On December 10, the U.S. Senate passed by voice vote S. 2519, the National Cybersecurity and Communications Integration Center Act of 2014. The bill would amend the Homeland Security Act of 2002 (12 U.S.C. § 121 et seq.) by codifying the current operations center in the Department of Homeland Security, which serves as a federal civilian information sharing interface for cybersecurity on behalf of the Homeland Security’s Under Secretary. The information center oversees cross-sector coordination of shared information related to cybersecurity risk and incidents that could adversely impact multiple private sectors. In addition, the bill prescribes the composition of the information center and requires it file yearly status reports. The bill will be submitted to the President for approval and signature.
CFPB Addresses Medical Debt Collection, Requires Consumer Reporting Agencies To Provide Accuracy Reports
On December 11, the CFPB held a field hearing on medical debt collection and how it affects consumer credit reports. In his prepared remarks, Director Cordray announced the release of a white paper focused on the specific issue of medical debt collection. According to Cordray, medical debt collection presents unique challenges as compared to other industries due to inconsistent debt collection practices by medical service providers, insurance companies, and collection agencies. More broadly, Cordray addressed issues within the consumer reporting system and announced that major consumer reporting agencies will now be required to submit “regular, standardized accuracy reports” as part of its ongoing examinations efforts. Specifically, consumer reporting agencies will have to (i) identify furnishers with the most disputes; (ii) identify industries with the most disputes, and (iii) provide peer group ranking of furnishers consumer disputes relative to their industry.
On December 8, Fannie Mae and Freddie Mac announced new loan programs allowing for a down payment as low as three percent intended to “remove barriers for creditworthy borrowers to get a mortgage” and provide them with “a responsible path to homeownership.” The “97 percent LTV” program launched by Fannie Mae targets first-time home buyers, while the Home Possible Advantage program introduced by Freddie Mac offers mortgage loans to low- and moderate-income borrowers. The recently announced options further the agencies’ efforts to establish a more stable mortgage market.
On December 11, Representatives Cummings (D-MD), Waters (D-CA), and Moore (D-WI) led the effort to submit a letter to FHFA’s IG requesting that the agency conduct a comprehensive audit to determine if Fannie and Freddie “are taking adequate steps to ensure that preservation companies maintain or service REO properties in compliance with the requirements of the Fair Housing Act.” The letter, which was signed by a total of 26 House Members, suggested that companies contracted by Fannie and Freddie to maintain their REOs provide inferior service within African-American, Latino, and other non-Caucasian communities. The Representatives’ allegations stem from National Fair Housing Alliance (NFHA) research, in addition to complaints filed with HUD and several U.S. banks. Moreover, the letter comes directly after the December 9 Senate Banking Committee hearing, “Inequality, Opportunity, and the Housing Market,” during which Deborah Goldberg, Special Project Director of NFHA, addressed that REOs are managed differently based on the community of the property.
On December 8, the SEC fined a computer programmer $68,387.07 for operating two separate online exchanges that traded securities using virtual currency without registering the businesses as broker dealers. Further, the SEC charged that the programmer failed to register the online enterprises as exchanges as required by SEC regulations. Without admitting or denying the allegations, the programmer agreed to be barred from the securities industry for two years.
On December 11, FINRA fined 10 financial firms a total of $43.5 million dollars for allegedly violating the industry-regulator’s conflict of interest rules. According to FINRA, in pitch meetings, the firms’ equity research analysts offered favorable research coverage in exchange for an underwriting role in a 2010 planned IPO of a large retail company.
On December 4, the CFPB fined a New Jersey-based debt-settlement service provider $69,075 in civil monetary penalties for alleged violations of the FTC’s Telemarketing Sales Rule (TSR). The CFPB alleged that the firm charged upfront fees to consumers which are prohibited for debt-settlement services. Further, the CFPB charged that the firm failed to provide debt-settlement services to consumers which harmed their credit history. In addition to the civil money penalty, the consent order requires the firm submit a compliance plan that includes (i) written policies and procedures designed to prevent violations of the TSR; (ii) training programs addressing the TSR and Federal consumer financial laws; (iii) written compliance monitoring processes; (iv) consumer complaint monitoring process; and (v) specific deadlines for when the compliance plan will be completed.
On December 3, Deputy Secretary Raskin delivered remarks at the Texas Bankers’ Association Executive Leadership Cybersecurity Conference. During her prepared remarks, Raskin noted recent data security breaches across many business sectors, including financial services, and presented ten questions for bank CEOs to consider when assessing their institutions’ cybersecurity readiness. Notably, Raskin urged the bank executives to consider relatively new cyber risk insurance for the financial recovery it provides as well as because the underwriting processes could enhance other cybersecurity controls and provide helpful information for assessing a bank’s risk level. Currently, over 50 insurance carriers offer some form of cyber insurance coverage. Raskin’s remarks comes only weeks after Congressional leaders sent a letter to financial institutions requesting that they provide information about their ability to protect consumers and safeguard personal information in the event of a data breach or cyber-attack.
On December 4, Assistant AG Leslie Caldwell delivered remarks at the Cybercrime 2020 Symposium regarding the DOJ’s recent efforts to fight cybercrime. Specifically, Caldwell noted the DOJ’s Criminal Division is (i) increasing its international law enforcement operations; and (ii) creating a committed Cybersecurity Unit to address the growing threat of cybercrime. The Cybersecurity Unit will take on the responsibility of enhancing the DOJ’s public and private security efforts, most notably by working with law enforcement to ensure that “legislation is shaped to most effectively protect our nation’s computer networks and individual victims from cyber attacks.”
On December 1, the FHFA issued an advisory bulletin highlighting its supervisory expectation that Fannie and Freddie maintain the safety and soundness of their operations by closely assessing the risk profile of lenders and servicers. Under the new framework, any new lender or servicer that enters into a contract with Fannie or Freddie will undergo a thorough assessment of their capital levels, business models and whether they would be able to fulfill certain responsibilities under economic downturns. This includes buying back faulty mortgages or being able to work with borrowers to avoid foreclosure. Other risks, such as potential legal troubles, will also be examined.
On December 2, Fed Governor Brainard delivered remarks at the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) Outreach Meeting in California. Governor Brainard noted the significance of safety and soundness in the banking system, but noted that some Dodd-Frank regulations should target only larger institutions so that undue burdens are not placed on community banks: “Applying a one-size-fits-all approach to regulations may produce a small benefit at a disproportionately large compliance cost to smaller institutions.” The EGRPRA review, conducted every 10 years, provides an opportunity for federal financial regulators to consider whether current regulations are outdated, unnecessary, or unduly burdensome.
On December 2, the FFIEC announced the release of its revised BSA/AML examination manual. The updated revisions address supervisory expectations and include regulatory changes since the manual’s last publication in 2010. Significantly modified sections of the examination include (i) Suspicious Activity Reporting, (ii) Currency Transaction Reporting, (iii) Foreign Bank and Financial Accounts Reporting, and (iv) Third-Party Payment Processors. The manual is available on the FFIEC BSA/AML InfoBase.
On November 25, FinCEN fined a small Florida-based credit union $300,000 in civil monetary penalties for violating the Bank Secrecy Act (BSA). From 2009 through 2014, FinCEN charged that, among other deficiencies within its anti-money laundering program, the credit union lacked proper internal controls and failed to designate a BSA compliance officer to monitor suspicious transactions. The credit union admitted that it violated Section 314(a) of the USA PATRIOT ACT, which requires financial institutions to search their records of accounts and transactions of individuals who may be involved in money laundering or terrorist financing activities. The credit union, with assets of $4 million and five employees, contracted with a third party vendor to provide services and subaccounts to 56 money services businesses located in Central America, Middle East, and Mexico. FinCEN stated that 90% of the credit union’s annual revenue was generated from these accounts.
OFAC Settles with Independent Manufacturer for Alleged Violations of the Cuban Assets Control Regulations
Recently, OFAC settled with a Portland, Oregon based manufacturer for allegedly violating the Cuban Assets Control Regulations, 31 C.F.R. part 515. The manufacturer agreed to pay $2,057,540 for the actions of its subsidiary, which “purchased nickel briquettes made or derived from Cuban-origin nickel between on or about November 7, 2007, and on or about June 11, 2011.” OFAC concluded that the manufacturer self-disclosed the supposed violations and such violations “constitute a non-egregious case.” Under the Economic Sanctions Enforcement Guidelines, OFAC noted that the manufacturer “acted with reckless disregard for Cuba sanctions program,” and caused “significant harm to…its policy objectives by conducting large-volume and high-value transactions in products made or derived from Cuban-nickel.”
On December 2, the U.S. Senate confirmed Nani Coloretti to be appointed as the new Deputy Secretary of HUD. Nominated in March, Coloretti currently serves as the Assistant Secretary for Management at the Department of Treasury where she advises on the development and execution of Treasury’s budget, strategic plans, and the internal management of the Department and its bureaus. Following the passage of the Dodd-Frank Act, she also helped stand-up the CFPB by serving as its Acting COO.