InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB issues spring supervisory highlights
On May 2, the CFPB released its spring 2022 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, prepaid accounts, remittances, and student loan servicing. The report’s findings cover examinations completed between July and December 2021. Highlights of the examination findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to wrongful repossessions, misleading final loan payment amounts, and overcharges for add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include (i) both CRCs and furnishers failed to provide written notice to consumers providing the results of reinvestigations and direct dispute investigations; (ii) furnishers failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse consumers after determining a billing error had occurred; (iii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iv) provide consumers with the evidence relied upon to determine a billing error had not occurred. Examiners also identified Regulation Z violations connected to creditors’ acquisitions of pre-existing credit card accounts from other creditors, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA and CFPA violations where debt collectors used false or misleading representations in connection with identity theft debt collection. Report findings also discussed instances where debt collectors engaged in unfair practices by failing to timely refund overpayments or credit balances.
- Deposits. The Bureau discussed violations related to Regulation E, which implements the EFTA, including occurrences where institutions (i) placed duplicate holds on certain mobile check deposits that were deemed suspicious instead of a single hold as intended; (ii) failed to honor a timely stop payment request; (iii) failed to complete error investigations following a consumer’s notice of error because the consumer did not submit an affidavit; and (iv) failed to provide consumers with notices of revocation of provisional credit connected with error investigations regarding check deposits at ATMs.
- Mortgage Origination. Bureau examiners identified Regulation Z violations concerning occurrences where loan originators were compensated differently based on the terms of the transaction. Under the Bureau’s 2013 Loan Originator Final Rule, “it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” Examiners also found that certain lenders failed to retain sufficient documentation to establish the validity for revisions made to credit terms.
- Prepaid Accounts. The Bureau found violations of Regulation E and EFTA related to institutions’ failure to submit prepaid account agreements to the Bureau within the required time frame. Examiners also identified instances where institutions failed to honor oral stop payment requests related to payments originating through certain bill pay systems. The report cited additional findings where institutions failed to properly conduct error investigations.
- Remittances. Bureau examiners identified violations of the EFTA, Regulation E, and deceptive acts and practices. Remittance transfer providers allegedly made false and misleading representations concerning the speed of transfers, and in multiple instances, entered into service agreements with consumers that violated the “prohibition on waivers of rights conferred or causes of action created by EFTA.” Examiners also identified several issues related to the Remittance Rule’s disclosure, timing, and recordkeeping requirements.
- Student Loan Servicing. Bureau examiners identified several unfair acts or practices connected to private student loan servicing, including that servicers failed to make advertised incentive payments (which caused consumers to not receive payments to which they were entitled), and failed to issue timely refund payments in accordance with loan modification payment schedules.
The report also highlights recent supervisory program developments and enforcement actions, including the Bureau’s recent decision to invoke a dormant authority to examine nonbanks (covered by InfoBytes here).
CFPB invokes dormant authority to examine nonbanks
On April 25, the CFPB announced it was invoking a “dormant authority” under the Dodd-Frank Act to conduct supervisory examinations of fintech firms and other nonbank financial services providers based upon a determination of risk. “This authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads,” CFPB Director Rohit Chopra explained. The Bureau has direct supervisory authority over banks and credit unions with more than $10 billion in assets, certain nonbanks regardless of size that offer or provide consumer financial products or services, and the service providers for such entities. With this announcement, the Bureau now plans to use a provision under Section 1024 of Dodd-Frank that allows it to examine nonbank financial entities, upon notice and an opportunity to respond, if it has “reasonable cause” to determine that consumer harm is possible.
In tandem with the announcement, the Bureau also issued a request for public comment on an updated version of a procedural rule that implements its statutory authority to supervise nonbanks “whose activities the CFPB has reasonable cause to determine pose risks to consumers,” including potentially unfair, deceptive, or abusive acts or practices. The statute requires that the Bureau “base such reasonable cause determinations on complaints collected by the CFPB, or on information from other sources,” which the Bureau stated may include “judicial opinions and administrative decisions, . . . whistleblower complaints, state partners, federal partners, or news reports.” “Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to,” Chopra stated.
Among other things, the new rule establishes a disclosure mechanism intended to increase transparency of the Bureau’s risk-determination process. Specifically, the new rule will exempt final decisions and orders by the CFPB director from being considered confidential supervisory information, allowing the Bureau to publish the decisions on their website. Subject companies will be given an opportunity seven days after a final decision is issued to provide input on what information, if any, should be publicly released. According to the Bureau, there “is a public interest in transparency when it comes to these potentially significant rulings by the Director as head of the agency. Also, if a decision or order is publicly released, it would be available as a precedent in future proceedings.”
The procedural rule is effective upon publication in the Federal Register and has a 30-day comment period.
FDIC highlights NSF/overdraft fees, fair lending in 2022 Consumer Compliance Supervisory Highlights
On March 31, the FDIC released the spring 2022 edition of the Consumer Compliance Supervisory Highlights to provide information and observations related to the FDIC’s consumer compliance supervision of state non-member banks and thrifts in 2021. Topics include:
- A summary of the FDIC’s supervisory approach in response to the Covid-19 pandemic, including efforts made by banks to meet the needs of consumers and communities.
- An overview of the most frequently cited violations (approximately 78 percent of total violations involved TILA, the Flood Disaster Protection Act (FDPA), EFTA, Truth in Savings Act, and RESPA). During 2021, the FDIC initiated 20 formal enforcement actions and 24 informal enforcement actions addressing consumer compliance examination observations, and issued civil money penalties totaling $2.7 million against institutions to address violations of the FDPA and Section 5 of the FTC Act.
- Information on the charging of multiple non-sufficient funds fees (NSF) for re-presented items, and risk-mitigating activities taken by banks to avoid potential violations. According to the FDIC, “failure to disclose material information to customers about re-presentment practices and fees” may be deceptive. The failure to disclose material information to customers “may also be unfair if there is the likelihood of substantial injury for customers, if the injury is not reasonably avoidable, and if there is no countervailing benefit to customers or competition. For example, there is risk of unfairness if multiple fees are assessed for the same transaction in a short period of time without sufficient notice or opportunity for consumers to bring their account to a positive balance.” Recommendations on addressing overdraft issues are discussed in the report.
- An overview of fair lending concerns highlighting ways to mitigate risk, including “[m]aintaining written policies and procedures that include information for lending staff to reference when applying credit decision criteria and determining whether borrowers are creditworthy” and reviewing requirements used to screen potential applicants to make sure there is no “discriminatory impact.”
- Information on regulatory developments, such as (i) rulemaking related to the Community Reinvestment Act, flood insurance, false advertising/misuse of the FDIC’s name or logo rulemaking, deposit insurance, and LIBOR; and (ii) guidance on fintech due diligence, artificial intelligence/machine learning, and third-party risk management.
- A summary of consumer compliance resources available to financial institutions.
- An overview of consumer complaint trends.
SEC 2022 examination priorities include information security, emerging technologies, and crypto-assets
On March 30, the SEC’s Division of Examinations announced that its 2022 examination priorities will focus on key risk factors related to private funds, environmental, social and governance investing, retail investor protections, information security and operational resiliency, emerging technologies, and crypto-assets. SEC registrants, including investment advisers, broker-dealers, self-regulatory organizations, clearing firms, and other registrants, are reminded of their obligations to address, manage, and mitigate these key risk areas. The SEC stated that examiners will continue to review whether firms are taking appropriate measures to safeguard customer accounts to prevent intrusions. Firms are expected to implement procedures to respond to incidents, identify and detect red flags for identity theft, and manage operational risk, including oversight of vendors and service providers. With respect to emerging technologies and crypto-assets, the SEC announced it will review whether firms are considering emerging financial technologies when designing their regulatory compliance programs. The SEC will also focus on firms that offer new products and services or employ new practices “to assess whether operations and controls in place are consistent with disclosures made and the standard of conduct owed to investors and other regulatory obligations.” Additionally, examinations of market participants engaged in crypto-assets will continue to focus on custody arrangements for such assets, as well as “the offer, sale, recommendation, advice, and trading of crypto-assets” offered by these participants. The SEC also warned that it will be investigating whether registered investment advisors are “overstating or misrepresenting” environmental, social, and governance factors in their portfolios or disclosures.
Special Alert: CFPB revises UDAAP manual to include discriminatory practices
On March 16, the Consumer Financial Protection Bureau announced significant revisions to its Unfair, Deceptive, or Abusive Acts or Practices exam manual, in particular highlighting the CFPB’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service. Congress has enacted several statutes that outlaw discrimination on specified prohibited bases, including the Equal Credit Opportunity Act (ECOA), which generally makes it unlawful to discriminate on a prohibited basis when extending credit and which the CFPB is authorized to enforce. With this announcement, the Bureau made clear its view that any type of discrimination in connection with a consumer financial product or service could be an “unfair” practice — and therefore the CFPB can bring discrimination claims related to non-credit financial products (and other agencies that have UDAP authority may follow in the CFPB’s lead).
CFPB updates debt collection examination procedures to include Regulation F provisions
Recently, the CFPB updated its debt collection examination procedures to incorporate provisions of Regulation F (the FDCPA’s implementing regulation). As previously covered by InfoBytes, in October 2020, the Bureau issued its final rule (effective November 30, 2021) amending Regulation F to address debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. Following the publication of the final rule, the Bureau also released debt collection compliance guidance and frequently asked questions that address validation information generally and validation information related to residential mortgage debt (covered by InfoBytes here). The Bureau noted that depending on the scope of an examination, “and in conjunction with the compliance management system and consumer complaint response review procedures,” an examination will cover at least one of the following modules: (i) entity business model; (ii) communications in connection with debt collection; (iii) information sharing, privacy, and interactions with consumer reporting agencies; (iv) validation notice, consumer FDCPA disputes and complaints, and ceasing communication; (v) payment processing and account maintenance; (vi) ECOA; and (vii) litigation practices, administrative wage garnishment and repossession, and time-barred debt.
OCC updates Large Bank Supervision booklet
On March 8, the OCC updated the Large Bank Supervision booklet of the Comptroller’s Handbook, which is used by OCC examiners during the examination and supervision of midsize and large national banks and federal savings associations, foreign-owned U.S. branches and agencies, and international operations of midsize and large banks. The updated booklet rescinds the 2019 version and includes a revised core assessment, “which will be effective for core assessment summaries using financial information as of March 31, 2022.” Among other things, the revised booklet (i) clarifies expectations related to the preparation and documentation of a bank’s core assessment summary; (ii) combines core assessment and risk assessment system information into the “Core Assessment” section; (iii) updates core assessment factors and subfactors; (iv) clarifies the difference between an annual core assessment summary and quarterly supervision updates; (v) updates supervisory activity types to include “focused review,” consistent with OCC current practices; and (vi) includes additional consistency and clarity updates.
CFPB updates remittance transfer examination procedures
Recently, the CFPB updated its remittance transfer examination procedures to reflect the latest amendments to Regulation E (EFTA’s implementing regulation), Subpart B, as of May 2020. The updates are reflected within the Bureau’s Supervision and Examinations Manual. The updated procedures outline practices for examiners when evaluating institutions that provide remittances in the normal course of business to individuals and businesses in foreign countries. “Examiners should complete a risk assessment, conduct necessary scoping, and use these procedures, in conjunction with the compliance management system review procedures, to conduct a remittance transfer examination,” the Bureau stated. The procedures specify four objectives for remittance transfer examinations: (i) to assess the quality of a regulated entity’s compliance risk management systems in its remittance transfer business; (ii) to identify acts or practices that materially increase the risk of federal consumer financial law violations, as well as associated harm to consumers in connection with remittance transfers; (iii) to gather facts to help determine whether a supervised entity engages in acts or practices in connection with remittance transfers that are likely to violate federal consumer financial law; and (iv) to determine, in accordance with CFPB internal consultation requirements, whether a federal consumer financial law has been violated and whether it is appropriate to take further supervisory or enforcement action.
FFIEC issues final update for Examination Modernization Project
On January 21, the Federal Financial Institutions Examination Council (FFIEC) issued a statement presenting the results of the final phase of its Examination Modernization Project. The project, which was initiated to identify and assess measures to improve the community bank safety and soundness examination process, sought feedback on examination processes from select supervised institutions and examiners. FFIEC released previous project updates, which focused on meaningful supervisory burden reduction and tailoring examination plans and procedures based on risk (covered by InfoBytes here). The final phase addressed feedback related to examination requests and authentication requirements for FFIEC members’ supervision systems. Identified best practices include that: (i) information requests should be risk-focused and relevant to an examination; (ii) supervised institutions should be allowed sufficient time to produce requested information; (iii) examiners should coordinate information requests among the exam team to avoid duplication and redundancy; (iv) requests should be made through an institution’s designated regulatory examination point-of-contact; and (v) requests should be clearly articulated in writing. With respect to feedback received related to authentication requirements, FFIEC noted that its Task Force on Supervision has approved a common authentication solution to allow member agencies and supervised institutions “to securely authenticate to supervision systems, while eliminating the need for multiple credentials to access regulator systems.”
CFPB to examine college lending
On January 20, the CFPB announced its plans to examine the operations of post-secondary schools that extend private loans directly to students and update its exam procedures, including a new section on institutional student loans. The Bureau noted that it is “concerned about the borrower experience with institutional loans because of past abuses at schools,” high interest rates, and strong-arm debt collection practices. When examining institutions offering private education loans, in addition to examining general lending issues, the Bureau noted that examiners will review certain actions only schools can take against their students, which include, among other things: (i) placing enrollment restrictions; (ii) withholding transcripts; (iii) improperly accelerating payments; (iv) failing to issue refunds; and (v) maintaining improper lending relationships. The education loan exam procedures manual is intended for use by Bureau examiners, and is available as a resource to those subject to its exams. These procedures will be incorporated into the Bureau’s general supervision and examination manual.