InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB orders nonbank title lender to pay $15 million for numerous violations
On February 23, the CFPB entered a consent order against a Georgia-based nonbank auto title lender (respondent) for alleged violations of the Military Lending Act (MLA), the Truth in Lending Act, and the Consumer Financial Protection Act. According to the Bureau, the respondent allegedly charged nearly three times the MLA’s 36 percent annual interest rate cap on auto title loans made to military families. The respondent also allegedly changed military borrowers’ personal information in an attempt to hide their protected status, included mandatory arbitration clauses and unreasonable notice provisions in its loans, and charged fees for an insurance product that provided no benefit to the borrower. The Bureau noted that the respondent has been under a consent order since 2016 for allegedly engaging in unfair and abusive acts related to its lending and debt collection practices (covered by InfoBytes here). While neither admitting nor denying any of the allegations, the respondent has agreed to pay $5.05 million in consumer redress and a $10 million penalty. The respondent must also implement robust measures to prevent future violations.
FHA reduces mortgage insurance premiums to improve home affordability
On February 22, FHA announced a 30 basis point reduction in the annual premium charged to mortgage borrowers, resulting in mortgage insurance premiums of 0.55 percent for most borrowers seeking FHA-insured mortgages (down from 0.85 percent). (See also Mortgagee Letter 2023-05.) The reduction will apply to nearly all FHA-insured Single Family Title II forward mortgages, and is applicable to all eligible property types including single family homes, condominiums, and manufactured homes, all eligible loan-to-value ratios, and all eligible base loan amounts. According to the announcement, the reduction is intended to build on steps taken by the Biden administration to make homeownership more affordable and accessible, particularly for households of color, and could save an estimated 850,000 borrowers an average of $800 annually. As previously covered by InfoBytes, last September HUD modified FHA’s underwriting policies to allow lenders to consider a first-time homebuyer’s positive rental payment history as an additional factor in determining eligibility for an FHA-insured mortgage, and in March, the Property Appraisal and Valuation Equity Task Force outlined steps for addressing alleged racial bias in home appraisals (covered by InfoBytes here). Additional actions taken by HUD to improve homeownership accessibility can be found here.
VA reduces funding fee for certain loans
On February 14, the Department of Veterans Affairs announced a funding fee charge update for loans closed on or after April 7, 2023. According to Circular 26-23-06, funding fees are charged on VA transactions involving a home loan where a borrower does not qualify for a fee waiver. A reduced funding fee also applies to borrowers purchasing or constructing a home with a five or 10 percent down payment. The VA explained that lenders are to continue charging non-exempt veterans the current funding fee percentage for loans closed prior to April 7 (fee rates are listed here). For loans closed on or after April 7, lenders must charge the new funding fee percentage (fee rates are listed here).
Fed revises Bank Holding Company Supervision Manual
The Federal Reserve Board recently updated sections of the Bank Holding Company Supervision Manual. (Changes to the manual were last made in November 2021.) The manual provides guidance for conducting inspections of bank holding companies and their nonbank subsidiaries, as well as savings and loan holding companies. “The supervisory objectives of the inspection program are to ascertain whether the financial strength of the bank holding company is being maintained on an ongoing basis and to determine the effects or consequences of transactions between a holding company or its nonbanking subsidiaries and its subsidiary banks,” the Fed explained. Included among the changes are updates to sections on the supervision of savings and loan holdings companies; supervision of holding companies with less than $10 billion in total consolidated assets; liquidity planning and positions applicable to large financial institutions; holding company ratings applicability and inspection frequency; supervision of subsidiaries related to nondeposit investment products; control and ownership of bank holding company formations; asset securitization risk management and internal controls; retail-credit classification; supervision of savings and loan holding companies; and Bank Holding Company Act exemptions. A new section—“Formal Corrective Actions”—revises previous guidance to include entities against which the Fed has statutory authority to take formal enforcement actions. The section also provides additional information on enforcement actions for Bank Secrecy Act and anti-money laundering compliance failures, as well as details on interagency enforcement coordination. The section further clarifies that the Fed “does not issue an enforcement action on the basis of a ‘violation’ of or ‘non-compliance’ with supervisory guidance.” Minor technical changes were made throughout the manual as well. A detailed summary of changes is available here.
Agencies propose Call Report revisions
On February 22, the FDIC, Federal Reserve Board, and the OCC announced the publication of a joint notice and request for comment proposing changes to three versions of the Call Report (FFIEC 031, FFIEC 041, and FFIEC 051), as well as changes to the Report of Assets and Liabilities of U.S. Branches and Agencies of Foreign Banks (FFIEC 002), as applicable. Section 604 of the Financial Services Regulatory Relief Act of 2006 mandates agency review of information collected in the Call Reports “to reduce or eliminate any requirement to file certain information or schedules if the continued collection of such information or schedules is no longer necessary or appropriate.” The proposed changes would eliminate and consolidate certain items in the Call Reports based on an evaluation of responses to a user survey addressing the Call Report schedules. The agencies are also requesting comments on certain technical clarifications made last year concerning the reporting of certain debt securities issued by Freddie Mac and proposed Call Report process revisions. The proposed changes if approved, will take effect as of the June 30, 2023, report date. Comments are due April 24.
FTC, DOJ sue telemarketers of fake debt relief services
On February 16, the DOJ filed a complaint on behalf of the FTC against several corporate and individual defendants for alleged violations of the FTC Act and the Telemarketing Sales Rule (TSR) in connection with debt relief telemarketing campaigns that delivered millions of unwanted robocalls to consumers. (See also FTC press release here.) According to the complaint, filed in the U.S. District Court for the Southern District of California, the defendants are interconnected platform providers, lead generators, telemarketers, and debt relief service sellers. Alleged violations include: (i) making misrepresentations about their debt relief services; (ii) initiating telemarketing calls to numbers on the FTC’s Do Not Call Registry, as well as calls in which telemarketers failed to disclose the identity of the seller and services being offered; (iii) initiating illegal robocalls without first obtaining consent; (iv) failing to make oral disclosures required by the TSR, including clearly and truthfully identifying the seller of the debt relief services; (v) misrepresenting material aspects of their debt relief services; and (vi) requesting and receiving payments from customers before renegotiating or otherwise altering the terms of those customers’ debts. The complaint seeks permanent injunctive relief, civil penalties, and monetary damages. Two of the defendants (a debt relief lead generator and its owner) have agreed to a stipulated order that, if approved, would prohibit them from further violations and impose a monetary judgment of $3.38 million, partially suspended to $7,500 to go towards consumer redress due to their inability to pay.
Treasury official highlights fintech, crypto assets, and cloud services challenges
On February 15, Treasury Assistant Secretary for Financial Institutions Graham Steele delivered remarks before the Exchequer Club of Washington, D.C., during which he discussed the U.S. Treasury Department’s financial institutions agenda on fintech, cryptocurrency, and cloud service providers. Stating that “significant potential exists to harness the underlying technology in fintech, digital assets, and cloud services adoption,” Steele cautioned that there exist common risks across these spaces related to inadequate oversight, excessive concentration, and consumer harms.
With respect to nonbanks and fintech, Steele noted that participation by nonbanks in financial services is a key priority for Treasury. He commented that while nonbanks add diversity and competition pressure to consumer finance markets, they “have largely not been subject to the kind of comprehensive regulation and supervision to which banks are subject,” which has created numerous “risks related to regulatory arbitrage, data privacy and security, bias and discrimination, and consumer protection, among others.” Steele highlighted recent Treasury recommendations primarily focused on using existing authorities held by the federal banking regulators and the CFPB as a way to coordinate supervision of bank-fintech partnerships and credit underwriting models. Another area of concern, Steele noted, are big technology firms—those that generally seek to enter the consumer finance market via relationships with banks and third-party fintech firms, and who avoid prudential regulation, supervision, and risk-management requirements that would apply if they offered banking services. “Big Tech firms may have incentives to leverage their existing commercial relationships, consumer data, and other resources to enter new markets, expand their networks and offerings, and scale rapidly to achieve capabilities that others—including depository institutions—do not have and cannot replicate,” Steele said.
Steele also touched on Treasury’s objectives for crypto assets, in which he referred to several studies examining “the potential financial stability implications of crypto-asset activities” and the risks and opportunities they might present to consumers, investors, and businesses. He also addressed concerns about misleading claims and representations in this space (for example, with respect to the availability of deposit insurance) and noted that there exist several gaps in existing authorities over crypto assets. Finally, Steele discussed a recent Treasury report, which examined potential benefits and challenges associated with the adoption of cloud services technology by financial services firms (covered by InfoBytes here).
District Court allows FTC suit against owners of credit repair operation to proceed
On February 13, the U.S. District Court for the Eastern District of Michigan denied a motion to dismiss filed by certain defendants in a credit repair scheme. As previously covered by InfoBytes, last May the FTC sued a credit repair operation that allegedly targeted consumers with low credit scores promising its products could remove all negative information from their credit reports and significantly increase credit scores. At the time, the court granted a temporary restraining order against the operation for allegedly engaging in deceptive practices that scammed consumers out of more than $213 million. The temporary restraining order was eventually vacated, and the defendants at issue (two individuals and two companies that allegedly marketed credit repair services to consumers, charged consumers prohibited advance fees in order to use their services without providing required disclosures, and promoted an illegal pyramid scheme) moved to dismiss themselves from the case and to preclude the FTC from obtaining permanent injunctive and monetary relief.
In denying the defendants’ motion to dismiss, the court held, among other things, that “controlling shareholders of closely-held corporations are presumed to have the authority to control corporate acts.” The court pointed to the FTC’s allegations that the individual defendants at issue were owners, officers, directors, or managers, were authorized signatories on bank accounts, and had “formulated, directed, controlled, had the authority to control, or participated in the acts and practices set forth in the complaint.” The court further held that the FTC’s allegations raised a plausible inference that the individual defendants have the authority to control the businesses and demonstrated that they possessed, “at the most basic level, ‘an awareness of a high probability of deceptiveness and intentionally avoided learning of the truth.’”
The court also disagreed with the defendants’ argument that the permanent injunction is not applicable to them because they have since resigned their controlling positions of the related businesses, finding that “[t]his development, if true, does not insulate them from a permanent injunction.” The court found that “the complaint contains plausible allegations of present and ongoing deceptive practices that would authorize the [c]ourt to award a permanent injunction ‘after proper proof.’” In addition, the court said it may award monetary relief because the FTC brought claims under both sections 13(b) and 19 of the FTC Act and “section 19(b) contemplates the ‘refund of money,’ the ‘return of property,’ or the ‘payment of damages’ to remedy consumer injuries[.]”
FTC launches Office of Technology
On February 17, the FTC launched a new Office of Technology to strengthen the agency’s ability to keep pace with technological challenges in the digital marketplace. The Office of Technology will support the FTC’s enforcement and policy work, and will be headed by Chief Technology Officer Stephanie T. Nguyen who said it is a “vital time to strengthen the agency’s technical expertise and meet the quickly evolving challenges of the digital economy.” Specifically, the Office of Technology will (i) strengthen and support law enforcement investigations into business practices and the underlying technologies by “helping to develop appropriate investigative techniques, assisting in the review and analysis of data and documents received in investigations, and aiding in the creation of effective remedies”; (ii) work with FTC staff and the Commission on policy and research initiatives to provide technological expertise on non-enforcement actions; and (iii) engage with the public and external stakeholders on market trends and emerging technologies that impact agency work. “Our office of technology is a natural next step in ensuring we have the in-house skills needed to fully grasp evolving technologies and market trends as we continue to tackle unlawful business practices and protect Americans,” FTC Chair Lina Khan said.
NCUA approves final cyber incident reporting rule
On February 16, the NCUA approved a final rule that requires federally-insured credit unions (FICUs) to notify the agency as soon as possible (and no later than 72 hours) after a FICU “reasonably believes that a reportable cyber incident has occurred.” Specifically, the rule requires FICUs to report cyber incidents that lead “to a substantial loss of confidentiality, integrity, or availability of a network or member information system as a result of the exposure of sensitive data, disruption of vital member services, or that has a serious impact on the safety and resiliency of operational systems and processes.” Under the rule, FICUs must report any cyberattacks that disrupt their business operations, vital member services, or a member information system within 72 hours of the FICU’s “reasonable belief that it has experienced a cyberattack.” The NCUA explained that the 72-hour notification requirement provides an early alert to the agency but that the rule does not require the submission of a detailed incident assessment within this time frame. The final rule takes effect September 1. Additional reporting guidance will be provided prior to the effective date.
“Through these high-level early warning notifications, the NCUA will be able to work with other agencies and the private sector to respond to cyber threats before they become systemic and threaten the broader financial services sector,” NCUA Chairman Todd M. Harper said. Harper further explained that “[t]his final rule will also align the NCUA’s reporting requirements with those of the federal banking agencies and the Cyber Incident Reporting for Critical Infrastructure Act.”