Election Results: Preliminary Thoughts and Reactions

As a result of last Tuesday’s election, Republicans will control the White House and both houses of Congress in 2017. It is likely there ultimately will be some significant changes affecting financial services regulation and enforcement, but they will take time to implement. The President-elect has articulated sympathy for less regulation and opposition to the Dodd-Frank Act but also an unconventional economic populism. The Congressional Republicans have already prepared, and in some cases passed, more specific changes to limit and cabin the CFPB. We anticipate efforts focused on changing the CFPB Director and CFPB structure, reduced regulation that may encourage product innovation (particularly in the FinTech space), and potentially less emphasis on certain Department of Justice (“DOJ”) enforcement initiatives such as fair lending and the Residential Mortgage-Backed Securities (“RMBS”) task force. Nonetheless, we expect continued enforcement and supervisory activity, including by states and by prudential regulators that are less directly tied to shifting political winds.

Click here to read the full special alert

* * *

Questions regarding the matters discussed in this alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

LinkedInFacebookTwitterGoogle+Share

Special Alert: Summary of CFPB’s final prepaid rule

I. Overview of the CFPB’s Final Prepaid Rule
On October 5, 2016, the Consumer Financial Protection Bureau (Bureau) issued a final rule (Prepaid Rule) amending Regulations E and Z to extend consumer protections to prepaid card accounts. The new protections include pre-acquisition disclosures, error resolution rights, and periodic statements. In addition, prepaid card accounts that include a separate credit feature are subject to some of Regulation Z’s credit card provisions, including an ability-to-repay requirement. Prepaid card issuers are also required to submit to the Bureau and to post to their websites any new and revised prepaid card account agreements. In this alert we summarize key provisions of the Prepaid Rule except those provisions that apply only to payroll and government benefits prepaid cards, which will be covered in a separate alert.

II. Effective Date
The Prepaid Rule’s effective date is October 1, 2017, however, the effective date for posting prepaid card account agreements is October 1, 2018. Heeding concerns about burden, the Bureau stated that the Prepaid Rule does not require financial institutions to pull and replace prepaid account access devices or packaging materials that were manufactured, printed, or otherwise produced in the normal course of business prior to October 1, 2017. Instead, financial institutions must provide consumers with notice of certain changes in terms and updated initial disclosures, in certain circumstances.

Click here to read full Special Alert

* * *

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

 

 

 

LinkedInFacebookTwitterGoogle+Share

Special Alert: D.C. Circuit Panel Rejects CFPB’s RESPA Interpretation and Alters its Structure in PHH Corp. v. CFPB

On October 11, a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit issued an opinion vacating a $109 million penalty imposed on PHH Corporation under the anti-kickback provisions of the Real Estate Settlement Procedures Act (RESPA), concluding that the CFPB misinterpreted the statute and violated due process by reversing the interpretation of the prior regulator and applying its own interpretation retroactively. Furthermore, the panel rejected the CFPB’s contention that no statute of limitations applied to its administrative actions and concluded that RESPA’s three-year statute of limitations applied to any actions brought under RESPA.

In addition, a majority of the panel held that the CFPB’s status as an independent agency headed by a single Director violates the separation of powers under Article II of the U.S. Constitution. However, rather than shutting down the CFPB and voiding all of its regulations and prior actions, the majority chose to remedy the defect by making the CFPB’s Director subject to removal at will by the President. In effect, this makes the CFPB an executive agency (like the Department of the Treasury) rather than, as envisioned by the Dodd-Frank Act, an independent agency (like the Federal Trade Commission). (One member of the panel, Judge Henderson, dissented from this portion of the opinion on the grounds that it was not necessary to reach the constitutional issue because the panel was already reversing the CFPB’s interpretation of RESPA.)

The panel remanded the case to the CFPB to determine whether, within the three-year statute of limitations, the payments to PHH’s affiliate exceeded the fair market value of the services provided in violation of RESPA. The CFPB is expected to petition for en banc reconsideration by the full D.C. Circuit or to seek direct review by the United States Supreme Court. Therefore, final resolution of this matter may be delayed by a year or more.

Click here to read the full Special Alert.

* * *

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

LinkedInFacebookTwitterGoogle+Share

Special Alert: OCC to Issue Guidance on “De-Risking” in Foreign Correspondent Banking Relationships

On September 28, 2016 OCC Comptroller Thomas J. Curry announced during a speech at the Association of Certified Anti-Money Laundering Specialists (ACAMS) conference that the OCC is developing guidance around “de-risking” in foreign correspondent banking relationships. Following the joint fact sheet published by the federal banking agencies and the Department of Treasury, Comptroller Curry said that it will issue “guidance that reiterates our risk management expectations for banks to establish and follow policies and procedures for regularly conducting risk evaluations of their foreign correspondent portfolios.” The guidance will describe “best practices” that the OCC has observed that banks can use when “re-evaluating their risks and making decisions about retaining or terminating foreign correspondent accounts.”

Click here to view the full Special Alert

* * *

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

LinkedInFacebookTwitterGoogle+Share

Special Alert: NYDFS Stakes Claim on Cybersecurity Regulation

On September 13, the New York Department of Financial Services (DFS) issued a proposed rule establishing cybersecurity requirements for financial services companies, and has thus ventured into new territory for state regulators. In the words of Governor Cuomo, “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from serious economic harm that is often perpetrated by state-sponsored organizations, global terrorist networks, and other criminal enterprises.”

Given the concentrated position of financial service companies in New York and the regulation’s definition of a Covered Entity – which includes “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law” – it could create an almost de facto national standard for medium to large financial services companies, regardless of where they keep their servers or suffer a cyberattack. This type of state-level regulation is not unprecedented. In 2003, California passed a data breach notification law that requires companies doing business in California to notify California residents of the breach and more recently amended the law to require 12 months of identity protection and strengthen data security requirements. In 2009, Massachusetts enacted a regulation mandating businesses implement security controls to protect personal information relating to state residents.

The DFS designed the regulation to protect both consumers and the financial industry by establishing minimum cybersecurity standards and processes, while allowing for innovative and flexible compliance strategies by each regulated entity. Yet the proposed regulation goes further than to just ask financial entities to conduct a risk assessment and to design measures to address the identified risks.

Click here to view the full Special Alert.

* * *

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

 

LinkedInFacebookTwitterGoogle+Share