The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement.  The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement.  The statutory exemption from the annual notice requirement became effective in December 2015.  The amendments to Regulation P made by the final rule will be effective 30 days from the final rule’s publication in the Federal Register.

The final rule provides that a financial institution is not required to deliver a GLBA annual privacy notice if the financial institution (1) only shares nonpublic personal information (NPPI) with nonaffiliated third parties only under one of the GLBA exceptions that do not trigger a customer’s opt-out rights (§ 1016.13, § 1016.14, or § 1016.15); and (2) has not changed its policies and practices with regard to disclosing NPPI from the policies and practices that were disclosed in the most recent privacy notice provided to the customer.  Financial institutions that choose to take advantage of the annual notice exemption must still provide any opt-out disclosures required under the Fair Credit Reporting Act (FCRA), which can generally be provided in the initial privacy notice.  In the Supplementary Information accompanying the final rule, the CFPB states that it does not interpret the second condition for using the annual notice exemption to include changes to a financial institution’s FCRA disclosures or changes to voluntary disclosures and opt-outs that are provided in the institution’s privacy notice.

The final rule includes timing requirements for providing annual privacy notices by a financial institution that no longer meets the conditions for the exemption.  The timing requirements vary depending on whether the change that causes the institution to no longer satisfy the conditions for the exemption also triggers a requirement under Regulation P to provide a revised privacy notice.  Under Regulation P, a financial institution must provide revised notices before it begins to share NPPI with a nonaffiliated third party if such sharing would be different from what the institution described in the initial privacy notice it delivered.

The final rule also removes the alternative delivery method for GLBA annual privacy notices that Regulation P (pursuant to a 2014 amendment) allowed financial institutions to use if they met certain conditions.  Since any financial institution that met the conditions for using the alternative delivery method would meet the conditions for the statutory exemption, the CFPB believes an institution with both options available to it would choose not to provide an annual privacy notice at all rather than provide it using the alternative delivery method.  However, the CFPB indicates in the Supplementary Information that financial institutions that qualify for the annual notice exemption can still, without affecting their eligibility for the exemption, choose to post privacy notices on their websites, provide privacy notices to consumers who request them, and notify consumers of the notices’ availability.


A portion of the Treasury’s report entitled “A Financial System That Creates Economic Opportunities, Nonbank Financials, Fintech, and Innovation,” focuses on payments.  (See our legal alert for a discussion of other portions of the Treasury’s report.)

Current payment methods.  The report notes four primary core payment systems: credit cards, debit cards, automated clearing house (ACH) transfers, and wire transfers.  Among the issues facing such systems is that their regulation is fragmented, with the first two systems subject to significant federal regulation, the ACH system heavily dependent on agreement, and wire transfers primarily subject to uniform state law.  The report, given its focus, ignores the check system, also regulated by uniform state law, and virtual currency payment methods that have yet to reach significant volume as a payment method.

Nonbank Funds Transfers.  The report focuses on nonbank methods of funds transfers between individuals.  It discusses money transmitters that, while subject to federal Bank Secrecy Act regulation, are primarily state-licensed and regulated by diverse state statutes and, for multi-state businesses, are subject to burdensome state licensing.  The report also discusses the Regulation E remittance provisions, P2P and non-P2P transfers, and so-called digital wallets.  The report’s discussion concludes with a review of (1) the effort to encourage faster payments including the Faster Payments Task Force, the Real-Time Payments System of The Clearing House, same day ACH efforts by NACHA and ACH operators, and the challenges these efforts face, and (2) the work of the Secure Payments Task Force.

Recommendations. The Treasury makes the following recommendations:

  • States should work to harmonize money transmitter requirements for licensing and supervisory examinations–a task that may require some federal incentives since the Uniform Money Services Act, requested by Congress that the Uniform Law Commission research and write, has only been enacted by 12 states to date;
  • The CFPB should provide more flexibility regarding the issue of remittance disclosures in Regulation E; and
  • The Federal Reserve should accelerate its efforts to facilitate a faster retail payments system.

Our observations.  While the Treasury’s report is a good start, it could have gone much further.  Noting the complexity in the U.S. payments system, the Treasury might have recommended that efforts be directed at reconciling the credit and debit card systems for similar issues.  For example, the Treasury could encourage the Uniform Law Commission to update Uniform Commercial Code (UCC) payment articles for electronic instruments.  Such a project is already under consideration by the UCC sponsors, the Uniform Law Commission, and the American Law Institute for notes which, when completed, would replace paper instruments as the only payment vehicles covered by the UCC.  Another recommendation could provide support for the Uniform Regulation of Virtual Currency Businesses Act, which supplies what the Treasury’s report characterizes as the need for “adequate prudential regulation and supervision” for that emerging payment method.

On September 20, 2018, from 12 p.m. to 1 p.m. ET, Ballard Spahr will conduct a webinar, “More Than Just Fintech: What Are the Important Takeaways for All Consumer Financial Services Providers from Treasury’s Sweeping Report?” A link to register is available here.

In a recent interview (her first since being sworn in as Chair of the Federal Deposit Insurance Corporation), Jelena McWilliams provided insight into the FDIC’s likely regulatory agenda.

Ms. McWilliams stated that the FDIC’s top priorities included: (1) reducing regulatory burden on community banks; (2) increasing the speed with which the FDIC reviews charter and deposit insurance applications; and (3) assisting banks to introduce new financial products that serve underserved communities.

Unlike the previous FDIC Chair, Martin Gruenberg, Ms. McWilliams expressed a willingness to reexamine bank capital requirements.  Her comments suggest the FDIC might revisit its opposition to a proposal to revise the enhanced supplementary leverage ratio applicable to U.S. global systemically important bank holding companies (GSIB) issued by the OCC and the Board of Governors of the Federal Reserve System that would: (i) set the enhanced supplementary leverage ratio for a GSIB at 50 percent of a the GSIB’s risk-based capital surcharge; (ii) replace the current 6 percent threshold at which an insured depository institution subsidiary of a GSIB is considered “well capitalized” under the prompt corrective action (PCA) framework with a threshold set at 3 percent plus 50 percent of the GSIB surcharge applicable to the insured depository institution; and (iii) make a corresponding change to each GSIB’s external total loss absorbing capacity (TLAC) leverage buffer and long-term debt requirement (and other, minor amendments, to the TLAC rule).

Ms. McWilliams agreed with Mr. Gruenberg that the Volcker Rule, (which bans proprietary trading and which, since the passage of Economic Growth, Regulatory Relief, and Consumer Protection Act, is only applicable to financial institutions with $10 billion of assets or more) is too complicated. Ms. McWilliams voiced her support for rules to revamp the Community Reinvestment Act (CRA), a project that is also on the OCC’s agenda.  Ms. McWilliams said banks need more clarity about what activities qualify for CRA credit and the qualifications for CRA loans, and she also appeared to suggest that CRA assessment areas should be reexamined because banks are closing branches in rural communities to avoid criticism of their CRA activities (or the lack thereof) in those communities, which results in less access to financial services and does not serve the needs of those communities.

Finally, Ms. McWilliams stated that the FDIC is reviewing whether to rescind its guidelines for deposit advance loans and that she is considering allowing applicants seeking deposit insurance to make a preliminary, confidential filing to get feedback before a formal application.  These comments followed her first speech as Chair in June, where she suggested that the FDIC would make faster decisions on deposit insurance applications, a statement that was interpreted as a signal that under her leadership the FDIC might be more receptive to applications from applicants seeking to form an industrial loan company and de novo charters generally.  (In its recent fintech report, the Treasury Department recommended that the FDIC reconsider its guidance on direct deposit advance services and issue new guidance similar to that issued by the OCC.  In May 2018, the OCC issued a bulletin setting forth core lending principles and policies and practices for short-term, small-dollar installment lending by national banks, federal savings banks, and federal branches and agencies of foreign banks and encouraging banks to engage in such lending.)


The CFPB recently released a File Format Verification Tool for 2018 Home Mortgage Disclosure Act (HMDA) data. As we reported, in October 2015, the CFPB adopted significant changes to the HMDA rules that significantly expanded the amount of information that must be collected and reported. Calendar year 2018 is the first year in which the expanded data must be collected.

The Tool can be used by HMDA filers to test whether their HMDA data file meets the following formatting requirements: (1) whether the file is in the pipe-delimited format, (2) whether the file has the proper number of data fields, and (3) whether the file has data fields that are formatted as integers, when applicable. The Tool cannot be used to file HMDA data. The CFPB advises that there are no login requirements to use the Tool, the Tool will not log identifying information about users or the files that they test using the Tool, and no federal agency will receive or be able to view the files that users test using the Tool.

On August 1, 2018, Sen. Bill Nelson (D-Florida) introduced S. 3334 captioned “The Military Lending Improvement Act of 2018” in the United States Senate to “expand and improve” credit protections afforded to service members by the Military Lending Act (MLA) and the Fair Debt Collection Practices Act (FDCPA).  If this bill becomes law, it would lower the maximum rate of interest on covered transactions from 36 percent to 24 percent.  It would also expand transactions covered by the MLA to include auto and other loans secured by personal property, extend MLA protections to recently-discharged veterans, and amend the FDCPA to prohibit debt collectors from “harassing” service members by calling their commanding officers.

In a press release, Sen. Nelson, who is a senior member of the Senate Armed Services Committee, stated that “our military men and women have dedicated their lives to serving our county and we must help ensure they do not become the targets of unscrupulous lenders.”  Specifically, the bill would:

  • Reduce the interest rate cap under the MLA from 36 percent to 24 percent.  (The 36% cap is on the Military Annual Percentage Rate (MAPR), which is an “all-in” APR that includes interest and other fees such as application fees and annual fees that are not finance charges under Regulation Z.)
  • Extend coverage of the MLA to veterans for up to one year following discharge from active duty.
  • Expand coverage of the MLA to credit intended to finance the purchase of motor vehicles and other personal property.
  • Amend the FDCPA to prohibit debt collectors from “communicat[ing], in connection with the collection of any debt, with the commanding officer or officer in charge of any covered member, including for the purpose of acquiring location information about the covered member.”
  • Prohibit debt collectors from threatening that failure to cooperate with a debt collector will result in prosecution under the Uniform Code of Military Justice.
  • Prohibit creditors from requiring installation of GPS trackers or kill switches in motor vehicles as a condition of extending credit to service members.
  • Require the Department of Defense to assess whether creditors downloading bulk data from the MLA database are using adequate safeguards to prevent data breaches and other potential misuse of downloaded data.

The Military Lending and Improvement Act of 2018 was originally introduced as amendments to the National Defense Reauthorization Act of 2019 (which has already been presented to the President for signature), though no action was taken on the proposed amendments.  Accordingly, Sen. Nelson reintroduced the amendments as a standalone bill, S. 3334, which has been referred to the Committee on Banking, Housing and Urban Affairs.  The bill will surely be opposed by the consumer financial services industry, which has seen MLA coverage explode from furthering the statute’s original purpose — protecting service members from aggressive pay day-type loans – to placing restrictions on forms of credit not typically considered “predatory,” such as credit cards.  We will provide updates on the bill as they become available.

A Texas federal court has denied the motion for reconsideration filed by the trade groups challenging the CFPB’s final payday/auto title/high-rate installment loan rule (Payday Rule).  The motion asked the court to reconsider its June 12 order granting the stay of the trade groups’ lawsuit challenging the Payday Rule that the trade groups had sought in a motion filed jointly with the CFPB but denying the stay of the Payday Rule’s August 19, 2019 compliance date that was also requested in the joint motion.

In light of the court’s denial of the reconsideration motion, we hope that the CFPB will move quickly to issue a proposal to delay the compliance date pursuant to the Administrative Procedure Act’s notice-and-comment procedures.  The CFPB has already set forth the rationale for a delay of the compliance date in its response in support of the motion for reconsideration.  As a result, it should be able to issue a proposal providing for a delay expeditiously to give the Bureau additional time to revisit the Payday Rule and engage in substantive rulemaking, currently anticipated for February 2019 (according to the CFPB’s latest rulemaking agenda).


RD Legal Funding has submitted a letter to Judge Preska asking her to dismiss all of the federal claims of the New York Attorney General (NYAG).  The letter was sent in response to Judge Preska’s July 25 order in which she set an August 13 deadline for RD Legal Funding to submit a filing on jurisdictional issues.

In its letter, RD Legal Funding states that the NYAG’s federal claims are brought pursuant to Dodd-Frank Section 1042, which authorizes state attorneys general to file civil actions in federal court to enforce the provisions of the CFPA, including its “UDAAP” provisions prohibiting unfair, deceptive, or abusive acts or practices.

However, in her June 21 decision, Judge Preska, having found that the CFPB’s “for cause” removal structure was unconstitutional, struck all of Title X in its entirety, including Section 1042, rather than just sever the for-cause removal provision.  Accordingly, RD Legal Funding requests in its letter that the federal claims in the case be dismissed with prejudice and the state law claims be dismissed without prejudice to their being refiled in state court.

It also asks the court to then enter judgment against the CFPB and NYAG “allowing the Court’s June 21, 2018 Order to be appealed, if appropriate, in its entirety.”  Presumably, the CFPB and NYAG would appeal the constitutionality ruling and RD Legal Funding would appeal the conclusion that the transactions at issue were disguised loans.  As discussed in a prior blog post, we think the court’s logic was erroneous on the loan recharacterization question.


On August 3, 2018, Arizona began accepting applications for its regulatory sandbox that “enables a participant to obtain limited access to Arizona’s market to test innovative financial products or services without first obtaining full state licensure or other authorization that otherwise may be required.”  In March 2018, Arizona’s Governor signed into law legislation directing the state’s Attorney General to create the sandbox.  The Attorney General is also responsible for the application process and oversight of the sandbox.

To be considered for admission, applicants must complete the nine-page application and pay a $500 application fee.  Each application must be for an innovative financial product or service as defined by the enabling legislation.  For example, products or services regarding most types of credit extending services, such as peer-to-peer lending and online marketplace lending, and innovative products and services for money transmission and investment management would be eligible.  However, “securities trading, insurance products, or services that provide solely deposit-taking functions” are not eligible products.

Applicants must provide details regarding the innovative financial product or service, the testing plan, a “Consumer Protection Plan,” and exit plan.  For the Consumer Protection Plan, applicants must identify the targeted consumers; how the applicants plan to market to those consumers and disclose their participation in the sandbox; the key risks to consumers; the plan to address the risks; and how the applicants will monitor and assess the testing of the product or service to protect consumers in the event the test fails.

The Attorney General has indicated that he will take a holistic approach to determine the applicant’s ability to conduct a test that does not place undue risk on consumers.  The Attorney General may consider factors such as “capitalization; insurance or bonds and their terms; compliance or legal support; accounting practices; cash on hand; and the number and expertise of active advisors and key personnel.”  A weakness in any one area will not necessarily prevent an applicant’s admission into the sandbox.  Applicants will be notified of a decision within 90 days of submitting the application and payment.

The CFPB recently named the sandbox’s architect and former head of fintech initiatives at the Arizona Attorney General’s office, Paul Watkins, as Director of the Bureau’s Office of Innovation.  See our blog about Mr. Watkins.  In June 2018, Ballard Spahr attorneys held a webinar, “The Regulatory Sandbox – What it Means for Fintech Companies,” in which the topics included a discussion of the concept of a regulatory sandbox, the benefits and risks associated with using one, and what a possible sandbox created by the CFPB might look like.  Mr. Watkins was one of the webinar speakers and discussed the Arizona initiative.  We have also previously blogged about Arizona’s regulatory sandbox.

On July 26, 2018, the Federal Reserve Board (“FRB“) announced the launch of the “Consumer Compliance Supervision Bulletin” (the “Bulletin“) and simultaneously published its first issue.  Aimed at “senior executives in banking organizations,” the Bulletin is published by the FRB’s Division of Consumer and Community Affairs with the intent to provide high-level summaries of various consumer protection issues and to enhance the transparency of the Federal Reserve’s consumer compliance supervisory program.  While the Bulletin is primarily focused on state-chartered banks that are members of the Federal Reserve System, it contains advice which will be applicable to all banks and even non-banks.   For example, it will highlight violations identified through supervision and examiner observations and provide practical steps for managing consumer compliance risks in coordination with similar FRB programs such as the Consumer Compliance Outlook and the Outlook Live webinar series.  In comparison to the Consumer Financial Protection Bureau’s publication of Supervisory Highlights, which notably has not been published since mid-2017, the initial issue of the Bulletin appears focused on providing high-level risk management guidance to institutions as opposed to a simple laundry list of violations identified through examinations.

With this in mind, the July 2018 Bulletin focuses on a wide-range of consumer protection issues, including:

  • Redlining. The Bulletin reminds institutions that redlining risk may arise from failure to market products or locate branches in the minority prevalent locations or as a result of institutional changes such as mergers, acquisitions and new lending patterns and describes the key risk factors Federal Reserve examiners may consider, including whether a bank’s (i) Community Reinvestment Act (“CRA“) assessment area appears to inappropriately exclude majority minority census tracts; (ii) record of Home Mortgage Disclosure Act and/or CRA small business lending shows statistical disparities in majority minority census tracts; (iii) branch, product and marketing strategies have an impact on minority census tracts; and (iv) consumer complaints.  It also provides guidance as to redlining risk management techniques such as (i) the regular review of assessment areas and credit market areas; (ii) evaluation of fair lending risk arising from the opening, acquiring or closing of branches and offices; (iii) evaluation through marketing and outreach programs; and (iv) complaints monitoring.
  • Mortgage Target Pricing. The Federal Reserve details risk management insights related to “target prices” for mortgage loan originators, particularly where a higher target price is set for originators that serve minority areas, including:  (i) reviewing financial incentives for compliance with Regulation Z; (ii) implementing policies and procedures to control for fair lending risks; (iii) managing risks for loan originators with higher target prices that serve minority neighborhoods; (iv) monitoring pricing by race and ethnicity across mortgage loan originators; and (v) mapping loans by target price.
  • Small Dollar Loan Pricing. It details fair lending issues associated with small dollar loan pricing such as (i) a lack of rate sheets or other pricing guidelines; (ii) broad pricing discretion at the loan officer level; (iii) lack of clear documentation for pricing decisions; and (iv) lack of monitoring for pricing disparities, and it suggests managing these risks through detailed rate sheets and documentation and the monitoring of pricing exceptions.
  • Disability Discrimination. The Federal Reserve notes that some bank practices related to disability benefits, such as requiring applicants receiving disability income to provide proof of disability through a doctor’s letter, may raise fair lending concerns, and suggests addressing these risks by reviewing policies and procedures and training employees to ensure compliance.
  • Maternity Leave Discrimination. Similarly, it indicates that some bank practices related to applicants on maternity leave, such as treating such applicants as unemployed, may raise fair lending risks and also suggests managing this risk through policy and procedure reviews and training.
  • UDAP Issues Related to Student Loans. While noting previous enforcement with respect to deceptive practices surrounding student loan deposit accounts, the Bulletin stresses the increased UDAP risk associated with third-party student loan servicers and suggests that such risks can be managed through (i) evaluating the financial condition and experience of the third party before onboarding; (ii) monitoring third party complaints; and (iii) ensuring oversight of the third party through monitoring and assessment.
  • UDAP Issues with Overdraft Fees. The Federal Reserve reiterates assessing overdraft fees on transactions with sufficient funds at the time of the transaction but not at posting is a UDAP and details risk management techniques for overdraft fee practices that include: (i) vendor management; (ii) analysis of the overdraft processing methodology and accurate disclosure of same to consumers; (iii) prohibiting overdraft fees where there are sufficient funds at the time of the transaction; and (iv) review of overdraft fee guidance and implementation of best practices.
  • UDAP Issues Related to Loan Officer Misrepresentations. The Bulletin describes potential UDAP violations that may occur when loan officers make misrepresentations, particularly with respect to eligibility for loan programs or qualifications for a loan.  It notes that these misrepresentations are typically identified through consumer complaints and highlights related risk management strategies such as (i) consumer complaint monitoring; (ii) refraining from definitive statements when qualifications are uncertain; (iii) clear and accurate disclosure of qualification requirements; (iv) review and modification of internal policies; (v) adoption of automated underwriting criteria; and (v) appropriate employee training.
  • Other Topics of Note. The Bulletin concludes with a brief discussion of the Uniform Interagency Consumer Compliance Rating System and changes to the Military Lending Act’s implementing regulation.

It appears that Acting Director Mulvaney’s BCFP is about to settle a case that former Director Cordray’s CFPB filed in 2015 against D&D Marketing, which allegedly engages in lead generation for payday, tribal, and offshore lenders under the name T3 Leads.  Based on the docket, the case appears to have been in active, heated litigation from the time it was filed until just recently.  So, it is not clear why the BCFP would suddenly change course and settle the matter.  The widest-reaching issue in the case is whether the CFPB can continue to litigate against an entity in a circuit where its structure has been deemed unconstitutional.

In November 2016, the District Court Judge assigned to the T3 Leads case, Judge Philip Gutierrez, ruled on the motion to dismiss filed by T3 Leads.  The court held that “the combination of the power accorded to the CFPB Director and the limitations on the President’s removal powers violate Article II of the Constitution” but that “these constitutional concerns do not prevent the CFPB from prosecuting this case and do not warrant dismissal of the Complaints.”  In reaching this conclusion, the Court adopted the reasoning of the panel decision of the D.C. Circuit in the PHH case, which held that the proper remedy for the constitutional violation was to strike the for-cause removal provision rather than dissolve the BCFP entirely.

Shortly after the District Court reached this decision, in December 2016, T3 Leads asked that the district court allow it to file an interlocutory appeal to the Ninth Circuit on several questions, including whether Judge Gutierrez correctly ruled with respect to the CFPB’s ability to continue prosecuting the case in light of its constitutionally deficient structure.  The BCFP opposed T3 Leads’s petition for interlocutory appeal. In March 2017, Judge Gutierriez ruled on that motion, allowing the interlocutory appeal to proceed on the constitutional question alone.  In May 2017, the Ninth Circuit granted the petition for interlocutory appeal.

Thereafter, the parties continued to actively litigate the district court case while at the same time pursuing the interlocutory appeal before the Ninth Circuit.  On July 25, 2018, the Ninth Circuit announced that the interlocutory appeal was being “considered for an upcoming oral argument.”  That same day, the BCFP and T3 Leads filed the notice of prospective settlement indicating that they had reached a tentative agreement and were likely to settle the matter.