CFPB Rulemaking

Subscribe to CFPB Rulemaking

The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement.  The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement.  The statutory exemption from the annual notice requirement became effective in December 2015.  The amendments to Regulation P made by the final rule will be effective 30 days from the final rule’s publication in the Federal Register.

The final rule provides that a financial institution is not required to deliver a GLBA annual privacy notice if the financial institution (1) only shares nonpublic personal information (NPPI) with nonaffiliated third parties only under one of the GLBA exceptions that do not trigger a customer’s opt-out rights (§ 1016.13, § 1016.14, or § 1016.15); and (2) has not changed its policies and practices with regard to disclosing NPPI from the policies and practices that were disclosed in the most recent privacy notice provided to the customer.  Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act (FCRA), which can generally be provided in the initial privacy notice.  In the Supplementary Information accompanying the final rule, the CFPB states that it does not interpret the second condition for using the annual notice exemption to include changes to a financial institution’s FCRA disclosures or changes to voluntary disclosures and opt-outs that are provided in the institution’s privacy notice.

The final rule includes timing requirements for providing annual privacy notices by a financial institution that no longer meets the conditions for the exemption.  The timing requirements vary depending on whether the change that causes the institution to no longer satisfy the conditions for the exemption also triggers a requirement under Regulation P to provide a revised privacy notice.  Under Regulation P, a financial institution must provide revised notices before it begins to share NPPI with a nonaffiliated third party if such sharing would be different from what the institution described in the initial privacy notice it delivered.

The final rule also removes the alternative delivery method for GLBA annual privacy notices that Regulation P (pursuant to a 2014 amendment) allowed financial institutions to use if they met certain conditions.  Since any financial institution that met the conditions for using the alternative delivery method would meet the conditions for the statutory exemption, the CFPB believes an institution with both options available to it would choose not to provide an annual privacy notice at all rather than provide it using the alternative delivery method.  However, the CFPB indicates in the Supplementary Information that financial institutions that qualify for the annual notice exemption can still, without affecting their eligibility for the exemption, choose to post privacy notices on their websites, provide privacy notices to consumers who request them, and notify consumers of the notices’ availability.

 

The Consumer Financial Protection Bureau (CFPB) recently issued a statement regarding the partial exemption from Home Mortgage Disclosure Act (HMDA) reporting requirements for certain lower mortgage volume depository institution lenders that was adopted in the Economic Growth, Regulatory Relief, and Consumer Protection Act (Act).

As we reported previously, the Act exempts depository institutions and credit unions from the new reporting categories added by Dodd-Frank and the HMDA rule adopted by the CFPB with regard to (1) closed-end loans, if the institution or credit union originated fewer than 500 such loans in each of the preceding two calendar years, and (2) home equity lines of credit (HELOCs), if the institution or credit union originated fewer than 500 HELOCs in each of the preceding two calendar years. The HELOC change will not initially affect reporting because, for 2018 and 2019, the threshold to report HELOCs is 500 transactions in each of the preceding two calendar years under a temporary CFPB rule.

The Act’s partial exemption from reporting the new HMDA data does not apply if the institution received a rating of “needs to improve record of meeting community credit needs” during each of its two most recent Community Reinvestment Act (CRA) examinations, or “substantial noncompliance in meeting community credit needs” on its most recent CRA examination.

The CFPB advises in its recent statement that it expects later this summer to provide further guidance on the applicability of the partial exemption to HMDA data collected in 2018. The CFPB also advises that the partial exemption will not affect the format of 2018 Loan Application Registers (LARs) and that:

  • LARs will be formatted according to the previously-released 2018 Filing Instructions Guide for HMDA Data Collected in 2018 (2018 FIG).
  • If an institution does not report information for a certain data field due to the partial exemption, the institution will enter an exemption code for the field specified in a revised 2018 FIG that the CFPB expects to release later this summer.
  • All LARs will be submitted to the same HMDA Platform.

The CFPB also notes that a beta version of the HMDA Platform for submission of data collected in 2018 will be available later this year for filers to test.

In Financial Institution Letter FIL-36-2018 and in OCC Bulletin 2018-19 the Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency, respectively, issued similar guidance to institutions.

The CFPB recently issued revised TILA/RESPA Integrated Disclosure (TRID) rule guides to reflect the adoption of an amendment to the rule to fix the so-called “black hole” issue.  As we reported previously, the amendment will permit the use of an initial or revised Closing Disclosure to reset tolerances without regard to the timing of when before consummation the creditor learns of a change that causes one or more fees to increase.  The amendment will apply to transactions in process as of June 1, 2018 regardless of when the loan application was received, but the amendment may not be applied retroactively.

The CFPB updated both versions of the Small Entity Compliance Guide and the Guide to Forms.  The reason there are two versions of each guide is to account for the TRID rule amendments adopted last summer that became effective on October 10, 2017, but have a mandatory compliance date of October 1, 2018.  While both versions of each guide now reflect the 2018 TRID rule amendment, one version of each guide does not reflect the 2017 amendments and one version of each guide reflects the 2017 amendments.

The CFPB’s Spring 2018 rulemaking agenda has been published by the Office of Information and Regulatory Affairs (OIRA) as part of its Spring 2018 Unified Agenda of Federal Regulatory and Deregulatory Actions.  (OIRA is part of the Office of Management and Budget.)  It represents the CFPB’s first rulemaking agenda that reflects the CFPB’s rulemaking plans under the Trump Administration and Mick Mulvaney’s leadership.  The agenda’s preamble indicates that the information in the agenda is current as of March 15, 2018 and identifies the regulatory matters that the Bureau “reasonably anticipates…having under consideration during the period from May 1, 2018, to April 30, 2019.”

The preamble notes that the CFPB “is under interim leadership” and lists the matters that, “in light of this status, Bureau leadership is prioritizing during coming months.”  Those matters are:

  • Meeting specific statutory responsibilities
  • Continuing selected rulemakings that were already underway
  • Reconsidering two regulations issued under the prior leadership

The CFPB previously announced its plans to reconsider its payday lending rule and HMDA/Regulation C rule.  The Spring 2018 agenda estimates the issuance of notices of proposed rulemakings (NPRM) for these two rules in, respectively, February 2019 and January 2019.

Most significantly, the Bureau states in the preamble that Mr. Mulvaney “has decided to classify as ‘inactive’ certain other rulemakings that had been listed in previous editions of the Bureau’s Unified Agenda in the expectation that final decisions whether and when to proceed with such projects will be made by the Bureau’s next permanent director.”  It also states that several items listed as potential long-term projects in the CFPB’s Fall 2017 rulemaking agenda have been designated “inactive.”  The Bureau indicates that the change in designation “is not intended to signal a substantive decision on the merits of the projects.”

The noteworthy items designated “inactive” are:

  • Overdrafts  (This was a “prerule stage” item in the Fall 2017 agenda.)
  • “Larger Participants”  (This was both a “proposed rule stage” and “long-term actions” item in the Fall 2017 agenda which stated (as did prior agendas) that the Bureau was considering “larger participant” rules “in markets for consumer installment loans and vehicle title loans for purposes of supervision” as well as possible other “larger participant” regulations based on market trends and developments.  It also stated that the Bureau was “considering whether rules to require registration of these or other non-depository lenders would facilitate supervision.”)
  • Student Loan Servicing  (This was a “long-term actions” item in the Fall 2017 agenda.)

In addition to reconsidering the payday lending and HMDA rules, the other key rulemaking initiatives listed on the Spring 2018 agenda are:

  • Debt Collection. The agenda states that the Bureau “is preparing a proposed rule focused on FDCPA collectors that may address such issues as communication practices and consumer disclosures.”  It estimates the issuance of a NPRM in March 2019.
  • Business Lending Data.  Dodd-Frank Section 1071 amended the ECOA to require financial institutions to collect and maintain certain data in connection with credit applications made by women- or minority-owned businesses and small businesses.  Such data includes the race, sex, and ethnicity of the principal owners of the business.  In May 2017, the CFPB issued a RFI and a white paper on small business lending in conjunction with a field hearing on small business lending.  The RFI was intended to inform the CFPB’s rulemaking to implement Dodd-Frank Act section 1071.  The Spring 2018 agenda states that the information received in response to the RFI “will help the Bureau determine how to implement [Section 1071] efficiently while minimizing burdens on lenders.”  It estimates a March 2019 date for prerule activities.
  • Privacy Notices.  In July 2106, the CFPB issued a proposal to amend Regulation P, which implements the Gramm-Leach-Bliley Act (GLBA), to implement a GLBA amendment that provided financial institutions that meet certain conditions with an exemption from the GLBA requirement to deliver annual privacy notices to customers.  The Spring 2018 agenda indicates that the CFPB expects to issue a final rule in June 2018.

The key long-term actions items listed in the Spring 2018 agenda are:

  • Inherited Regulations.  These are the existing regulations that the CFPB inherited from other agencies through the transfer of authorities under the Dodd-Frank Act.  Previously listed on the Fall 2017 agenda as a “prerule stage” item, the Spring 2018 lists the CFPB’s review of the inherited regulations as a “long-term actions” item.  In the preamble, the CFPB indicates that it expects to focus its initial review on the subparts of Regulation Z  that implement TILA with respect to open-end credit and credit cards in particular.  By way of example, the CFPB states that it expects to consider adjusting rules concerning the database of credit card agreements it is required to maintain by the CARD Act “to reduce burden on issuers that submit credit card agreements to the Bureau and make the database more useful for consumers and the general public.”
  • Consumer reporting.  This was previously listed in the Fall 2017 agenda as a “long-term actions” item. The Spring 2018 agenda indicates that the Bureau will evaluate potential additional rules or amendments to existing regulations governing consumer reporting, with possible topics for consideration to include the accuracy of credit reports, including the processes for resolving consumer disputes, identity theft, or other issues.
  • Consumer Access to Financial Records.  This was also previously listed in the Fall 2017 agenda as a “long-term actions” item.  In November 2016, the CFPB issued a RFI about market practices related to consumer access to financial information.  The Spring 2018 agenda states that the Bureau will continue to monitor market developments and evaluate possible policy responses to issues identified, including potential rulemaking. Possible topics the Bureau might consider include specific acts or practices and consumer disclosures. In addition, the Bureau plans to consider “whether clarifications or adjustments are necessary with respect to existing regulatory structures that may be implicated by current and potential developments in this area.”
  • Regulation E Modernization.  This is another item that was previously listed in the Fall 2017 agenda as a “long-term actions” item.   The Spring 2018 agenda states that the Bureau “will evaluate possible updates to the regulation, including but not limited to how providers of new and innovative products and services comply with regulatory requirements” and that “potential topics for consideration might include disclosure provisions, error resolution provisions, or other issues.”

 

 

As we reported previously, the CFPB recently adopted a long-awaited amendment to the TILA/RESPA Integrated Disclosure (TRID) rule that fixes the so-called black hole issue.

The amendment was published in the May 2, 2018 Federal Register and will become effective on June 1, 2018.  The CFPB notes in the supplementary information to the amendment that “[o]nce the final rule becomes effective, the ability to reset tolerances prior to consummation for a given transaction will not be limited by when the application was received.”  Thus, as of June 1, 2018 the flexibility created by the amendment regarding the use of a Closing Disclosure to reset tolerances will be available for both loan applications that are in process at the time, as well as loan applications made on and after such date.  However, the CFPB also made clear that the amendment may not be applied retroactively.

The CFPB, which is now referring to itself as the “Bureau of Consumer Financial Protection,” published the long-awaited final rule to address the so-called “black hole” issue under the TILA/RESPA Integrated Disclosure (TRID) rule.  The CFPB also issued an Executive Summary of the final rule.  The final rule will become effective 30 days after publication in the Federal Register.

Under the TRID rule, a Loan Estimate is the disclosure primarily used to reset tolerances. Because the final revised Loan Estimate must be received by the consumer no later than four business days before consummation, the Commentary to the TRID rule includes a provision under which a creditor may use a Closing Disclosure to reset tolerances if “there are less than four business days between the time” a revised Loan Estimate would need to be provided and consummation.  Because of the four-business-day timing element, in various cases when a creditor learns of a change, the creditor is not able to use a Closing Disclosure to reset tolerances.  This situation is what the industry termed the “black hole.”  The industry repeatedly asked the CFPB to address the black hole issue.  As previously reported in our Mortgage Banking Update, when the CFPB finalized various amendments to the TRID rule last summer, it punted on a prior proposal to address the black hole issue and proposed another rule to address the issue.  The CFPB has now finalized the second proposal.

In the final rule the CFPB removes the four business day timing element, and makes clear that either an initial or a revised Closing Disclosure can be used to reset tolerances.  Consistent with the requirements for the Loan Estimate, when the TRID rule permits a creditor to use a Closing Disclosure to revise expenses, the creditor must provide the Closing Disclosure within three business days of receiving information sufficient to establish that a changed circumstance or other event triggering a change has occurred.

When proposing the amendment last summer, the CFPB requested comments on whether it should impose additional limits on the ability of a creditor to reset tolerances with a Closing Disclosure, such as allowing a reset of tolerances only in certain of the circumstances currently permitted by the TRID rule.  The CFPB decided not to impose additional limits.

A recent bill introduced in the US House of Representatives would require the CFPB to issue guidance on federal consumer financial laws, and also provide a framework for civil money penalties.  H.R. 5534 would create the Give Useful Information to Define Effective Compliance Act or GUIDE Compliance Act.  The bill was introduced by Representative Sean Duffy (R-WI) and is co-sponsored by Representative Ed Perlmutter (D-CO).

The Act would require the CFPB Director to “issue guidance that is necessary or appropriate to enable the Bureau to carry out Federal consumer financial law, including facilitating compliance with such law.”  For purposes of the Act, “guidance” is defined as “any written interpretive or legislative rule, interim final rule, bulletin, statement of policy, letter, examination manual, frequently asked question, or other document issued by the Bureau regarding compliance with a Federal consumer financial law that is exempt from notice and comment rulemaking requirements under section 553(b) of [the Administrative Procedure Act,] title 5, United States Code.”  The Act does not provide any parameters on specific laws or issues that the CFPB should address, or the nature of the guidance provided.  The Act would require that a proposed rule be published within one year of the date that the Act becomes law, with a final rule being published within 18 months of that date.  The Act also would provide that no person could be held liable for any act done or omitted in good faith in conformity with CFPB guidance.

At least some of the guidance that the Act would require would trigger the ability of Congress to consider the guidance under the Congressional Review Act (CRA).  We previously addressed the ability of Congress under the CRA to address not only federal agency actions structured as rules, but also guidance issued by such agencies that rises to the level of a rule within the purview of the CRA.

The Act also would require the CFPB to publish within 18 months of the date the Act becomes law a proposed rule establishing guidelines for determining the size of any civil money penalties issued by the CFPB “based on the severity of the actionable conduct in violation of a Federal consumer financial law and the level of culpability.”  The final rule would need, “to the fullest extent possible, align with any chart, matrix, rule, or guideline published by the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, or the Board of Governors of the Federal Reserve System.”

The Act would address calls from various industry members that the CFPB issue authoritative guidance on rules, and provide a framework for the imposition of civil money penalties.  While the Act would require that the framework for civil money penalties conform with the framework of the federal banking agencies, as noted above there are no parameters set forth for any guidance on consumer financial laws that is issued by the CFPB.  To some this evokes the adage, be careful what you wish for, you may get.

We believe the CFPB’s recent RFI on the Bureau’s adopted regulations, which Acting Director Mulvaney discussed during his testimony before the House Financial Services and Senate Banking Committees, provides the prepaid industry an opportunity to persuade the Bureau to reconsider its prepaid rule that was issued in October 2016 and amended in January 2018.

As I stated during a panel discussion at the Network Branded Prepaid Card Association-American Banker Power of Prepaid Conference in Washington, DC earlier this week, this opportunity gives new life to industry officials who interpreted the Bureau’s decision to finalize the prepaid rule amendments without any significant changes to the amendments as proposed by former Director Cordray to mean that Acting Director Mulvaney would not reconsider any part of the prepaid rule.

We surmise that Acting Director Mulvaney’s finalization of the prepaid rule amendments was based on the mistaken belief that industry concerns were largely addressed by the amendments proposed in June 2017.  Because the most recent comment period was limited to the proposed amendments, we believe that Acting Director Mulvaney did not have an opportunity to consider other aspects of the prepaid rule that were not addressed by the amendments, such as the inclusion of certain digital wallets and onerous restrictions on overdraft and credit features.

Because the CFPB rulemaking resources will be prioritized and deployed in the near future, companies who want the CFPB to reconsider the prepaid rule (as it announced it plans to do with the payday and HMDA rules) should submit responses to the RFI well before the June 19, 2018 deadline.  We are working with clients and trade associations to submit responses to the various RFIs, including the RFI focusing on the adopted regulations.

The CFPB has issued a request for information that seeks comment on its adopted regulations and new rulemaking authorities.  Comments on the RFI must be received by June 19, 2018.

As used in the RFI, the “Adopted Regulations” generally include “all final rulemakings that the Bureau issued after providing notice and seeking public comment, including any accompanying Official Interpretations (commentary) issued by the Bureau.”  For purposes of the RFI, the Adopted Regulations include statutorily–mandated or discretionary rules issued by the CFPB pursuant to rulemaking authority transferred by Dodd-Frank from another agency to the CFPB as well as new CFPB rulemaking authorities created by Dodd-Frank.

The RFI’s Supplementary Information distinguishes the Adopted Regulations from the CFPB’s Inherited Regulations.  The Inherited Regulations are the regulations issued by other agencies pursuant to rulemaking authority transferred to the CFPB by Dodd-Frank.  Many of the Adopted Regulations amended the Inherited Regulations.

Although the CFPB’s 2015 HMDA rule and its 2017 small dollar loan rule are Adopted Regulations, the CFPB is not currently requesting feedback on those rules because it has previously announced that it intends to engage in further rulemaking to reconsider those rules. The CFPB also notes that although it had previously announced that it was conducting assessments of certain Adopted Regulations concerning remittance transfers, mortgage servicing, and ability to repay and qualified mortgages, respondents to the RFI are free to comment on those rules.  However, for purposes of the RFI, the CFPB will consider any comments previously received in connection with the assessments.

Subject to those qualifications, the CFPB seeks feedback on all aspects of the Adopted Regulations, including the following:

  • Aspects of the Adopted Regulations that should be tailored to institutions of particular types or sizes, create unintended consequences, overlap or conflict with other laws or regulations so as to make compliance difficult or particularly burdensome, are incompatible or misaligned with new technologies, or could be modified to provide consumers more protection from identity theft
  • Changes the CFPB could make to the Adopted Regulations to more effectively meet the statutory purposes and objectives set forth in the federal consumer financial laws and the CFPB’s goals for a particular regulation
  • Changes the CFPB could make to the Adopted Regulations that would advance the CFPB’s statutory purposes set forth in Section 1021 of Dodd-Frank
  • Pilots, field tests, demonstrations, or other activities the CFPB could launch to better quantify benefits and costs of potential revisions to the Adopted Regulations or to make compliance with the Adopted Regulations more efficient and effective
  • Areas where the CFPB has not fully exercised its rulemaking authority in connection with a specific Adopted Regulation or with regard to rulemaking authority created by Dodd-Frank and where rulemaking would be beneficial and align with the purposes and objectives of applicable federal consumer financial laws

The new RFI represents the eighth in a series of RFIs announced by Mr. Mulvaney.  The subjects of the CFPB’s first seven RFIs and their comment deadlines are as follows:

In its press release announcing the latest RFI, the CFPB stated that the next RFI in the series will be issued next week and will address the CFPB’s Inherited Regulations and inherited rulemaking authorities.

 

 

The CFPB has issued a request for information that seeks comment on its rulemaking processes.  Comments on the RFI must be received by June 7, 2018.

The RFI begins with a review of the statutory requirements that are relevant to the CFPB’s rulemaking processes.  The RFI discusses the Administrative Procedure Act notice-and-comment requirements, the Regulatory Flexibility Act requirements for rulemakings that will have a significant impact on a substantial number of small business entities (often referred to as the SBREFA process), federal law requirements for various impact analyses of proposed and final rules, and federal law requirements and MOU agreements for consultation with other federal agencies.

The CFPB states that while many elements of its rulemaking are required by law, a number of its rulemaking processes, and certain elements of how it implements required processes, are discretionary. The RFI is intended to obtain public input on the discretionary aspects of the CFPB’s rulemaking processes.

In the RFI, the CFPB seeks feedback on all discretionary aspects of its rulemaking processes, including the following:

  • Mechanisms used by the CFPB to gather information, data, and feedback from stakeholders such as RFIs
  • Convening a SBREFA panel, including the outline of the proposal under consideration, selection and interaction with small entity representatives, and the SBREFA panel report
  • Various issues relating to Notices of Proposed Rulemaking, such as the content of the NPRM itself, the CFPB’s practices with regard to issuing a NPRM, length of comment periods, processing and posting of comments, outreach and engagement during and after the comment period, and consideration of new data and other information issued by other agencies or third parties after a NPRM is released
  • Content of a notice issuing a final rule and the CFPB’s practices in advance of a final rule’s publication in the Federal Register, such as issuing a press release and having the Director present remarks at a public event or on a press call

The new RFI represents the seventh in a series of RFIs announced by Mr. Mulvaney.  The subjects of the CFPB’s first six RFIs and their comment deadlines are as follows:

In its press release announcing the latest RFI, the CFPB stated that the next RFI in the series will be issued next week and will address the CFPB’s adopted rules.