On September 17, 2018, four Amici filed briefs in the CFPB’s case against All American Check Cashing, which is now before the Fifth Circuit Court of Appeals. The Court is considering whether the structure of the CFPB is constitutional and what impact its structure, right or wrong, has on its ability to continue to prosecute claims against regulated entities. The Amici, all supporting the CFPB, were as follows:

  • Certain current and former Members of Congress involved in drafting Dodd-Frank;
  • Five people calling themselves “CFPB Separation of Powers Scholars,” including Harold Bruff, Gillian Metzger, Peter Shane, Peter Strauss, and Paul Verkuil;
  • Nine consumer advocacy groups, including Public Citizen, Inc., Americans for Financial Reform Education Fund, Center for Responsible Lending, Consumer Federation of America, Consumers Union, National Association of Consumer Advocates, National Consumer Law Center, Tzedek DC, and U.S. Public Interest Research Group Education Fund, Inc.; and
  • The Appleseed Foundation, Inc.

The Amici made substantially the same arguments made by amici supporting the CFPB in connection with the PHH case.

On this week’s podcast, Ballard Spahr attorneys Bo Ranney, Chris Willis, and Reid Herlihy discuss the significant takeaways from the CFPB’s new report—the first edition of Supervisory Highlights issued under Acting Director Mick Mulvaney. Mr. Ranney, former Examiner-in-Charge at the CFPB, and Mr. Willis, who chairs Ballard Spahr’s Consumer Financial Services Litigation Group, discuss the CFPB’s findings regarding debt collection, payday loans, automobile servicing, and small business lending. They also identify potential areas where the CFPB might focus in future examinations and offer recommendations for addressing the operational concerns raised by the report. Mr. Herlihy, a partner in Ballard Spahr’s Mortgage Banking Group, discusses the high-priority, mortgage-related topics identified in the Bureau’s report, lessons the mortgage industry can learn from the Bureau’s findings, and how the CFPB’s approach in this new report differs from its approach under prior leadership.

To listen and subscribe to the podcast, click here.

Last Wednesday the Federal Reserve published approved final amendments to Regulation CC (Availability of Funds and Collections of Checks) which update the liability provisions of Reg. CC to address the nearly-complete conversion of the nation’s check collection system from a paper to an electronic environment.

Historically, when banks disputed which party should be responsible for the liability arising from an unauthorized check, the risks were split in two.  The paying bank (the bank that would pay on a check associated with an account it held) was responsible for forged checks; it would have a signature specimen from its customers, and be able to examine the signature of a presented check against the specimen signature; it would also know if the entire check was forged, since it was the bank’s check.  If the signatures didn’t match, or the check wasn’t an original check from the paying bank, yet the paying bank paid and there was a subsequent loss by the customer, the paying bank would be responsible for that loss, because it was in the best place to detect the forgery.

The depositary bank (the bank holding the account where check funds would be deposited) was responsible for altered checks; it was deemed to be in the best place to determine whether, for example, the amount of the check had been changed from $100 to $10,000.  This division of risk is old, originally established in 18th Century English law (in the case of Price v. Neal, 97 Eng. Rep. 871 (1762)), and enshrined in the U.S. under UCC Articles 3-407 and 3-417.  It also assumes the presentment and receipt of paper checks.

Virtually all checks presented in 2018 within the US are not presented in paper form.  Instead, an image of the check is taken, the original check is destroyed, and the depositary bank presents this check image (a truncated check) to the paying bank.  Notwithstanding the dramatic increase in settlement speed and dramatic reduction in processing costs, electronic images of checks create a potential problem in the event of a bank dispute over whether a check has been forged or altered.  The original check is destroyed, making it impossible to examine the original check to determine whether the check was altered, or whether it was a forgery.  Regulation CC currently does not provide any presumptions as to whether a check is altered or forged.

The new amendment provides this guidance, adding a new presumption of liability for substitute and electronic checks.  If there is a dispute between the paying bank and the depositary bank as to whether a substitute or electronic check is an altered or a forgery (now described as “derived from an original check that was issued with an unauthorized signature of the drawer”), the presumption is that the substitute/electronic check contains an alteration.  This generally shifts liability on fraudulent checks to depositary banks; this presumption may be overcome if a preponderance of the evidence proves the substitute or electronic check does not contain an alternation, or that it was a forgery.  The presumption does not apply if there is an original check to examine.

It’s a reasonable allocation of risk; the depositary bank is receiving, imaging and destroying the check, and then presenting the image to the paying bank.  If there is a later dispute over the fraudulent nature of the check, then the party that destroyed the original check, and was in the best place to preserve the check as evidence, should bear the risk associated with evidentiary questions.

The amendment goes into effect January 1, 2019.

CFPB Acting Director Mick Mulvaney recently responded to former CFPB Student Loan Ombudsman Seth Frotman’s vocal departure from the Bureau.  As previously reported, Frotman tendered his resignation in a letter—also delivered to members of Congress—which accused Mulvaney of being derelict in his oversight of the “student loan market.”  Among other things,  Frotman accused Mulvaney of undercutting enforcement, undermining the Bureau’s independence, and shielding “bad actors” from scrutiny—collectively, “us[ing] the Bureau to serve the wishes of the most powerful financial companies in America.”

In an interview addressing the letter, Mulvaney has emphasized that he is focused on the explicit statutory authority provided in the Dodd-Frank Act, including the limitations on his oversight of student loans.  When asked about Frotman’s resignation, Mulvaney responded that he “never met the gentleman” and “doesn’t know who he is.”  Mulvaney has served as Acting Director since November 2017.  Frotman joined the Bureau during its creation in 2011 to focus on military lending issues as a senior advisor to Holly Petraeus (the Assistant Director for the Office of Servicemember Affairs) and transitioned to the Private Education Loan Ombudsman in April 2016.  Mulvaney added, “I talked to his supervisor who met with him on a regular basis during the nine months I’ve [been] there; [Frotman] never complained about anything that was happening at the Bureau, so I think he was more interested in getting his name in the paper.”

In his resignation letter, Frotman noted that the “Student Loan Ombudsman,” statutorily created by Section 1035 of the Dodd-Frank Act, was authorized to “provide timely assistance to borrowers,” “compile and analyze” borrower complaints, and “make appropriate recommendations” to the Director of the CFPB, the Secretary of Education, the Secretary of the Treasury, and Congressional committees regarding student loans.  Frotman, however, omits any mention of statutory limits to the Ombudsman’s authority.  Section 1035—titled “Private Education Loan Ombudsman”—directs the Ombudsman to “provide timely assistance to borrowers of private education loans,” “compile and analyze data on borrower complaints regarding private education loans” and to “receive, review, and attempt to resolve informally complaints from borrowers of [private education] loans.”

With respect to federal student loans, Section 1035 of the Dodd Frank Act only contemplates the Private Education Loan Ombudsman’s cooperation with the Department of Education’s student loan ombudsman through a memorandum of understanding (MOU).  Mulvaney noted the somewhat informal nature of the MOU created during the Obama administration, referring to it as a “handshake agreement.”  Arguably signaling an intent to defer to the Department of Education on federal student loan issues, Mulvaney stated that the issue he is most “worr[ied] about [is] the growth in …student loans” because federal involvement in the market has created a “disconnect between the making of a loan and the repaying of [a] loan.”

I am very excited to announce that today, Ballard Spahr’s Consumer Financial Services Group has launched The Consumer Finance Monitor Podcast, a weekly podcast program focused on legal developments that are of importance to the consumer finance industry.  We’ll be talking about how to make sense of breaking developments, avoid risk, and make the most of opportunity.

While we hope our blog readers will continue to follow our blog for current information on important developments, and we will continue to hold webinars and report on developments through legal alerts, we want to offer our clients and friends the convenience of listening to podcasts as another way of keeping up with what’s going on in their industry.  In addition to Ballard Spahr’s website, our podcasts will be available on Apple iTunes, Google Play, and Spotify.  A new podcast will be available each Thursday.

Our podcasts will feature attorneys who focus on every facet of the consumer finance industry—from new product development and emerging technologies to regulatory compliance and defense of government regulatory enforcement actions and private litigation.

In the first podcast, we discuss the litigation challenging the CFPB’s constitutionality and President Trump’s nomination of Kathy Kraninger to lead the CFPB.  We will also address the recent statements by HUD and the CFPB signaling an intent to revisit the disparate impact theory, and the implications for fair lending of these efforts.  Future topics will span federal and state regulation and enforcement, litigation trends, fair lending, debt collection, marketplace lending, Fintech, mortgage banking, auto and student lending, and cybersecurity.

We are hoping our podcast listeners will find our podcasts to be another source of reliable information and insight.  To listen and subscribe to the podcast, click here.


Tomorrow, September 18, the Senate Banking Committee will hold a hearing, “Fintech: Examining Digitization, Data, and Technology.”  Topics expected to be discussed include data privacy and the Treasury Department’s recent fintech report.

The scheduled witnesses, who do not include any regulators, are:

  • Brian Knight, Director of the Innovation and Governance Program, Mercatus Center at George Mason University
  • Steven Boms, President, Allon Advocacy, on behalf of Consumer Financial Data Rights
  • Saule T. Omarova, Professor of Law and Director, Jack Clarke Program on the Law and Regulation of Financial Institutions and Markets, Cornell University

In January 2018, the House Financial Services Committee held a hearing on fintech issues.

In what seems to be a response to the Government Accountability Office’s (“GAO”) determination that the Consumer Financial Protection Bureau’s indirect auto finance bulletin (the “Bulletin”) was a rule subject to the Congressional Review Act (“CRA”) and a rebuke to the Bureau’s prior approach of “rulemaking by enforcement,” the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and the Bureau (collectively, the “agencies”) this week issued an Interagency Statement Clarifying the Role of Supervisory Guidance (the “Interagency Statement”). The Interagency Statement’s stated purpose is to “explain the role of supervisory guidance and to describe the agencies’ approach to supervisory guidance.”

The Interagency Statement begins by clarifying the agencies’ position as to the difference between supervisory guidance and laws or regulations and provides: “Unlike a law or regulation, supervisory guidance does not have the force and effect of law, and the agencies do not take enforcement actions based on supervisory guidance.” As set forth in its 2017 letter to Senator Patrick Toomey, a significant factor in the GAO’s determination that the Bulletin was a “rule” subject to the CRA was the Bureau’s use of the Bulletin to advise the public prospectively of the manner in which the Bureau proposed to exercise its discretionary enforcement power. The Interagency Statement clarifies that supervisory guidance is meant to outline supervisory expectations or priorities and articulate a general view regarding appropriate practices but should not serve as the basis for enforcement actions. And, while the agencies indicate that they may continue to seek public comment on supervisory guidance in order to improve their understanding of a given issue, any such guidance is not intended to be a regulation or have the force and effect of law.

The agencies state that they will aim to reduce the issuance of multiple supervisory guidance documents on the same topic and will seek to limit the use of numerical thresholds or other “bright-line” tests (numerical thresholds will generally be used as exemplars only). Finally, the Interagency Statement also provides that the agencies will limit examination and supervisory citations to violations of law, regulation or compliance with enforcement orders or other enforceable conditions and that their examiners will not criticize supervised financial institutions for a “violation” of supervisory guidance. Supervisory guidance may, however, be referenced as an example of safe and sound conduct in an examination finding.

What does this mean going forward? The Interagency Statement suggests that instead of issuing supervisory guidance to set forth expectations to be used as a “sword” if not followed by supervised entities, the agencies intend to use supervisory guidance to identify compliant practices. As a result, supervised entities may be better able to rely on supervisory guidance as a potential “safe-harbor” or “shield” from agency criticism when structuring their compliance programs. Additionally, existing supervisory guidance issued by the agencies such as supervision manuals and supervisory highlights and including the Bureau’s newly-released Summer 2018 edition of Supervisory Highlights should be viewed as helpful guidance, without precedential effect, in light of the Interagency Statement. Finally, Congress’ override of the Bulletin following the GAO’s determination that the Bulletin was a “rule” subject to the CRA may serve as a deterrent to any attempt by an agency to use its supervisory guidance in a way that is inconsistent with the Interagency Statement.

Webinar. On October 10, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar, “Key Takeaways from the CFPB’s Summer 2018 Supervisory Highlights” where the Interagency Statement will also be addressed. The webinar registration form is available here.

On September 12th, the Conference of State Bank Supervisors (CSBS) announced that it would again pursue litigation in opposition to the OCC’s recent decision to accept applications from non-depository financial technology firms for a special purpose national bank (SPNB) charter.

While it announced that its Board of Directors had approved renewing litigation against the OCC at an August 28 meeting, the CSBS did not indicate when it plans to file the lawsuit.  The lawsuit would represent the second time that the CSBS has pursued litigation challenging the OCC’s authority to issue a SPNB charter to fintech companies.  On April 30, 2018, a D.C. federal district court dismissed the first lawsuit filed by the CSBS challenging the OCC’s authority to grant SPNB charters on the grounds that the CSBS had failed to establish any injury in fact necessary for Article III standing and that the case was not ripe for judicial review.  In its initial filing, the CSBS argued that the OCC’s 2017 proposal to issue SBNB charters to fintech companies exceeded the authority granted to the OCC by Congress under the National Bank Act (NBA) and other federal banking laws to charter institutions that engage in the “business of banking.”  The CSBS argued that to engage in the “business of banking,” the NBA requires an institution, at a minimum, to receive deposits.

The New York Department of Financial Services (DFS) also previously filed a lawsuit challenging the OCC’s authority to issue SPNB charters.  That lawsuit, which was filed in a New York federal district court, was dismissed in December, 2017 on similar grounds.  While the DFS has not announced whether it will renew its litigation against the OCC, DFS Superintendent Maria Vullo stated in a July 31 press release that “DFS believes that this [OCC] endeavor, which is also wrongly supported by the Treasury Department, is clearly not authorized under the National Bank Act.  As DFS has noted since the OCC’s proposal, a national fintech charter will impose an entirely unjustified federal regulatory scheme on an already fully functional and deeply rooted state regulatory landscape.”

We recently blogged about the announcement by Varo Bank, N.A., a fintech bank, that it had received preliminary approval from the OCC of its application for a full-service national bank charter.  We do not expect the CSBS or the DFS to challenge the preliminary approval since there would not appear to be any basis to challenge the OCC’s authority to issue a full-service national bank charter to Varo assuming it satisfies the standard conditions for obtaining such a charter.

Politico has reported that in remarks made at a fintech policy event last week, Andrew Smith, the FTC’s Director of Consumer Protection, indicated that fintech companies will be a focus of the FTC’s enforcement activities.

According to Politico, Mr. Smith said that FTC was particularly interested in online lending, with an emphasis on small-business lending.  Mr. Smith is also reported to have identified lead generation in the context of online lending as a key area of interest for the FTC.

A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. Most notably, the proposed legislation would create a national standard for data security and breach notification and preempt all current state law on the matter.

Breach Notification Standard

The Gramm-Leach-Bliley Act (GLBA) currently requires covered entities to establish appropriate safeguards to ensure the security and confidentiality of customer records and information and to protect those records against unauthorized access to or use. The proposed House bill would amend and expand  GLBA to mandate notification to customers “in the event of unauthorized access that is reasonably likely to result in identify theft, fraud, or economic loss.”

To codify breach notification at the national level, the proposed legislation requires all GLBA covered entities to adopt and implement the breach notification standards promulgated by the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervisor in its  Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. This guidance details the requirements for notification to individuals in the event of unauthorized access to sensitive information that has or is reasonably likely to result in misuse of that information, including timing and content of the notification.

While the Interagency Guidance was drafted specifically for the banking sector, the proposed legislation also covers insurance providers, investment companies, securities brokers and dealers, and all businesses “significantly engaged” in providing financial products or services.

If enacted, this legislation will preempt all laws, rules, and regulations in the financial services and insurance industries with respect to data security and breach notification.

Cohesiveness in the Insurance Industry

The proposed legislation provides uniform reporting obligations for covered entities – a benefit particularly for insurance companies who currently must navigate a maze of something conflicting state law breach notification standards. Under the proposed legislation, an assuming insurer need only notify the state insurance authority in the state in which it is domiciled. The proposed legislation also requires the insurance industry to adopt new codified standards for data security.

To ensure consistency throughout the insurance industry, the proposed legislation also prohibits states from imposing any data security requirement in addition to or different from the standards GLBA or the Interagency Guidance.

If enacted, this proposed legislation will substantially change the data security and breach notification landscape for the financial services and insurance industries. Entities within these industries should keep a careful eye on this legislation and proactively consider how these proposed revisions may impact their current policies and procedures.