Expansion of CRA coverage.  On November 1, New York Governor Hochul signed into law amendments (S.5246-A/A.6247-A) to the New York Community Reinvestment Act (NYCRA) that expand the NYCRA’s coverage to non-depository mortgage lenders.  The amendments are effective November 1, 2022.  New York now joins a small group of states, including Illinois and Massachusetts, that apply CRA-type laws to non-depository mortgage lenders.

The amendments require the DFS to consider the performance record of a New York-licensed mortgage banker “in helping to meet the credit needs of its entire community, including low and moderate income neighborhoods…consistent with safe and sound operation” when taking action on an application for a change in control.  The amendments allow DFS to issue regulations expanding the types of applications and notices for which it will consider such performance when taking action.

The amendments direct the DFS, in assessing a mortgage banker’s performance, to review all reports and documents filed by the mortgage banker.  They also include a list of factors that DFS must consider when making such assessments.  Most significantly, the amendments provide that an assessment of a mortgage banker’s performance can be the basis for DFS to deny an application.  They also authorize DFS to issue regulations to implement the amendments, including establishing a minimum annual number of loans that a mortgage banker must originate to be subject to a NYCRA assessment.

Proposal regarding data collection on loan applications from minority- and women-owned businesses.  In 2019 and effective in 2020,  the NYCRA was amended to require DFS to consider several aspects of a New York-chartered bank’s activities with respect to minority- and women-owned businesses in NYCRA performance evaluations.  DFS must consider “the record of performance of the banking institution in helping to meet the credit needs of its entire community, including … minority- and women-owned businesses, consistent  with safe and sound operation of the banking institution.”  The factors DFS must consider in assessing a bank’s performance include its “participation, including investments, … in technical assistance programs for small businesses and minority- and women-owned businesses” and its “origination of … minority- and women-owned business loans within its community or the purchase of such loans originated in its community.”

Earlier this month, DFS issued proposed revisions to its regulations implementing the NYCRA that would add a new section titled “Minority- and women-owned business loan data collection.”  The new section sets forth the data that banks must compile and maintain regarding loan applications from minority- and women-owned businesses and make available to DFS upon request.  It also includes (1) provisions restricting the access of loan underwriters or other bank officer or employee involved in making credit decisions to information provided by an applicant indicating whether or not it is a minority- or women-owned business, and (2) a new disclosure that banks must provide to business loan applicants.  Comments on the proposal are due by January 3, 2022.

The CFPB is currently engaged in a rulemaking to implement Dodd-Frank Act Section 1071 which require financial institutions to collect and report certain data in connection with credit applications made by small businesses, including women- or minority-owned small businesses.  Unlike the DFS’s proposal which would require banks to compile and maintain data about loan applications from all minority- and women-owned businesses regardless of their size, the CFPB’s proposed Section 1071 rule requires banks to collect and report data only regarding applications from women-owned and minority-owned businesses that are “small businesses.”  The proposed DFS revisions, however, allow the DFS, at its discretion, to determine that a bank’s compliance with the CFPB’s final Section 1071 rule constitutes compliance with DFS’s data collection requirements for applications from minority- and women-owned businesses.


The CFPB, FTC, and the North Carolina Department of Justice filed an amicus brief with the U.S. Court of Appeals for the Fourth Circuit urging it to reverse a district court decision that found Section 230 of the Communications Decency Act made a consumer reporting agency immune from FCRA claims.

In Henderson v. The Source for Public Data, L.P., the plaintiffs alleged that Public Data qualified as a “consumer reporting agency” under the FCRA because it collected, sorted, summarized, and assembled public records information into reports that third parties could purchase on its website.  They alleged that the defendants’ practices led them to provide reports containing inaccurate criminal history information and claimed that Public Data violated the FCRA by failing to comply with various FCRA requirements, including the requirement to follow reasonable procedures to assure accuracy in the preparation of consumer reports.  Public Data raised Section 230 as a defense to the claims.  Section 230 immunizes providers of internet services from liability for the content posted by their users.  It provides that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

In dismissing the complaint, the court found that, based on Section 230’s plain language, FCRA claims did not fall within the statutory exemptions from immunity and that Section 230 creates federal immunity to any non-exempt claim that would make internet service providers liable for information originating with a third party.  It found that Public Data qualified as the operator of an “interactive computer service” because it uploaded information on its server for its customers to access.  According to the court, Public Data did not lose its status as an interactive computer service because it purchased the data or edited the data as would a publisher or distributor in its traditional capacity.  The court also found that Public Data was not an “information content provider” because it did not produce the content of its reports.  In the court’s view, the information that Public Data uploaded to its website and collected into reports was created by the sources of such information (i.e. vendors, state agencies, and courthouses).

In their amicus brief, amici argue that the district court erred by analyzing the application of Section 230 as if the plaintiffs’ claims sought to impose liability on Public Data for the content of its reports rather than for its failure to comply with specific FCRA requirements.  The district court therefore incorrectly viewed the key questions to be whether Public Data qualified as an “information content provider” by providing reports over the internet and whether it created the content of its reports or the information had instead been provided by third parties.

According to amici, the district court should have analyzed whether the plaintiffs’ FCRA claims sought to impose liability on Public Data as a “publisher or speaker” of information and, if so, whether the information that formed the basis of the claims was provided by another information content provider.  Amici assert that none of the claims against Public Data sought to treat it as a publisher or speaker of information provided by another content provider.  They argue that none of the claims involve a duty that derives from Public Data’s status or conduct as a publisher or speaker but instead involve duties that the FCRA imposes on consumer reporting agencies which are specific to the function of a consumer reporting agency.

Amici also argue that even if the plaintiffs’ FCRA claims are based on the content of Public Data’s reports, Pubic Data is not immune because it is an “information content provider” as to the content of its reports.  An “information content provider” is an entity that is “responsible, in whole or in part, for the creation or development” of content.  According to amici, the allegations show that Public Data is an information content provider because it is responsible in whole or in part for the development of its reports.  The complaint alleged that Public Data “manipulates the data it collects, curates it to match specific individual consumers, puts it into a different format for reporting to customers, draws inferences from the data, and creates original summaries of the data.”

In their joint statement about the amicus brief, CFPB Director Chopra and FTC Chair Khan stated:

This case highlights a dangerous argument that could be used by market participants to sidestep laws expressly designed to cover them.  Across the economy such a perspective would lead to a cascade of harmful consequences.  As tech companies expand into a range of markets, they will need to follow the same laws that apply to other market participants.  The CFPB and FTC will be closely scrutinizing tech companies’ efforts to use Section 230 to sidestep applicable laws and will seek to ensure that this legal shield is not being used or abused to gain an undue competitive advantage over law-abiding businesses.

In addition to amendments to the Fair Credit Reporting Act dealing with the reporting of adverse information on servicemembers by consumer reporting agencies, the National Defense Authorization Act (NDAA) as passed by the House and now headed to the Senate includes amendments to the Servicemembers Civil Relief Act that restrict the use of arbitration agreements and waivers of SCRA protections.

Arbitration.  The NDAA adds a new provision to the SCRA that requires post-dispute written consent to use arbitration “whenever a contract with a servicemember, or a servicemember and the servicemember’s spouse jointly, provides for the use of arbitration to resolve a controversy subject to a provision of [the SCRA] and arising out of or relating to such contract.”  All parties to the dispute must give such written consent.  The requirement applies to all contracts “entered into, amended, altered, modified, renewed, or extended after the date of the enactment of [the NDAA].”

The Military Lending Act, which applies to certain loans made to servicemembers already on active duty, prohibits the use of mandatory arbitration agreements in loans covered by the MLA.  The proposed SCRA amendment would round out that protection by restricting the enforcement of arbitration provisions against active duty service members where the underlying agreement was made before the start of active duty service.  (The SCRA’s coverage, however, is broader than the MLA.  The MLA applies to loans covered by TILA, with exceptions for purchase money loans and mortgages, while the SCRA covers a wide range of obligations, not just loans.)

Waivers.  The SCRA allows a servicemember to waive SCRA protections and generally requires that for a waiver to be effective, (1) it must be in writing and (2) the waiver agreement must be separate from the document creating the obligation or liability to which the waiver applies and executed during or after the servicemember’s period of military service.

The NDAA amends the SCRA’s waiver provision to add the requirement that for a waiver to be effective, it must be agreed to after a specific dispute has arisen and must identify the dispute.  The amendment applies to waivers made on or after the date of the NDAA’s enactment.


The National Defense Authorization Act as passed by the House and now headed to the Senate includes amendments to the Fair Credit Reporting Act dealing with the reporting of adverse information on servicemembers by consumer reporting agencies.

The amendments add the defined terms “uniformed consumer” and “deployed uniformed consumer” to the FCRA.  A “uniformed consumer” is defined as a consumer who is a member of the uniformed services (i.e. Army, Navy, Air Force, Marine Corps, Space Force, Coast Guard, and commissioned corps of the Public Health Administration and National Oceanic and Atmospheric Administration) or the National Guard and is in active service.  A “deployed uniformed consumer” is defined as a uniformed consumer who serves in a combat zone, aboard a U.S. combatant, support, or auxiliary vessel, or in a deployment and is in active duty for such service for not less than 30 days.

The amendments impose the following prohibition and requirements:

  • A CRA is prohibited from reporting “any item of adverse information about a uniformed consumer, if the action or inaction that gave rise to the item occurred while the consumer was a deployed uniformed consumer.”
  • If an item of adverse information is included in a consumer’s file and the consumer provides the CRA with “appropriate proof, including official orders” that the consumer was a deployed uniformed consumer at the time of the action or inaction that gave rise to the item occurred, the CRA must “promptly delete the item of adverse information from the [consumer’s] file and notify the consumer and the furnisher of the information of the deletion.”
  • If a CRA receives any item of adverse information about a consumer who has provided appropriate proof that he or she is a uniformed consumer, the CRA must promptly notify the consumer that it has received such item, provide a description of the item, and provide the method by which the consumer can dispute the item’s validity.
  • For a consumer who has provided appropriate proof to the CRA that he or she is a uniformed consumer, if the consumer gives the CRA separate contact information to be used while the consumer is a uniformed consumer, the CRA must use that contact information for all communications while the consumer is a uniformed consumer.

The amendments are accompanied by a statement of the “sense of Congress” that anyone using a consumer report that contains an item of adverse information arising from an action or inaction that occurred while the consumer was a uniformed consumer should “take such fact into account when evaluating the creditworthiness of the consumer.”

The Department of Justice announced earlier this week that it has entered into a consent order with the New Jersey Higher Education Student Assistance Authority (HESAA) to settle the DOJ’s claim that HESAA violated the Servicemembers Civil Relief Act (SCRA) by obtaining unlawful court judgments against two military servicemembers for amounts owed on student loans.  The settlement requires HESAA to pay $15,000 each to the two servicemembers who had default judgments entered against them, and a civil penalty of $20,000 to the United States.  It also requires HESAA to provide SCRA training to its employees and outside counsel and develop new policies and procedures consistent with the SCRA.

The SCRA requires a plaintiff in a civil proceeding that seeks a default judgment to file an affidavit with the court stating whether or not the defendant is in military service and showing facts necessary to support the affidavit or, if the plaintiff cannot determine the defendant’s military status, stating that the plaintiff is unable to determine whether the defendant is in military service.  If the plaintiff informs the court that the defendant is in military service, the court cannot enter a judgment until it appoints an attorney to represent the defendant and, in certain circumstances, must postpone the proceedings for at least 90 days.

In its complaint filed in New Jersey federal district court, the DOJ alleged that HESAA obtained default judgments against two SCRA-protected servicemembers after filing affidavits stating that the defendants were not in military service despite having knowledge that they were on active duty at the time the default judgments were sought.  HESAA had allegedly conducted searches of the Defense Manpower Data Center (DMDC) database, which generated certificates indicating that both servicemembers were on active duty.  The DOJ alleged that HESAA’s written policy regarding servicemember borrowers lacked sufficient procedures designed to ensure that military status was accurately reported to the court.


This past Tuesday, Acting Comptroller of the Currency Michael Hsu appeared as a witness at the Senate Banking Committee’s hearing, “Oversight of Regulators: Does our Financial System Work for Everyone?

In his written and oral testimony, Mr. Hsu stressed as an overall theme the need for the OCC to prohibit “predatory and discriminatory practices while promoting financial inclusion.”  Mr. Hsu’s testimony included the following:

Overdrafts.  Citing data indicating that three OCC-supervised banks had relied on overdraft fees for 100% of their profits, Senator Van Hollen questioned Mr. Hsu as to whether he considered such reliance a safety and soundness concern.  Mr. Hsu indicated that such reliance “raised a lot of flags” and stated that “excessive fees on overdrafts, predatory lending, high-cost debt traps” should be prohibited and “don’t have a place in the federal banking system.”  He testified that the OCC is currently looking closely at overdrafts and was prepared to use its full supervisory toolkit to address problematic overdraft practices.  He also testified that there is an ongoing interagency effort to address the “$35 coffee” concern, which is a reference to a scenario in which a consumer incurs a series of large overdraft fees as a result of using a debit card to make a series of small dollar purchases.

Mr. Hsu also noted the efforts of some larger banks to reform their overdraft practices and indicated that the OCC is encouraging other large banks to rethink their overdraft practices to make them fairer and more flexible.

Community Reinvestment Act.  Mr. Hsu referenced his previously-announced plans to rescind the OCC’s CRA rule and for the OCC to work with the FDIC and Federal Reserve Board on a joint rulemaking to “strengthen and modernize” the CRA.  While not providing any timetable for rulemaking, Mr. Hsu testified that there is urgency to issuing a new proposal and that agency teams are working quickly to meet aggressive internal timelines.

True lender.  Mr. Hsu testified that the OCC is revisiting bank partnerships in response to Congress’s CRA override of the OCC’s “true lender” rule.   He indicated that OCC staff has been instructed to gather and analyze data on bank-fintech partnerships to examine how the OCC can distinguish “harmful rent-a-charter arrangements” from “healthy partnerships that expand access to credit.”  He stated that this analysis will inform the OCC in exploring options for protecting consumers while expanding financial inclusion.

Alternative data.  In 2020, the OCC launched the “Roundtable for Economic Access and Change,” known as “Project REACh.”  Mr. Hsu discussed the problem of “credit invisibles” and indicated that Project REACh participants, as a means for addressing barriers to financial inclusion, are evaluating models that use alternative data sources to determine creditworthiness.

A Florida federal district court has dismissed a lawsuit filed by a borrower alleging FCRA violations by Clarity Services, Inc. (Clarity), the consumer reporting agency that provided the borrower’s consumer report to her lender.  In dismissing the plaintiff’s FCRA claims, the district court rejected the plaintiff’s argument that the FCRA requires a consumer reporting agency, before providing a consumer report, to verify the legitimacy of the business of the report’s end user.

In Beckford v. Clarity Services, Inc., the plaintiff initially filed a lawsuit against her lender, various related companies and individuals, and Clarity alleging violations of the FCRA and Florida law.  The plaintiff subsequently settled her claims against all of the defendants other than Clarity.  The plaintiff thereafter filed an amended complaint against Clarity alleging that it violated: (1) FCRA Section 1681b by providing a consumer report without a permissible purpose, and (2) FCRA Section 1681a(b) by failing to maintain reasonable procedures to ensure consumer reports are furnished only for permissible purposes.  Based on the allegations of the amended complaint, it was undisputed that the plaintiff applied for and received credit from the lender to which Clarity had provided the plaintiff’s consumer report.

As described by the court, the plaintiff contended that the lender was “an online loan shark” and “[t]he crux of [her] FCRA claims against Clarity is that Clarity failed to verify that [the lender] is a legitimate business.”  The lender claimed it was entitled to sovereign immunity from state usury laws as an “arm of the tribe.”  The plaintiff alleged having a good faith belief that the lender was actually operated by non-tribal investors who used a tribe to serve as a straw owner of the lender in order to claim the tribe’s sovereign immunity.  The plaintiff alleged that Clarity’s records reflected an address for the lender that was for “a small residential apartment and not the home base of a large lending enterprise” and that Clarity did not have a phone number for the lender.  Based on these two facts, the plaintiff contended that “Clarity is aiding and abetting the proliferation of illegal payday lenders.”

In her response to Clarity’s motion to dismiss, the plaintiff argued that despite her having obtained a loan from the lender, “Clarity had a duty to prevent companies, like [the lender], from obtaining [her] consumer report.”  The court rejected this theory, stating simply that “[t]he FCRA does not impose such a duty.”  It found that the plaintiff’s application and receipt of credit from the lender was “plainly a permissible purpose under the FCRA.”   The court stated that because the plaintiff had “alleged facts that affirmatively demonstrate that Clarity did not violate Section 1681b, her claim should be dismissed with prejudice.”

The court also dismissed with prejudice the plaintiff’s reasonable procedures FCRA claim, stating that it was well-established that a reasonable procedures claim requires a plaintiff to first show that the consumer reporting agency provided a consumer report without a permissible purpose.  According to the court, because the plaintiff’s own allegations defeated her permissible purpose claim, it was necessary to also dismiss her reasonable procedures claim.


Tom Vartanian is a former federal banking regulator and law professor.  In Part II of this two-part podcast, we discuss technology’s impact on the banking system, how a new cyberspace infrastructure can increase security, the current financial conditions that could spark the next financial crisis, cryptocurrency’s role in building new networks for the creation and delivery of financial services, and quantum computing’s impact on encryption.

Ballard Spahr Senior Counsel Alan Kaplinsky hosts the conversation.

Click here to listen to the podcast.  Part I of the podcast is available here.


Tom Vartanian is a former federal banking regulator and law professor.  In Part I of this two-part podcast, we discuss the government policies that have contributed to or caused the financial crises faced by the U.S. over the past 200 years, how the consumer financial services industry can benefit from smarter regulation and a principles-based rather than a rules-based regulatory system, and how regulators can better utilize technological innovation. Tom also shares his thoughts on the multiplicity of federal regulators and the dual banking system.

Ballard Spahr Senior Counsel Alan Kaplinsky hosts the conversation.

Click here to listen to the podcast.

The final step in the demise of the OCC’s true lender rule occurred yesterday with President Biden signing the resolution under the Congressional Review Act (CRA) overturning the rule that was passed by the House and Senate.

On August 9, 2021, from 12:00 p.m. to 1:00 p.m. ET, Ballard Spahr will hold a webinar, “Congress Overrides the OCC’s True Lender Rule: What Are the Risks for Banks and Their Loan Program Nonbank Partners?”  Click here to register.

Pursuant to the CRA, the enactment of a disapproval measure precludes the OCC from subsequently reissuing the rule or adopting a new rule that is substantially the same as the disapproved rule unless “the reissued or new rule is specifically authorized by a law enacted after the date of the joint resolution disapproving the original rule.”  The Congressional override of the rule also renders moot the lawsuit filed by a group of state attorneys general in January 2021 seeking to set aside the rule.