On March 6, the CFPB issued a notice that it intends to conduct a mail survey of consumers “to learn about their experiences interacting with the debt collection industry.” The notice states that the Bureau, as part of its information gathering related to its debt collection rulemaking, will ask consumers about (i) whether they have been contacted by debt collectors in the past; (ii) whether they recognized the debt that was being collected; (iii) interactions with the debt collectors; (iv) preferences for how they would like to be contacted by debt collectors; (v) opinions about potential regulatory interventions in debt collection markets; and (vi) knowledge of legal rights regarding debt collections. Comments on the proposed survey are due by May 6, 2014.
House Financial Services Committee Chairman Jeb Hensarling (R-TX) sent a letter today to CFPB Director Richard Cordray once again pressing the CFPB for information about its March 2013 auto finance guidance and its actions since that time to pursue allegedly discriminatory practices by auto finance companies. That guidance, which the CFPB has characterized as a restatement of existing law, sought to establish publicly the CFPB’s grounds for asserting violations of ECOA against bank and nonbank auto finance companies for the alleged effects of facially neutral pricing policies.
The letter recounts numerous exchanges between members of Congress—including both Democratic and Republican members of the Committee—and the CFPB on this issue to demonstrate what the Chairman characterizes as “a pattern of obfuscation” by the Bureau. Mr. Hensarling explains that through a series of written requests—see, e.g. here, here, and here—as well as in-person exchanges, lawmakers have sought detailed information about the CFPB’s application of the so-called disparate impact theory of discrimination to impose liability on auto finance companies. The letter states that the CFPB has repeatedly refused to provide certain key information used in applying that theory through compliance examinations and enforcement actions, including information about regression analyses, analytical controls, and numerical thresholds employed by the Bureau. Read more…
On March 6, the FTC released a memorandum of understanding (MOU) it signed with the UK’s Information Commissioner’s Office (ICO), which is designed to strengthen the agencies’ privacy enforcement partnership. The FTC stated that over the last several years it has worked with the ICO on numerous investigations and international initiatives to increase global privacy cooperation. The MOU establishes a formal framework for the agencies to provide mutual assistance and exchange of information for the purpose of investigating, enforcing, and/or securing compliance with certain privacy violations. The FTC also announced a joint project with the European Union (EU) and Asia-Pacific Economic Cooperation (APEC) economies to map together the requirements for APEC Cross Border Privacy Rules and EU Binding Corporate Rules, which is designed to provide a practical reference tool for companies that seek “double certification” under the APEC and EU systems, and shows the substantial overlap between the two.
On March 5, the Senate voted 47-52 on a procedural motion that would have advanced President Obama’s nomination of Debo Adegbile to serve as Assistant Attorney General, Civil Rights Division. Seven Democrats joined all voting Republicans to defeat the nomination. Mr. Adegbile’s participation in the legal representation of Mumia Abu-Jamal, who was convicted in 1981 of killing a Philadelphia police officer, reportedly played a factor in the voting.
On March 5, the Federal Reserve Board, the OCC, and the FDIC issued final guidance for stress tests conducted by banking institutions with more than $10 billion but less than $50 billion in total consolidated assets. Under Dodd-Frank Act-mandated regulations adopted in October 2012, such firms are required to conduct annual stress tests. The guidance discusses (i) supervisory expectations for stress test practices, (ii) provides examples of practices that would be consistent with those expectations, and (iii) offers additional details about stress test methodologies. Covered institutions are required to perform their first stress tests under the Dodd-Frank Act by March 31, 2014.
On March 5, the FTC released a summary of its 2013 debt collection activities, which it submitted to the CFPB on February 21, 2014. The report highlights that one of the FTC’s highest priorities is to continue targeting debt collectors that engage in deceptive, unfair, or abusive conduct. In particular, the FTC is actively pursuing debt collectors that secure payments from consumers by falsely threatening litigation or otherwise falsely implying that they are involved in law enforcement. In 2013, the FTC filed or resolved seven actions alleging deceptive, unfair, or abusive debt collection conduct. The FTC also took action against the continuing rise of so-called “phantom debt collectors.” The report also summarizes the FTC’s amicus program, and education, public outreach, research, and policy activities, including its Life of a Debt Roundtable Event, which examined data integrity in debt collection and the flow of consumer data throughout the debt collection process.
On March 5, a group of 16 Democratic U.S. House members sent letters to the leaders of the Federal Reserve Board, the OCC, the FDIC, and the NCUA requesting that the agencies issue guidance that would provide legitimate marijuana businesses access to the federal banking system. Last November, those agencies declined to provide such guidance, stating that the DOJ and FinCEN first needed to agree on a framework to apply BSA/AML provisions to banks seeking to serve marijuana businesses. With FinCEN and DOJ having recently issued such guidance, the lawmakers renewed their push for legitimate marijuana businesses—now operating in 20 states and the District of Columbia—to have “equal access to banking services as other licensed businesses.”
State Banking Associations Object To Senators’ Request For Increased Bank Payment System Security Oversight
On March 5, 53 state bankers associations sent a letter to Federal Reserve Board Chair Janet Yellen defending banks’ efforts to secure consumer financial data and highlighting the responsibilities of other parties, in particular merchants, to do the same. The banking associations, representing bankers in every state and Puerto Rico, took issue with a letter Democratic Senators Dick Durbin (D-IL) and Al Franken (D-MN) sent last month to the Federal Reserve Board Chair seeking information about the Board’s oversight of card issuers’ fraud prevention policies and recommending that the Board do more to verify the effectiveness of such policies. The banking associations contend that the Senators’ letter is a “thinly veiled effort to once again advance the regulation of interchange under the guise of current concerns over data security,” and criticize the Senators for converting a discussion about security responsibilities into one about interchange fees.
On March 4, Comptroller of the Currency Thomas Curry addressed the annual meeting of the Independent Community Bankers Association where he stressed the need for banks to effectively manage risk presented by the outsourcing of data security and information technology. The Comptroller explained that “[t]hird parties can be the weak link in [a bank’s] information systems security and resiliency; and especially where that third party is providing security services.” Referencing guidance the OCC issued last year, the Comptroller described the OCC’s due diligence expectations for banks’ third-party relationships as “substantial” and stressed that a bank’s due diligence needs to cover not only the vendor, but the vendor’s own third-party relationships. Mr. Curry also focused on other concerns he has about third-party relationships, including: (i) consolidation of service providers, which can increase the number of banks impacted when deficiencies occur at a single vendor; (ii) increased reliance by banks on foreign-based service providers; and (iii) third parties’ access to “large amounts of sensitive bank or customer data.”
On March 5, the Superior Court of New Jersey, Appellate Division issued an opinion clarifying the proof necessary for debt buyers to prevail on efforts to collect an assigned debt on a closed and charged-off credit card account. New Century Fin. Servs. Inc. v. Oughla, Nos. A-6078-11T4, A-6370-11T1, 2014 WL 839180 (N.J. Sup. Ct. App. Div. Mar. 5, 2014). In a consolidated appeal of two trial court decisions, debtors sought to reverse the trial court’s orders granting summary judgment to two debt buyers seeking to collect on charged-off credit card debt they had purchased from sellers who derived their ownership from credit card issuers. The appeals court explained that to collect such debt, debtors must prove (i) ownership of the charged-off debt, which it can do through business records documenting its ownership, and (ii) the amount due at the time the card issuer charged off the debt. The court also determined that (i) an electronic copy of the last billing statement is sufficient to demonstrate the amount due at charge-off; (ii) the validity of a debt assignment is not undermined by a failure to provide notice of the assignment to the debtor, and (iii) that a debt can be assigned without specifically referencing the debtor’s name or account number. The court held in these companion cases that one of the debt buyers established ownership through proper authentication and certification of business records, while the other debt buyer failed to provide sufficient proof of the full chain of ownership of its claim to meet its burden. The court affirmed summary judgment for one buyer and reversed and remanded the other buyer’s case accordingly.
On March 5, the U.S. District Court for the Eastern District of New York held that the named plaintiffs lack standing to bring claims in a multidistrict class action alleging illegal overdraft practices by a national bank. In re HSBC Bank, USA, N.A., Debit Card Overdraft Fee Litigation, No. 13-md-2451, 2014 WL 868827 (E.D.N.Y. Mar. 5, 2014). The three consolidated actions are similar to numerous actions filed against national banks across the country in which bank customers have alleged, generally, that banks manipulated debit card transactions to increase the number of overdraft fees charged to customers by re-ordering daily transactions from highest to lowest dollar amount, resulting in a higher number of individual overdraft transactions. On the bank’s motion to dismiss in this case, the court held that the named plaintiffs never lived or conducted business in 10 of the 12 states where the allegations arose and therefore lacked standing under the applicable state statutes giving rise to the claims. The court added that if the plaintiffs sought to add representatives from the other states, it would be difficult for the court to adjudicate the claims given the discrepancies between state laws. The court dismissed numerous claims under the laws of the two remaining states (California and New York), but allowed the plaintiffs breach of implied covenant and good faith and fair dealing claims under both New York and California law, and claims under California’s Unfair Competition Law and False Advertising Law, to proceed.
On March 4, SWIFT, the bank member-owned cooperative based in Belgium, announced that it signed a Memorandum of Understanding with six of its major member banks to develop a central utility for the collection and distribution of standard information required by banks as part of their know your customer (KYC) due diligence processes. The KYC registry is intended to help banks manage KYC compliance challenges and reduce associated costs by providing bank users centralized access to details on their counterparties, while allowing participating banks to retain ownership of their own information and maintain control over which other institutions can view their data. SWIFT states that an initial working group will establish processes for providing information to the registry and documentation necessary to fulfill KYC requirements across multiple jurisdictions. The group expects more banks to join in the coming months.
On March 4, the UK FCA released the results of its most recent review of sales incentives at retail financial firms. The FCA’s review revealed that retail banks have made progress in changing their financial incentive structures in response to the FCA’s supervisory focus on the issue starting in September 2012, which led to new guidance issued in January 2013. The FCA’s initial focus on the issue derived from its concerns about incentive structures that, among other things, allegedly fueled the sale of payment protection plans and other add-on products. Despite the broad progress, the FCA reports that roughly one in 10 firms with sales teams had higher-risk incentive scheme features where it appeared they were not managing the risk properly at the time of the FCA’s assessment. It believes firms should concentrate on, among other things (i) checking for spikes or trends in the sales patterns of individuals to identify areas of increased risk; (ii) better monitoring behavior in face-to-face sales conversations; and (iii) managing risks in discretionary incentive schemes and balanced scorecards, including the risk that discretion could be misused. The FCA states that given the progress made, it is not proposing any rule changes at this time, but it intends to keep financial incentives on its agenda for 2014.
On March 3, South Dakota enacted HB 1131, which amends state banking laws to make clear that banks can offer revolving lines of credit not tied to the issuance of a credit card.
On February 27, California Attorney General Kamala Harris issued a guide to assist small businesses in defending against the threat of cybercrime. The guide, which was developed with the California Chamber of Commerce and Lookout, a mobile security company, stresses that small businesses should assume that they are a target for cybercrime and act accordingly. In addition to providing actionable steps to prevent cyber-attacks, the guide encourages every small business to develop a “game plan” for responding to the inevitability of an actual incident: “Experience has shown that many organizations wait until they have actually suffered a serious data breach before attempting to come up with a process for dealing with such a situation – which amounts, effectively, to building an airplane in the air.”