The CFPB has published two final rules in today’s Federal Register, one dealing with civil penalty adjustments and the other with allowable charges for FCRA disclosures.  Both rules are effective immediately.

Civil penalty adjustments.  The CFPB’s final rule finalizes an interim final rule (IFR) it published in November 2016 to create 12 C.F.R. Part 1083 which sets forth the maximum amounts as adjusted annually for civil penalties within the Bureau’s jurisdiction.  It also finalizes the CFPB’s October 2018 proposal to add language to Section 1083.1 specifying that the adjusted penalties will apply only to violations that occurred on or after November 2, 2015.  The November 2 date is when the 2015 amendment to the Federal Civil Penalties Inflation Adjustment Act of 1990 requiring federal agencies to make annual adjustments to the civil penalties within their jurisdiction was signed into law.

The civil penalties adjusted annually by the CFPB are the Tier 1-3 penalties set forth in Section 1055 of Dodd-Frank, as well as the civil penalties in the Interstate Land Sales Full Disclosure Act, Real Estate Settlement Procedures Act, SAFE Act, and Truth in Lending Act.  The final rule sets forth the adjusted maximum amounts that apply to civil penalties assessed after January 31, 2019.

FCRA disclosures.  The FCRA provides that where a consumer is not entitled to a free disclosure of information in his or her credit file, a consumer reporting agency (CRA) can impose a reasonable charge for disclosing such information up to the maximum amount allowed by the FCRA.  Before Dodd-Frank transferred to the CFPB the FTC’s authority to make annual adjustments to the maximum amount, the FTC made the adjustments by issuing a notice rather than by issuing a rule.  That practice was continued by the CFPB.  The final rule adds a new section (12 CFR Section 1022.41) to Regulation V to codify that the charge imposed by a CRA for a credit file disclosure to a consumer “shall not exceed the maximum allowable charge set by the Bureau” and to add a new appendix (Appendix O) that the CFPB will amend (by notice) each year to indicate the maximum allowable charge for a new calendar year.  The appendix will also provide historical information regarding the maximum allowable charge for prior calendar years.

 

At the end of last week, the CFPB announced that it had entered into a consent order with State Farm Bank, FSB to settle allegations that the Bank violated the Fair Credit Reporting Act, Regulation V, and the Consumer Financial Protection Act in connection with furnishing information to consumer reporting agencies (CRAs ) and obtaining and using consumer reports.  The consent order does not require the Bank to pay any consumer redress or a civil penalty.  The Bank must implement and maintain reasonable written policies, procedures, and processes to address the practices at issue and prevent future violations and must submit a compliance plan to the Bureau designed to ensure that its consumer credit reporting practices comply with applicable federal laws and the terms of the consent order.

The Bureau’s findings set forth in the consent order include the following:

  • The Bank violated the FCRA requirement that consumer reports only be used or obtained for a permissible purpose.  It obtained credit reports of consumers who were not seeking an extension of credit or otherwise involved in a credit transaction or without some other permissible purpose.  In some instances such violations resulted from the Bank’s agents and employees initiating credit applications for the wrong consumer or initiating credit applications for consumers for the purpose of soliciting those consumers.
  • The Bank violated the FCRA prohibition on furnishing inaccurate information to a CRA if the furnisher knows or has reasonable cause to believe the information is inaccurate by furnishing account information on the wrong consumer, reporting current accounts as delinquent, and reporting inaccurate past due amounts and payment histories.  The Bank knew or had reasonable cause to believe the furnished information was inaccurate because it was in direct conflict with information in the Bank’s credit applications, loan files, or payment system of record.
  • The Bank violated the FCRA requirement for a furnisher to promptly notify the CRA and provide corrections to make furnished information complete and accurate that the furnisher has determined to be incomplete or inaccurate.  The Bank took several months to correct or complete furnished information after the Bank had determined such information was incomplete or inaccurate or when consumers had made repeated requests for corrections.
  • The Bank violated the FCRA requirement not to furnish information to a CRA that has been disputed by the consumer without notice of the dispute by failing to provide such notice to CRAs.
  • The Bank violated the Regulation V requirement for a furnisher to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of furnished information because the Bank’s policies and procedures were inadequate given the high volume and complexity of its furnishing activities and were not reasonable or appropriate given the nature, size, complexity, and scope of its activities.
  • The Bank’s FCRA and Regulation V violations also constituted CFPA violations.

 

 

 

Earlier this week, the CFPB’s Office of Research released its third “Data Point” report on Americans who are “credit invisible” – that is, those without an established credit history with the three national credit reporting agencies – and who therefore cannot be scored by most traditional credit scoring models.  The report, entitled “The Geography of Credit Invisibility,” focuses on the geographic concentrations of credit invisible consumers, to determine whether there are “credit deserts” in which access to credit is largely absent, leading to consumers in those areas being unable to become “credit visible” by establishing a credit history.

The report makes a number of interesting observations about the incidence of credit invisibility, focusing on adults over the age of 25 (because, according to the report, most Americans succeed in transitioning into credit visibility between the ages of 18 and 25, typically through credit cards or student loans).  Some of those observations are:

  • The report indicates that credit invisible consumers are concentrated in two types of geographies: in core urban areas (as opposed to suburban areas), and in rural or small-town areas.
  • Rural and small-town areas have the highest proportional incidence of credit invisibility, but because of the higher populations in urban areas, about 2/3 of credit invisible adults over age 25 reside in those areas.
  • The report provides data showing that average income level in a neighborhood is correlated with credit invisibility in urban areas, but this link between income and invisibility is absent in rural areas.
  • Because many consumers use credit cards as an “entry” product that makes them credit “visible,” the report presents data about the use of credit cards by consumers in various types of areas, and by income level. In urban and suburban areas, the use of credit cards is higher as an “entry” product, and the use of credit cards increases with income level.  In rural and small-town areas, the use of credit cards is lower, and does not increase significantly with income level.
  • Testing the hypothesis that proximity of traditional banking services may be a factor in credit invisibility, the report then examines data showing the use of credit cards as an “entry” product, sorted by the distance to the nearest bank branch. The report highlights that proximity to a bank branch is somewhat correlated with higher credit card usage as an “entry” product in urban and suburban areas, but there is no such correlation in rural areas.
  • Based on this data, the report observes that “[t]hese results provide little evidence that bank branch proximity is an important factor in explaining why consumers are credit invisible.” In fact, the report goes on to note that branch proximity is not one of the more common reasons why consumers say that they do not have a bank account.  More common reasons provided are not having enough money to put in a bank account, and a distrust of banks.
  • The report also contains data demonstrating a relationship between the availability of high-speed internet service and credit invisibility, showing that areas with less availability of internet service have significantly higher rates of credit invisibility. The report notes that credit cards, a typical “entry” product for credit invisible consumers, are typically marketed and offered online, suggesting a potential causal link between internet access and the ability to obtain a credit card.

The report does not make any policy recommendations about the subject of credit invisibility, and does not present the issue as a fair lending concern – there is no data correlating credit invisibility with any protected status under the Equal Credit Opportunity Act.  What, then, should we make of the report, and its implications for the CFPB’s future activities with respect to making credit more widely available to “invisible” consumers?

My guess is that the report will be used to support efforts to use innovation to increase access to credit for invisible consumers.  A few policy conclusions that could be drawn from the report include the following:

  1. The CFPB should encourage alternative scoring models that enable underwriting decisions to be made with respect to “invisible” consumers, and should refrain from heavy-handed application of the disparate impact theory with respect to such models. (That theory could, theoretically, be used to attack scoring models that approve members of protected classes proportionately less, but the business justification of the model’s ability to predict repayment performance should cause the Bureau to refrain from asserting it in this context).
  2. The report may suggest that models based on consumers’ internet activity may be ineffective in making credit available to consumers in areas with little internet access.
  3. Because the use of mobile devices is not dependent on the kind of high-speed home internet access the report shows to be correlated with higher rates of credit invisibility, this would suggest that the CFPB should encourage financial institutions to make products more available/accessible through mobile devices (using mobile-optimized web pages or mobile apps). This would, optimally, involve providing realistic guidance to financial institutions about how to make disclosures and obtain necessary consents through mobile devices in ways that do not deter consumers because of their cumbersome nature.
  4. The report may suggest that the Bureau’s education efforts with respect to access to credit should be concentrated in core urban and rural/small town areas.
  5. Finally, the report suggests that the problem of credit invisibility could be addressed in urban areas by products tailored to low-income consumers, and this in turn would indicate that the CFPB should encourage financial institutions to offer such products, again without heavy-handed application of “reverse redlining” theories under the Equal Credit Opportunity Act for financing sources who offer such products. This same data point would also support the Bureau’s effort to revise its small-dollar lending rule, to prevent small-dollar loans from being extinguished as an “entry” product for credit visibility.  (The report does not address this at all, since it relies on credit cards as the most common “entry” product to the three national credit reporting agencies.  However, there is credit reporting on small-dollar loans through specialty credit bureaus, and data on these credit interactions could be used to qualify consumers for other credit products).

We certainly hope that the Bureau uses the data in this report to guide its policy decisions in a direction that will make credit more available for “credit invisible” Americans.

The New York Department of Financial Services (“NYDFS”) has adopted a regulation that requires “consumer credit reporting agencies” (“CCRAs”) to register with the NYDFS, prohibits CCRAs from engaging in certain practices, and requires CCRAs to comply with certain provisions of the NYDFS cybersecurity regulation.

The new regulation became effective upon the publication of a Notice of Adoption by the NYDFS in the State Register on July 3, 2018.  Its definitions of “consumer credit report”  and “consumer credit reporting agency” closely track the definitions of, respectively, the terms “consumer report” and “consumer reporting agency” in the FCRA.  However, the term “consumer credit report” is limited to “a consumer report…bearing on a consumer’s credit worthiness, credit standing, or credit capacity.”  Similarly, the term “consumer credit reporting agency” is limited to “a consumer reporting agency that regularly engages in the practice of assembling or evaluating and maintaining [information from furnishers] for the purpose of furnishing consumer credit reports to third parties.”  The term “New York consumer” is defined as “an individual who is a resident of New York State as reflected in the most recent information in the possession of a [CCRA].”

Registration.  A CCRA must register with the NYDFS if “within the previous 12-month period, [it] has assembled, evaluated, or maintained a consumer credit report on one thousand or more New York consumers.”  Every CCRA “that is required to register…at any time between June 1, 2018 and September 1, 2018” must register by September 15, 2018.  Registration must be renewed by February 1, 2019 for the 2019 calendar year and by February 1 of each year thereafter.

The regulation prohibits a CCRA that is required to be registered and has not done so from engaging in the business of a CCRA in New York by furnishing a consumer credit report on a New York consumer to any individual or entity.  It also prohibits any “regulated person” from paying “any fee or other compensation” or transmitting any information about a New York resident to a CCRA that is required to be registered and has not done so.  A “regulated person” is defined as “any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”

Prohibited Practices.  A CCRA that is required to be registered is prohibited from engaging in various practices including engaging in any “unfair, deceptive, or predatory act or practice toward any consumer that is prohibited by any federal law, or by any New York State law that is not preempted by federal law,” or engaging in “any unfair, deceptive, or abusive act or practice in violation of section 1036 of the [Dodd-Frank Act].”

Cybersecurity.  A CCRA that is required to be registered must comply with specified provisions of the NYDFS cybersecurity regulation.  Except for the provisions that have a February 28, 2019 compliance date, a CCRA must comply with the specified provisions of the cybersecurity regulation by November 1, 2018.

Politico has reported that on July 19, the Senate Banking Committee will hold a hearing on President Trump’s nomination of Kathy Kraninger to serve as CFPB Director.  While we find this surprising, we continue to believe that she will not be confirmed by the full Senate until after the mid-term elections.

Politico also reported that on July 12, the Senate Banking Committee will hold a hearing on credit reporting agencies at which the witnesses will include Peggy Twohig, CFPB Assistant Director for Nonbank Supervision, and Maneesha Mithal, an Associate Director in the FTC’s Bureau of Consumer Protection.

The CFPB announced that it has entered into a consent order with Security Group Inc. and its subsidiaries (Security Group) to settle an administrative enforcement action that charged the companies with having engaged in unlawful debt collection and credit reporting practices.  The consent order requires Security Group to pay a civil money penalty of $5 million.

The consent order states that Security Group owned and operated approximately 900 locations in 20 states.  According to the consent order, certain Security Group entities were primarily in the business of making consumer loans and other entities were primarily in the business of purchasing retail installment contracts from auto dealers. The consent order concludes that Security Group engaged in debt collection practices that constituted unfair acts and practices in violation of the Consumer Financial Protection Act and credit reporting practices that violated the Fair Credit Reporting Act and Regulation V.

The consent order finds that:

  • The unlawful debt collection practices in which Security Group engaged included the following:
    • Visiting consumers’ homes and places of employment, as well as the homes of their neighbors, and visiting consumers in other public places, thereby disclosing or risking disclosure of consumers’ delinquencies to third parties, disrupting consumers’ workplaces and jeopardizing their employment, and humiliating and harassing consumers
    • Routinely calling consumers at work, sometimes calling consumers on shared phone lines and in the process speaking with co-workers or employers and thereby disclosing or risking disclosure of consumers’ delinquencies to third parties, and also calling after being told that consumers were not allowed to receive calls at work and that future calls could endanger their employment
    • Failing to heed and properly record consumers’ and third parties’ requests to cease contact or to give personnel access to cease-contact requests logged by employees in other stores, thereby resulting in repeated unlawful calls to consumers and third parties
  • The unlawful credit reporting practices in which Security Group engaged included the following:
    • Failing to establish and implement any reasonable policies and procedures regarding the accuracy and integrity of information furnished to consumer reporting agencies (CRAs)
    • Failing to address in policies and procedures how to properly code customer account information or responses to consumer disputes using the Metro 2 Guide and not ensuring that its monthly furnishing system was coordinated with its consumer dispute furnishing practices
    • Regularly furnishing information to CRAs that it had determined was inaccurate based on information maintained in its data base or other information, such as information provided by consumers as part of a credit reporting dispute or information provided to CRAs

The consent order appears to indicate that first-party collectors that engage in conduct that the FDCPA would prohibit as unfair conduct by third-party collectors continue to be at risk for violating the CFPA’s UDAAP prohibition.  It also appears to indicate that the CFPB continues to disfavor in-person debt collection activities and that companies that do so remain in great peril.  In December 2015, the CFPB issued a bulletin to provide guidance to creditors, debt buyers and third-party debt collectors about compliance with the CFPA UDAAP prohibition and the FDCPA when conducting in-person debt collection visits, such as visits to a consumer’s workplace or home.

In addition to imposing the $5 million civil money penalty, the consent order prohibits Security Group from engaging in the debt collection practices found to be unlawful, and requires it to:

  • implement and maintain reasonable written policies and procedures regarding the accuracy and integrity of the information furnished to CRAs
  • correct or update any inaccurate or incomplete information furnished to CRAs
  • provide a prescribed notice to customers affected by inaccurate information furnished to CRAs
  • update its policies and procedures to include a specific process for identifying when information furnished to CRAs is inaccurate or requires updating (which must include at a minimum the monthly examination of sample accounts and monitoring and evaluation of disputes received from CRAs and customers)
  • submit a compliance plan to the CFPB to ensure that Security Group’s credit reporting and collections comply with applicable federal consumer financial laws and the terms of the consent order (which includes a list of items that, at a minimum, must be part of the compliance plan

It is noteworthy that while the consent order imposes a $5 million civil penalty on Security Group, unlike a 2015 CFPB consent order that required the respondents to refund amounts collected through in-person visits found to be unlawful, the consent order does not require Security Group to make refunds to consumers.

In its Spring 2018 rulemaking agenda, the CFPB stated that it “is preparing a proposed rule focused on FDCPA collectors that may address such issues as communication practices and consumer disclosures.”  It estimated the issuance of a NPRM in March 2019.

The U.S. Senate on March 14 passed S.2155, the Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act), by a vote of 67 to 31.  Although the Act would not make the sweeping changes to the Dodd-Frank Act found in the Financial CHOICE Act of 2017 (CHOICE Act), it, nevertheless, would provide financial institutions welcome relief from a number of specific Dodd-Frank provisions.

Representative Jeb Hensarling, Chairman of the House Financial Services Committee, has indicated that further negotiations between the House and Senate must take place before the House votes on the Act.  House Speaker Paul Ryan has taken a more conciliatory tone, commenting on the need for common sense bipartisan solutions in the final bill.  As a result, while a final bill can be expected to include changes to the Act, it is unclear how substantial those changes will be.  Assuming a final bill signed by President Donald J. Trump retains many, if not most, of the Act’s provisions, the Act should positively impact both smaller and larger financial institutions.  The Act would make a number of changes to provisions of Dodd-Frank and other federal laws regarding consumer mortgages, credit reporting, and loans to veterans and students.

On June 19, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar: Economic Growth, Regulatory Relief, and Consumer Protection Act: Anatomy of the New Banking Statute.  The webinar registration form is available here.

The Act would also reduce the regulatory burdens on financial institutions—particularly financial institutions with total assets of less than $10 billion.  Bank holding companies with up to $3 billion in total assets would be permitted to comply with less restrictive debt-to-equity limitations instead of consolidated capital requirements.  This change should promote growth by smaller bank holding companies, organically or by acquisition.  Larger institutions should benefit from the higher asset thresholds that would apply to systemically important banks subject to enhanced prudential standards.  The higher thresholds may lead to increased merger activity between and among regional and super regional banks.

Although the banking industry can be expected to view the Act positively should it become law, it falls short of the CHOICE Act in several important respects. The CHOICE Act would:

  • reduce regulatory burdens on institutions based on capital levels irrespective of asset size
  • reduce the Financial Stability Oversight Council’s powers
  • repeal Dodd–Frank’s orderly liquidation authority, and
  • scale back the CFPB’s powers.

For a summary of some of the Act’s key provisions applicable to financial institutions, click here for our full alert.

In a new report on consumer credit trends, the CFPB looks at how recent changes to the public record data standards used by the “Big 3” consumer reporting agencies (CRAs) have affected consumers’ credit reports and  credit scores.  The data used in the report comes from the CFPB’s Consumer Credit Panel, which the report describes as “a longitudinal, nationally-representative sample of approximately five million de-identified credit records maintained by one of the three nationwide [CRAs].”

The new standards, which became effective on July 1, 2017, applied to public record data already existing on the CRAs’ credit reporting databases as well as new data.  They created new verification requirements for data on civil judgments, tax liens, and bankruptcies, such as requirements that there be minimum personal identifying information and that courthouse data be refreshed at least every 90 days.

The changes to the standards were adopted as part of the National Consumer Assistance Plan, an initiative aimed at enhancing the accuracy of credit reports and making it easier for consumers to correct credit report errors.  The Plan was the result of a settlement agreement between the “Big 3” CRAs and over 30 state attorneys general.  The new report’s findings might be seen as subtle criticism by the CFPB under Mick Mulvaney of the Plan and former Director Cordray’s CFPB.  In other words, the report’s findings could be seen to show that the concerns about the reporting of civil judgments and tax liens that drove the Plan were largely overblown.

The CFPB’s key findings include:

  • When the new standards were implemented, all civil judgments and about half of the tax liens were removed from credit reports while the number of reported bankruptcies remained virtually unchanged.
  • In June 2017, soon before the new standards were implemented, 6 percent of consumers had a civil judgment or tax lien.  As a result of the new standards, about 83 percent of these consumers lost one or more judgments or liens in July 2017.  After the new standards were implemented, only 1.4 percent of consumers had a tax lien on their credit reports.
  • About 4 percent of consumers with civil judgments or tax liens on their credit reports in June 2017 experienced an increase in their credit scores in September 2017 due to the new standards.  After the new standards were implemented, consumers who had civil judgments or tax liens generally experienced score changes that were either around zero or 15 points.
  • To evaluate whether the score changes were significant enough to affect these consumers’ access to or cost of credit, the CFPB looked at whether the score changes changed the consumers’ credit profiles.  To do this evaluation, the CFPB put a consumer’s credit scores in June and September 2017 into one of the following bands: deep subprime, subprime, near prime, prime, and super prime.  75 percent of consumers remained in the same score band.  About 6 percent of consumers who had civil judgments or liens in June 2017 had deep subprime or subprime credit scores and rose to near prime or above scores in September 2017.
  • Overall, about 4 percent of consumers with civil judgments or tax liens on their credit reports in June 2017 moved to a higher score band in September 2017.  The CFPB seems to suggest that the small effect might have been expected because consumers who had civil judgments and tax liens also had more delinquencies and more derogatory information in their credit reports.
  • The CFPB does not have sufficient data to evaluate the extent to which the new standards have affected the predictiveness of scoring models.  However, it notes that studies have been published indicating that the new standards will have a minimal effect on predictive performance and observes that although the CFPB is unable to verify such results, “the small number of consumers who had civil judgments or tax liens and experienced a score change large enough to improve their credit profile suggests that any effects on overall model predictiveness (either positive or negative) are likely minimal.”

 

 

This week, New York Governor Andrew Cuomo issued a press release directing the New York Department of State to issue a new regulation impacting consumer reporting agencies.  The new regulation was adopted on an emergency basis and went into immediate effect in order to protect consumers from identity theft and other potential economic harms that may arise following a data breach.

The regulation requires consumer reporting agencies to:

  • Identify dedicated points of contact for the Division of Consumer Protection to obtain information to assist New York consumers in the event of a data breach;
  • Respond within 10 days to information requests made on behalf of consumers by the Division of Consumer Protection;
  • File a form with certain information to the Division of Consumer Protection, including all fees associated with the purchase or use of products and services marketed as identity theft protection products as well as a listing and description of all business affiliations and contractual relationships with any other entities relating to the provision of any identity theft prevention or mitigation products or services; and
  • In any advertisements or other promotional materials, disclose any and all fees associated with the purchase or use of proprietary products offered to consumers for the prevention of identity theft, including, if offered on a trial basis, any and all fees charged for its purchase or use after the trial period and the requisites of cancellation of such continued use.

The protections appear targeted to address alleged abuses by the consumer reporting industry following the recent Equifax data breach.  Cuomo also announced that the Division of Consumer Protection will be issuing a demand letter to Equifax for information to assess the damage and risk of identity theft to New York State consumers resulting from the data breach.

Cuomo did not address the status of previously announced proposed regulations of the consumer credit reporting agencies by the New York Department of Financial Services.

Last week, members of the Senate Banking Committee announced that they had reached bipartisan agreement on “legislative proposals to improve our nation’s financial regulatory framework and promote economic growth.”  Following the announcement, Committee members released a draft of a bill (S. 2155), the “Economic Growth, Regulatory Relief, and Consumer Protection Act.”  A markup of the bill is scheduled for December 5, 2017.  Many observers believe that due to its bipartisan support, there is a strong likelihood that the bill will be enacted as part of a regulatory relief package.

Provisions of the bill relevant to providers of consumer financial services include the following:

Small Depository Qualified Mortgage (Section 101). For an insured depository institution or insured credit union, the bill would create a qualified mortgage loan entitled to the safe harbor under the ability to repay rule.  In general, the depository institution or credit union would need to hold the loan in portfolio, and the loan could not have an interest-only or negative amortization feature and would need to comply with limits on prepayment penalties.  While the creditor would need to consider and document the debt, income and financial resources of the consumer, it would not have to follow Appendix Q to the ability to repay rule.

Appraisal Exemption for Rural Areas (Section 103). The bill would provide an exemption from any appraisal requirement for a federally related transaction involving real property if (1) the property is located in a rural area, (2) the loan is less than $400,000, (3) the originator is subject to oversight by a federal financial institution regulator, and (4) no later than three days after the Closing Disclosure under the TRID rule is given to the consumer, the originator has contacted at least three state certified or licensed appraisers, as applicable, and has documented that no state certified or licensed appraiser, as applicable, is available within a reasonable period of time.  The applicable federal financial institution regulator would determine what constitutes a reasonable period of time.  The exemption would not apply to high-cost loans under the Truth in Lending Act (TILA), or when the applicable federal financial institution regulator requires the financial institution to obtain an appraisal to address safety and soundness concerns.

Home Mortgage Disclosure Act Triggers (Section 104). The bill would increase the loan volume trigger to be a reporting company under the revised Home Mortgage Disclosure Act (HMDA) rule from 25 closed-end mortgage loan originations in each of the preceding two calendar years to 500 such loans in each of the two preceding calendar years.  The 25 closed-end loan trigger went into effect in 2017 for depository institutions, and goes into effect on January 1, 2018 for non-depository institutions.

The bill also would make permanent under the revised HMDA rule a trigger of 500 open-end mortgage loan originations in each of the preceding two calendar years.  As reported previously, the revised HMDA rule provided for a trigger effective January 1, 2018 of 100 open-end mortgage loan originators in each of the preceding two calendar years, and in August 2017 the CFPB temporarily raised the trigger for 2018 and 2019 to 500 open-end mortgage loans in each of the preceding two calendar years.  The bill includes a requirement for the Comptroller General of the United States to conduct a study after two years to evaluate the impact of the amendments on the amount of data available under HMDA, and submit a report to Congress within three years.

Loan Originator Transition Authority (Section 106). Subject to various conditions, the bill would establish temporary transition authority for an individual loan originator to conduct origination activity for up to 120 days from when the individual submits an application to be licensed in a state in cases in which the individual is (1) registered and then becomes employed by a state-licensed mortgage company or (2) licensed in a state and then seeks to conduct loan origination activity in another state.

TRID Rule Provisions (Section 110). The bill includes a provision that apparently is intended to eliminate the need for a second three business day waiting period under the TILA/Real Estate Settlement Procedures Act Integrated Disclosure (TRID) rule in cases in which the annual percentage rate decreases and becomes inaccurate after the initial Closing Disclosure is provided, thus triggering the need for a revised Closing Disclosure.  Currently, the TRID rule requires both a revised Closing Disclosure and a new three business day waiting period before consummation may occur.  As drafted, however, the bill would amend the TILA timing requirements for high-cost mortgages under the Home Ownership and Equity Protection Act.  The TRID rule timing requirements are set forth in Regulation Z and not TILA.  Thus, revisions to the bill are necessary to achieve the intended goal.

The bill also includes a sense of Congress provision with regard to the TRID rule, which provides that the CFPB should endeavor to provide clearer, authoritative guidance on (1) the applicability of the rule to mortgage assumptions, (2) the applicability of the rule to construction-to-permanent home loans, and the conditions under which such loans can be properly originated, and (3) the extent to which lenders can, without liability, rely on the model disclosures published by the CFPB under the rule if recent changes to the rule are not reflected in sample TRID rule forms published by the CFPB.

Credit Report Alerts (Section 301). The bill would amend the Fair Credit Reporting Act (FCRA) to require consumer reporting agencies to keep a fraud alert requested by a consumer in the consumer’s file for at least one year and allow a consumer to have one free freeze alert placed on his or her file every year and remove that alert free of charge.  Consumer reporting agencies would also have to provide free freeze alerts requested on behalf of a minor and remove such alerts free of charge.

Credit Reports of Military Veterans (Section 302). The bill would amend the FCRA to require consumer reporting agencies to exclude from credit reports certain information relating to medical debts of veterans and would establish a dispute process for veterans seeking to dispute medical debt information with a consumer reporting agency.

Protection of Seniors (Section 303). The bill would, subject to certain conditions, provide immunity from civil or administrative liability to individuals and financial institutions for disclosing the suspected exploitation of a senior citizen to various government agencies, including state or federal financial regulators, the SEC, or a law enforcement agency.

Cyber Threats (Section 501). The bill would require the Secretary of the Treasury to submit a report to Congress on the risks of cyber threats to financial institutions and U.S. capital markets that includes an analysis of how the appropriate federal banking agencies and the SEC are addressing such risks.  The report must also include Treasury’s recommendation on whether any federal banking agency or the SEC “needs additional legal authorities or resources to adequately assess and address material risks of cyber threats.”  (We note that for several years, the FTC has been calling for such additional authority, specifically in the form of rulemaking authority.  Due to the limitations of the Banking Committee’s jurisdiction, the bill’s provision focuses exclusively on the federal banking agencies, and gives no recognition to the important role of the FTC—which is under the Senate Commerce Committee’s jurisdiction–in addressing cyber threats.

We will be publishing another blog post in the near future about other provisions of the bill that may be of interest to our blog readers.