The Federal Reserve Board has issued a report, “Perspectives from Main Street: Stakeholder Feedback on Modernizing the Community Reinvestment Act,” that summarizes the feedback it received during a series of roundtable discussions on the current state of, and potential revisions to, the Community Reinvestment Act (CRA).

Last August, the OCC issued an advance notice of proposed rulemaking (ANPR) in which it invited public comment in an effort “to solicit ideas for building a new framework to transform or on ways to transform or modernize the regulations that implement the [CRA].’”  The ANPR followed the Treasury Department’s issuance of a memorandum in April 2018 that made recommendations for modernizing the CRA to reflect the significant organizational and technological change experienced by the U.S. banking industry since the CRA’s enactment.

The Fed, together with the OCC and FDIC, are the primary CRA regulators, and each agency has adopted regulations to implement the CRA.  In April 2019, American Banker reported that, according to comments made by officials from the three agencies, the agencies were ready to begin working on an interagency proposal to reform their CRA regulations and hoped to have a proposal ready by early 2020.

The Fed’s report indicates that, as one channel for obtaining “nuanced perspectives,” its staff read the nearly 1,500 comments that were submitted in response to the OCC’s ANPR.  As a second channel, the Fed hosted 29 roundtables around the country that were attended by over 400 bankers and community group members.

Participant feedback received at the roundtables included the following:

  • Assessment areas.  Many participants believed that assessment areas should be expanded and based on a combination of a bank’s lending activities, deposits, and/or market share, defined by both the bank’s physical and online presences.  Bankers and community group members both made the point that assessment area designations should reflect where there are community needs, with several participants suggesting that a bank should have flexibility to go beyond its defined assessment area to receive credit for activities in areas that are not currently being served and where the greatest needs exist.  Several participants recommended the creation of “CRA zones” in which any qualified activity by a bank would entitle the bank to CRA credit.
  • Evaluating performance.  While raising significant concerns about the use of a single metric approach, many participants were open to more quantitative assessments of CRA performance and supported the use of more data in evaluations. Some participants suggested that metrics should be based on a bank’s financial capacity, using factors such as tier 1 capital, deposits, or income, while others suggested that metrics could be based on the number of bank employees or the share of the bank’s overall CRA activities in a community.  A common theme, particularly among community group members, was that bank performance should be based on more than the number and dollar amount of CRA activities and should also consider the impact of a bank’s activities.  It was suggested that regulators develop a standard set of data-driven factors to outline community conditions and needs, which could help all stakeholders consistently assess a bank’s performance and, specifically, a bank’s responsiveness to identified needs.
  • Defining community development activities.  Bankers and community group members stressed the need for a clearer definition of what qualifies as an eligible community development activity and urged an expansion of the products and services eligible for CRA credit.  Some participants recommended that the CRA should better encourage banks to offer financial products and services aimed at helping customers improve their financial health by including educational assistance loans, payday loan alternatives, automobile loans, and individual development loans.  Community group members suggested that regulators should evaluate whether banks are providing affordable checking and savings accounts for low and moderate income consumers and not just access to credit and should penalize banks for offering products with high fees or other potentially harmful features.  Many bankers indicated that community development credit should be given for financing vital community services such as health clinics and police vehicles even if the activity does not meet the explicit purpose test or is not in a distressed or underserved non-metropolitan middle-income geography.

For some time the mortgage industry, without success, has asked the US Department of Housing and Urban Development to provide a clear answer to the question of whether Deferred Action for Childhood Arrival (DACA) recipients are eligible for FHA loans.  HUD finally provided a clear answer in responding to an inquiry from Representative Pete Aguilar (D-CA): “DACA recipients remain ineligible for FHA loans.”

HUD policy, currently reflected in HUD Handbook 4000.1, provides that “[n]on-U.S. citizens without lawful residency in the U.S. are not eligible for FHA-insured Mortgages.”  In its letter to Representative Aguilar, HUD addresses the legal status of DACA recipients by referencing statements made by the Department of Homeland Security Secretary when DACA was established:

“In establishing DACA on June 15, 2012, Janet Napolitano, then the Secretary of Homeland Security, made clear that DACA is merely an exercise of ‘prosecutorial discretion’ and ‘confers no substantive right, immigration status or pathway to citizenship.’ Secretary Napolitano further stated that ‘[o]nly Congress, acting through its legislative authority, can confer these rights.’”

We will have to see if HUD’s reliance on the status of DACA recipients to advise that they are not eligible to receive FHA loans prompts Congress to address their immigration status.

In this podcast, we discuss the opportunities and challenges created by the use of AI models in consumer financial services, including the benefits of explainable AI and its implications for the consumer financial services industry, especially for applications where understanding the model’s reasons for returning a score or decision are necessary.

Click here to listen to the podcast.



To mark the first six months of Kathy Kraninger’s tenure as CFPB Director, the CFPB issued a press release providing highlights of the Bureau’s activities during that period.

The activities highlighted are those in the areas of consumer financial education, supervision, enforcement, and rulemaking.  The takeaway from the press release is that the Bureau continues to be very active under Director Kraninger’s leadership.  While the CFPB has reduced the number of investigations it is handling, it has not, as certain consumer advocates claim, abdicated its responsibility to enforce clear violations of the law that have harmed consumers.

In particular, we applaud Director Kraninger for the many CFPB financial education initiatives that are taking place under her leadership.  It has been our long-standing view that the CFPB’s initiatives to fulfill its Dodd-Frank mandates to improve the financial literacy of American consumers and protect older Americans from financial exploitation are deserving of industry support.


Democratic Senators Elizabeth Warren and Doug Jones have sent a letter to the CFPB, Federal Reserve, OCC, and FDIC expressing concern that fintech and traditional lenders using algorithms in their underwriting processes may be engaging in unlawful discrimination.  (Such algorithms are often referred to as “artificial intelligence.”)

In their letter, the Senators reference research results showing that “the algorithms used by FinTech lenders are as discriminatory as loan officers.”  They state that “the federal government will have to take action to ensure that antidiscrimination laws keep up with innovation.”

The Senators request answers by June 24 to a series of questions, including what the agencies are doing “to identify and combat lending discrimination by lenders who use algorithms for underwriting” and what analyses the agencies have conducted or plan to conduct regarding “the impact of FinTech companies or use of FinTech algorithms on minority borrowers, including differences in credit availability and pricing.”


Having announced in April 2018 that it would be holding a symposia series, the CFPB has now set a date for the first symposium of the series.  The first symposium, to be held on June 25, 2019, will focus on the Dodd-Frank Act’s prohibition of abusive acts or practices, specifically the meaning of abusiveness.  It will be webcast on the Bureau’s website.

The Dodd-Frank Act does not authorize state attorneys general to bring claims against national banks or federal savings associations to directly enforce Dodd-Frank’s UDAAP provisions.  However, under Section 1042(a)(2) of Dodd-Frank, a state attorney general can bring claims against national banks or federal savings associations “to enforce a regulation prescribed by the Bureau under a provision of [Title 10].”  Thus, this enforcement authority would presumably be triggered if the Bureau were to adopt a rule regarding what is an “abusive act or practice” under Section 1031 of Dodd-Frank.


The Federal Trade Commission (“FTC”) recently rescinded several Model Forms and Disclosures associated with the Fair Credit Reporting Act (“FCRA”), determining they are no longer necessary, given that the CFPB has issued its own model forms and disclosures.  The FTC forms that have been rescinded and the corresponding CFPB forms that now apply are as follows:

  • Rescinded FTC Form: Appendix A – Model Prescreen Opt-Out Notices | Corresponding CFPB Form: Appendix D to Part 1022 – Model Forms for Firm Offers of Credit or Insurance.
  • Rescinded FTC Form: Appendix D – Standardized Form for Requesting Annual File Disclosures | Corresponding CFPB Form: Appendix L to Part 1022 – Standardized Form for Requesting Annual File Disclosures.
  • Rescinded FTC Form: Appendix E – Summary of Identity Theft Rights | Corresponding CFPB Form: Appendix I to Part 1022 – Standardized Form for Requesting Annual File Disclosures.
  • Rescinded FTC Form: Appendix F – General Summary of Consumer Rights | Corresponding CFPB Form: Appendix K to Part 1022 – Standardized Form for Requesting Annual File Disclosures.
  • Rescinded FTC Form: Appendix G – Notice of Furnisher Responsibilities | Corresponding CFPB Form: Appendix M to Part 1022 – Standardized Form for Requesting Annual File Disclosures.
  • Rescinded FTC Form: Appendix H – Notice of User Responsibilities | Corresponding CFPB Form: Appendix N to Part 1022 – Standardized Form for Requesting Annual File Disclosures.

Furthermore, the FTC has re-designated Appendix B – Model Forms for Risk-Based Pricing and Credit Score Disclosure Exception Notices as appendix A, and Appendix C – Model Forms for Affiliate Marketing Opt-Out Notices as appendix B.

Covered entities, including motor vehicle dealers otherwise subject to the authority of the FTC, should now look to the corresponding forms issued by the CFPB to obtain the appropriate model forms and disclosures.

The FTC is also amending several FTC rules so that they refer to the applicable CFPB Model Forms and Disclosures.  These amendments address references to the forms and disclosures in the Risk-Based Pricing Rule (16 CFR part 640), and the Affiliate Marketing Rule (16 CFR part 680).

Utah Governor Gary Herbert signed H.B. 378, Regulatory Sandbox, into law on March 25, 2019.  This bill created the nation’s third regulatory sandbox program for fintechs, after Arizona, which enacted sandbox legislation in March 2018, and Wyoming, which enacted sandbox legislation in February of this year.

Regulatory sandboxes are laboratories for the development of innovative technologies in an environment that is free from onerous government restrictions.  The sponsor of Utah’s legislation, Rep. Marc Roberts, highlighted “the opportunity Utah’s Regulatory Sandbox will give fintech companies and entrepeneurs to test innovative business models and ideas in the marketplace, on a limited basis, without having to jump through the traditional regulatory hoops and licensing requirements which can often times be burdensome, costly and create barriers to entry.”

Utah’s regulatory sandbox, which is effective as of May 13, is similar in many respects to Arizona’s sandbox, which began accepting applications in August 2018 and now has six participants.  Utah’s sandbox allows participants to “temporarily test innovative financial products or services on a limited basis without otherwise being licensed or authorized to act under the laws of the state.”  The program will be administered by the Utah Department of Commerce (the Department).  Arizona’s program, in contrast, is administered by the Arizona Attorney General.

Similar to the Arizona sandbox law, eligible financial products and services under the Utah sandbox law include those that are “innovative” and either:

  • Require state licensure or registration; or
  • Involve a business model, delivery mechanism, or element that may require the applicant to be licensed or authorized to act as a financial institution or other entity regulated by the Utah Financial Institutions Act.

Both the Utah and Arizona laws similarly define “Innovative products” as products that use or incorporate new or emerging technology, or use existing technology in a new way to address a problem, provide a benefit, or provide a service not known to be in widespread use in the state.  Notably, Utah’s definition expressly includes blockchain technology.  While Arizona’s law does not specifically mention blockchain technology, the State’s AG has said “certain blockchain or cryptocurrencies products or services might also be eligible.”

Under the Utah law, applicants must have a physical location in Utah, and  must develop and perform all testing of the innovative product or service from that location.  Applicants must also agree to retain all records and data concerning the product or service at this location.  The requirement of a physical Utah presence varies materially from the Arizona program, which permits participants to operate out of a “physical or virtual location that is adequately accessible to the Attorney General, from which testing will be developed and performed and where all required records, documents and data will be maintained.”

Aside from the physical location requirement, the application process and requirements of Utah’s sandbox are virtually identical to those of Arizona.  Applicants must, among other things:

  • Demonstrate they have the necessary personnel, financial, and technical expertise, have access to capital, and  have developed a plan to test, monitor, and assess the innovative product or service;
  • Describe the innovative product or service and its licensing requirements under existing regulations;
  • Describe how consumers will benefit and how the product is different from already available products;
  • Describe risks to consumers who purchase or use the product or service;
  • Explain how participating in the sandbox would enable a successful test of the product or service;
  • Detail a proposed testing plan, with timelines;
  • Describe how the applicant will perform ongoing duties after the test, including obtaining necessary licenses; and
  • Describe procedures for ending the test if the test is not successful.

Under Utah’s program, the Department has 90 days to approve or deny a completed application, but this time period may be extended by mutual agreement of the parties.  The Department may deny an application for “any reason, at the [D]epartment’s discretion,” but must provide a written explanation of the basis for a  denial.  The Arizona AG may deny applications at its discretion as well, but a decision of the Arizona AG is not an appealable agency action.  Utah’s legislation appears more favorable to applicants because it does not expressly forbid administrative appeals.  Further, by requiring the Department to provide a written explanation of the reasons for a denial, unsuccessful Utah applicants should be able to challenge Department decisions that appear arbitrary or capricious.

The testing period under both the Utah and Arizona programs is two years.  Utah provides for an extension of up to six months, and Arizona provides for an extension of up to one year.  In Utah, the Department may specify, on a case-by-case basis, the number of consumers who test the product, as well as the maximum amount of any individual consumer loan or aggregate loans that may be issued to an individual consumer.  The size of transactions involving money transmission are similarly regulated on a case-by-case basis.

By contrast, in Arizona, a sandbox participant may not transact business with more than 10,000 consumers, but may only be increased to 17,500 consumers upon a showing of adequate financial capitalization, risk management, and oversight.  Consumer loans under the Arizona law may not exceed $15,000 per loan, with an aggregate limit of $50,000 per consumer.  Arizona also restricts money transmission transactions to $2,500 with an aggregate limit of transactions per consumer capped at $25,000 (potentially increasable to $2,500 and $50,000 upon a showing of adequate financial capitalization, risk management, and oversight).  Utah’s law does not have a limit on the value of the proposed transactions.

Like Arizona’s sandbox, an applicant’s admission into the Utah sandbox does not assure the applicant complete freedom from state regulation.  In Arizona, the AG may subject participants to specified state regulations at its discretion.   In contrast, in Utah, the Department must conduct a cost-benefit analysis.  In other words, the Department may require a participant to comply with a specified regulation if it determines that an applicant’s plan does not adequately protect consumers from the harm addressed by the regulation, and the benefits to consumers of applying the law outweigh the potential benefits to consumers from increased competition, innovation, and access.  The Department must notify a participant of any specific regulatory provisions with which the participant must comply.

With respect to usury, Utah’s sandbox legislation is silent because Utah does not impose an interest rate ceiling on consumer loans.  Unconscionability is the only available challenge to the interest rate governed by Utah law, UCA § 70C-7-106, but participants are exempt from an unconscionability challenge unless the Department determines otherwise applying the cost-benefit analysis described above.  By contrast, Arizona imposes various interest rate ceilings on consumer loans, ARS § 6-632, and despite the Arizona AG’s ability to waive compliance with licensing and other requirements, the AG may not exempt participants in Arizona’s sandbox from those ceilings.

Further, neither Utah nor Arizona may exempt participants from compliance with federal laws and regulations.  However, both states’ laws provide that by participating in a sandbox, a participant is “deemed to possess an appropriate license under the laws of the state for the purposes of any provision of federal law requiring state licensure or authorization.”  Further, both Utah and Arizona permit agreements with federal and state regulators that provide for reciprocity between sandboxes.  In other words, Utah and Arizona could agree that participants in their sandboxes may operate in both states.

With respect to consumer disclosures, Utah’s law only differs from Arizona’s in that it requires disclosures just in English, not English and Spanish.  Consumers must be notified, in general, that the innovative product or service in question is authorized by the sandbox and, if applicable, that the participant is not licensed or authorized under state law to provide the product or service.  Consumers must also be notified, as applicable:

  • That the product or service is undergoing testing and may not function as intended or involve financial risk;
  • That the participant is not immune from civil liability or damages caused by the product or service;
  • That the product or service is not endorsed by the state; and
  • The expected end date of the testing period.

A participant’s disclosures must be clear and conspicuous, and if the product or service is internet- or application-based, the consumer must acknowledge receipt of the disclosures before a transaction may be completed.

Utah and Arizona each require a participant to maintain records, documents, and data produced in the ordinary course of business regarding the tested product or service.  If the test fails, both states require that regulators be advised of steps taken by the participant to prevent harm to consumers as a consequence of the failure.

The states do differ in the level of confidentiality afforded business records shared with the government.  Arizona’s law provides that records submitted by a participant or obtained by the AG pursuant to the statute “are not public records or open for inspection by the public.”  The purpose of this restriction is to protect a participant’s trade secrets from disclosure pursuant to state freedom of information laws.

Utah’s sandbox statute does not contain a similar provision, so a player in the Utah sandbox will need to take extra precautions to protect its trade secrets.  Under Utah’s freedom of information law, called the Government Records Access and Management Act, UCA § 63G-2-1 et seq. (GRAMA), the public ordinarily has access to documents provided by businesses to the government.  An exception exists for trade secrets, UCA § 63G-2-305(1), but it must be affirmatively invoked, § 63G-2-309.   A business that discloses trade secrets to a government entity must “provide with the record a written claim of business confidentiality and a concise statement of the reasons supporting the claim of business confidentiality.”  The government may grant or deny a request to protect records, and its decision is subject to appeal.

There is every reason to believe that the Department will honor such requests – the sharing of trade secrets is implicit in the nature of a regulatory sandbox established to test innovative products and services.  Utah is also home to a thriving technology sector with extensive government support.  Nevertheless, an applicant must take care to comply with GRAMA requirements every time it discloses a trade secret to the Department unless the legislation is amended to make the process automatic.

Utah’s statute encourages the Department to establish a program that follows the “best practices” of similar state and federal sandbox programs, including that of the CFPB, and we will monitor these developments closely.

Our podcast featuring a discussion with Evan Daniels, Fintech Counsel in the Arizona AG’s Office, about how Arizona’s sandbox is driving innovation may be found here.   Please also watch for our upcoming podcast that will feature a discussion with Rep. Marc Roberts and Department officials discussing Utah’s sandbox legislation and its implementation.



Last month, Ballard Spahr submitted two letters to the CFPB, critiquing the payment provisions of the CFPB’s final payday/auto title/high-rate installment loan rule (the “Payment Provisions”).  Last Friday, the Bureau delayed the implementation date of the rule’s mandatory underwriting provisions by 15 months, to November 19, 2020.  However, the Payment Provisions are scheduled to go into effect on August 19, 2019 or the date the current judicial stay of the rule is lifted, whichever comes later.

One Ballard Spahr letter focused on the unwarranted treatment of card payments under the Payment Provisions.  Our other letter argues that the Payment Provisions are deeply flawed.  It asserts that, in large part, the Payment Provisions are not justified by the UDAAP concerns identified by the Bureau as their source.  The Payment Provisions impose substantial unwarranted burdens on the industry and straightjacket covered lenders from taking actions beneficial to their customers.  And, despite their complexity and detail, the Payment Provisions fail to provide clear guidance on fundamental issues.

For these and other reasons, clarification of the Payment Provisions and further rule-making are warranted.




The Federal Trade Commission recently provided its annual letter to the CFPB concerning its enforcement activities relating to compliance with Regulation Z (Truth in Lending Act), Regulation M (Consumer Leasing Act), and Regulation E (Electronic Fund Transfer Act).  Under Dodd-Frank, the FTC retained its authority to enforce these regulations with respect to entities subject to its jurisdiction.  The FTC and CFPB coordinate their enforcement and related activities pursuant to a MOU entered into in 2012, reauthorized in 2015, and extended in 2018.  The new letter, which covers the FTC’s activities in 2018, responds to the CFPB’s request for information and focuses on three areas: enforcement actions; research and policy work; and consumer and business education.

On June 12, 2019, from 12:00 PM to 1:00 PM ET, Ballard Spahr will hold a webinar, “Is the FTC the New CFPB?”  For more information and to register, click here.

Regulation Z/TILA; Regulation M/Consumer Leasing Act.  The FTC’s TILA and CLA enforcement activities included:

  • With respect to auto credit and leasing: (1) initiating an action in federal district court involving the alleged failure of four auto dealers to disclose required credit and leasing terms in social media advertisements, and (2) mailing checks as redress to consumers following the settlement of a federal court action against nine dealerships and owners who had allegedly used advertisements that made misleading claims about the availability of vehicles at the advertised prices and financing terms.  The dealerships and owners were alleged to have violated TILA and Regulation Z by not clearly disclosing required credit information in advertisements.
  • With respect to payday lending: (1) the affirmance by the Ninth Circuit of a “record-setting” $1.3 billion dollar district court judgment and order against an individual and several corporate defendants for alleged TILA and FTC Act violations in connection with payday loans, and (2) mailing checks to consumers following the settlement of charges against two individuals and their companies who had allegedly made unauthorized loans to consumers and provided incorrect disclosures in connection with such loans.
  • With respect to consumer electronics financing, the FTC continued litigation against a consumer electronics retailer for violating a consent order that settled allegations that the retailer had violated TILA by failing to provide written disclosures and account statements to consumers.

The FTC reported that its TILA and CLA research and policy efforts included (1) conducting a study of consumers’ experiences related to buying and financing automobiles at dealerships, (2) working on military consumer protection issues through its Military Task Force, (3) hosting a symposium on the economics of consumer protection, and (4) issuing blog posts providing information to consumers and businesses.

Regulation E/EFTA. The FTC’s Regulation E enforcement actions included seven new or ongoing cases.  Six cases involved negative options and the payment terms that automatically applied absent cancellation for which the companies involved allegedly had not obtained proper written authorization under Regulation E or provided copies of written authorizations to consumers.  One case involved allegations that a consumer electronics retailer had conditioned the extension of credit on mandatory preauthorized transfers in violation of the EFTA and Regulation E.

With respect to EFTA research and policy work, the FTC worked with a Department of Defense interagency group and the ABA on electronic fund transfer issues, including issues relating to preauthorized electronic fund transfers in the military lending rule.