Legal Alert

Mortgage Banking Update - December 31, 2020

December 31, 2020
In This Issue:


Ballard Spahr Offers Preview Sessions of Its Collections, Credit Reporting, and Privacy and Data Security National Tracking Services

Subscribers to each service will receive weekly emails and have the opportunity to discuss developments in each area during a monthly call. Additionally, subscribers will be enrolled in an interactive, searchable, online database that enables subscribers to have 24-hour access to our information and analysis.

To further educate our current subscribers and anyone else interested in subscribing to the trackers about how to maximize the online database, we will be offering preview sessions to provide training on the various tools available through the dashboard, such as the interactive map and the search functions that will allow information to be sorted by topic, jurisdiction, date, and for the FCRA tracker, by federal court and counsel for plaintiffs.

These preview sessions will be held on the following dates:

  • Tuesday, January 5, 2021 (2 PM ET)
  • Wednesday, January 6, 2021 (3 PM ET)
  • Tuesday, January 12, 2021 (11 AM ET)
  • Tuesday, January 12, 2021 (3 PM ET)
  • Wednesday, January 13, 2021 (2 PM ET)

To register for any of these sessions, please click here.

A brochure about the new tracking services is available here. For more information or to subscribe, please contact Stefanie Jackman or Kim Phan.

- Kim Phan & Stefanie Jackman

Back to Top   

SCOTUS Agrees to Review FCRA Class Action Judgment Where Most Class Members Suffered No Actual Injury

The Supreme Court has granted certiorari to review a $40 million class action trial judgment for statutory and punitive damages under the Fair Credit Reporting Act, and its forthcoming decision later this Term will likely be the Supreme Court’s most important ruling in the consumer financial services space since its 2016 ruling in Spokeo, Inc. v. Robins.

In TransUnion, LLC. v. Ramirez, the Supreme Court agreed to decide the following question posed by TransUnion: “Whether either Article III or Rule 23 permits a damages class action where the vast majority of the class suffered no actual injury, let alone an injury anything like what the class representative suffered.” In this case, plaintiff Sergio Ramirez alleged that he suffered difficulty in obtaining credit, embarrassment in front of family members, and had to cancel a vacation after an automobile dealer received a credit report incorrectly indicating that his name matched a name found on a list of terrorists and narcotics traffickers with whom U.S. companies may not transact business that is prepared by the Office of Foreign Assets Control. He filed a class action against TransUnion alleging violations of the FCRA. Significantly, it was stipulated by the parties that, unlike Ramirez, approximately 79% of the 8,185 class members did not have a credit report disseminated to a third party during the class period. The court certified the class despite TransUnion’s objections that most of the class members lacked standing and that Ramirez was not typical of the class he represented. Unlike the vast majority of class actions, the case proceeded to trial and the jury awarded each class member $984.22 in statutory damages and an additional $6,353.08 in punitive damages. On appeal, the Ninth Circuit, ruling 2-1, upheld class certification, the jury verdict in favor of the class, and the statutory damages amount, but reduced the punitive damages to $3,936.88 per class member.

TransUnion’s cert petition forcefully argued that “the Ninth Circuit eviscerated critical Article III, Rule 23, and due process constraints, thereby paving the way for one highly atypical plaintiff to recover massive damages on behalf of thousands of uninjured class members.” Given the grant of certiorari in this case and the current composition of the Supreme Court, it can reasonably be anticipated that the Court’s decision later this Term will be favorable to TransUnion and to class action defendants generally, and will likely enunciate more rigorous requirements for standing under Rule 23 and Spokeo and for typicality under Rule 23(a)(3).

- Burt M. Rublin

Back to Top

CFPB Issues Advisory Opinion Addressing Regulatory Uncertainty Regarding Special Purpose Credit Programs

On December 21, 2020, the CFPB issued an advisory opinion that addresses regulatory uncertainty related to certain aspects of special purpose credit programs (SPCPs) designed and implemented by for-profit organizations. The advisory opinion was issued as an interpretive rule that will be published in the Federal Register and therefore is exempt from the notice and comment rulemaking requirements of the Administrative Procedure Act.

In the preamble, the CFPB noted that issuance of the advisory opinion was prompted by stakeholder comments received in response to the Bureau’s recent Request for Information (RFI) on the Equal Credit Opportunity Act (ECOA) and Regulation B, some of which advocated for further industry guidance on compliant implementation of SPCPs. The CFPB stated that it was issuing the advisory opinion to address regulatory uncertainty “with the hope that broader creation of special purpose credit programs by creditors will help expand access to credit among disadvantaged groups and will better address special social needs that exist today.” We have seen a significant increase in creditor interest in SPCPs in 2020, and we believe the Bureau has become aware of this interest and wishes to make it easier for creditors to translate that interest into real-world programs.

Because SPCPs are relatively uncommon, let’s start with some brief background. Although the ECOA and Regulation B prohibit discrimination on certain prohibited bases in any aspect of a credit transaction, and indeed prohibit asking for most protected class information in a credit application, it is permissible for creditors to provide SPCPs designed to meet special social needs, and to ask for and use protected class information to qualify applicants to participate in the program. For example, a SPCP could be open only to members of a certain racial, ethnic, gender or age group. While Regulation B provides creditors with general guidance about implementing ECOA-compliant SPCPs, the Bureau does not determine or provide preapproval regarding whether individual programs qualify for SPCP status. Instead, the creditor offering the SPCP must determine the status of its own program, and then hope that the program passes muster in a later regulatory examination. If it does not, then the creditor will almost automatically be deemed to have violated ECOA by using a protected characteristic to qualify applicants for the program. Indeed, creditors have sometimes received regulatory criticism for the way they designed and implemented SPCPs. This, in turn, has led to reluctance by the industry to offer them.

The CFPB’s advisory opinion provides a comprehensive set of guidance on implementing an SPCP, often citing to existing interpretations of Regulation B. Specifically, the Bureau seeks to clarify the content that a creditor must include in a written plan that establishes and administers an SPCP. In addition, the Bureau clarifies the type of research and data that may be appropriate to inform a creditor’s determination that an SPCP would benefit a certain class of people.

Although the advisory opinion repeats some principles found in Regulation B and existing interpretations concerning SPCPs, some of the CFPB’s additional guidance is quite useful to creditors. Specifically, the Bureau offers guidance on how a creditor can: (i) determine the class of persons the SPCP is designed to benefit; (ii) request and consider information regarding common characteristics in determining an applicant’s eligibility for an SPCP; and (iii) better understand the type of research and data that can be leveraged to demonstrate the social need for an SPCP.

Written Plans

As a threshold matter, the CFPB explains that, under section 1002.8(a)(3)(i) of Regulation B, a creditor must establish and administer an SPCP pursuant to a written plan, and the plan must contain information supporting the need for the program, including:

  • The class of persons that the program is designed to benefit;
  • The procedures and standards for extending credit pursuant to the program;
  • Either the time period during which the program will last or when the program will be evaluated to determine if there is a continuing need for it (or both); and
  • A description of the analysis conducted by the creditor to determine the need for the program.

Of particular interest, the CFPB further explains how a creditor can determine a class of persons for an SPCP based on demonstration of a financial need and/or sharing a common characteristic. According to the CFPB, such a class could be defined with or without reference to a characteristic that is otherwise a prohibited basis under the ECOA. The Bureau cites as examples of a class of persons minority residents of low-to-moderate (LMI) income census tracts, residents of majority-Black census tracts, small farm owners in rural countries, minority- or woman-owned small business owners, consumers with limited English proficiency, and residents living on tribal lands.

Notably, the Bureau discusses how a creditor can request and consider information regarding common characteristics in determining an applicant’s eligibility for an SPCP. If a creditor has not yet established an SPCP, it can use statistical methods to estimate demographic characteristics, but it cannot request demographic information that it is otherwise prohibited from collecting, even for the purpose of determining whether there is a need for an SPCP. Once an SPCP has been established, a creditor may then request and consider information regarding common characteristics if needed to determine an applicant’s eligibility.

The CFPB also addresses how creditors can best demonstrate need for an SPCP by examining permissible sources of data and research. In designing an SPCP, a creditor must determine that the program will benefit a class of people who would otherwise be denied credit or would receive it on less favorable terms using the creditor’s customary credit standards. The Bureau explains that this determination can be based on an analysis using a “wide range of research or data,” including the creditor’s own research or data from outside sources, including governmental reports and studies (including HMDA data and SBA or the Federal Reserve’s Small Business Credit Surveys as potential sources). The creditor must be able to show a connection between the research or data informing the analysis and the fact that, under the creditor’s customary standards of creditworthiness, a class of persons probably would not receive credit or would receive it on less favorable terms than similarly situated applicants.

In the press release accompanying the advisory opinion, Director Kathleen Kraninger states that the CFPB “is committed to creating real and sustainable changes in our financial system so that all consumers have equal opportunities to build wealth and close the economic divide.” She further states that “[t]his action is an important step toward clarifying [Regulation B] and ensuring that traditionally economically disadvantaged groups and communities have equitable access to credit.” With the issuance of this helpful guidance for the financial services industry, the Bureau may have begun achieving that goal.

- Christopher J. Willis & Lori J. Sommerfield

Back to Top

CFPB Issues Mortgage Servicing Consent Order

On December 18, 2020, the CFPB announced a consent order with Seterus, Inc. (Seterus), and its successor-in-interest, Kyanite Services, Inc. (Kyanite), based on findings of mortgage servicing violations.

The consent order alleges the following violations by Seterus while it was in operation:

  • Unfair acts or practices for failing to accurately review, process, track, and communicate to borrowers information regarding their loss mitigation applications;
  • Deceptive acts or practices by sending loss mitigation application acknowledgement notices that (1) misrepresented the status of borrower application documents as received or missing, and (2) provided inaccurate due dates for submission of borrower application documents;
  • Violations of the loss mitigation rules in Regulation X (12 C.F.R. § 1024.41) by:
    • Sending acknowledgment notices that failed to state the additional documents and information borrowers needed to submit to complete their loss mitigation applications;
    • Failing to provide a reasonable due date for submission of borrower documents;
    • Failing to exercise reasonable diligence in obtaining documents and information necessary to complete borrowers’ loss mitigation applications;
    • Failing to properly evaluate borrowers who submitted complete loss mitigation applications for all loss mitigation options available to the borrower; and
    • Failing to treat certain applications as “facially complete” when required under Regulation X.

Specifically, the consent order states that Seterus automated its loss mitigation application and acknowledgment notice process, including its process for tracking documents received from borrowers and for generating and populating the resulting acknowledgement notices. Seterus also contracted with a third party vendor that would process the loss mitigation documents received from borrowers, and convey the relevant information from those documents to Seterus, for purposes of populating the acknowledgment notices.

Acknowledgment notices were generated, and populated with information conveying to the borrower what documentation was received, what documentation was still required, and a due date by which any such missing document should be submitted in light of the milestones required in Regulation X. The consent order alleges that the vendor used by Seterus made numerous errors in extracting data from documents received from borrowers, and transmitting that data to Seterus. That erroneous data was used to populate these field in the acknowledgment notices. In addition, the consent order alleges that coding used by Seterus, to ensure its systems communicated properly with its vendor, led to further errors. As a result, the consent order alleges that Seterus issued thousands of acknowledgement notices containing one or more errors.

The CFPB alleges that the resulting acknowledgement notices conveyed incorrect information regarding outstanding loss mitigation documentation, applicable due dates for outstanding documentation, and treatment of borrower applications, that in some cases compromised the foreclosure protections available to borrowers under Regulation X. As an example, the consent order states that, in certain instances, borrowers were provided a due date for providing missing loss mitigation application information, but a foreclosure sale occurred prior to that due date listed in the acknowledgment notice.

The consent order also alleges that Seterus failed to properly evaluate borrowers for all available loss mitigation options. Specifically, the CFPB states that Seterus’s loss mitigation process did not allow borrowers to be reviewed simultaneously for both retention and liquidation loss mitigation options, as required by Regulation X. For example, the order states that if a borrower failed to indicate a preference for either retention or liquidation, or if a borrower requested to be reviewed for both categories at the same time, Seterus treated the application as incomplete and required the borrower to state a preference.

Further, the CFPB claims that borrowers who indicated a preference for a retention option were not reviewed for any liquidation options unless they were first denied for all retention options and then subsequently requested a liquidation review. Conversely, borrowers who indicated a preference for a liquidation option were not reviewed for any retention options unless they submitted a new loss mitigation application requesting a retention option.

Finally, the consent order alleges that Seterus did not treat loss mitigation applications seeking a liquidation option as “facially complete” (i.e., the borrower had provided all information requested at that point in a loss mitigation acknowledgment letter), even when the applications met the requirements for that treatment under Regulation X. Therefore, borrowers were deprived of the Regulation X foreclosure protections that are triggered by a “facially complete” application.

The consent order requires Kyanite, the successor-in-interest to Seterus, to pay consumer redress of $4,932,525 and a civil money penalty of $500,000. The consent order also includes injunctive relief that would apply in the event Kyanite engages in mortgage servicing.

- Reid F. Herlihy

Back to Top

CFPB Adjusts HMDA and TILA Asset Exemption Thresholds

The CFPB recently issued a final rule increasing the asset exemption threshold under the Home Mortgage Disclosure Act (HMDA) and a final rule increasing the asset exemption threshold for the Truth in Lending Act (TILA) requirement to maintain an escrow account for a higher-priced mortgage loan.

Banks, savings associations, and credit unions are not subject to HMDA for a calendar year if their assets as of December 31, of the prior calendar year did not exceed an asset threshold. The asset threshold is subject to annual adjustment based on inflation. The asset threshold for calendar year 2020 HMDA data collection and reporting was $47 million. The final rule increases the asset threshold for calendar year 2021 HMDA data collection and reporting to $48 million. As a result, banks, savings associations, and credit unions with assets of $48 million or less as of December 31, 2020, are exempt from collecting and reporting HMDA data for 2021 activity.

Regulation Z, which implements the TILA, generally requires creditors to maintain an escrow account for the payment of taxes and insurance on a first lien, higher-priced mortgage loan. There is an exception to the escrow account requirement for creditors with assets below a certain threshold that also meet additional criteria. The asset threshold is subject to annual adjustment based on inflation. For purposes of the asset threshold, a creditor’s assets include the assets of any affiliate that regularly extends first lien mortgage loans that are subject to the Regulation Z ability to repay rule. The asset threshold for 2020 was $2.02 billion. The final rule increases the asset threshold for 2021 to $2.230 billion. As a result, if a creditor’s assets, together with the assets of its applicable affiliates, are less than $2.230 billion on December 31, 2020, and the creditor satisfies the additional criteria, the creditor will be exempt from the escrow account requirement for higher-priced mortgage loans in 2021. Additionally, based on a grace period in the higher-priced mortgage rule, such a creditor will also be exempt from such requirements for purposes of any loan consummated in 2022 if the application was received before April 1, 2022.

The asset size threshold for purposes of the exemption from the higher-priced mortgage loan escrow account requirement also is one of the criteria that determines whether a creditor qualifies under the ability to repay rule to make loans based on the small creditor portfolio, and small creditor balloon payment, qualified mortgage loan provisions. As a result, for 2021 the $2.230 billion threshold will apply for purposes of determining if a creditor is a small creditor under such provisions.

- Richard J. Andreano, Jr.

Back to Top

Industry Trades Seek Clarification of CARES Act Forbearance Period

Three industry trade associations sent a letter dated December 17, 2020, to federal agencies, Fannie Mae, and Freddie Mac seeking guidance on the CARES Act concept of the covered period during which a borrower may request a forbearance in making payments on a covered single-family mortgage loan. The industry trades are the American Bankers Association, Housing Policy Council, and Mortgage Bankers Association. The federal agencies are the Federal Housing Finance Agency, U.S. Department of Agriculture, U.S. Department of Housing and Urban Development, and the U.S. Department of Veterans Affairs.

As previously reported, section 4022 of the CARES Act permits a borrower with a covered single family-mortgage loan to request a forbearance from making mortgage payments if the borrower is experiencing a financial hardship due, directly or indirectly, to the COVID-19 national emergency. However, section 4022 does not define what the “covered period” is. Section 4023 of the CARES Act, which addresses forbearances with multifamily loans, defines “covered period” as the date that the CARES Act becomes law until the sooner of December 31, 2020, or the termination date of the COVID-19 national emergency. Section 4021 of the CARES Act, which addresses credit reporting in connection with a credit obligation or account for which a borrower was offered a payment accommodation, defines “covered period” as the period beginning on January 31, 2020, and ending on the later of (1) 120 days after the CARES Act became law (i.e., 120 days after March 27, 2020) and (2) 120 days after the date that the COVID-19 national emergency terminates.

In the letter, the industry trades note that “servicers are actively engaged in the delivery of payment relief to all borrowers in need as a result of the pandemic.” The trades “urge the agencies to publicly announce that the COVID-19 forbearance programs will continue to be available through the National Emergency period, allowing sufficient time for borrowers to access this assistance and servicers to plan for continued program delivery over the coming months.”

- Mortgage Banking Group

Back to Top

FHFA and HUD Extend Foreclosure Moratoriums – Fannie and Freddie Provide Guidance Regarding Termination of Mortgage Insurance

The Federal Housing Finance Agency (FHFA) announced on December 2, 2020, the extension of the Fannie Mae and Freddie Mac moratorium on single-family foreclosures from December 31, 2020, to January 31, 2021. The moratorium on evictions from single-family homes owned by Fannie Mae or Freddie Mac also is extended until January 31, 2021. The announcement does not address evictions from multi-family properties subject to a Fannie Mae or Freddie Mac loan. Fannie Mae addresses the extension in an update to Lender Letter 2020-02 and Freddie Mac addresses the extension in Bulletin 2020-46. Both Fannie Mae and Freddie Mac advise that the moratorium does not apply to properties determined to be vacant or abandoned.

In Mortgagee Letter 2020-43, dated December 17, 2020, the U.S. Department of Housing and Urban Development (HUD) extended the foreclosure and eviction moratorium for FHA insured single-family loans from December 31, 2020, to February 28, 2021. The FHA moratorium applies to all FHA Title II single-family forward and Home Equity Conversion (reverse) mortgage loans, except for FHA loans secured by vacant or abandoned properties. Deadlines for the first legal action and reasonable diligence timelines are extended by 120 days from the date of expiration of the moratorium.

In the update to Lender Letter 2020-02 and in Bulletin 2020-46, Fannie Mae and Freddie Mac also address a borrower-requested termination of private mortgage insurance. Fannie Mae advises that when verifying an acceptable payment record a servicer must not consider any payment that is 30 or more days past due in the last 12 months, or 60 or more days past due in the last 24 months, that is attributable to the COVID-19 financial hardship when, because of the borrower having a financial hardship related to COVID-19, the servicer provided:

  • A COVID-19 related forbearance plan, repayment plan, or Trial Period Plan, and the borrower complied with the terms of such plan;
  • A payment deferral; or
  • A COVID-19 payment deferral and the borrower made three consecutive monthly payments following completion of the payment deferral.

However, the mortgage loan must be current when the termination is requested. Fannie Mae notes that the temporary policy change is effective for borrower-initiated requests for termination initiated through Fannie Mae’s servicing solutions system on or after March 1, 2021.

Freddie Mac advises that for borrowers who request to cancel mortgage insurance after the mortgage has been restored to current status following the conclusion of a COVID-19 related hardship, the borrower’s payment history must meet the following payment history requirements:

  • No payment that was 30 days or more past due in the preceding 12 months, except when the delinquency is a direct result of the mortgage being subject to a COVID-19-related hardship (including Mortgages on COVID-19 forbearance plans) and, following the COVID-19-related hardship, the borrower was transitioned to a relief or workout option to cure the delinquency (e.g., repayment plan or Trial Period Plan).
  • No payment that was 60 days or more past due in the preceding 24 months, except when the delinquency is a direct result of the mortgage being subject to a COVID-19 related hardship (including Mortgages on COVID-19 forbearance plans) and, following the COVID-19 related hardship, the borrower was transitioned to a relief or workout option to cure the delinquency (e.g., repayment plan or Trial Period Plan).
  • For mortgages restored to current status under the COVID-19 Payment Deferral, the borrower must make three consecutive payments following the settlement of the COVID-19 Payment Deferral to meet this qualification requirement.

Both Fannie Mae and Freddie Mac advise that the guidance on the termination of mortgage insurance applies regardless of whether the request to cancel borrower-paid mortgage insurance is based on the original or current value of the home.

- Mortgage Banking Group

Back to Top  

VA Extends COVID-19 Foreclosure and Eviction Moratorium

The U.S. Department of Veterans Affairs (VA) extended the eviction and foreclosure moratorium for properties secured by VA guaranteed loans from December 31, 2020, to February 28, 2021. The moratorium does not apply to vacant or abandoned properties. The VA made the change through Circular 26-20-40 on December 28, 2020.

As previously reported, the Fannie Mae and Freddie Mac foreclosure and eviction moratoriums for single-family loans were extended to January 31, 2021, and the U.S. Department of Housing and Urban Development (HUD) foreclosure and eviction moratorium for FHA insured single-family loans was extended to February 28, 2021.

- Mortgage Banking Group

Back to Top   

HUD Extends Various COVID-19 Policies

In a series of Mortgagee Letters, each dated December 17, 2020, the U.S. Department of Housing and Urban Development (HUD) extended the dates of various policies addressing the COVID-19 national emergency.

In Mortgagee Letter 2020-44, HUD extended the date for approving an initial COVID-19 forbearance with an FHA loan, or a COVID-19 extension with a home equity conversation mortgage (HECM) loan (i.e., a reverse mortgage loan), from December 31, 2020, to February 28, 2021. The means of communication with borrowers regarding a COVID-19 forbearance and the terms of a COVID-19 forbearance remain the same as established in Mortgagee Letter 2020-06 and Mortgagee Letter 2020-22. The guidance applies to all FHA Title II single-family mortgage programs.

In Mortgagee Letter 2020-45, HUD extended from December 31, 2020, to March 31, 2021, the guidance for the endorsement of mortgage loans when the borrower has been granted a COVID-19 forbearance. The guidance applies to all FHA Title II single-family forward mortgages, except non-FHA to FHA cash-out refinance loans.

In Mortgagee Letter 2020-46, HUD extended from December 31, 2020, the following: (1) the guidance regarding the verification of business operations for self-employed borrowers and the use of rental income for qualification purposes now applies to loans for which case numbers are assigned on or before February 28, 2021, and (2) the guidance regarding rehabilitation escrow accounts in connection with 203(k) loans now applies to open escrow accounts through February 28, 2021. The guidance regarding verification of business operations and use of rental income applies to all FHA Title II single-family forward mortgages and HECM programs, and the escrow account guidance applies solely to the 203(k) rehabilitation program.

In Mortgagee Letter 2020-47, HUD extended from December 31, 2020, the following: (1) the guidance regarding the re-verification of employment requirements now applies to cases closed on or before February 28, 2021, and (2) the guidance regarding the option to use exterior-only appraisals now applies for appraisals with an effective date on or before February 28, 2021. The guidance applies to FHA single-family Title II forward and reverse mortgage programs.

- Mortgage Banking Group

Back to Top   

States Issue Work-From-Home Guidance for Mortgage Lenders – Updated 12/28/2020

In response to the COVID-19 pandemic, state mortgage regulators are daily issuing guidance (1) about whether work from home arrangements are permissible under their existing licensing requirements and/or (2) are granting temporary permission for licensable activity to occur from unlicensed locations (including employee homes) under specified conditions. Below we identify the states that have issued guidance specifically on this topic. Please note that the scope, duration, conditions and requirements set by the states differ – some even require approval – so please carefully review the state’s guidance set forth at the hyperlink. This is a rapidly changing area so check back regularly for updates and changes.

Alabama  Memorandum 
Alaska Notice
Arkansas Interim Regulatory Guidance Extended
California Guidance
Colorado Bulletin
Connecticut Revised Memorandum
District of Columbia Order
Hawaii Interim Regulatory Guidance (NMLS link)
Idaho Temporary Regulatory Guidance Extended
Indiana Guidance (NMLS link)
Iowa Letter
Kansas Updated Guidance
Kentucky Guidance
Louisiana Declaration
Maryland Bulletin
Massachusetts E-mail (NMLS link)
Michigan Bulletin
Minnesota Letter (NMLS link)
Mississippi Interim Regulatory Guidance
Montana Guidance
Nebraska Guidance on Temporary Branch Relocations (NMLS link)

Application Form (NMLS link)

Nevada Extended Memorandum
New Hampshire Memorandum
New Jersey Bulletin Extended
New Mexico Updated Memorandum
North Dakota Press Release – Preparation for COVID-19 Response
Oklahoma Sixth Amended Interim Guidance
Ohio FAQ
Oregon Revised Bulletin No. DFR 2020-6
Pennsylvania Guidance
Rhode Island Revised Banking Bulletin 2020-1
South Carolina Interim Regulatory Guidance
South Dakota Updated Interim Regulatory Guidance (NMLS link)
Tennessee Interim Guidance
Texas Guidance
Utah Guidance (NMLS link)
Vermont Memorandum
Washington Interim Guidance Extended
West Virginia Emergency Announcement
Wisconsin Directive


- Mortgage Banking Group

Back to Top   

FTC Brings GLBA Safeguards Rule Enforcement Action Against Mortgage Vendor

On December 15th, the FTC announced in a press release that it had reached a settlement with a mortgage industry data analytics company to resolve allegations in the FTC’s administrative complaint that the company had failed to ensure one of its vendors was adequately securing personal data about tens of thousands of mortgage holders under the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. In the press release, Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, stated that “Oversight of vendors is a critical part of any comprehensive data security program, particularly where those vendors can put sensitive consumer data at risk.”

According to the FTC, Ascension Data & Analytics, LLC (Ascension) used a vendor, OpticsML, to perform text recognition scanning on mortgage documents and to store the contents of the documents on a cloud-based server in plain text. The FTC alleged in its complaint that the vendor did so without any protections to block unauthorized access, such as requiring a password or encrypting the information. The lack of such protections resulted in the FTC charging Ascension with violating the GLBA Safeguards Rule by failing to adequately vet OpticsML and other vendors; failing to enter into contracts with vendors requiring them to safeguard the information; and failing to conduct risk assessments of all of its third-party vendors. The FTC also alleged that Ascension created a written “Third Party Vendor Risk Management,” but did not follow through to ensure policies outlined in the document were actually implemented.

The proposed settlement agreement requires Ascension to implement a data security program, undergo biennial assessments of the effectiveness of its data security program by an independent organization subject to FTC approval, have a senior company executive certify annually that the company is complying with the terms of the settlement, and report any future data breaches to the FTC within 10 days of notifying other federal or state government agencies.

- Kim Phan

Back to Top   

CFPB Publishes Fall 2020 Rulemaking Agenda

The CFPB has published its Fall 2020 rulemaking agenda as part of the Fall 2020 Unified Agenda of Federal Regulatory and Deregulatory Actions. It represents the CFPB’s fourth rulemaking agenda under Director Kraninger’s leadership. The agenda’s preamble indicates that the information in the agenda is current as of September 11, 2020 and identifies the regulatory matters that the Bureau “reasonably anticipates having under consideration during the period from November 2020 to November 2021.”

The Bureau issued its final debt collection rule in October 2020. In February 2020, the Bureau issued a supplemental proposal that would require debt collectors to make specified disclosures when collecting time-barred debts. The Bureau indicates in the preamble that it plans to finalize its supplemental proposal regarding disclosures for time-barred date this month.

Other items listed in the agenda on which the CFPB expects to take action before the end of this year and next year include:

  • Business Lending Data (Regulation B). Section 1071 amended the ECOA, subject to rules adopted by the Bureau, to require financial institutions to collect and report certain data in connection with credit applications made by women- or minority-owned businesses and small businesses. The Bureau issued a SBREFA outline in September 2020 and convened a SBREFA panel in October 2020. The Bureau released the panel report today.
  • Property Assessed Clean Energy Financing. In March 2019, the CFPB issued an Advance Notice of Proposed Rulemaking to extend Truth in Lending Act ability-to-repay requirements to PACE transactions. The agenda estimates pre-rule activity in March 2021.
  • Home Mortgage Disclosure Act (Regulation C). The HMDA amendments adopted by the CFPB in October 2015 revised certain pre-existing data points, added data points set forth in Dodd-Frank, and included additional data points based on discretionary authority in Dodd-Frank permitting the CFPB to mandate reporting of other information. The October 2015 amendments also expanded the scope of reportable loans by requiring the reporting of dwelling-secured business or commercial purpose loans that meet the definition of a home purchase, refinancing, or home improvement transaction. In May 2019, the Bureau issued an Advance Notice of Proposed Rulemaking seeking comment on whether to make changes to the revised or new data points, and the coverage of business or commercial-purpose loans that are made to a non-natural person and secured by a multi-family dwelling. The agenda estimates issuance of a Notice of Proposed Rulemaking in February 2021.
  • Public Release of Home Mortgage Disclosure Act Data. In December 2018, the CFPB announced final policy guidance regarding the application-level HMDA data that will be made available to the public. The agenda estimates issuance of a Notice of Proposed Rulemaking on the public disclosure of HMDA data in February 2021.
  • Amendments to FIRREA Concerning Appraisals (Automated Valuation Models). The Bureau is participating in interagency rulemaking with the Federal Reserve, OCC, FDIC, NCUA and FHFA to develop regulations to implement the amendments made by the Dodd-Frank Act to the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) concerning appraisals. The FIRREA amendments require implementing regulations for quality control standards for automated valuation models. The agenda estimates that the agencies will issue a Notice of Proposed Rulemaking in June 2021.
  • Mortgage Servicing Rules. The Bureau expects to propose additional amendments to the servicing rules, including, for example, loss mitigation provisions and estimates its proposal will be issued in March 2021.
  • Higher-Priced Mortgage Loan Escrow Exemption. The Economic Growth, Regulatory Relief, and Consumer Protection Act directs the CFPB to implement an exemption from the mandatory escrow account requirement for higher-priced mortgage loans under the Truth in Lending Act and Regulation Z for certain insured credit unions and insured depository institutions. The CFPB has proposed amendments to Regulation Z pursuant to this directive. The Bureau estimates that it will issue a final rule in January 2021.

The Bureau’s long-term regulatory agenda items, which have no estimated dates for further action, include the following:

  • Abusive Acts and Practices. In January 2020, the CFPB issued a policy statement to clarify the Dodd-Frank Act’s abusiveness standard. The Bureau states that it recognizes the importance of continuing to monitor the use of AI and machine learning and is evaluating “whether rulemaking, a policy statement, or other Bureau action. The agenda indicates that in issuing the policy statement, “the Bureau did not foreclose the possibility of engaging in a future rulemaking to further define the abusiveness standard.”
  • Artificial Intelligence. In February 2017, the CFPB issued a request for information concerning the use of alternative data and modeling techniques in the credit process. The Bureau states that it recognizes the importance of continuing to monitor the use of AI and machine learning and is evaluating “whether rulemaking, a policy statement, or other Bureau action may become appropriate.”
  • Payday Disclosure Rule. The Bureau states that it has begun research focused on providing information to consumers about the costs associated with payday loans. The Bureau anticipates completing the first phase of this research, which involves qualitative testing, by the end of September 2021. The results of the testing will inform the Bureau in deciding whether to move forward with quantitative testing that might support a future rulemaking or other actions related to payday loan disclosures.
  • Loan Originator Compensation. The Bureau states that it has received feedback that aspects of its current rule “may be unnecessarily restrictive” and is considering a rulemaking to address these concerns. Possible topics for consideration might include whether creditors can lower compensation for originating state housing finance authority loans and whether creditors can reduce compensation due to an originator’s error.

Other long-term items include the application of E-Sign Act requirements in the context of certain Bureau regulations and possible changes to the Bureau’s TILA/RESPA Integrated Disclosure Rule.

The U.S. Supreme Court ruling in Seila Law that the Dodd-Frank Act provision allowing the President to remove the Bureau’s Director only “for cause” is unconstitutional and the appropriate remedy is to sever that provision means that President-elect Biden will be able to remove Director Kraninger without cause. As a result, the Bureau’s Spring 2021 rulemaking agenda could reflect a significant change in priorities.

- Alan S. Kaplinsky

Back to Top   

California Attorney General Shows No Sign of Slowing CCPA Rulemaking With Fourth Set of Proposed Modifications

The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the CCPA).

As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020. The third set of modifications revised the regulations relating to the notice of a consumer’s right to opt-out of the sale of their personal information. Our previous post detailed the specific changes in the third set of modifications.

The Attorney General’s Office received around 20 comments in response to the third set of modifications; these modifications have not yet been accepted and finalized. The fourth set of modifications are in response to the comments to the third set of modifications and are intended to clarify and conform the proposed regulations to existing law. The changes made include:

  • Revisions to section 999.306, subd. (b)(3), which clarifies that a business selling personal information collected from consumers in the course of interacting with them offline shall inform consumers of their right to opt out of the sale of their personal information by an offline method.
  • Proposed section 999.315, subd. (f), which reinstates the requirement for a uniform opt-out button to be used “in addition to . . . but not in lieu of . . . a ‘Do Not Sell My Personal Information link.”

The Attorney General’s Office planned to accept written comments regarding the fourth set of proposed modifications until December 28, 2020.

The recently proposed modifications show that the Attorney General has no intention to slow the rollout of CCPA regulations after the recent voter approval of the California Privacy Rights Act (the CPRA), which further modifies and strengthens the existing protections in the CCPA. Notably, the Attorney General is also allowed to issue regulations under the CPRA until that power is ultimately transferred to the newly created California Privacy Protection Agency.

- Gregory P. Szewczyk & Philip N. Yannella

Back to Top   

Plaintiffs in Lawsuit Challenging OCC Madden-Fix Rule Move for Summary Judgment

The Attorneys General of California, Illinois, and New York have filed a motion for summary judgment in their lawsuit filed against the Office of the Comptroller of the Currency (OCC) to enjoin the OCC’s final rule purporting to override the Second Circuit’s Madden decision as to national banks and federal savings associations. The OCC must file its opposition to the summary judgment motion and any cross-motion for summary judgment by January 14, 2021. All briefing is to be completed by February 25, 2021 and a hearing on the motions is scheduled for March 14, 2021.

The AGs’ complaint alleges that the OCC rule violates the Administrative Procedure Act because it is “arbitrary, capricious, an abuse of discretion, or otherwise contrary to law,” “in excess of statutory jurisdiction, authority, or limitations, or short of statutory right,” and taken “without observance of procedure required by law.” The OCC filed an answer to the complaint on November 12.

The AGs’ central arguments in support of their summary judgment motion are:

  • The OCC’s rule conflicts with the plain language of Section 85 and 12 U.S.C. §1463, which apply only to interest that a national bank or federal savings association may charge.
  • The OCC lacks authority to issue the rule because the rule governs only the conduct of non-banks, i.e. the interest rate a non-bank can charge after a bank transfers a loan to it.
  • The OCC’s constructions of Section 85 and 12 U.S.C. §1463 are not entitled to Chevron deference because “they lack thorough consideration and support, proceed from invalid reasoning, and…are inconsistent with prior OCC positions without explanation.”
  • The OCC failed to comply with the Dodd-Frank Act’s preemption requirements which apply because the rule’s effect and purpose is to preempt otherwise applicable state interest rate caps. Among such requirements is application of the Barnett Bank standard that requires a finding that the preempted state law significantly interferes with a national bank’s exercise of its powers.
  • The rule is without support in the record because even if the OCC applied Barnett Bank, it made no findings that could support the rule under that standard. The OCC has merely speculated that Madden has caused uncertainty in secondary credit markets and, in any event, application of state rate caps to non-banks does not significantly interfere with national banks’ ability to make and sell loans.
  • The OCC failed to consider the rule’s facilitation of rent-a-bank schemes and that the rule creates a regulatory vacuum by placing non-bank loan buyers outside any meaningful regulation.

The AGs in the lawsuit against the OCC, joined by the AGs for the District of Columbia, Massachusetts, Minnesota, New Jersey, and North Carolina, filed a second lawsuit against the FDIC to enjoin its similar “Madden-fix” rule as to state banks. The second lawsuit was filed in the same California federal district court as the lawsuit against the OCC and both cases will be heard by Judge Jeffrey S. White who was appointed to the federal bench in 2002 by President George W. Bush. Judge White entered an order approving a stipulation between the AGs and the FDIC that requires the FDIC to file an answer to the complaint by January 14, 2020 and for the AGs and the FDIC to file cross-motions for summary judgment by, respectively, February 25 and March 25, 2021. All briefing must be completed by May 6, 2021 and a hearing on the cross-motions is scheduled for June 4, 2021.

It is unclear what impact the change to a Biden Administration will have on both Madden-fix rules and the two lawsuits. In a letter sent to President-elect Biden earlier this month, House Financial Services Committee Chairman Waters has called upon the Biden Administration to rescind both rules. President-Biden is expected to appoint a new Comptroller of the Currency. While FDIC Chairman McWilliams, appointed by President Trump, has indicated that she plans to remain in her position as Chairman until her five-year term ends in 2023, Democrats will hold a majority of FDIC seats. Accordingly, there is a possibility that one or both agencies will revisit their Madden-fix rules and decide to no longer defend their rules in the pending lawsuits.

- Jeremy T. Rosenblum

Back to Top   

CFPB Issues Part II of Final Collection Rule

The CFPB completed its Fair Debt Collection Practices Act rulemaking today with the release of Part II of its final collection rule.

Part II has three primary components dealing with validation notices, passive debt collection through negative reporting, and the collection of time-barred debt. Most notably, the provisions dealing with time-barred debt depart significantly from the Bureau’s proposal.

We are reviewing the Bureau’s 354-page release and will share our reactions to the final rule in future blog posts. We discussed the final rule during our webinar, “Part II of the CFPB’s Final Collection Rule: What You Need to Know.”

- Stefanie Jackman

Back to Top   

CFPB Issues Part II of Final Collection Rule: Initial Impressions

The CFPB issued Part II of its final collection rule on December 18, 2020. Part II supplements the final rule issued on October 30, 2020, about which our team published a series of blog posts on topics such as impacts on creditors, contact frequency limitations and limited content messages, electronic communications to send required disclosures, impact on credit reporting, mortgage servicing provisions and impacts, and meaningful attorney involvement and debt sale restrictions. Parts I and II were both adopted pursuant to the Bureau’s authority under the Fair Debt Collection Practices Act and not its UDAAP authority under the Dodd-Frank Act, and are effective November 30, 2021.

Part II of the final rule has three primary components, dealing with (1) the collection of time-barred debt, (2) passive debt collection, and (3) validation notices.

Time-Barred Debt

Part II includes prohibitions against taking or threatening legal action on time-barred debt, as was the case with the proposed rule. See §1006.26(b). Proposed §1006.26(b) prohibited a debt collector from bringing or threatening to bring a legal action against a consumer to collect a debt that the debt collector knows or should know is a time-barred debt. However, the Bureau finalized §1006.26(b) with two principal changes.

First, the Bureau did not adopt the “knows-or-should-know standard.” Rather, suing or threatening suit on a time-barred debt is subject to a strict liability standard. However, the Bureau stated that a debt collector may be able to invoke the “bona fide error” defense to civil liability under FDCPA section 813, depending on the circumstances.

Second, Part II clarifies that the prohibitions in §1006.26(b) do not apply to proofs of claim filed in bankruptcy proceedings. The Bureau reasoned that §1006.26(b) uses the term “legal action” and noted in Midland Funding, LLC v. Johnson, 137 S. Ct. 1407 (2017), the U.S. Supreme Court held that filing a proof of claim on a time-barred debt in a bankruptcy proceeding does not violate the FDCPA sections 807 or 808.

The most confusing aspect of Part II’s handling of time-barred debt relates to the Bureau’s handling of disclosures associated with such debts. The proposed rule contained a disclosure that would be required when a time-barred debt was being collected, but the Bureau did not include this disclosure in the final rule. Indeed, the final rule says nothing at all about disclosure. Unfortunately, the Bureau’s discussion of this issue in its analysis of the final rule hints that a disclosure may be required, but the Bureau has neither required one, nor provided the content of such a disclosure. Debt collectors will be left to decide for themselves whether to make time-barred debt disclosures as a matter of federal law, creating both confusion and the opportunities for litigation that the rule could have avoided.

Passive Debt Collection

Part II adopted a proposed ban on “passive collections,” a term that refers to a debt collector reporting a debt to a credit bureau before first contacting the consumer who allegedly owes the debt. (The FTC recently settled its first enforcement action targeting this practice.)

The Bureau finalized this prohibition, with changes specifying the required actions that a debt collector must take before furnishing information to a consumer reporting agency. Specifically, the final rule requires a debt collector to either: (1) speak to the consumer about the debt in person or by telephone, or (2) place a letter in the mail or send an electronic message to the consumer about the debt and wait a reasonable period of time to receive a notice of undeliverability. See §1006.30(a)(1). With respect to written notices, the Bureau finalized a safe harbor time period of 14 days for both electronic messages and mailed letters. Therefore, if the §1006.30(a)(1) communication is in writing, a debt collector must allow at least 14 days to pass between the communication to the consumer and furnishing information to a consumer reporting agency. The Bureau noted that there would be no violation of the rule, even if the debt collector received a notice of undeliverability after the expiration of the 14-day period. Part II also added §1006.30(a)(2) to state that §1006.30(a)(1) does not apply to a debt collector’s furnishing of information about a debt to a nationwide specialty consumer reporting agency that compiles and maintains information on a consumer’s check writing history, as described in FCRA section 603(x)(3).

Validation Notices

Part II adopted a set of specifications for what information should be included in a validation notice, as well as when and how it should be provided to consumers. Part II also finalized a model disclosure form. See Form B-1. In general, the validation provisions (and Model Form) in the final rule were similar to those in the proposed rule from May 2019, but there were some notable changes.

Similar to the proposed rule, Part II declined to require debt collectors to always provide written, non-electronic validation notices to consumers. Part II permits a debt collector to send validation notices electronically as part of the initial communication with the consumer if the debt collector sends the notice in a manner that is reasonably expected to provide actual notice, and in a form that the consumer may keep and access later. A debt collector may also send the validation notice electronically after the initial communication when the debt collector complies section 101(c) of the E-SIGN Act.

One important difference between the proposed and final rules is that the use of the model form is no longer required, but instead simply provides a safe harbor. The Bureau stated that it made this change to allow for greater flexibility for types of debt that were not well accommodated by the model form.

The Bureau made some minor changes to the requirements for validation notices. For example, it added another choice of “itemization dates” (the date of a judgment) and moved the co-brand disclosure requirement to the optional disclosures (under the proposed rule, a co-brand name associated with a credit card would have been a required disclosure). But, in general, it adopted the validation notice requirements largely as proposed.

There were two areas in which the Bureau, disappointingly, refused to make revisions that would have made compliance with the final rule more straightforward. First, the Bureau refused to provide a definition of “original creditor,” despite industry groups’ requests that the Bureau define the “original creditor,” for purposes of a debt collector’s duty to provide the name of the original creditor, upon request, as the creditor at the time of charge off; this was intended to deal with situations in which consumer credit portfolios might be transferred between creditors. The Bureau rejected this request, reasoning that defining it as of the time of charge-off may not be accurate for all types of debt.

Second, and more disappointingly, the Bureau rendered the model form validation notice subject to continued change through judicial decisions by retaining the “required by applicable law” optional disclosures, and indeed adding a reference in the Official Commentary to the very confused and contradictory set of judicial decisions regarding situations in which the amount of a debt may change after the date of a validation notice. The Bureau rejected the industry comments that allowing judicial decisions to vary the model form would cause it to no longer be a viable form document. In a very real sense, this decision has the potential to render the “model form” subject to circuit-by-circuit, or even district-by-district, variation, as federal courts interpreting the FDCPA and the final rule require disclosures not covered by the model form itself. We had hoped that the Bureau would prescribe a true model form, not subject to change by court decisions.

- Stefanie Jackman & Rene T. McNulty

Back to Top   

House Financial Services Committee Chairwoman Waters Sends Letter to President-Elect Biden With Recommended Rule Rescissions and Other Actions

Earlier this month, House Financial Services Committee Chairwoman Maxine Waters sent a letter to President-elect Joe Biden recommending various actions that the Biden Administration should take in the financial services arena. Chairman Waters and members of her staff are expected to have a strong voice in shaping the Biden Administration’s approach to financial services regulatory policy. As a result, Chairman Waters’ letter is likely to receive close attention from the President-elect’s agency review teams and influence the priorities of the individuals appointed to lead the financial regulatory agencies.

Chairman Waters’ letter sets out a wide-ranging agenda for the Biden Administration in the areas of COVID-19 relief, climate change, diversity and inclusion, affordable housing, consumer protection, investor protection, financial stability, and international development. It includes as an attachment a list of regulatory and administrative actions by the Trump Administration “that [President-elect Biden’s] team should prioritize the elimination of on day one of [his] presidency.”

In the area of consumer financial services, Chairman Waters’ recommendations include the following actions “that should be taken to help consumers struggling during the pandemic”:

  • CFPB Director Kraninger should be fired and a new Director should be installed “who will fulfill the CFPB’s statutory mission to protect consumers.”
  • The CFPB, under new leadership, should be directed “to aggressively protect consumers by enforcing the law.”
  • The CFPB should rescind the July 2020 rule that rescinded the underwriting provisions in its 2017 rule on Payday, Vehicle Title, and Certain High-Cost Installment Loans (2017 Payday Rule) and reinstate the 2017 Payday Rule.
  • The new CFPB Director should restore the role and responsibilities of the Office of Fair Lending and Equal Opportunity.
  • The CFPB should rescind its debt collection rule and reissue it “with meaningful consumer protections, along with the new time-barred debt rule proposal.”
  • Once becoming President, Mr. Biden should issue an executive order directing the Treasury and other federal agencies to immediately suspend the collection of debts owed by consumers to the federal government until after the pandemic ends.

Other recommendations in the area of consumer financial services include:

  • In addition to reinstating the 2017 Payday Rule and rescinding the debt collection rule and reissuing a collection rule with stronger consumer protections, the CFPB should issue new rules with stronger consumer safeguards in areas that include fair lending, credit reporting, student lending, forced arbitration clauses, and overdraft protection.
  • The OCC and FDIC should rescind their Madden-fix rules and the OCC should rescind its “true lender” rule.
  • The DOJ, CFPB, and federal banking regulators should prioritize fair lending enforcement.
  • The CFPB should expand the mortgage data required to be collected by HMDA.
  • The OCC should rescind its CRA rule and the federal banking regulators “should work on a new plan to strengthen CRA’s implementation to ensure we can finally put an end to modern-day redlining.
  • The CFPB should promptly implement Dodd-Frank Section 1071 small business data collection requirements.
  • The CFPB should rescind its no-action letter policy, trial disclosure program, and compliance assistance sandbox.
  • The CFPB should rescind its policy statement on abusive acts or practices.

Among the letter’s recommendations in the area of diversity and inclusion is a recommendation involving the Offices of Minority and Women Inclusion (OMWIs) that Section 342 of the Dodd-Frank Act required the CFPB, the federal banking agencies, and other federal agencies to create. The letter calls on the Biden Administration to make “full use” of Section 342 and, as an example, recommends that the Biden Administration require the agencies to make it mandatory for regulated institutions to comply with the Joint Standards for Assessing the Diversity Policies and Practices of Regulated Entities, including annual reporting of diversity data. Currently, the use of the Joint Standards by regulated entities and the submission of diversity self-assessments to the OMWIs is voluntary. The letter also recommends that “given the exacerbated decline of Black businesses, in particular, as a result of the COVID-19 pandemic, [the Biden] administration should ensure that OMWIs are monitoring and advising on any unintended consequences and harm that may be caused by agency policies to minority owned businesses and communities of color.”

In her letter, Chairman Waters also calls on the Biden Administration to require disclosure by public companies and regulated entities of their boards’ diversity, including by approving proposals by national exchanges to change their listing standards to require such disclosure as well as setting minimum board diversity standards. Members of Ballard Spahr’s Diversity and Inclusion Team recently issued a legal alert on the proposed rule filed by the Nasdaq Stock Market with the U.S. Securities and Exchange Commission. If approved, the rule will require listed companies to disclose the racial, LGBTQ+ status, and gender makeup of their boards of directors and have a minimum number of diverse directors or explain why they could not—or elected not to—achieve the established targets.

- Alan S. Kaplinsky

Back to Top   

This Week’s Podcast: A Conversation With American Banker Reporter Kate Berry

Kate Berry joined American Banker in 2006 and has covered the CFPB since 2016. Kate shares her perspective on the controversy over Leandra English’s appointment as Acting Director, Director Kraninger’s approach to her leadership role, the Seila Law decision’s impact, President-elect Biden’s possible candidates for CFPB Director, the fate of the CFPB’s small dollar loan rule, and likely areas of CFPB focus in 2021.

Click here to listen to the podcast.

- Alan S. Kaplinsky & Christopher J. Willis

Back to Top   

Federal Agencies Consider Requiring Reporting of Computer Security Incidents

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator. Under the proposed rule, for incidents that could result in a banking organization’s inability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of a banking organization, or impact the stability of the financial sector, the banking organization must notify its primary federal regulator no later than 36 hours after determining an incident has occurred. Additionally, service providers to banking organizations would be required to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.

By requiring notice of these computer security incidents, the proposed rule broadens the type of reportable events that banking organizations and their service providers are required to report to federal agencies. The agencies stated that, “current reporting requirements related to cyber incidents are neither designed nor intended to provide timely information to regulators regarding such incidents.” Specifically, the agencies noted that the filing of Suspicious Activity Reports under the Bank Secrecy Act do not provide the agencies with sufficiently timely information about every notification incident, and notices under the Gramm-Leach-Bliley Act focus on incidents that result in the compromise of sensitive customer information and do not include the reporting of incidents that disrupt operations.

Comments on the proposal must be received within 90 days of publication in the Federal Register.

- Philip N. Yannella, Kim Phan & Sarah B. Dannecker

Back to Top   

Did You Know?

Georgia Issues 2019 Annual Report With Mortgage Licensee Statistics

The Georgia Department of Banking and Finance recently issued its 2019 Annual Report. It summarizes the Department’s administrative and supervisory activities over non-depository financial institutions, among others, over the course of the year ending December 31, 2019. Of note, the Department’s statistics show that active mortgage licensees and registrations increased by roughly 5% from the previous year, which the Department attributes to a heightened demand for mortgage loan originator (MLO) licenses. Overall, the Department reports that growth in the non-depository portfolio remained strong in 2019.

The 2019 Annual Report is available for download here.

NMLS Ombudsman Virtual Meeting Summary

A summary of the NMLS Ombudsman Virtual Meeting, which was held on September 9, 2020, is now available here. A recording of the virtual meeting is also for viewing here.

- Aileen Ng

Back to Top  

Looking Ahead

California MBA Legal Issues and Regulatory Compliance Conference

What Will New QM Look Like?

Online Only | January 12-13, 2021

Speaker: Richard J. Andreano, Jr.


Back to Top  

Copyright © 2020 by Ballard Spahr LLP.
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

Subscribe to Ballard Spahr Mailing Lists

Get the latest significant legal alerts, news, webinars, and insights that affect your industry.