Mortgage Banking Update - June 22, 2023
In This Issue:
- June 8 Podcast Episode: The Consumer Financial Protection Bureau’s Final Section 1071 Rule on Small Business Data Collection: What You Need to Know, Part II, With Special Guest David Skanderson, Vice President, Charles River Associates
- CRA Resolutions Introduced to Override CFPB Section 1071 Small Business Lending Rule
- Federal Agencies Propose Reconsideration of Value Guidance
- DOJ Settles Redlining Claim Against ESSA Bank
- Federal Banking Agencies Issue Final Interagency Guidance on Risk Management in Third-Party Relationships
- New CFPB Report Highlights Concerns With Growing Use of Chatbots by Financial Institutions
- U.S. House of Representatives Presses FinCEN on Status of CTA Roll-Out
- CFPB Issues Semi-Annual Report to Congress; CFPB Director Chopra to Appear Before House and Senate Committees This Week
- CFPB Spring 2023 Rulemaking Agenda Includes Proposed Larger Participant Rule for Nonbanks in Consumer Payments Market
- June 15 Podcast Episode: A Look at the Current Challenge to Judicial Deference to Federal Agencies and What It Means for the Consumer Financial Services Industry, With Special Guest, Craig Green, Professor, Temple University School of Law
- 11th Circuit Rules District Court Did Not Abuse Its Discretion by Dismissing Defendants in CFPB Enforcement Action as Sanctions for “Obstructionist Conduct” in Depositions
- Seventh Circuit Rules $3.95 in Postage Spent by Plaintiff to Respond to Second Validation Notice Sufficient to Establish FDCPA Standing
- California DFPI Is Wrong on Both Law and Facts, Per OppFi
- Florida Enacts Provisions Regarding Branch Offices and Remote Locations
- Did You Know?
June 8 Podcast Episode: The Consumer Financial Protection Bureau’s Final Section 1071 Rule on Small Business Data Collection: What You Need to Know, Part II, With Special Guest David Skanderson, Vice President, Charles River Associates
At the end of March 2023, the CFPB issued its long-awaited final rule to implement Section 1071 of the Dodd-Frank Act. Section 1071 amended the Equal Credit Opportunity Act to require financial institutions to collect and report certain data in connection with credit applications made by small businesses, including women- or minority-owned small businesses. Although the final rule will be effective on August 29, 2023, it contains a tiered compliance date schedule, with an earliest compliance date of October 1, 2024, for financial institutions that originate the most covered credit transactions and later compliance dates for institutions with lower transaction volumes.
In Part II of this two-part episode, we first take a close look at the final rule’s tiered compliance dates and related volume thresholds and the CFPB’s grace period policy statement. We next discuss our expectations for CFPB enforcement of the final rule, including the CFPB’s statement on supervisory and enforcement practices, how the collected data is likely to be analyzed and used, and the potential for data analysis to produce unwarranted conclusions. We also look at the operational issues and challenges that lenders should consider in implementing the final rule and satisfying the requirement for lenders to have procedures that are “reasonably designed to collect applicant-provided data.” We conclude with a discussion of the final rule’s implications for fair lending risk, including likely areas of CFPB scrutiny and the expected need for lenders to have additional data to explain lending disparities that may appear in exams.
To listen to Part II of the episode, click here.
To listen to Part I of the episode, click here.
Two joint resolutions under the Congressional Review Act (CRA) to override the CFPB’s final Section 1071 small business lending rule have been introduced by Republican members in the House. The resolutions are H.J. Res. 50 introduced on April 3, 2023 and H.J. Res. 66 introduced on May 31, 2023. (Since the two resolutions and their sponsors are identical, except that H.J. Res. 66 includes a citation to the final rule as published in the Federal Register, it would seem that H.J. Res. 66 was intended to supersede H.J. Res. 50.) The CRA is the vehicle used by Congress to overturn the CFPB’s arbitration rule and the OCC’s true lender rule.
The CFPB’s final Section 1071 rule was published in the Federal Register on May 31, 2023 and is effective on August 29, 2023. The rule contains a tiered compliance date schedule, with an earliest compliance date of October 1, 2024, for financial institutions that originate the most covered credit transactions and later compliance dates for institutions with lower transaction volumes.
To be eligible for the special Senate procedure that allows a CRA disapproval resolution to be passed with only a simple majority, the Senate must act on a resolution during a period of 60 “session days” which begins on the later of the date when the rule is received by Congress and the date it is published in the Federal Register. The Congressional Record indicates that the Section 1071 rule was received by the House on May 31, 2023. It is not clear if the rule must also be referred to the Senate to trigger the running of the 60 session day period.
A lawsuit challenging the final Section 1071 rule was filed in April 2023 in a Texas federal district court. The plaintiffs are two trade groups and a Texas bank.
A group of federal agencies have proposed reconsideration of value (ROV) guidance for residential real estate valuations. The agencies are the Comptroller of the Currency (OCC), Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), Federal Reserve Board (Board) and National Credit Union Administration (NCUA). Comments on the proposed guidance will be due 60 days after publication in the Federal Register.
As previously reported, the CFPB has warned mortgage lenders that the failure to have ROV policies can violate federal law, and the U.S. Department of Housing and Urban Development issued draft guidance on ROV policies, seeking input from stakeholders. Regulators view clear and robust ROV policies as an important tool in addressing appraisal bias. We also have addressed regulator concerns regarding appraisal bias here, here, here, and here, as well as appraisal bias complaints and a related report by the National Community Reinvestment Coalition.
Background. The proposed joint agency guidance provides that collateral valuations may be deficient due to prohibited discrimination, errors or omissions, or valuation methods, assumptions, data sources, or conclusions that are otherwise unreasonable, unsupported, unrealistic, or inappropriate. The proposed guidance also provides that deficient valuations can present various challenges for consumers and financial institutions. The proposed guidance notes that the appraisal regulations of the OCC, FDIC, Board and NCUA require that appraisals be subject to appropriate review for compliance with the Uniform Standards of Professional Appraisal Practice (USPAP), and that an appraisal does not comply with USPAP if it relies on a prohibited basis set forth in the Equal Credit Opportunity Act or Fair Housing Act, or includes material errors, including errors of omission or commission.
Third Parties. The proposed guidance provides that a financial institution’s use of third parties in the valuation review process does not diminish its responsibility to comply with applicable laws and regulations, and that a financial institution’s risk management practices include managing the risks arising from its third-party valuations and valuation review functions.
ROV Requests. For purposes of the proposed guidance, an “ROV request made by the financial institution to the appraiser or other preparer of the valuation report encompasses a request to reassess the report based upon deficiencies or information that may affect the value conclusion.” The proposed guidance provides that a “financial institution may initiate a request for an ROV because of the financial institution’s valuation review activities or after consideration of information received from a consumer through a complaint, or request to the loan officer or other lender representative” and that, regardless of how the request for an ROV is initiated, a request could be resolved through a financial institution’s independent valuation review or other processes to ensure credible appraisals and evaluations.
The proposed guidance also provides that an ROV request may include consideration of comparable properties not previously identified, property characteristics, or other information about the property that may have been incorrectly reported or not previously considered, which may affect the value conclusion. The proposed guidance adds that to resolve deficiencies, including those related to potential discrimination, financial institutions can communicate relevant information to the original preparer of the valuation and, when appropriate, request an ROV.
Complaint Resolution Process. The proposed guidance provides that financial institutions can capture consumer feedback regarding potential valuation deficiencies through existing complaint resolution processes. Additionally, the proposed guidance provides that depending on the nature and volume, appraisal and other valuation-based complaints and inquiries can be an important indicator of potential risks and risk management weaknesses, and that appropriate policies, procedures, and control systems can adequately address the monitoring, escalating, and resolving of complaints, including a determination of the merits of the complaint and whether a financial institution should initiate an ROV.
Examples of Policies, Procedures and Control Systems. The proposed guidance provides that financial institutions may consider developing risk-based ROV-related policies, procedures, control systems, and complaint processes that identify, address, and mitigate the risk of deficient valuations, including valuations that involve prohibited discrimination. The proposed guidance sets forth various specific examples of policies, procedures and control systems, including the following:
- Consider ROVs as a possible resolution for consumer complaints related to residential property valuations.
- Consider whether any information or other process requirements related to a consumer’s request for a financial institution to initiate an ROV create unreasonable barriers or discourage consumers from requesting an ROV.
- Establish a process that provides for the identification, management, analysis, escalation, and resolution of valuation related complaints across all relevant lines of business, from various channels and sources.
- Establish a process to inform consumers how to raise concerns about the valuation sufficiently early enough in the underwriting process for any errors or issues to be resolved before a final credit decision is made.
- Establish risk-based ROV systems that route the request to the appropriate business unit.
- Establish standardized processes to increase the consistency of consideration of requests for ROVs that, among other processes, could include guidelines for the information the financial institution may need to initiate the ROV process, and for when a second appraisal could be ordered and who assumes the cost.
- Ensure relevant lending and valuation related staff, including third parties, are trained to identify deficiencies, including prohibited discriminatory practices, through the valuation review process.
Specific Comment Requests. The agencies specifically request comment on the following:
- To what extent does the proposed guidance describe suitable considerations for a financial institution to take into account in assessing and potentially modifying its current policies and procedures for addressing ROVs?
- What, if any, additional examples of policies and procedures related to ROVs should be included in the guidance?
- Which, if any, of the policies and procedures described in the proposed guidance could present challenges?
- What model forms, or model policies and procedures, if any, related to ROVs would be helpful for the agencies to recommend?
- What other guidance may be helpful to financial institutions regarding the development of ROV processes?
- To what extent, if any, does the proposed ROV guidance conflict, duplicate, or complement the existing Interagency Appraisal and Evaluation Guidelines or a financial institution’s policies and procedures to implement those Guidelines?
The Justice Department (DOJ) recently announced a settlement with ESSA Bank & Trust (ESSA), which has agreed to pay over $3 million to resolve allegations that it engaged in a pattern or practice of redlining in violation of both the Fair Housing Act (FHA) and the Equal Credit Opportunity Act (ECOA) from 2017 through at least 2021. In bringing the redlining claim, DOJ asserted that during this period ESSA failed to provide mortgage lending services to and did not serve the credit needs of majority-Black and Hispanic neighborhoods in the Philadelphia Metropolitan Statistical Area (MSA), particularly those in Philadelphia County.
ESSA is a Pennsylvania community savings bank headquartered in Stroudsburg that offers lending, depository, and related financial services throughout Pennsylvania. ESSA included significant portions of eight different Pennsylvania counties in its self-defined CRA assessment area, but did not include any portion of Philadelphia County, even though ESSA has four branches in the Philadelphia MSA that all border Philadelphia County and even though the bank from which it acquired those branches included Philadelphia County in its assessment area. In its examination of the Bank in 2021, the FDIC determined that Philadelphia County should have been included in ESSA’s assessment area and referred the matter to DOJ.
According to the complaint, during its redlining investigation DOJ found that ESSA failed to adequately staff the four branches bordering Philadelphia County and failed to hire or assign enough loan officers to serve those branches, which are the ones nearest to majority-Black and Hispanic census tracts. DOJ also concluded that ESSA engaged in limited marketing and outreach in the Philadelphia MSA and failed to advertise meaningfully in majority-Black and Hispanic neighborhoods, even though the Bank conducted small business lending marketing in Philadelphia County and originated many commercial loans there. Instead, DOJ asserted that ESSA’s marketing strategy intentionally targeted majority-white areas in the Philadelphia MSA.
Further, DOJ concluded that ESSA’s lending policies discriminated against majority-Black and Hispanic census tracts in Philadelphia County. By way of example, the complaint describes the bank’s Community Home Buyer Program, which was designed to help low-to-moderate income households affordably purchase a home within the Bank’s CRA assessment area. However, DOJ asserted that because ESSA excluded Philadelphia County from its CRA assessment area, the program limited consumer’s opportunities to purchase homes in majority-Black and Hispanic neighborhoods, some of which were within miles of two of the Bank’s branches in the Philadelphia MSA.
DOJ also maintained in the complaint that the fair lending reports from third party vendors engaged by ESSA to assess and report on its performance put it on notice of its deficiencies, which it then repeatedly failed to address. DOJ emphasized that four annual reports from 2017 to 2020 all concluded that ESSA’s application and origination volumes in majority-minority and high minority census tracts were not only low relative to the overall demographics of the Bank’s assessment area, but also low relative to the Bank’s peers. Nonetheless, DOJ asserted that ESSA did not engage in any targeted marketing to majority-Black and Hispanic census tracts, or beef up its staffing by hiring additional loan officers to serve those census tracts.
According to the DOJ’s press release, “ESSA has agreed to invest at least $2.92 million in a loan subsidy fund to increase access to credit for home mortgage, improvement and refinance loans, as well as home equity loans and lines of credit, in majority-Black and Hispanic neighborhoods in the bank’s lending area. ESSA has also agreed to spend an additional $125,000 on community partnerships and $250,000 on advertising, outreach, consumer financial education and credit counseling, in an effort to expand the bank’s services in majority-Black and Hispanic communities. The consent order also requires the bank to hire two new mortgage loan officers to serve its existing branches in West Philadelphia and conduct a research-based market study to help identify the needs for financial services in communities of color.”
The Federal Reserve, FDIC, and OCC have released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements. The guidance is intended to provide principles for effective third-party risk management for all types of third-party relationships, regardless of how they may be structured. At the same time, the agencies state that banking organizations have flexibility in their approach to assessing the risks posed by each third- party relationship and deciding the relevance of the considerations discussed in the final guidance
The final guidance rescinds and replaces each agency’s previously-issued guidance on risk management practices for third-party relationships. In their July 2021 proposal, the agencies had included as an appendix FAQs issued by the OCC to supplement the OCC’s existing 2013 third-party risk management guidance. The proposed guidance included the revised FAQs as an exhibit and the agencies sought comment on the extent to which the concepts discussed in the FAQs should be incorporated into the final guidance. In their discussion of the final guidance, the agencies identify which concepts from the FAQs have been incorporated into the final guidance.
The final guidance states:
This guidance addresses any business arrangement between a banking organization and another entity, by contract or otherwise. A third-party relationship may exist despite a lack of contract or remuneration. Third-party relationships can include, but are not limited to, outsourced services, use of independent consultants, referral arrangements, merchant payment processing services, services provided by affiliates and subsidiaries, and joint ventures. Some banking organizations may form third-party relationships with new or novel structures and features—such as those observed in relationships with some financial technology (fintech) companies. The respective roles and responsibilities of a banking organization and a third party may differ, based on the specific circumstances of the relationship. Where the third-party relationship involves the provision of products or services to, or other interaction with, customers, the banking organization and the third party may have varying degrees of interaction with those customers.
In a footnote, the agencies indicate that the term “business arrangement” is meant to be interpreted broadly and is synonymous with the term “third-party relationship.” The proposal had stated that the term “business relationship” generally excluded a customer relationship. In their discussion of the final guidance, the agencies indicate that this text was removed from the final guidance because some business relationships may incorporate elements or features of a customer relationship.
The final guidance begins with an overview of risk management in which the agencies acknowledge that not all third-party relationships present the same level of risk and therefore do not all require the same level or type of oversight or risk management. It provides that as part of sound risk management, each banking organization has the responsibility to analyze the risks associated with each third-party relationship and tailor its risk management processes, commensurate with the banking organization’s size, complexity, and risk profile and with the nature of the third-party relationship. In addition, as part of sound risk management, banking organizations are expected to engage in more comprehensive and rigorous oversight of third-party relationships that support higher-risk activities, including critical activities. Critical activities may include activities that could (1) cause a banking organization to face significant risk if the third party fails to meet expectations, (2) have significant customer impacts, or (3) have a significant impact on a banking organization’s financial condition or operations.
The agencies acknowledge that while each banking organization is responsible for having a sound methodology for identifying its critical activities and third-party relationships that support those activities, an activity that is critical for one banking organization may not be critical for another.
As discussed below, the other sections of the guidance address the third-party relationship life cycle, governance, and supervisory reviews of third-party relationships.
Third-party relationship life cycle. The agencies state that the degree to which the examples of considerations discussed in the guidance are relevant to each banking organization is based on specific facts and circumstances and the examples given may not apply to all of a banking organization’s third party relationships. The guidance notes the importance of involving staff with the requisite knowledge and skills in each stage of the risk management life cycle as well as experts across disciplines, such as compliance, risk, or technology, legal counsel, and external support. The guidance discusses the following life cycle stages:
- Planning for a relationship by evaluating and considering how to manage risks before entering into a third-party relationship
- Due diligence and third-party selection
- Contract negotiation
- Ongoing monitoring
For each life cycle stage, the guidance discusses a series of factors that a banking organization typically considers depending on the third-party relationship’s degree of risk and complexity.
Governance. The proposed guidance had included oversight and accountability as a separate life cycle stage. In their discussion of the final rule, the agencies state that they reorganized the guidance to make clear that oversight and accountability happens through the risk management life cycle and is not a specific stage. The final guidance includes oversight and accountability as part of governance. It distinguishes the board’s responsibilities from those of management and lists various factors that a board of directors (or a designated board committee) typically considers throughout the third-party risk management life cycle in carrying out its responsibility for providing oversight of third-party risk management and holding management accountable. Other practices the agencies identify as typically considered by banking organizations throughout the risk management life cycle are independent reviews and documentation and reporting. The guidance lists various factors typically considered in periodic independent reviews and provides examples of processes that support effective documentation and internal reporting that the agencies have observed.
Supervisory reviews of third-party relationships. The guidance states that each agency will review its supervised banking organizations’ risk management of third-party relationships as part of its standard supervisory processes. Supervisory reviews will evaluate risks and the effectiveness of risk management to determine whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations. The guidance indicates that the scope of a supervisory review will depend on the degree of risk and the complexity associated with the banking organization’s activities and third-party management processes. It lists various activities typically conducted by examiners when reviewing third-party risk management processes. The agencies note that when circumstances warrant, they may use their legal authority to examine functions or operations that a third party performs on a banking organization’s behalf and such examinations may evaluate the third party’s ability to fulfill its obligations in a safe and sound manner and comply with applicable laws and regulations, including those designed to protect consumers and to provide fair access to credit.
The final guidance demonstrates the increased attention the regulators intend to pay to third-party relationships and, in particular, bank partner programs. Because the guidance does not set forth concrete expectations applicable to all such arrangements, we anticipate, unfortunately, that the final guidance will be cited to support examination criticisms inconsistently from institution to institution. Further, we agree with Fed Governor Michelle Bowman, who stated that she believed that community banks would find the final guidance challenging to implement and criticized the agencies for failing to provide resources with the issuance of the final guidance to reduce confusion and regulatory burden on those institutions. Regardless of the type of institution, the final guidance will require institutions to reconsider processes with respect to their bank partners through the entirety of the third-party relationship life cycle and document their processes or face significant criticism. Attorneys in Ballard Spahr’s Consumer Financial Services Group have extensive experience in helping clients make sure that their third-party relationships are fully compliant with regulators’ expectations.
In a new “Issues spotlight” titled “Chatbots in consumer finance,” the CFPB discusses how chatbot technologies are being used by financial institutions and the limitations and risks of such technologies. The report, which is part of a concerted focus by the CFPB on the use of artificial intelligence and machine learning in consumer financial services, comes on the heels of the recent joint agency statement regarding enforcement efforts “to protect the public from bias in automated systems and artificial intelligence.”
As described in the report, chatbots simulate human-like responses using computer programming. The report discusses the growing use of chatbots by financial institutions and the evolution of chatbot technology. The CFPB reports that while much of the financial services industry at least uses simple rule-based chatbots, the banking industry has begun to adopt advanced technology such as generative chatbots and others marketed as “artificial intelligence.”
The focus of the report is “challenges experienced by customers [when interacting with chatbots], as detailed in complaints submitted to the CFPB,” technical limitations and associated security risks, and risks for financial institutions.
With regard to customer challenges, the CFPB highlights the following:
- Chatbots and scripts may be unable to recognize that a customer is making a dispute and even when a dispute can be recognized, there may be technical limitations to their ability to research and resolve the dispute. Rule-based chatbots, because they are designed to accept or process account information from users and cannot respond to requests outside the scope of their data inputs or limited syntax, “tend to be one-way streets” and result in simulated conversations that are “tedious and opaque compared to browsing information with clear and logical navigation.”
- Chatbots can provide inaccurate, unreliable, or insufficient information because of unreliable technology or inaccurate data.
- Automated responses by chatbots may fail to resolve a customer’s issue and instead lead the customer into a “doom loop,” meaning “a continuous loop of repetitive, unhelpful jargon or legalese without an offramp to a human customer service representative.” Even if an offramp exists, customers may face unreasonable waits in reaching a human customer service representative. The CFPB suggests that financial institutions may intentionally be using used advanced technologies instead of humans to grow revenues or minimize writeoffs, observing that “advanced technologies may be less likely to waive fees, or to be open to negotiation on price.”
With regard to technical limitations and associated security risks, the CFPB highlights the following:
- Because investment decisions may place higher priority on improving the ability of automated systems to promote financial products, financial institutions may underinvest in the reliability of a chatbot. In addition, like any other technology, chatbots can crash, leaving customers with little to no customer service.
- Chatbots are often used by bad actors to build fake impersonation chatbots to conduct phishing attacks to obtain information from consumers or from another chatbot.
- Chat logs into which customers enter personal information provide another venue for privacy attacks, making it more difficult to fully protect the privacy and security of consumers’ personal and financial information.
With regard to risks to financial institutions, the CFPB highlights the following:
- Risk of noncompliance with federal consumer financial laws because the information chatbots provide may not be accurate, the technology may fail to recognize that a consumer is invoking federal rights, or may fail to protect their privacy and data.
- Risk of diminished customer service and trust when chatbots reduce access to human support agents, with the impact of such reduction to be greater on customer segments where chatbot interactions have higher rates of failed resolution, such as groups with limited technical ability or limited English proficiency.
- Risk of causing widespread harm to customers as a result of failing to promptly handle disputes and correct errors or providing inaccurate information.
Last June, the CFPB issued a request for information seeking comments from the public “on what customer service obstacles consumers face in the banking market, and specifically what information would be helpful for consumers to obtain from depository institutions pursuant to section 1034(c) of the Consumer Financial Protection Act.” Section 1034(c) requires depository institutions subject to CFPB supervision (i.e. those with more than $10 billion in assets) to provide timely responses to consumers requests for information about a financial product or service that the consumer obtained from the depository institution. The CFPB described the RFI as “part of a broader effort to restore relationship banking in an era of consolidation and digitization.”
In the new report, the CFPB includes chatbots in “[t]he shift away from relationship banking and toward algorithmic banking.” It concludes the report by commenting that this shift “will have a number of long-term implications that the CFPB will continue to monitor closely” and by stating that it is actively monitoring the market and “expects institutions using chatbots to do so in a manner consistent with the customer and legal obligations.” In addition to continuing the CFPB’s focus on the use of artificial intelligence and machine learning in consumer financial services, the new report serves as the latest example of the CFPB’s additional focus on customer service, which as here often extends beyond regulatory requirements.
The Corporate Transparency Act (CTA) takes effect on January 1, 2024. On that date, the Financial Crimes Enforcement Network (FinCEN) needs to have implemented a working data base to accept millions of reports of beneficial ownership information (BOI) by newly-formed companies required to report BOI under the CTA, as well as reports by the even greater population of existing reporting companies, which must report their BOI by the end of 2024. This is a logistically daunting task. Further, FinCEN still needs to issue final regulations implementing the CTA, including as to rules regarding access to the data base, and how the existing Customer Due Diligence (CDD) Rule applicable to banks and other financial institutions might be amended – presumably, expanded – to align with the different and often broader requirements of the CTA.
On June 7, four members of the U.S. House of Representatives (the Chairpersons of the House Committee on Financial Services; the House Committee on Small Business; the House Subcommittee on National Security, Illicit Finance, and International Financial Institutions; and the House Subcommittee on Financial Services and General Government) sent a letter directed to Janet Yellen, Secretary of the Treasury, and Himamauli Das, Acting Director of FinCEN regarding the status of the implementation of the CTA.
The letter, fairly or not, is pointed. It stresses the need for more clarity and transparency regarding exactly how the CTA will apply to reporting companies. The letter is short, so it is set forth below in its entirety:
We write today to express our concerns with the Financial Crimes Enforcement Network’s (FinCEN) planned roll out to inform reporting companies of their forthcoming obligations to file beneficial ownership information with FinCEN. Specifically, we believe that press releases are insufficient to ensure that the approximately 32.6 million small businesses that will be expected to comply in 2024 understand their upcoming responsibilities.
As you know, the impending Beneficial Ownership Information collection rule will go into effect January 1, 2024. It is concerning that with six months until its effective date, FinCEN has yet to lay out a clear plan for engagement. It is highly unlikely that the 32 million small business owners know what FinCEN is let alone know to look for a press release on FinCEN’s website. As a result, there is a real possibility that these small businesses could be held civilly or criminally liable for noncompliance.
To that end, we would like to better understand FinCEN’s plans to educate small businesses. Please provide the following information: A detailed outline of how FinCEN will work with stakeholders to educate reporting companies on their filing obligations and possible penalties for non-compliance.
1. A compliance guide for reporting companies to ensure they understand their responsibilities and detailed plan to distribute the compliance guide.
2. A copy of any infographics that FinCEN plans to distribute to reporting companies.
3. A detailed report on FinCEN’s timeline for the finalization of Rule #2 “Access Rule” and Rule #3 “CDD Rule.”
4. An outline of the challenges FinCEN has encountered with the aforementioned educational program, and future hurdles FinCEN foresees.
5. A detailed plan from the Treasury Department on how it will safeguard reporting companies from scammers and criminals using the beneficial ownership information collection process to obtain sensitive information from reporting companies.
6. An outline of how FinCEN will field calls from reporting companies and remediate issues that may arise. This outline should include estimates on additional staffing requirements and resources needed to properly educate and assist reporting company filings.
7. A detailed plan for reminder notifications for reporting companies that have not complied as the deadline approaches.
8. A compliance guide for reporting company updates and changes to beneficial ownership reporting information.
9. A detailed plan of your outreach to states and local governments via Domestic Liaisons to help educate small businesses.
We would appreciate your prompt attention to this request. Please respond no later than July 1, 2023.
Of course, FinCEN is already loaded with existing requirements imposed upon it by Congress under the CTA and the Anti-Money Laundering Act. And, FinCEN still needs to issue proposed regulations regarding the real estate industry, among other obligations. FinCEN has approximately three weeks to respond to the above letter, which does not even touch on the concerns of banks and other financial institutions regarding the effectiveness of the CTA and how it might change CDD Rule compliance programs which have been in place for years. It remains to be seen how FinCEN will respond to this letter, and simultaneously pursue its many other obligations while devoting some of its already-limited resources to responding.
If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.
At the end of last week, the CFPB issued its Semi-Annual Report to Congress covering the period beginning April 1, 2022 and ending September 30, 2022.
Tomorrow, June 13, CFPB Director Chopra is scheduled to appear before the Senate Banking Committee for a hearing, “The Consumer Financial Protection Bureau’s Semi-Annual Report to Congress.”
Wednesday, June 14, Director Chopra is scheduled to appear before the House Financial Services Committee for a hearing, “The Semi-Annual Report of the Consumer Financial Protection Bureau.” A copy of the Committee Memorandum is available here. The Memorandum states that the Committee expects to discuss H.J. Res. 66, a bill to override the CFPB’s final Section 1071 rule on small business lending under the Congressional Review Act.
The CFPB has released its Spring 2023 rulemaking agenda as part of the Spring 2023 Unified Agenda of Federal Regulatory and Deregulatory Actions. The agenda’s preamble indicates that “[t]he Bureau reasonably anticipates having the regulatory matters identified [in the agenda] under consideration during the period from June 1, 2023 to May 31, 2024.”
The new agenda includes one new rulemaking that did not appear on the Fall 2022 agenda—a rule to supervise nonbank larger participants in the market for consumer payments. The agenda gives a July 2023 estimate for issuance of a notice of proposed rulemaking. A persistent CFPB theme under Director Chopra’s leadership has been concerns about the entry of big tech companies into financial services, particularly in connection with payments, and the companies’ ability to collect and monetize data about consumers. In October 2021, the CFPB sent orders to six large technology platforms offering payment services that directed them to provide information to the Bureau about their payments products and services and their collection and use of personal payments data. It has not yet issued a report on its findings from the monitoring orders. We assume the CFPB is continuing to consider petitions urging it to engage in rulemaking to define larger participants in the market for personal loans and in the market for data aggregation services. Other potential significant areas of rulemaking not included in the agenda are buy-now-pay-later, earned wage access, and liability for peer-to-peer payment fraud.
The other ongoing rulemakings listed in the agenda are:
- Registration of nonbanks subject to certain enforcement orders. In December 2022, the CFPB issued a proposed rule that would require certain “covered nonbanks” to register with and submit information to the CFPB when they become subject to certain orders from local, state, or federal agencies and courts involving violations of certain consumer protection laws. The Bureau gives a November 2023 estimate for issuance of a final rule.
- Registration of nonbanks regarding standard form contract terms and conditions. In January 2023, the CFPB issued a proposed rule to establish a system for the registration of nonbanks subject to CFPB supervision that use “certain terms or conditions that seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce their rights,” with arbitration provisions among the terms that would trigger registration. The Bureau gives a November 2023 estimate for issuance of a final rule.
- Fees for insufficient funds. The CFPB states in the agenda that “lately some large financial institutions have voluntarily stopped charging [NSF] fees.” Despite this acknowledgment and recent CFPB reports showing a significant decline in NSF and overdraft fee revenues, the agenda indicates that the Bureau is continuing to consider new rules regarding NSF fees. The Bureau designates the rulemaking to be in the “prerule stage” and estimates pre-rule activity in November 2023.
- Overdraft fees. The agenda acknowledges neither that many banks have changed their overdraft practices nor the recent CFPB reports showing a significant decline in overdraft revenues. It states only that the CFPB is continuing to consider whether to propose amendments to the Regulation Z overdraft rules. The Bureau designates the rulemaking to be in the “prerule stage” and estimates pre-rule activity in November 2023.
- Credit card penalty fees. In May 2023, the CFPB proposed significant amendments to the Regulation Z rules on credit card late fees, including substantially reducing the safe harbor late fee amounts that card issuers can charge and eliminating annual inflation adjustments. The Bureau gives an October 2023 estimate for issuance of a final rule.
- Personal Financial Data Rights (previously titled Consumer Access to Financial Information). Section 1033 of Dodd-Frank addresses consumers’ rights to access information about their own financial accounts, and permits the CFPB to prescribe rules concerning how a provider of consumer financial products or services must make a consumer’s account information available to him or her, “including information related to any transaction, or series of transactions, to the account including costs, charges, and usage data.” In November 2016, the Bureau issued a request for information about market practices related to consumer access to financial information and, after holding a symposium in February 2020, the Bureau issued an ANPR in connection with its Section 1033 rulemaking in November 2020, issued a SBREFA outline in October 2022, and issued a SBREFA report in March 2023. The CFPB estimates that it will issue a proposed rule in October 2023.
- Fair Credit Reporting Act. The agenda item states only that the Bureau is considering whether to amend Regulation V (which implements portions of the FCRA) but does not indicate the nature of the amendments that the CFPB is considering. The Bureau designates the rulemaking to be in the “prerule stage” and estimates pre-rule activity in November 2023.
- Amendments to FIRREA Concerning Automated Valuation Models. In June 2023, the Bureau, together with the federal banking agencies and the FHFA, issued a proposed rule on automated valuation models. The Bureau does not provide an estimated date for issuance of a final rule.
- Property Assessed Clean Energy Financing. In May 2023, the CFPB issued a proposed rule that would extend TILA ability-to-repay requirements to PACE transactions. The Bureau does not provide an estimated date for issuance of a final rule.
It is a virtual certainty that the CFPB’s final rule on credit card late fees will face a legal challenge and its final registry rules are very likely to face legal challenges. Moreover, the validity of all CFPB rules could be in jeopardy if the U.S. Supreme Court rules in the CFSA case that the CFPB’s funding mechanism is unconstitutional.
June 15 Podcast Episode: A Look at the Current Challenge to Judicial Deference to Federal Agencies and What It Means for the Consumer Financial Services Industry, With Special Guest, Craig Green, Professor, Temple University School of Law
Since the U.S. Supreme Court’s 1984 Chevron decision, federal courts have typically applied a two-step analysis known as the “Chevron framework” to determine whether a court should defer to a federal agency’s interpretation of a statute. SCOTUS has now agreed to hear the Loper case next Term in which the continued viability of the Chevron framework is being directly challenged. We first discuss the origins of the concept of judicial deference to federal agencies and the Chevron decision. We then discuss the background of the Loper case, the two recent SCOTUS decisions rejecting EPA interpretations, what the decisions could mean for challenges to CFPB and FTC regulations, what the decisions signal for how the Justices will rule in Loper, and possible outcomes in Loper. We conclude by considering the potential impact on federal agencies of a SCOTUS decision overruling Chevron, including the potential retroactive effect of such a decision.
Alan Kaplinsky, Senior Counsel in Ballard Spahr’s Consumer Financial Services Group, hosts the conversation.
To listen to the episode, click here.
A unanimous panel of the U.S. Court of Appeals for the Eleventh Circuit has affirmed the district court’s order dismissing several defendants as sanctions for the CFPB’s continuation of “obstructionist conduct” in depositions.
In CFPB v. Brown, the depositions in question were of a CFPB witness taken in the CFPB’s enforcement action against 18 defendants that alleged the defendants had engaged in or substantially assisted a fraudulent debt collection scheme in violation of the CFPA and the FDCPA. The five defendants charged with providing substantial assistance were service providers to the defendants who were alleged to have directly engaged in the scheme. One of the five defendants provided telephone broadcast services and the other four defendants provided payment processing services.
The depositions were taken after the district court rejected the CFPB’s attempt to avoid providing a representative by moving for protective orders. As described by the Eleventh Circuit, the transcript of the first deposition “reveals that the CFPB avoided answering questions through a number of impermissible tactics” that included:
- “Lodg[ing] more than 70 work product objections, even objecting to fact-based questions that the district court had instructed it to answer;”
- Giving the CFPB’s witness “memory aids” from which the witness read verbatim for extended periods of time; and
- Taking the position, after the district court indicated in its ruling on the CFPB’s motion for protective orders that the defendants could ask about exculpatory facts, that the CFPB had not identified any exculpatory facts in the entire record.
After the defendants informed the district court of the CFPB’s conduct at the first deposition, the district court held a telephonic hearing during which the judge reiterated that the CFPB’s witness needed to answer fact-based questions and that the defendants had a right to question the CFPB about exculpatory facts. The district court indicated that memory aids were acceptable due to the voluminous records but stated that “regurgitating pre-written information would be insufficient in many cases.”
Nevertheless, as the Eleventh Circuit summarized the deposition transcripts, “the CFPB continued its obstructionist conduct during the next four depositions” despite the additional instructions from the district court. The Eleventh Circuit described the CFPB’s conduct as follows:
All in all, in each 30(b)(6) deposition, whether the CFPB’s tactic was to object at every turn, instruct its witness not to answer, refuse to acknowledge any exculpatory facts, or have its witness read extended and nonresponsive answers, the CFPB tried to game the system so that nothing was accomplished.
Because of the CFPB’s repeated conduct, the defendants moved for sanctions pursuant to Rule 37 of the Federal Rules of Civil Procedure. Rule 37(b) permits a district court to impose sanctions for a party’s failure to obey an order to provide or permit discovery and for the failure of a person designated as a witness to appear for his or her deposition. The district court granted the defendants’ motion for sanctions, concluding that the CFPB had shown a “willful disregard” for its instructions and that the CFPB’s witness had “failed to appear” because even though physically present, “he was effectively unavailable due to his inability to answer questions without memory aids and refusal to address exculpatory evidence.” Because it found the CFPB’s conduct to be “egregious,” the district court struck all of the CFPB’s claims against the five service providers and dismissed them from the case.
In reviewing the sanctions order, the Eleventh Circuit first concluded that the district court did not abuse its discretion in imposing Section 37(b) sanctions because the CFPB had repeatedly failed to obey the district court’s instructions. It also concluded that the district court had not abused its discretion by imposing a sanction that was too severe. In response to the CFPB’s argument that the dismissal was improper because the service providers were not prejudiced by the CFPB’s conduct, the Eleventh Circuit stated that “we staunchly disagree and believe the record (as reiterated throughout this opinion) speaks for itself in refuting this contention.”
The U.S. Court of Appeals for the Seventh Circuit has ruled that a plaintiff in a putative class action had standing to assert FDCPA claims against the purchaser of her debt and the purchaser’s servicer based on the $3.95 she paid in postage to respond to a second validation letter after she had already responded to the first validation notice.
In Mack v. Resurgent Capital Services, L.P., the plaintiff had received an initial validation notice from the debt collector hired by the servicer of her debt. The letter informed her that her credit card account had been placed for collection and that she owed $7,179.87. It also identified the purchaser of her debt as the “current creditor.” Within 30 days of receiving the letter, the plaintiff mailed a validation request to the debt collector, paying $6.70 in postage for priority mail and a $3.45 certified mail fee. The plaintiff then received a second validation letter sent by the servicer that identified the purchaser of her debt as the “current owner.” She sent a second validation request to the servicer for which she paid 50 cents in postage for regular mail and a $3.45 certified mail fee.
Having never received validation of her debt from the purchaser, servicer, or debt collector, the plaintiff filed a class action lawsuit against the purchaser and servicer alleging violations of the FDCPA. The plaintiff alleged that she was confused and alarmed by the second letter. She claimed that the defendants had engaged in a deceptive collection practice because the second validation letter “would cause any consumer, let alone the unsophisticated consumer, to believe that she must yet again dispute the Debt despite the fact that such consumer had already submitted a valid dispute of the Debt.”
The district court, treating the defendants’ motion to dismiss as a summary judgment motion, ruled that the plaintiff had failed to establish standing because the time and money spent to send the second validation request did not rise to the level of detriment required for FDCPA standing. According to the district court, the second letter “did not adversely affect any interests Congress sought to protect through the FDCPA and instead effectively provided [the plaintiff] with another opportunity to dispute her debt if she failed to properly do so upon receipt of the first letter.” The district court also vacated its previous order certifying the class.
As an initial matter, the Seventh Circuit indicated that because the district court should not have treated the defendants’ motion to dismiss as one for summary judgment, it would review the case as an appeal from a dismissal. The Seventh Circuit found that the second letter had caused the plaintiff “to suffer a concrete detriment to her debt-management choices in the form of the expenditure of additional money to preserve rights that she had already preserved.” According to the Seventh Circuit, “[m]oney damages caused by misleading communications from the debt collector are certainly included in the sphere of interests that Congress sought to protect.”
The defendants argued that because the plaintiff spent the money to clear up her confusion, the cost was insufficient to establish standing. While acknowledging that it has previously held that confusion is not itself an injury, the Seventh Circuit indicated that the plaintiff was not alleging that confusion was itself her injury. Instead, she was alleging that her confusion caused her to act to her detriment, namely to spend extra money to preserve her right to seek validation, which she had been misled to believe she failed to do the first time. According to the Seventh Circuit, the plaintiff had been misled to her financial detriment and “that the dollar cost was modest is irrelevant.”
The Seventh Circuit reversed the dismissal and remanded the case to the district court to redefine the previously certified class to include only those persons who had acted to their detriment upon receiving a second validation letter. This restriction on class members is likely to substantially reduce the size of the class and could even mean that no class can be certified because so few people can satisfy this restriction.
In its April 2023 Opposition to the California Department of Financial Protection and Innovation (DFPI) motion for preliminary injunction, Opportunity Financial, LLC (OppFi) presents a spirited riposte, drilling down into the DFPI’s fact allegations and legal arguments and asserting “The DFPI is wrong on the law and wrong on the facts.”
OppFi filed the Opposition in response to a series of filings by the DFPI which seek to apply California usury limits, rather than Section 27(a) of the Federal Deposit Insurance Act (FDIA), to consumer loans made by out-of-state, state-chartered banks. This increasingly complex litigation launched when OppFi sought declaratory and injunctive relief to ward off the DFPI’s threatened enforcement of the interest rate limitations under the California Financing Law (CFL) with respect to loans made by FinWise Bank through a partnership with OppFi. In response, the DFPI filed a cross complaint alleging that the CFL’s rate limitations are controlling because OppFi, not FinWise Bank, was the “true lender,” and that, loans made through the bank partnership were, therefore, not subject to the FDIA’s preemptive effect.
The Opposition is the latest filing in the court battle between OppFi and the DFPI, in which OppFi’s ability to do business in California hangs in the balance: as stated in its Opposition,
“If OppFi is prohibited from assisting banks that charge more than 36%, it would be forced to cease all operations in California. [ ] OppFi knows this risk because it (i) currently permits California borrowers to apply for loans with interest rates at 36% or below and almost none of the applicants qualify and obtain such loans, and (ii) previously offered a credit product at less than a 36% interest rate directly but was forced to terminate the program as the losses exceeded revenue.”
As OppFi points out, to obtain a preliminary injunction, the DFPI must demonstrate: (1) a likelihood that it will prevail on the merits at trial, and (2) irreparable injury that outweighs the harm caused by the injunction. OppFi asserts that the DFPI fails to meet either of these requirements.
In explaining why the DFPI cannot prevail on the merits, OppFi emphasizes that because it assigns its interest in loan receivables acquired from FinWise Bank to Special Purpose Entities (SPEs), OppFi does not have the “primary economic interest” (PEI) in the loans originated by FinWise Bank, contrary to the DFPI’s allegations in support of its “true lender” theory. As OppFi succinctly states: “The SPE assignment destroys the DFPI’s PEI test”.
OppFi also explains that the PEI approach the DFPI claims should be used to determine which entity is the true lender contravenes the FDIC’s Interest Rate Authority Rule (the Rule):
“While the Rule does not expressly preempt all forms of the true lender doctrine, it preempts the DFPI’s version. The Rule provides that “whether interest on a loan is permissible under section 27 . . . is determined as of the date the loan was made” and “shall not be affected by . . . the sale, assignment, or other transfer of the loan, in whole or in part.” 12 C.F.R. § 331.4(e) (emphasis added). Here, the DFPI argues that OppFi is the “true lender” “primarily” because an affiliate purchases receivables “within three days after FinWise funds the loan.” [ ] (emphasis added). This argument, focused on the purchase of receivables, violates the Rule in two ways. First, it looks to events occurring after the date the loan was made. Second, it purports to “affect ” the “permissible” interest rate by taking into account a subsequent “sale . . . of the loan, in whole or in part.” 12 C.F.R. § 331.4(e). Neither is permissible.”
Based on several declarations it filed along with the Opposition, OppFi asserts that the facts set forth in a declaration of a DFPI employee filed to support the DFPI’s contentions are “riddled with errors and false assumptions.” Based on the declarations it filed, OppFi points out that “the DFPI’s description of FinWise’s relationship with OppFi is simply incorrect.” OppFi provides several examples of inaccuracies in the DFPI employee’s declaration, asserting that the declaration “misstates, misrepresents, and ignores critical aspects of the program,” uses “selective reading” of an SEC filing, and actually misquotes an SEC filing, in order to attempt to portray OppFi as the “true lender.”
OppFi further asserts that even if the “true lender” doctrine were to be allowed, FinWise should nevertheless be considered the lender, because the loans are “independently underwritten in Utah by FinWise using its own proprietary process, made in FinWise’s name, using FinWise’s own funds, and are held by FinWise throughout their life.” OppFi also notes that FinWise bears substantial financial risk related to the loans and that “FinWise maintains control over the entire program, including the application process, underwriting, marketing, and compliance.” In addition, OppFi cites the declarations it filed describing in detail facts demonstrating that FinWise controls all aspects of marketing, and exercises significant control over OppFi’s activities, in connection with the program and the loans made through the program.
With respect to the requirement that in order to grant the injunction, the DFPI must demonstrate that irreparable harm will result if the injunction is not granted, OppFi first points out that “the DFPI’s delay in seeking a preliminary injunction confesses a lack of irreparable harm”:
“The State of California first publicly accused OppFi of operating a “rent-a bank scheme” in August 2020. [ ] Even after it filed its Cross-Complaint seeking injunctive relief, DFPI waited another eight months to pursue a preliminary injunction. This delay alone demonstrates that there is “no harm” in delaying relief until after trial.”
Further, OppFi notes, “if the Court ultimately concludes that the interest rate on the challenged loans is usurious, the core harm to consumers is the overpayment of interest, which may be recovered later. This is not an irreparable harm.” On the other hand, according to OppFi, if the injunction requested by the DFPI were to issue,
“OppFi would be forced to cease operations in California, which would have an irreparable impact on OppFi’s business as a whole. OppFi would be forced to consider a potential reduction in staff, would suffer a loss of associated talent, its goodwill and regulation would be impacted, and, critically, OppFi would lose invaluable data regarding California borrowers, which would impact its ability to reenter the market …OppFi’s expertise is based on its real-world experience and the information it collects while operating…If compelled to terminate its operations, the information that OppFi would have otherwise obtained will be unattainable.  This is irreparable harm. In addition, OppFi would not be able to recover any of its lost profits, which is further irreparable harm.”
OppFi concludes its Opposition by asserting “[b]ecause the DFPI has not established a reasonable probability of success on the merits and the balance of harm favors OppFi, the Court should deny the Motion.”
In our view, the outcome of this litigation may significantly affect not only OppFi and FinWise Bank, but also numerous other banks and fintechs involved in consumer lending programs in California. Accordingly, this case has the potential to cause material constriction in credit availability to California residents if decided in favor of the DFPI.
The Florida Legislature recently passed House Bill 1185 (HB 1185), which permits Loan Originators and Mortgage Lenders to work from remote locations. A summary of the more salient amendments is in the article that follows.
Fla. Stat. § 494.001, which lays out the definitions for terms within the Florida code relating to Loan Originators and Mortgage Lenders, will be amended on July 1, 2023 (the Effective Date) to include a provision defining the term “remote location.” As defined in the amendment, any location, other than a principal place of business or a branch office, where a loan originator conducts business may be considered a remote location.
Additionally, amended Fla. Stat. § 494.001 will also include specified standards for Loan Originators working from a remote location. Any licensee employing remote loan originators must conform to the specified standards, including:
- Maintaining written policies and procedures for supervising remote workers;
- Possessing the capability to remotely shut out workers from accessing the company’s secure systems;
- Ensuring that remote originators’ behavior and access to company platforms comply with the company’s information security plan;
- Ensuring that no physical records are stored at a remote location;
- Ensuring that all remote customer interactions and conversations about customers comply with relevant state and federal information security laws such as the Gramm-Leach-Bliley Act and the FTC’s Safeguards Rule;
- Employing a VPN or other system that ensures secure connectivity and requires passwords or other forms of authentication to access;
- Installing and maintaining appropriate security updates, patches, or other security changes on remote devices; and
- Designating remote originators’ registered location as either the company’s principal place of business or one of the company’s licensed branches.
Lastly, Fla. Stat. § 494.0067 will also be amended on the Effective Date to permit Mortgage Lenders to transact business from a branch office or remote location.
Importantly, we note that HB 1185 also amends certain requirements related to online crowd-funding campaigns, lease of distributed energy generation systems, insurance adjusting, and annuity transactions. An entity engaged in any business activities covered in HB 1185, including those related to the mortgage business, should consult the full text of HB 1185 in order to determine how such changes will affect its business operations.
Earlier this year, the CSBS put forth a proposal to update NMLS’ Mortgage Business Specific Requirements, which was available for public comment until May 15, 2023. Those public comments are now available for review and can now be viewed here.
- John Georgievski
Subscribe to Ballard Spahr Mailing Lists
Copyright © 2023 by Ballard Spahr LLP.
(No claim to original U.S. government material.)
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.
This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.