Your monthly compliance news roundup
- OCC Begins Offering Special-Purpose Bank Charters to Fintech Companies
- U.S. Department of the Treasury Issues Report on Non-bank Financials, Fintech, and Innovation
- The Sanctions Landscape Becomes More Complicated
- NY DFS Calls for Increased Regulation of Online Lending
- Agencies Issue Statements on Implementing S. 2155’s HMDA Reporting Exemptions
- Bureau Settles with Global Financial Institution over Failure to Comply with Regulation Z
On July 31, 2018, the Office of the Comptroller of the Currency (OCC) announced it would immediately begin accepting applications for special-purpose national bank charters from financial technology (fintech) companies. Under the National Bank Act, the OCC has the authority to grant national bank charters and supervise special-purpose banks. Accordingly, the OCC can grant special-purpose bank charters to companies that engage in the “business of banking,” which includes any of the three core banking functions of receiving deposits, paying checks or lending money.
Prior to this announcement, the OCC generally limited special-purpose charters to national banks that conduct trust or credit card activities. In December 2016, the OCC announced its plans to consider the special-purpose charter for fintech companies and opened the topic up for public comments. The public comments received from fintech companies were largely positive; however, the proposal was met with significant opposition from state regulators and traditional financial institutions. Specifically, many state regulators commented that the new charters would create an uneven regulatory playing field and open banking to companies that engage in riskier lending, such as offering payday and other high-cost loans to consumers. In addition, some state regulators alleged in court filings that the OCC’s plan to grant national charters exceeded its statutory authority. Federal judges have dismissed the lawsuits to date, but more are expected following the OCC’s announcement.
Concurrently with the announcement, the OCC issued a Comptroller’s Licensing Manual Supplement (“supplement”) that outlines the process for considering applications for the special-purpose charter and clarifies the OCC’s expectations of applicants. The supplement also details the supervisory process for newly chartered special-purpose banks. Companies that are granted a special-purpose charter must engage in one of the core banking functions of paying checks or lending money; however, if the institution accepts deposits it cannot apply for a special-purpose charter and must apply instead for a full-service national bank charter. All special-purpose banks are required to meet the same standards for safety and soundness and fairness as federally chartered banks; however, the standards will be tailored to account for differences in business models, risks, complexities and size. Similar to nationally chartered banks, special-purpose banks will be required to submit acceptable contingency plans that document a plan to deal with financial stress. They will also be expected to demonstrate a commitment to financial inclusion.
While the new charter presents an opportunity to simplify the regulatory oversight framework for fintech companies, there is much to be considered prior to filing an application. Specifically, the OCC notes that it will evaluate the institution’s business plan in assessing safety and soundness and that particular attention will be given to the institution’s capital and liquidity plans. Fintech companies should fully review their strategic plans, the OCC’s application requirements and the licensing manual supplement to determine if seeking a special-purpose charter is the best course of action for their business models. In addition, fintech companies should consider the heightened regulatory scrutiny that will likely be faced if the application is approved. Lastly, institutions should review the report recently released by the U.S. Department of the Treasury (and discussed below) to help gain further insight into the current administration’s core principles for the regulation of the U.S. financial system, including regulation of fintech companies.
U.S. Department of the Treasury Issues Report on Improvements to the Regulatory Framework for Nonbank Financial Companies
On July 31, 2018, the U.S. Department of the Treasury (the Treasury) released a report of recommendations following its review of the regulatory framework for nonbank financial institutions, financial technology and innovation. The July issuance is the fourth in a series of reports published in response to Executive Order 13772 (issued February 2017), which called upon the Treasury to evaluate laws, regulations and other government policies for consistency with a set of core principles defined by the presidential administration in the regulation of the U.S. financial system.
In its report, the Treasury proposes more than 80 recommendations that it identifies as opportunities to improve the regulatory environment and spur innovation in the financial services industry while maintaining the consumer and investor protections required to safeguard the U.S. financial system. The Treasury’s key findings and recommendations, while varied, include the following:
- Protecting and improving consumer access to data in the digital age, including a recommendation to Congress to consider the implementation of federal data security breach notification laws.
- Promoting federal regulation that supports the development of competitive technologies, such as machine learning, artificial intelligence or the advent of a digital legal identity.
- Aligning the federal and state regulatory frameworks to implement more uniform requirements of financial services companies subject to oversight by multiple state and federal agencies and adapt to new business models and products resulting from financial technology and innovation. The report specifically recommends that the OCC further develop its special-purpose national bank charter to reduce regulatory fragmentation and promote new business models.
- Revising specific legal and regulatory requirements that inhibit innovation or the advent of new technologies, business models and platforms, such as certain requirements applicable to marketplace lending, student lending, debt collection, credit models and digital financial planning.
- Employing regulatory approaches that promote experimentation in the financial sector and improve regulatory agility. The Treasury suggests in its report working with state and federal regulators to create regulatory “sandboxes” to serve as safe haven testing grounds for innovation and provide regulatory relief to fintech startup companies.
While it remains to be seen if and how state and federal regulators will address each of the recommendations in the Treasury’s final report, the nature and significance of the recommendations open the door to further regulatory reform and potential relief to nonbank financial institutions. Financial institutions should monitor closely the positions of their state and federal regulatory agencies and consider evaluating the impact of the Treasury’s recommendations to their respective compliance risk assessments and appetite.
With the U.S.’s decision to break ranks with its global partners and withdraw from the Iran nuclear deal, known as the Joint Comprehensive Plan of Action (JCPOA), the Office of Foreign Assets Control (OFAC) is re-imposing sanctions on Iran. These sanctions, which are included in an August 6, 2018 Executive Order (EO), broaden the scope of restrictions included in prior EOs. These are “secondary sanctions” that apply extraterritorially to businesses outside of the U.S. that engage in business with or in Iran and will be particularly impactful for businesses that also have or are seeking to have a U.S. presence and/or deal with U.S. companies.
OFAC has issued an FAQ relating to the new Iran EO which also amends existing FAQs due to changes/revocations in prior EOs. The FAQs, among other things, explain that there are two “wind-down” deadlines associated with the new EO – August 7, 2018, and November 4, 2018 – for U.S. and non-U.S. businesses to stop conducting potentially sanctionable activity with Iran. These wind-downs are essentially grace periods provided to companies that had opted to do business with Iran after the JCPOA was agreed in 2015 to terminate their Iranian operations or risk non-compliance.
The sanctions effective August 7, 2018, target the direct or indirect sale, supply or transfer to/from Iran of graphite and raw or semi-finished metals; Iran’s trade in gold and precious metals; transactions related to the purchase or sale of Iranian rials and rial currency contracts and the maintenance of rial funds or accounts outside of Iran; and the manufacturing activities of Iran’s automotive sector. The sanctions, effective on November 4, 2018, focus on Iran’s shipping; energy and petroleum and petrochemical sectors; and, transactions by foreign financial institutions with the Central Bank of Iran. The re-imposed sanctions also revoke certain general licenses that had been previously granted.
Coupled with existing sanctions, the new/re-imposed sanctions impact the Iranian economy broadly, affecting business transactions ranging from the import of airplanes; the export of caviar, carpets and pistachios; and the manufacturing of cars. Commenting on the sanctions, President Trump tweeted, “Anyone doing business with Iran will NOT be doing business with the United States.” Supporting this claim, there is a menu of 12 possible types of sanctions that may be imposed on a foreign business that transacts with Iran. These range from restricting access for the sanctioned entity to the U.S. financial system, to prohibitions on investing in a sanctioned entity, to restrictions on imports from the sanctioned entity, to the exclusion from the U.S. of controlling officers or controlling shareholders of a sanctioned entity.
On August 6, 2018, the European Union published a joint statement with France, Germany and the United Kingdom concerning the United States’ re-imposition of sanctions against Iran. The statement claims that the JCPOA is working and that the prior easing of sanctions was an integral part of the deal. It also states the EU’s intent to protect European companies that engage in legitimate business with Iran in accordance with EU law and UN Security Council resolution 2231, potentially putting the United States and its European allies on a collision course and leaving European companies between a rock and a hard place with the possible choice of complying with U.S. law or EU law. As a practical matter, however, it seems unlikely that most major European companies would be willing to risk the potential penalties of noncompliance with the U.S. requirements and will opt, therefore, to cease doing business with Iran.
The Iranian sanctions, taken in total, are extremely complex and require careful study and interpretation by compliance professionals and legal counsel. In addition to routine screening, U.S. financial institutions should perform adequate due diligence to ensure that they are not processing any transactions subject to the secondary sanctions restrictions. This will require understanding whether any of their customers have any business dealings with Iran that are restricted now or will be restricted in December 2018.
On July 11, 2018, the New York Department of Financial Services (DFS) released its report on online lending, in which it analyzed and offered recommendations to state lawmakers regarding online lending practices following a survey of industry participants. The report is the product of state legislation passed in 2017, which required the DFS to conduct a study of online lending in the state of New York and submit a report of its findings. To facilitate the study, the DFS issued a survey to online lenders and received responses from 35 lenders reporting a total of 352,171 online loans to New York customers in the amount of $2.98 billion.
Among the principal observations noted in this report, the DFS notes a lack of oversight in online lending and inconsistent standards for bank and nonbank lenders. In addition, the DFS raises concern that certain online lenders may attempt to evade the state of New York’s consumer protection laws and usury limits by partnering with out-of-state or federally chartered banks, which are not subject to DFS oversight. In its survey, the DFS observed that the interest rates for online loans often exceeded New York state usury limits, with online lenders reporting maximum annual percentage rates as high as 25 percent for consumer loans and 62 percent for business loans.
While New York’s strict usury limits apply to non-depository lenders, federal laws permit nationally chartered banks and state-chartered insured depository institutions to charge the interest rate allowed by the state in which they are located and to import that rate into other states. Accordingly, some online lenders have circumvented New York’s usury limits by partnering with banks to import interest rates from less restrictive states. The banks in these arrangements often have little involvement in loan origination, while the online lender engages in activities such as marketing, solicitation, processing applications, dealing directly with borrowers, purchasing loans, servicing loans or selling loans to investors. In such cases, the DFS argues that the online lender, and not the partner bank, is the “true lender” and therefore subject to New York state usury limits and DFS licensing and oversight.
In its report, the DFS maintains that all New York borrowers should receive the benefit of the state’s consumer protection laws and usury limits regardless of the lending entity and that supervisory oversight is necessary to ensure consistent standards across the market. Accordingly, the DFS recommends that state lawmakers:
- Apply and enforce consumer protection laws (e.g., those relating to transparency in pricing, fair lending, fair debt collection and data protection) equally to all consumer lending and small business lending activities, regardless of the delivery channel.
- Apply and enforce state usury limits consistently to all lenders operating in New York to achieve a level playing field for all market participants.
- Expand state licensing and supervision requirements for online lenders that are not currently subject to supervisory oversight.
These recommendations continue the trend of state agencies amplifying consumer protection efforts in response to scaled-back regulatory and enforcement action at the federal level. The state of New York remains at the forefront of various consumer protection initiatives and is likely to incorporate these recommendations into further legislation.
Institutions offering online lending products or partnering with online lenders should be aware of potential changes to state licensing requirements. In accordance with the proposed recommendations, the state of New York may increase licensing requirements for entities engaging in online lending, resulting in expanded DFS supervisory authority. Institutions subject to DFS supervisory authority should expect and prepare for the examination of compliance with usury limits and evaluations of their underwriting standards, loan review policies, and compliance with consumer protection requirements related to disclosures, fair lending, and fair debt collection.
On May 24, 2018, President Trump signed into law the Economic Growth, Regulatory Relief, and Consumer Protection Act, which amends the Home Mortgage Disclosure Act (HMDA) and provides partial data exemptions for certain insured depository institutions and credit unions. These amendments followed recent changes to HMDA data collection, recording and reporting requirements which became effective in January 2018.
In July 2018, the Bureau of Consumer Financial Protection (BCFP or “Bureau”), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Board of Governors of the Federal Reserve System (Federal Reserve) and National Credit Union Administration (NCUA) each issued a statement regarding these changes to clarify the institutions and data points eligible for partial exemption. The partial exemptions are applicable to:
- Qualifying institutions that have originated fewer than 500 closed-end mortgage loans in each of the two preceding years; and
- Qualifying institutions that have originated fewer than 500 open-end lines of credit in each of the two preceding years.
The partial exemptions are not available to depository institutions that have received a rating of “Needs to Improve” in either of their past two Community Reinvestment Act Performance Evaluations (CRA PE) or to those institutions that have received a rating of “substantial noncompliance” on their most recent CRA PE.
The data fields to which the exemptions apply include, but are not limited to, information related to loan pricing and terms, credit scores, and collateral value.
All five agencies stated that the aforementioned exemption will not affect the format of the loan application register (LAR), which is to be formatted according to the previously released 2018 filing instructions guide. An exemption code will be used for any fields for which the institution has an exemption. Further guidance regarding these changes is expected from the BCFP by the end of summer 2018.
In addition, all five regulators referenced in their previous individual announcements that their intent regarding the 2018 data to be reported in 2019 is to give credit for good-faith compliance efforts to all institutions that they regulate, not to require resubmission unless data errors are material, and not to assess penalties for errors. Instead, the regulators expressed their hope that financial institutions will use examinations of the 2018 data as a diagnostic means to identify compliance weaknesses and use the collection and submission of data as an opportunity to identify gaps in their implementation of the changes and make improvements to their compliance management systems.
Those institutions that qualify for the newly published exemptions should proactively identify the HMDA reporting processes, procedures and systems that may be impacted by these changes in anticipation of further guidance from the BCFP.
BCFP Settles With Global Financial Institution Over Failure to Reevaluate and Reduce Rates for Consumer Credit Card Accounts
In June 2018, the BCFP settled with a large, multinational financial institution regarding its failure to reevaluate and reduce the annual percentage rate (APR) for consumer credit card accounts in accordance with requirements of the Truth in Lending Act (TILA) and its implementing Regulation Z. According to the consent order, the card issuer did not implement re-evaluation requirements timely, employed deficient APR reevaluation methodologies, and failed to establish reasonable policies and procedures to comply with the regulation. The consent order requires the institution to establish policies and practices consistent with regulatory requirements and to pay $335 million in restitution to consumers.
In May 2009, Congress passed the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act), which amended the Truth in Lending Act to require the reevaluation of an APR following an APR increase. Regulation Z, which implements the reevaluation provision of the CARD Act and became effective August 22, 2010, requires a card issuer that increases an APR based on factors such as credit risk or market conditions to reevaluate the APR increase, at a minimum, every six months following a rate increase. If the card issuer determines that a decrease in APR is warranted, then such a decrease must occur no later than 45 days after the completion of the evaluation. Regulation Z also requires reasonable written policies and procedures by which to conduct these evaluations.
According to the consent order, the financial institution failed to implement reevaluations of increased APRs until February 2011, months following the effective date of the rule in August 2010. While deficiencies in its methodology were self-identified by the institution in subsequent years, the institution failed to take immediate action to correct them. Not until 2016, during a compliance review program of the line of business, did the card issuer recognize the full extent of the issues. The bank self-reported its findings to the BCFP in early 2017.
Under the BCFP’s “responsible business conduct” guidance, the Bureau considers numerous factors when considering enforcement actions, of which self-reporting and timely remediation are considered favorably. In this instance, the Bureau did not assess civil money penalties due to the institution’s actions to self-report these deficiencies and cooperate with the Bureau’s investigation.
It is important to note that this newsletter is provided for general information purposes only and is not intended to serve as legal analysis or advice. Companies should seek the advice of legal counsel or other appropriate advisers on specific questions and practices as they relate to their unique circumstances.