InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
HUD announces FFRMS final rule
Recently, HUD announced a final rule to implement the Federal Flood Risk Management Standard to “protect communities from flood risk, heavy storms, increased frequency of severe weather events and disasters, changes in development patterns, and erosion.” The final rule will enact the FFRMS as mandated by Executive Order 13690 by amending two HUD regulations: (i) Part 55, Floodplain Management and Protection of Wetlands; and (ii) Part 200, Minimum Property Standards. Among other things, the final rule will raise the elevations and flood proofing requirements of properties in flood-prone areas that use federal funds for new construction or are financed through HUD’s grant or subsidy programs. The revisions to Minimum Property Standards specifically target Federal Housing Administration-insured new constructions located within the 100-year floodplain. The final rule becomes effective on May 23.
Department of Commerce announces new actions related to Executive Order on AI
On April 29, the National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce released several announcements regarding the progress on President Biden's Executive Order on AI (covered by InfoBytes here). NIST released four draft publications aimed at enhancing AI systems' safety, security, and trustworthiness.
The four draft publications include: (i) NIST AI 600-1 that offers a Generative AI Profile to help organizations identify and manage risks associated with generative AI; (ii) NIST SP 800-218A to expand on the Secure Software Development Framework (SSDF) and address concerns about malicious training data affecting AI systems, as well as provide potential risks and strategies for handling training data, including recommendations for analyzing data for signs of poisoning, bias, homogeneity, and tampering; (iii) NIST AI 100-4 that proposes technical methods to improve the transparency of AI-created or “synthetic” content; and (iv) NIST AI 100-5 which will outline a plan to encourage the global development of AI-related technical standards and seek feedback on areas for AI standardization, including methods for tracking the origin of digital content and shared practices for AI system testing and evaluation. Additionally, NIST is launching challenges to create methods for distinguishing between human and AI-generated content. Public comments on these initial drafts will be due by June 2.
Biden announces student debt cancellation for borrowers who attended “predatory” institutions
On May 1, the Biden Administration announced the approval of $6.1 billion in student debt cancellation for 317,000 borrowers who attended a system of art schools, which the Administration accused of engaging in deceptive practices and leaving students with significant debt and poor job prospects.
The U.S. Department of Education found the system of art schools and its parent company guilty of significant misrepresentations about the educational value and career prospects following graduation on websites, in print material, and through misleading information from school personnel to prospective students. The school advertised an employment rate of 82 percent within six months of graduation within the field of study; however, a review of the school's records by the Department of Education alleged that graduates were inaccurately counted as employed in their study fields, inflating the figures by as much as 25 percent. Additionally, the school advertised inflated average salaries based on the same incorrect data, with testimonies indicating that school officials fabricated graduates’ earnings. All campuses of the school system closed under separate ownership in September 2023.
CFPB report finds 15 million Americans with medical debt on their credit reports
On April 29, the CFPB released a report entitled “Recent Changes in Medical Collections on Consumer Credit Records” that showed that as of June 2023 some 15 million Americans (approximately five percent) still have medical bills on their credit reports. However, credit rating agencies’ changes have resulted in a decrease of approximately nine percentage points in the number of Americans that have medical debt on their credit report. Further, the report indicated that the CFPB’s efforts to combat medical debt collection issues (including, and as previously covered by InfoBytes, holding a hearing in July 2023 on medical billing and collections, highlighting the issue in their 2023 FDCPA report, and having its general counsel discuss the issue in April 2024) resulted in a greater expected decline in those with medical billing on their credit report. The CFPB attributed the difference between the forecasted decrease and the actual decrease to two factors: first, that the CFPB’s first report did not include the original date of delinquency; and second, there has been a trend towards reporting fewer medical collections, independent of collection reporting changes.
This year’s report showed that some states saw much larger reductions than others, but indicated a 38 percent nationwide drop in the total balances of medical collections on credit reports, continuing the trend shown in last year’s report that found a 37 percent decline in medical collection tradelines on credit reports (covered by InfoBytes here). Of the 15 million Americans that continue to have medical bills on their credit reports, this year’s report also showed the average reported balance increased from $2,000 to over $3,100, most medical collections tradelines that were removed were below $500, and those living in lower-income communities in the South have the most medical bills in collections for the largest amounts. The CFPB stated that fixing the credit reporting market, including issues that involve the reporting of medical bills, will continue to be a priority.
FTC alleges ROSCA, GLBA and FTC Act violations against bill payment platform
On April 25, the FTC announced an enforcement action against a third-party bill payment platform and two of its co-founders (defendants) for allegedly running misleading advertisements that intercepted consumers attempting to reach their billers, using “dark patterns” to manipulate the consumers into using the platform under the false belief that they have reached the biller’s official payment site, charging “junk fees” in connection with the processing of payments, and in some cases sending untimely payments to billers. According to the FTC’s complaint, the company allegedly violated the FTC Act by making false or misleading representations that it was an official payment channel for the consumers’ billers. The FTC also claimed defendants violated the Restore Online Shoppers’ Confidence Act by charging consumers for goods or services before clearly and conspicuously disclosing to consumers all material terms of the transaction and obtaining the consumers’ informed consent to be charged, and enrolling consumers into a paid subscription service by automatically ticking a box without warning when consumers clicked on a “User Terms of Service” hyperlink. Additionally, the FTC alleged that the company caused consumers to incur late fees and other inconveniences by failing to make timely payment to consumers’ billers, despite having received timely payment from the consumer. The FTC’s complaint also alleged that defendants used fraudulent statements or representations to obtain consumer information such as bank account numbers, routing numbers, credit card numbers, and debit card numbers in violation of the Gramm-Leach-Bliley Act.
The FTC claimed that defendants received tens of thousands of consumer complaints, inquiries from two state attorney’s general offices, and temporarily lost access to a credit card company’s network due to the complaints, among other warnings regarding its practices. The FTC will seek a permanent injunction, monetary relief, and other relief.
FTC bans all non-competes for workers and new non-competes for senior executives
On April 23, the FTC released a final rule titled the “Non-Compete Clause Rule,” in a 570-page release, to “categorically ban” non-compete clauses in employment contracts with all workers after the effective date of the rule pursuant to the FTC’s UDAP authority, by rendering such clauses an unfair method of competition pursuant to Section 5 of the FTC Act. The final rule also renders most existing noncompete clauses unenforceable after the effective date of the final rule, with an exception for existing noncompete clauses for senior executives, which remain enforceable. The FTC explained that it viewed noncomplete clauses as “restrictive and exclusionary” with negative impacts on earnings, innovation, and market competition. The final rule defines “non-compete clause” as “a term or condition of employment that prohibits a worker from, penalizes a worker for, or functions to prevent a worker from (1) seeking or accepting work in the United States with a different person where such work would begin after the conclusion of the employment that includes the term or condition; or (2) operating a business in the United States after the conclusion of the employment that includes the term or condition.”
While the FTC decided against adopting a rescission requirement for non-competes in the final rule, it adopts notice requirements for all workers who are not senior executives requiring “the person who entered into the non-compete” to provide “clear and conspicuous notice to the worker by the effective date that the worker’s non-compete clause is no longer in effect and will not be, and cannot legally be, enforced against the worker.” The Commission noted that employers concerned about protecting confidential business information, may avail themselves of the protections of trade secret law and further noted that there are several states that have already substantially banned non-competes, and that within these states employers have found alternative methods to protect their investments.
The FTC’s final rule will go into effect 120 days after publication of the final rule in the Federal Register.
OIG releases CFPB and Fed list of open recommendations
On April 22, the OIG, which oversees the CFPB and the Fed, released two audit and evaluation reports that noted previously identified recommendations to improve or correct issues that remain open as of March 31, including some recommendations that have been open for more than six months. With respect to the CFPB, the OIG identified 18 recommendations that remain open; with respect to the Fed, the OIG identified 65 open recommendations. The open recommendations made to the CFPB stem from OIG reports on strengthening its offboarding process in 2018, auditing the Bureau’s information security program in 2018, 2022, and 2023, and technical testing results for the Bureau’s legal enclave in 2020. The open recommendations to the Fed stem from OIG reports relating to, among others (i) information security; (ii) cybersecurity; (iii) security control of the Fed’s public website; (iv) the Fed’s Financial Market Utility Supervision Program; and (v) enterprise risk management. Notably, a small subset of the recommendations that remain open are nonpublic.
CFPB publishes the mortgage servicer edition of its Supervisory Highlights
On April 24, the CFPB published its 33rd edition of its Supervisory Highlights which covers select examinations and violations regarding mortgage servicing from April 1, 2023, through December 31, 2023. This edition of Supervisory Highlights focused on alleged violations of law identified in CFPB examinations including (i) charging illegal junk fees including impermissible property inspection and late fees; (ii) UDAAP violations; and (iii) violations of Regulation X loss mitigation requirements. The Bureau made clear in its press release that it plans to continue its focus on combatting junk fees within and beyond the mortgage servicing space.
The CFPB highlighted several violations of law resulting from mortgage servicers’ payment processing practices including the charging of property inspection fees in connection with certain Fannie Mae loans in violation of investor guidelines. To rectify this, servicers addressed system errors causing the fees in question, enhanced oversight, and were instructed to compensate affected borrowers. Other payment processing-related violations identified by the Bureau included failure to adequately describe fees in periodic statements by using the term “service fee” to describe 18 different fee types and failure to make timely disbursements from escrow accounts in violation of Regulation X.
The Bureau also identified unfair practices relating to the charging of late fees in excess of the amount authorized in the loan agreement or after consumers had entered into loss mitigation agreements, which should have prevented late fees. Servicers identified as having engaged in such violations were required to refund the fees to consumers and improve internal processes in response to the findings.
The CFPB also identified violations of law relating to loss mitigation and loan modifications. Examiners noted that some servicers failed to provide a written notice confirming the receipt of loss mitigation applications and informing consumers of whether the application was complete or incomplete. Further, some servicers failed to provide timely and complete notices of loss mitigation options. Additionally, some servicers, in violation of Regulation X, failed to waive existing fees after borrowers had accepted Covid-19 hardship loan modifications.
Examiners also found that certain servicers committed deceptive practices by sending out delinquency notices incorrectly stating that consumers had missed payments and needed to apply for loss mitigation when those consumers were actually up to date on their payments, enrolled in trial modification plans, or had inactive loans (such as those already paid off or in the process of a short sale).
Finally, the Bureau identified violations of law relating to (i) live contact and early intervention requirements in connection with delinquency and (ii) failure to retain adequate records.
Fed’s Bowman discusses risk management and bank supervision
On April 18, Fed governor Michelle Bowman delivered opening remarks at the Regional and Community Banking Conference in New York. During her speech, Bowman acknowledged the recent challenges that have impacted the U.S. banking system. She pointed out that recent events, including the pandemic, a rapid rise in inflation and interest rates, market uncertainties, and bank failures, have brought traditional risks, such as liquidity and interest rate risks, to the forefront, while other risks, like cybersecurity and third-party risks, “continue to evolve and pose new challenges.”
Bowman emphasized the importance of banks having robust risk management frameworks to identify and control both existing and emerging risks. She also stressed the need for banks to innovate responsibly and adapt their risk management as new products and services are introduced, while cautioning that regulators must balance supervision and regulation so as not to stifle responsible innovation. In light of the recent bank failures, Bowman also underscored the need for banks to have of contingency funding plans in place, which may include borrowing from the Federal Home Loan Banks or the Fed’s discount window. While regulators can encourage banks to maintain and test these plans, she noted that they should not overstep their role and interfere with management decisions.
Highlighting that these evolving risks can be exacerbated by inadequate bank supervision and acknowledging the need for a review and potential adjustments in supervision following the recent bank failures, Bowman stressed that supervision should remain commensurate to a bank’s size, complexity, and risk profile, and should focus on core and emerging risks so as not to impair the long-term viability of the banking system, including mid-sized and smaller banks.
Republican House Financial Services Committee members seek clarity on 1071 rule implementation timeline
On April 18, Republican members of the House Financial Services Committee sent a letter to CFPB Director Rohit Chopra to express concern over the lack of clarity regarding the implementation timeline of the CFPB’s small business data collection rule, referenced as the 1071 Rule. As previously covered by InfoBytes, in October of last year, a Texas District Court issued a preliminary injunction that required the CFPB to halt implementation of the 1071 Rule, and directed the Bureau to extend the rule’s compliance deadline “to compensate for the period stayed.” In the letter, republican lawmakers stress that the CFPB has been “reluctant” to confirm whether it will comply with the court order, which has led to confusion among regulated financial institutions regarding compliance timeframe with the 1071 Rule. The letter also highlights that some prudential regulators are reportedly advising institutions to prepare for compliance by October 1, despite the court order. Accordingly, Republican members urge the CFPB to provide clear guidance affirming compliance with the court order and extending deadlines accordingly, including with respect to the rule’s transition period for data collection and reporting requirements.