Thursday, January 18, 2018

CFPB to investigate itself on function fulfillment

By Katalina M. Bianco, J.D.

The Consumer Financial Protection Bureau is planning a series of requests for information that are intended to provide evidence on how well the Bureau is doing its job. The RFIs will ask for comments on the CFPB’s "enforcement, supervision, rulemaking, market monitoring, and education activities," Acting Director Mick Mulvaney said.

The first RFI will focus on civil investigative demands—demands for information from companies that the Bureau uses as part of investigations into specific industries, companies, and practices, as well as into how those practices affect consumers. Several U.S. district court judges have refused to enforce Bureau CIDs in the past year because the demands did not adequately describe what conduct was under investigation or what consumer financial protection laws might have been implicated.

According to Mulvaney, "In this New Year, and under new leadership, it is natural for the Bureau to critically examine its policies and practices to ensure they align with the Bureau’s statutory mandate. Moving forward, the Bureau will consistently seek out constructive feedback and welcome ideas for improvement."

For more information about the CFPB and Acting Director Mulvaney, subscribe to the Banking and Finance Law Daily.

Wednesday, January 17, 2018

Financial Services Committee’s staff director to become CFPB’s chief of staff


By Thomas G. Wolfe, J.D.

The House Financial Services Committee’s staff director, Kirsten Sutton Mork, is leaving the committee to serve as chief of staff for the Consumer Financial Protection Bureau, according to a January 2018, announcement by Committee Chairman Jeb Hensarling (R-Texas). Hensarling also took the opportunity to announce that Shannon McGahn would replace Mork as the Financial Services Committee’s staff director after Mork departs for the CFPB in the near future.

Commending Mork for her leadership, character, and “commitment to conservative principles” in her committee role, Hensarling expressed his confidence that Mork “will do an outstanding job as Chief of Staff for the CFPB and be a tireless advocate for American consumers.” Likewise, noting that McGahn had been a staff director for the committee in the past, Hensarling welcomed McGahn back, stating that McGahn will be “invaluable this year as we work to put forth bold solutions to reform our broken housing finance system and continue our efforts to pass legislation that promotes a healthy economy that is working for all working Americans.”

Concerns of Allied Progress. Meanwhile, in a Jan. 5, 2018, release, Karl Frisch, Executive Director of Allied Progress, which refers to itself as a “consumer watchdog organization,” expressed his concern about Mork becoming the Bureau’s chief of staff. “Kirsten Sutton Mork has spent much of her career looking out for the interests of big banks and Wall Street heavy hitters—she’ll be no different at the CFPB. She simply can’t be trusted to protect consumers from these extremely powerful special interests,” Frisch remarked.

For more information about key personnel in supervisory, regulatory, or enforcement positions affecting the financial services industry, subscribe to the Banking and Finance Law Daily.

Thursday, January 11, 2018

Fed considering new large institution risk management guidance

By Andrew A. Turner, J.D.
 
The Federal Reserve Board is asking for comments on proposed supervisory guidance that would outline its risk management expectations for larger banks and holding companies—generally, those with $50 billion or more in U.S. assets, the subsidiaries of such companies, and designated systemically important financial institutions. The guidance, which would be part of a new large institution rating system, would outline expectations for:
  • senior management;
  • business line management; and
  • independent risk management and controls.
The core principles include ensuring that the firm manages its risk in a way that is prudent and consistent with its business strategy and risk management capabilities. The guidance is intended to consolidate and clarify the Fed’s existing supervisory expectations regarding risk management, and is part of a broader initiative to develop a new rating system for large financial institutions that will align with the post-crisis supervisory program. Comments are due by March 15, 2018.
 
The Fed’s previously issued corporate governance proposal looks to enhance the effectiveness of boards of directors by refocusing supervisory expectations for the largest firms’ boards on their core responsibilities to promote the safety and soundness of the firms. The Fed’s earlier ratings proposal, also issued in August 2017, is aimed at better alignment of the Fed's rating system for large financial institutions with the post-crisis supervisory program for these firms.
 
Questions for comments. The Fed invited comment on the following questions on the proposal.
  1. What considerations beyond those outlined in this proposal should be considered in the Federal Reserve’s assessment of whether a large financial institution has sound governance and controls such that the firm has sufficient financial and operational strength and resilience to maintain safe and sound operations?
  2. How could the roles and responsibilities between the board of directors set forth in the proposed board effectiveness guidance, and between the senior management, business line management, and independent risk management be clarified?
  3. What, if any, aspects of the structure and coverage of independent risk management and controls should be addressed more specifically by the guidance?
  4. The proposal tailors expectations for foreign business organizations, recognizing that the U.S. operations are part of a larger organization. How could this tailoring be improved?
  5. In what ways, if any, does the guidance diverge from industry practice? How could the guidance better reflect industry practice while facilitating effective risk management and controls? Are there any existing standards for internal control frameworks to which the guidance should follow more closely?
  6. Other supervisory communications have used the term “risk appetite” instead of risk tolerance. Are the terms “risk appetite” and “risk tolerance” used interchangeably within the industry, and what confusion, if any, is created by the terminology used in this guidance?
  7. The proposal would adopt different terminology than is used in the proposed large financial institution rating system, and the Board expects to align the terminology so the element in the governance and controls component would change from “management of core business lines” to “management of business lines.” Does this proposal clearly explain this expected change? Do commenters anticipate any impact from this change?
The guidance would only apply to large financial institutions, such as domestic bank holding companies and savings and loan holding companies with $50 billion or more in total consolidated assets, as well as the intermediate holding companies of foreign banking organizations operating in the United States, and nonbank financial companies designated by the Financial Stability Oversight Council for supervision by the Board.
 
For more information about risk management for financial institutions, subscribe to the Banking and Finance Law Daily.

Wednesday, January 10, 2018

Data breach protection bill demands more from credit reporting agencies

By J. Preston Carter, J.D., LL.M.

Legislation introduced by Sens. Elizabeth Warren (D-Mass) and Mark Warner (D-Va) is intended to hold large credit reporting agencies accountable for data breaches involving consumer data. Warren stated that the bill “imposes massive and mandatory penalties for data breaches at companies like Equifax—and provides robust compensation for affected consumers—which will put money back into peoples' pockets and help stop these kinds of breaches from happening again.”

The DataBreach Prevention and Compensation Act would give the Federal Trade Commission more direct supervisory authority over data security at credit reporting agencies (CRAs), impose mandatory penalties on CRAs to incentivize adequate protection of consumer data, and provide robust compensation to consumers for stolen data. Warner said, “if companies like Equifax can’t properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn't be collecting it in the first place.”

In September 2017, Equifax made public a data breach which compromised the personal information of as many as 143 million Americans. The attack highlighted that CRAs hold vast amounts of data on millions of Americans but lack adequate safeguards against hackers, according to Warren. She stated that, under this legislation, Equifax would have had to pay at least a $1.5 billion penalty “for their failure to protect Americans’ personal information.”

According to a FactSheet distributed by Warren and Warner, the Data Breach Prevention and Compensation Act would:
  •  establish an Office of Cybersecurity at the FTC tasked with annual inspections and supervision of cybersecurity at CRAs;
  • impose mandatory, strict liability penalties for breaches of consumer data beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information compromised and another $50 for each additional compromise per consumer;
  • require the FTC to use 50 percent of its penalty to compensate consumers and increase penalties in cases of inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach; and
  •  double the automatic per-consumer penalties and increase the maximum penalty to 75 percent of the CRA’s gross revenue in cases where the offending CRA fails to comply with the FTC’s data security standards or fails to timely notify the agency of a breach.
For more information about data security in the financial industry, subscribe to the Banking and Finance Law Daily.

Tuesday, January 9, 2018

Government, credit union memos outline positions in Mulvaney appointment challenge

By Richard A. Roth, J.D.

Memoranda by the Justice Department and a federal credit union are the opening moves in the credit union’s effort to block President Donald Trump’s appointment of Mick Mulvaney as the Consumer Financial Protection Bureau’s acting director. Responding to a complaint and request for a preliminary injunction filed by Lower East Side People’s Federal Credit Union, the DOJ is asserting the financial institution does not have standing to sue and has failed to satisfy any of the requirements for the injunction. The credit union’s reply brief in Lower East Side People's Federal Credit Union v. Trump offers counter-arguments.

Lower East Side’s complaint alleges that, due to conflicting claims of authority raised by Mulvaney and CFPB Deputy Director Leandra English, the institution does not know who is in charge and cannot decide whose directions to follow. The Trump administration relies on the Federal Vacancies Reform Act to authorize Mulvaney’s appointment, but the Dodd-Frank Act automatically made English the acting director when Richard Cordray resigned the directorship, Lower East Side asserts.

DOJ’s motion to dismiss the complaint and supporting brief raise three attacks:
  1. Lower East Side does not have standing to sue because it does not have “a cognizable personal stake” in the appointment controversy.
  2. The credit union is not likely to succeed on the merits of its suit because the Mulvaney appointment is legal.
  3. A preliminary injunction is inappropriate because Lower East Side will not suffer any irreparable harm from the appointment and the public interest and equities are not in its favor.
Standing to sue. For Lower East side to establish federal court jurisdiction, it must demonstrate that it has standing to sue Trump and Mulvaney—essentially, that it has suffered an injury in fact, that the injury is fairly traceable to the appointment, and that the court can provide a remedy by ruling in the credit union’s favor. According to DOJ, the credit union attempts to establish all of that merely by saying that it is regulated by the CFPB, and that claim alone is insufficient.

More specifically, the credit union does not claim the CFPB has taken any action against it that could cause it any harm, DOJ argues. Simply being a regulated financial institution is not enough. “Accordingly, injury, causation, and redressability are all lacking.”

Since Lower East Side is regulated by the CFPB, it has standing to sue, the institution replies—its regulated-entity status is enough. If more is needed, a recent CFPB action that will “neuter” mortgage disclosure rules has enough effect on the credit union to create standing.

Appointment legality. As far as the conflict between the Federal Vacancies Reform Act, which allows the president to fill vacancies temporarily by appointment, and the Dodd-Frank Act, which says the CFPB deputy director automatically becomes acting director when the director is unavailable, the FVRA is what matters, DOJ asserts. The FVRA on its face applies to the CFPB, and none of the FVRA exceptions are relevant.

The Dodd-Frank Act provision might authorize the Bureau’s deputy director to step in, DOJ continues, but that provision is not the exclusive way to fill the job. It does not supersede the FVRA provision.

“Shall still means shall,” the credit union replies. The Dodd-Frank Act says the deputy director “shall . . . serve as acting Director in the absence or unavailability of the Director,” and that clear direction resolves the dispute. To the extent that a conflict between the two laws might exist, the later-passed Dodd-Frank Act would supersede the FVRA.

Injunctive relief hurdles. Lower East Side also fails to clear the hurdles that apply to all requests for injunctive relief, according to DOJ. The credit union is not threatened by any irreparable harm, and neither the public interest nor the balance of the equities between the government and the credit union support blocking the Mulvaney appointment.

A violation of the U.S. Constitution’s Appointments Clause, which the financial institution claims has occurred, is not alone sufficient to constitute an irreparable harm, DOJ asserts. In fact, Lower East Side cannot point to any harm, let alone an irreparable harm.

The government typically has broad discretion in managing its own operations, the DOJ continues. The potential for disruption that would be caused by an injunction must be given significant weight. Interfering with the CFPB’s operations would be disruptive, and an order compelling the President to withdraw his appointment “would be an extraordinary intrusion into core Executive Branch operations.”

Injunctions have been issued against other Presidents, the credit union says, and there is no reason not to issue a preliminary injunction in this case. A violation of the Appointments Clause is a violation of the institution’s constitutional rights, and that always constitutes an irreparable harm. The same is true for regulation by a director who has no authority.

More specifically, Lower East Side says that part of its mission is “promoting economic justice and serving financially underserved communities.” Recent CFPB actions under Mulvaney that reduce the effectiveness of the Home Mortgage Disclosure Act and the rules on prepaid debit cards interfere with the credit union’s ability to accomplish its mission, and that also is an irreparable harm.

As for the effect that a preliminary injunction might have on the CFPB’s ability to conduct its own business, Lower East Side asserts that “This claim is hard to take seriously, from a defendant who by his own admission wants to eviscerate the Bureau. The only people interfering with the Bureau’s execution of the nation’s consumer protection laws are Donald Trump and Michael Mulvaney . . .”

In a subsequent reply, DOJ argues that the credit union cannot rely on the HMDA statement to show an injury. That statement was issued after the suit was filed and so cannot create standing at the time of filing, the reply points out. Even if the timing of the statement were disregarded, Lower East Side “misunderstands the agency’s statement, offers an impermissibly speculative and attenuated theory of injury, and cannot establish standing based on how the CFPB exercises its enforcement discretion against third parties,” the government explains.

Quo warranto statute. The DOJ's later reply also claims that the federal quo warranto statute is the only avenue open to someone who wishes to challenge another’s authority to carry out the duties of a federal office. Quo warranto—meaning “by what authority”—applies only when the challenger claims a personal interest in the office, and the credit union raises no such claim, the government says.

Lower East Side should be required to wait until the CFPB has taken some action that actually causes it an injury and then raise a collateral attack on Mulvaney’s authority, according to the DOJ.

For more information about the structure of the CFPB, subscribe to the Banking and Finance Law Daily.

Monday, January 8, 2018

California’s credit card surcharge law unconstitutionally restricts commercial speech

By Charles A. Menke, J.D.

California businesses may charge customers a fee for using a credit card, the U.S. Court of Appeals for the Ninth Circuit has ruled. The Court held that a California law (Cal. Civ. Code §1748.1) restricting surcharges on credit cards was unconstitutional as applied to the plaintiffs because it restricted the plaintiffs’ non-misleading commercial speech. In addition, the restriction did not directly advance the state’s asserted interest in preventing consumer deception, nor was it narrowly drawn to achieve that interest. The court affirmed the entry of a summary judgment in favor of five California businesses and their respective owners in an action brought against the California Attorney General in her official capacity (Italian Colors Restaurant v. Becerra, Jan. 3, 2018, Vance, S.).

Lower court. The five California businesses—a restaurant, gas station, dry cleaners, transmission repair business, and web design company—and their respective owners filed an action in federal court against the California Attorney General. The merchants alleged that California Civil Code provision violated the First Amendment to the U.S. Constitution as an unlawful restriction on commercial speech because the statute regulates how retailers can describe the price difference between cash and credit purchases. The businesses also contended that since a statute must clearly delineate the conduct it proscribes, in keeping with principles of due process, the California provision was unconstitutionally vague.

The district court agreed determining, among other things, that: (i) the California provision singled out “a specific class of speakers,” and involved a “content-based restriction”; (ii) as a restriction on commercial speech, the statute was subject to the “intermediate scrutiny” test and did not pass that test; and (iii) if the statute’s purported purpose was to prevent deception and “unfair surprise” to consumers at the cash register, then “a law mandating disclosure of surcharges would be the most direct way to prevent consumer deception” and would also “prevent any encroachment on the freedom of speech.” 

Standing. On appeal, the Ninth Circuit first determined that the businesses had standing to sue. The court found that the businesses modified their speech and behavior based on a credible threat that the California Civil Code provision would be enforced against them.

Regulation of commercial speech. The court next found that the California Civil Code provision regulates commercial speech. In making that determination, the court relied on the U.S. Supreme Court’s decision in Expressions Hair Design v. Schneiderman in which the Court decided that New York’s no-surcharge law "regulates speech" under the First Amendment to the U.S. Constitution. Section 1748.1 of the California Civil Code regulates commercial speech since it prohibits the businesses from expressing their prices by posting a single sticker price and charging an extra fee for credit card use, the court said.

Intermediate scrutiny.
Restrictions on commercial speech must survive intermediate scrutiny, the court stated. “If the speech ‘is neither misleading nor related to unlawful activity,’ then ‘[t]he State must assert a substantial interest to be achieved by’ the regulation.” Moreover, “[t]he regulation must directly advance the asserted interest, and must not be ‘more extensive than is necessary to serve that interest.’”

Lawful activity. The businesses’ activity—charging credit card users more than cash users—is not unlawful, the court determined, as the California Civil Code provision permits cash discounts. In addition, since they can already charge credit card customers more than cash customers, their desire to communicate the difference in the form of a surcharge rather than a discount is not misleading.

State interest. Enforcing section 1748.1 of the California Civil Code against the businesses does not directly advance California’s asserted interest in preventing consumer deception, the court further found. “[T]he Attorney General must do more than merely identify a state interest served by the statute … [and] has pointed to no evidence that surcharges posed economic dangers that were in fact real before the enactment of Section 1748.1, or that Section 1748.1 actually alleviates these harms to a material degree.”

The California Civil Code provision also prevents businesses from effectively communicating and informing consumers about the cost of using a credit card and why credit card customers are charged more than customers paying with cash, according to the court. “We fail to see how a law that keeps truthful price information from customers increases the accuracy of information in the marketplace,” the court said

Overly restrictive. “There is no reasonable fit between the broad scope of Section 1748.1—covering even plaintiffs’ non-misleading speech—and the asserted state interest.” According to the court, California could employ other, more narrowly tailored, means to prevent consumer deception, such as simply banning deceptive or misleading surcharges, or requiring businesses to disclose their surcharges both before and at the point of sale.

The court also noted that the many exemptions carved into the California Civil Code provision, including broad exemptions for the state and municipalities, undermine the state’s asserted interest in preventing consumer deception as justification for the provision. “That California exempted itself and its subdivisions from the asserted free market protections of Section 1748.1 suggests that this justification is thin,” the court said.

For more information about state banking laws, subscribe to the Banking and Finance Law Daily.

Thursday, January 4, 2018

PHH Corp. settles state charges over mortgage servicing, foreclosures

By Katalina M. Bianco, J.D.

New Jersey-based PHH Mortgage Corporation has agreed to pay up to $45 million to settle charges arising from the company’s mortgage servicing and mortgage foreclosure practices between 2009 and 2012. The settlement calls for the payment of more than $30 million to homeowners, some of whom lost their homes in foreclosure, $5 million to 12 state attorneys general whose offices led the investigation and the settlement, and nearly $9 million to state mortgage regulators. The consent judgment addresses charges by 49 states and the District of Columbia, and by 45 state mortgage regulatory agencies. New Hampshire is the only state that did not participate.

The complaint the attorneys general will file to complete the settlement alleges a litany of servicing violations by the company. These include that PHH Corp:

  • failed to apply homeowners’ payments properly;
  • charged unauthorized default-related fees;
  • threatened foreclosures and gave conflicting information to homeowners who were in loss mitigation programs;
  • failed to respond to homeowners’ information or aid requests;
  • did not properly handle loss mitigation applications, including not keeping track of documents submitted by homeowners;
  • did not keep complete loan servicing files;
  • commenced foreclosures without having documentation that proved the company had the right to do so;
  • did not adequately supervise third parties it used in the foreclosure process;
  • filed documents with inaccurate or incomplete information; and
  • used "robosigned" documents.
While the company is settling the charges, it has not admitted any wrong doing.
The consent judgment establishes mortgage servicing standards and requires third-party audits. Homeowners who lost their homes to foreclosure will be paid at least $840, while those who faced foreclosures but did not lose their homes will receive at least $285. The consent judgment has a three-year term, and it is not binding on anyone who acquires PHH Corp. or the company’s assets.
 
For more information about PHH Mortgage Corporation and other mortgage-related actions, subscribe to the Banking and Finance Law Daily.