On April 27, the Conference of State Bank Supervisors (CSBS) announced that three working groups of state regulators – the State Coordinating Committee (SCC), the Multi-State Mortgage Committee (MMC), and the Multi-State MSB Examination Task Force (MMET) – issued annual reports to state regulators regarding their 2014 operations and progress. Responsible for information sharing and examination work with the CFPB, the SSC report outlines the two agencies’ 9 joint examinations. The MMC – established as the “oversight body for multi-state mortgage supervision” in 2008 – is responsible for coordinated, multi-state mortgage exams, and its report covers the 6 joint mortgage examinations conducted with the CFPB in 2014. Finally, the MMET supervises the money services businesses; its report highlights 57 examinations conducted jointly with the CFPB in 2014.
OCC Comptroller Discusses Emerging Payment Systems Technology and Cybersecurity, FFIEC Set to Release Cybersecurity Assessment Tool
On June 3, in prepared remarks delivered at the BITS Emerging Payments Forum, OCC Comptroller Thomas Curry advised that as financial institutions continue to develop payment systems, banks need better preparation for potential cyber-risks. Curry warned that “[c]yber criminals will also probe emerging payment systems for vulnerabilities that they can exploit to engage in money laundering[.]” In addition, Curry advocated for more regulatory oversight of digital currencies and non-bank mobile payment providers, such as ApplePay and Google Wallet. Addressing cybersecurity concerns, Curry called for increased information-sharing to promote best practices and strengthen cybersecurity readiness among the banking industry. In particular, he urged financial institutions – of all sizes – to participate in the Financial Services Information Sharing and Analysis Center, or FS-ISAC, a non-profit founded by the banking industry to facilitate the sharing and dissemination of cybersecurity threat information. Moreover, Curry confirmed that the FFIEC will soon be releasing a Cybersecurity Assessment Tool for financial institutions to use when evaluating their cybersecurity risks and risk management capabilities, observing that the tool will be particularly helpful to community banks as cybersecurity threats continue to increase.
On March 25, the Conference of State Bank Supervisors (“CSBS”) and the American Association of Residential Mortgage Regulators (“AARMR”) issued a proposal seeking public comment on its Proposed Regulatory Prudential Standards for Non-bank Mortgage Servicers. According to the CSBS, the proposal is in response to an increasing number of non-bank servicers that continue to acquire mortgage servicing rights, and subsequently, require enhanced state regulation to (i) provide better safeguards for borrowers, investors, and other stakeholders, (ii) increase regulatory oversight and market discipline over non-bank mortgage servicers, and (iii) enhance transparency, accountability, risk management and corporate governance standards. Comments on the proposal must be received by June 25, 2015.
CFPB Releases Winter Issue of Supervisory Highlights, Schedules Date for Field Hearing on Payday Lending
On March 11, the CFPB released its seventh issuance of Supervisory Highlights, which highlights the CFPB’s supervision work completed between July 2014 and December 2014, detailing examination findings and observations in consumer reporting, debt collection, deposits, mortgage origination, and fair lending examinations. The winter issue also reveals recent supervisory resolutions reached in the areas of payday lending, mortgage servicing, and mortgage origination have resulted in remediation of approximately $19.4 million to more than 92,000 consumers during the time reported. Other notable information included within the report is the addition of Credit Card Account Management examination procedures to the CFPB’s Supervision and Examination Manual. In a separate announcement, the CFPB also announced it will host a field hearing on payday lending, scheduled for Thursday, March 26 in Richmond, VA.
On March 4, the Pennsylvania Department of Banking and Securities (DOBS) entered into a consent order with four payday loan companies for allegedly violating three Pennsylvania state laws: the Consumer Discount Company Act (CDCA), the Loan Interest Protection Law, and the Money Transmitter Act. From 2007 through January 2015, the companies allegedly acted together to sell short-term loans. According to the DOBS, the interest rate on some of the loans sold exceeded the statutory limit. The consent order also states that the company (i) was not licensed under the CDCA at the time of the marketing or selling of the loans; and (ii) did not have a money transmitter license. Immediately upon issuance of the order, the companies agreed to “cease and desist from engaging in the consumer discount business,” and within ninety days of the issue date of the order, the companies must remit to Pennsylvania consumers the balance of open and active accounts.
On February 23, CFPB Director Richard Cordray delivered prepared remarks at the National Association of Attorneys General Winter Meeting in Washington, D.C. In his remarks, Cordray indicated that the CFPB is keeping a watchful eye on the auto lending market, stating that auto lending practices are currently being supervised at the largest banks. Cordray further revealed that the CFPB intends to move forward with a proposed rule to oversee the larger nonbank auto lenders as well. Cordray also lobbied the attorneys general to use the CFPB’s government portal to analyze consumer complaints to assist in investigations, stating, “[w]e now have 22 attorneys general and 28 state banking regulators who are already signed up and accessing this information through the secure portal. I strongly urge the rest of you to join us and do the same.”
CFPB Initiative Results in Free Access to Credit Scores, Agency Pledges to Increase Credit Reporting Enforcement Authority
One year after launching an initiative to improve consumer access to credit reporting information, the CFPB announced on February 19 that at least 50 million Americans now have the ability to directly and freely access their credit scores. As a result of the CFPB’s credit score initiative, over a dozen major credit card issuers have elected to provide free credit reports to their cardholders, and more issuers are expected to follow suit. The initiative was launched to emphasize the significance of monitoring credit scores and to make it easier for consumers to keep themselves informed. CFPB Director Richard Cordray applauded the agency’s efforts to increase transparency in this arena in his prepared remarks for Thursday’s Consumer Advisory Board Meeting, stating that improving both the accessibility and accuracy of credit reports is vital to consumers and credit providers alike. Cordray also alluded that the CFPB intends to leverage its enforcement authority to more closely regulate the credit reporting industry, thereby placing creditors, debt collectors, and other businesses that furnish consumer credit information on high alert. “Using our supervision and enforcement authorities,” Cordray said, “we are already bringing significant new improvements to the credit reporting system − and we are only getting started.”
On February 18, Steven Antonakes, Deputy Director of the CFPB, delivered remarks before the Exchequer Club of Washington, D.C. regarding the CFPB’s risk-focused supervision program. In his remarks, Antonakes identified two key differences that distinguish the CFPB from other regulatory agencies: (i) there is a “focus on risks to consumers rather than risks to institutions;” and (ii) examinations are conducted by product line rather than an “institution-centric approach.” Antonakes further stated that the agency uses field and market intelligence, which includes both qualitative and quantitative factors for each product line, such as the strength of compliance management systems, findings from CFPB’s prior examinations, the existence of other regulatory actions, the consumer complaints received, and metrics gathered from public reports, to adequately assess risks to consumers from an institution’s activity in any given market. After the review period, an institution will receive a “roll-up examination report” or a “supervisory plan,” depending on size, that will summarize the findings of the review. If corrective action is warranted, a review committee will assess violation-focused factors, institution-focused factors, and policy-focused factors to determine whether the examination should be resolved through a supervisory action or a public enforcement action.
CFPB Orders Nonbank Mortgage Lender to Pay $2 Million Penalty for Deceptive Advertising and Kickbacks
On February 10, the CFPB announced a consent order with a Maryland-based nonbank mortgage lender, ordering the lender to pay a $2 million civil money penalty, in part for allegedly failing to disclose its financial relationship with a veteran’s organization to consumers. According to the consent order, the CFPB alleged that the lender, whose primary business is originating refinance mortgage loans guaranteed by the VA, paid a veteran’s organization a fee to be named the “exclusive lender” of the organization and that failing to disclose this relationship in marketing materials targeted to the organization’s members constituted a deceptive act or practice under the Dodd-Frank Act. The CFPB further alleged that, because the veteran’s organization urged its members to use the lender’s products in direct mailings from the lender, call center referrals, and through the organization’s website, the monthly “licensing fee” and “lead generation fees” paid to the veteran’s organization and a third party broker company as part of marketing and referral arrangements constituted illegal kickbacks in violation of RESPA. In addition to the civil penalty, the consent order requires the lender to end any deceptive marketing, cease deceptive endorsement relationships, submit a compliance plan to the CFPB, and comply with additional record keeping, reporting, and compliance monitoring requirements.
On February 8, New York DFS Superintendent Benjamin Lawsky announced that the DFS would begin (i) regularly examining insurance companies’ cyber security preparedness; (ii) enhancing regulations that will require insurance providers to meet higher standards of cyber security; and (iii) examining “stronger measures related to the representations and warranties insurance companies receive from third-party vendors.” Lawsky expects the targeted exams to begin in the “coming weeks and months.” The announcement was accompanied by the release of the state agency’s report on cybersecurity in the insurance industry.
On January 27, the CFPB issued Compliance Bulletin 2015-01 to remind supervised financial institutions of their obligations concerning the disclosure of confidential supervisory information (CSI) to the CFPB and to third parties. Specifically, the bulletin addresses the interaction between a financial institution’s obligations with respect to the CFPB and its contractual obligations under nondisclosure agreements (NDAs) with a third party that restrict the sharing of information. Such NDAs typically (i) restrict sharing protected information with any third party (which would include a supervisory agency) other than in connection with a subpoena or similar legal requirement and (ii) require the institution to advise the third party before it shares information as required by law (which again would include sharing protected information with a supervisory agency).
Supervised financial institutions and other persons, with limited exceptions outlined in the bulletin, are generally prohibited from disclosing CSI to third parties. According to the bulletin, a supervised financial institution should not rely on the provisions of an NDA to justify disclosing CSI in a manner not otherwise permitted, either through a valid exception or prior written approval from the CFPB. The bulletin appears to take the position that the fact that information has been shared with the CFPB is itself CSI. Read more…
On October 8, the CFPB published a rule proposing oversight of larger nonbank auto finance companies for the first time at the federal level. The proposed rule will “amend the regulation defining larger participants of certain consumer financial product and service markets by adding a new section to define larger participants of a market for automobile financing.” Under the new section, a market would be defined to include: (i) grants of credit for the purchase of an automobile, refinancings of such credit obligations, and purchases or acquisitions of such credit obligations (including refinancings); and (ii) automobile leases and purchases or acquisitions of such automobile lease agreements. Previously, on September 17, the CFPB released information regarding its resolve to supervise and enforce auto finance companies’ compliance with consumer financial laws, including fair lending laws. Comments on the proposed rule must be received on or before December 8, 2014.
On September 12, the CFPB finalized a rule that allows it to supervise larger participants in the international money transfer market. In particular, this rule, which finalizes the proposed rule the CFPB issued in January 2014, allows the CFPB to supervise nonbank international money transfer providers that provide more than $1 million in international transfers annually, for compliance with the Remittance Rule under the Electronic Fund Transfer Act. The final rule will be effective December 1, 2014.
The CFPB will seek to ensure that these providers comply with a number of specific consumer-protection provisions, including the following:
- Disclosures: The CFPB will examine providers to determine that consumers receive the Remittance Rule-required disclosures in English as well as in any other language the provider uses to advertise, solicit, or market its services, or in any language in which the transaction was conducted. These disclosures inform consumers of the exchange rate, fees, the amount of money that will be delivered abroad, and the date the funds will be available.
- Option to Cancel: The CFPB will examine transfer providers to ensure that consumers receive at least thirty minutes to cancel the transfer if it has not yet been received, and that consumers receive a refund regardless of the reason for the cancellation.
- Correction of Errors: The CFPB will insist that remittance transfer providers properly investigate certain errors, and, if a consumer reports an error within 180 days, the CFPB will examine providers to determine that they have investigated and corrected certain types of errors. The CFPB will also examine providers to ensure that they are held accountable for the actions of any agents they use.
The CFPB used the authority granted to it in the Dodd-Frank Act to supervise “larger participants” in consumer financial markets, and this is the Bureau’s fourth larger participant rule. The CFPB indicates that it will use the same examination procedures for nonbank providers as it does for bank remittance providers, and the CFPB intends to coordinate with state examiners in its supervision.
The CFPB estimates that nonbank international money transfer providers transfer $50 billion each year, and 150 million individual international money transactions occur each year through these institutions, with seven million U.S. households transferring funds abroad each year through a nonbank.
On August 1, the U.S. Senate passed by unanimous consent H.R. 4386, which will permit FinCEN, in fulfilling its responsibility to supervise registered money services businesses (MSBs), to rely on state agency examinations of MSBs. The bill also covers other non-bank financial institutions such as gaming establishments and jewel merchants. The bill passed the House by voice vote in May. The President, who sought this authority for FinCEN in budget requests, is expected to sign the bill.
On July 29, the U.S. House of Representatives passed by voice voteH.R. 5062, a bipartisan bill that would amend the Consumer Financial Protection Act with respect to the supervision of nondepository institutions, to require the CFPB to coordinate its supervisory activities with state regulatory agencies that license, supervise, or examine the offering of consumer financial products or services. The bill declares that the sharing of information with such state entities does not waive any privilege claimed by nondepository institutions under federal or state law regarding such information as to any person or entity other than the CFPB or the state agency. The following day, the House Financial Services Committee approved numerous bills, including two mortgage-related bills. The first, H.R. 4042, would require the Federal Reserve Board, the OCC, and the FDIC to conduct a study to determine the appropriate capital requirements for mortgage servicing assets for any banking institution other than an institution identified by the Financial Stability Board as a global systemically important bank. The bill also would prohibit the implementation of Basel III capital requirements related to mortgage servicing assets for non-systemic banking institutions from taking effect until three months after a report on the study. A second bill, H.R. 5148, would exempt creditors offering mortgages of $250,000 or below from certain property appraisal requirements established by the Dodd-Frank Act.