to PACE financing loan estimate and closing disclosure requirements, including providing new model forms specifically designed for PACE transactions, and exempting PACE transactions from the requirement to establish escrow accounts for certain higher-priced mortgage loans and from the requirement to provide periodic statements; (iii) prescribe ATR requirements for residential PACE financing that account for the unique nature of these transactions; (iv) provide that a PACE transaction is not a qualified mortgage; (v) extend TILA Section 130’s ATR requirements and liability provisions to any “PACE company” with substantial involvement in making credit decisions for a PACE transaction; and (vi) clarify how PACE and non-PACE mortgage creditors should consider pre-existing PACE transactions when originating new mortgage loans.
The proposed effective date is at least one year after the final rule is published in the Federal Register (“but no earlier than the October 1 which follows by at least six months Federal Register publication”), with the possibility of a further extension to ensure compliance with a TILA timing requirement. Comments on the proposed rule are due July 26 or 30 days after publication in the Federal Register, whichever is later.
To accompany the proposed rule, the Bureau released several fast facts breaking down and clarifying proposed coverage and the suggested changes. The Bureau also released a data point report documenting research findings on PACE financing in California and Florida from July 2014 through June 2020. Among other things, the report found that PACE loans create an increase in negative credit outcomes for borrowers, particularly with respect to mortgage delinquency. Additionally, PACE borrowers were more likely to have higher interest rates and increased credit card balances and were more likely to live in census tracts with higher percentages of Black and Hispanic residents relative to the average for their states. The report noted that “PACE outcomes improved significantly in California after that State began requiring PACE companies to consider ability to pay before making a loan.”