Compliance Update — Insights and Highlights
The world of banking compliance is constantly changing, and bankers have an increasing amount of information to keep up with in order to stay informed. This column will be used periodically to highlight compliance-related issues that may be of interest to those in your institution.
The Consumer Financial Protection Bureau (CFPB/Bureau) has been busy this year, and its agenda does not seem to be getting any shorter as the year gets closer to the end. Before moving into recent happenings at the CFPB, it is important to mention what is currently one of the “hottest” topics in the banking world — the October ruling by a panel of three Fifth Circuit judges that the funding structure of the CFPB is unconstitutional pursuant to the Appropriations Clause. Many of you may have cheered when you first read the headlines, but there are many unanswered questions, an appeal process, and much more to come on the topic. All that said, do not use this ruling as an excuse to slack on compliance; a resolution could be years in the making.
The CFPB has started the process of drafting a new consumer data rights rule. The Bureau is currently asking for comments from institutions (i.e., financial institutions pursuant to Regulation E, credit card issuers pursuant to Regulation Z, and companies providing electronic funds transfers) that will likely be subject to the rule. As currently drafted, the rule would allow consumers to access account-related financial data, such as transaction history, costs, usage, etc., in an effort to foster competition and consumer choice. The Bureau is currently seeking industry guidance regarding the scope of the rule, permitted recipients of the requested financial data, a third party’s use of the data, compliance concerns, applicable data and its availability, and an effective date. The comment period is set to expire January 25, 2023.
Additionally, the Bureau issued Consumer Financial Protection Circular 2022-07 on November 10, 2022, addressing inadequate investigation practices by consumer reporting companies and providing related guidance. The guidance was issued as a result of the CFPB’s finding that some consumer reporting companies (including furnishers) failed to properly investigate consumer disputes. Such failures could result in liability for the companies and furnishers under the Fair Credit Reporting Act. The guidance reiterates specific responsibilities related to investigations. First, upon notice of a dispute, a consumer reporting agency must notify the furnisher and provide it with all relevant information related to the individual involved in the dispute. Consumer reporting agencies and furnishers must conduct a reasonable investigation of all disputes received directly from a consumer regardless of the manner in which it was made aware of the dispute. Furnishers must investigate all disputes received from a consumer reporting agency no matter the means by which the dispute is made. The CFPB used the guidance to communicate all applicable companies of the “serious consequences” that may arise for failure to conduct reasonable investigations of such disputes because of the “destructive consequences” that just one incorrect piece of information may potentially have on a consumer’s credit.
Another CFPB Consumer Financial Protection Circular that was published in October regarding “illegal junk fees on deposit accounts” is the subject of a separate article in this newsletter. It is worth mentioning that the CFPB has noted in the circulars that these publications are “policy statements advising parties with authority to enforce federal consumer financial law.” In other words, the CFPB expects other regulatory agencies to accept the views expressed through each circular and to regulate the entities within each agency’s jurisdiction accordingly.
False Claims Act Settlement with PPP Lender
The Department of Justice (DOJ) entered into an $18,000 settlement with a Texas bank resulting from its alleged improper processing of a Paycheck Protection Program (PPP) loan. This is the first settlement with a PPP lender pursuant to the False Claims Act. In the case, the PPP application included a question regarding the applicant’s criminal involvement (or that of anyone owning more than 20% equity of the company); specifically, whether the applicant or applicable equity owner was subject to an indictment, a criminal information, or an arraignment, or was facing criminal charges. The applicant responded negatively to this question, but the DOJ alleged that bank employees were aware of criminal charges against the owner. The DOJ claimed that the bank was not entitled to the $10,670 fee it received for processing the application because the applicant was ineligible for the loan due to his criminal charges (and ultimate guilty plea to a misdemeanor violation for which he was fined $1,000).
Annual Threshold Adjustments
The CFPB, the Federal Reserve, and the Office of the Comptroller of the Currency have recently adjusted the thresholds for exemptions and appraisals in the Truth in Lending Act (TILA) Higher Priced Mortgage Loan Appraisal Rule. The exemption threshold for appraisals for higher-priced mortgage loans will increase from $28,500 in 2022 to $31,000, effective January 1, 2023. Additionally, the CFPB and the Fed have made adjustments to the consumer leasing exemption threshold pursuant to Regulation M. Effective January 1, this threshold will increase from $61,000 to $66,400. These agencies also adjusted the TILA exemption threshold from $61,000 to $66,400, effective January 1.
Bank Secrecy Act/Anti-Money Laundering (BSA/AML)
Advances in technology are rapidly changing the world of banking, including BSA/AML compliance. Cybersecurity is an important focus for all organizations, especially banks. The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) recently reported that the total dollar value of ransomware-related BSA filings in 2021 was close to $1.2 billion, a substantially significant (188%) increase from the $416 million in 2020. FinCEN suggested that this increase could be the result of either an increase in incidents or an improvement in detecting potential incidents. According to FinCEN, the number of Suspicious Activity Reports filed pursuant to a cyber event increased by 74% from 2020 to 2021. It is likely that there will be another large increase once 2022 information is available. This is just a reminder to stay diligent and aware of potential threats, especially during this holiday season. As a result of this increase and other cybersecurity-related BSA threats, the Federal Financial Institutions Examination Council (FFIEC) recently updated its 2018 Cybersecurity Resource Guide for Financial Institutions and replaced it with the 2022 FFIEC Cybersecurity Resource Guide for Financial Institutions. The guide is provided as a tool for financial institutions to use in an effort to prepare for and respond to cyber incidents. The guide now includes ransomware-specific information for banks and other financial institutions to use to mitigate risks related to ransomware. The FFIEC included updated resource links for the following categories: assessment, exercises, information sharing, and response and reporting.
Peer-to-Peer (P2P) Payments
The American Bankers Association (ABA) is continuing the discussion on the impacts of advances in technology and recently wrote a letter to the CFPB addressing P2P payments. The purpose of the letter was to inform the Bureau of the efforts banks are making related to P2P payments in order to prevent fraud, educate consumers on how to avoid becoming victims, and identify the burdens banks are facing. The ABA informed the CFPB of the many resources it makes available to banks free of charge in an effort to increase consumer education about fraud prevention. In its letter, the ABA presented facts in support of its stance that shifting liability from the consumer to the bank in instances of fraud resulting from a consumer-initiated transaction would increase consumer costs and decrease competition. Further, the ABA set forth that such a shift will lead to a profit for scammers because there will be no risk for a consumer to send money if the bank is going to ultimately reimburse the consumer. The ABA urged the CFPB to work in conjunction with the banking industry, the non-bank P2P service providers, law enforcement, the Federal Trade Commission, and others who may work together to prevent scams, reduce fraud, and decrease consumer harm.
These are just the highlights of recent happenings in the world of compliance. There is much more to come, and it is sure to be another eventful year as 2023 will likely begin with many unanswered questions and unresolved issues related to the CFPB, P2P liability, increased cyber threats, expected Community Reinvestment Act final rules, the continued focus on fair lending and redlining, and much more.