The findings from the Consumer Financial Protection Bureau shed light on impacts to consumers who rely on major retailers’ credit programs. The Consumer Financial Protection Bureau found that 19% of retail cards had APRs above 35%.
Many credit cards offered by major retailers continue to charge exorbitant annual percentage rates (APRs), despite moves by the Federal Reserve to lower interest rates in the economy.
In a report released Wednesday, the Consumer Financial Protection Bureau found that 19% of retail cards had APRs above 35%, an interest rate that is at or near the legal cap for active-duty service members under the Military Lending Act. In December 2024, new cards offered by the top 100 retailers had an average private label APR of 32.66%.
There is no federal cap on interest rates. And while many states have usury laws, credit card issuers are often domiciled in states with more liberal rules about how much interest they can charge on a credit card.
The findings come as the Federal Reserve is set to lower interest rates for the third time this year as economic growth moderates and the job market cools.
The most direct impact from changes to the central bank’s federal funds rate is on the prime rate, which is the rate banks charge on loans to customers with good credit. That rate has declined from 8.5% in September to 7.75% today, and will decline further assuming the Fed announces an interest-rate cut on Wednesday.
Private-label cards tend to charge an APR based on the prime rate, plus a margin they deem necessary to cover their costs and maintain a profit. And some even ignore the prime rate altogether.
“As a result, the many cardholders charged APRs that are not based on the Prime Rate will not benefit from future cuts to the Prime Rate,” the CFPB said.
Earlier this year, the CFPB found these margins to be excessive — though that assertion has been disputed by the American Bankers Association, who say the high margins are necessary given changing market conditions.
The CFPB findings were part of a larger announcement about credit cards that also included a ruling that attempts to devalue credit card rewards programs, alongside the launch of a new tool allowing U.S. consumers to compare credit card offerings in a more transparent manner.
“Large credit card issuers too often play a shell game to lure people into high-cost cards, boosting their own profits while denying consumers the rewards they’ve earned,” said CFPB Director Rohit Chopra in a statement.
“When credit card issuers promise cashback bonuses or free round-trip airfares, they should actually deliver them,” he said. “The CFPB is taking aim at bait-and-switch tactics and promoting more competition in credit card markets to protect consumers and give people more choice.”
The CFPB remains under threat from members of the incoming Trump administration, including Elon Musk, who recently posted “Delete CFPB” on his X social media platform.
A top U.S. bank regulator added two banks to its so-called “problem bank” list in the third quarter, while overall industry profits dipped 8.6%, the regulator said.
The Federal Deposit Insurance Corporation typically does not identify firms that are added to the list, which includes banks that have received particularly low confidential scores from bank supervisors. FDIC Chairman Martin Gruenberg said the overall level of problem banks, now totaling 68 firms or 1.5% of all banks, is “not atypical.”
The total assets for banks on that list climbed $3.9 billion to $87.3 billion, the FDIC said.
On Thursday, the FDIC reported quarterly profits for the banking sector were down slightly after banks enjoyed a one-time surge in the prior quarter.
The slightly lower profits were primarily due to the fact that banks reported one-time gains on equity security transactions in the second quarter. But those missing funds were partially offset by strong net interest income and growing revenue, the regulator said in its quarterly profit report. Bank profits were up slightly when compared with first-quarter numbers.
“The banking industry continued to show resilience in the third quarter. Net interest income and the net interest margin increased substantially this quarter,” Gruenberg said in a prepared statement.
There were some signs of caution in the latest figures. The ratio of past-due or non-accrual loans in the commercial real estate sector ticked up to 2.07%, the highest level recorded since 2013, as borrowers continue to grapple with high levels of office vacancies following the COVID-19 pandemic.
Overall though, the latest FDIC report suggests stability in the banking sector. Net interest income rose by $4.5 billion in the quarter, the net interest margin was up for banks of all sizes, and deposits rose 1.1% to $194.6 billion. Unrealized losses on securities fell 29%, as overall interest rates fell.
Today, the Consumer Financial Protection Bureau (CFPB) sued the operator of Zelle and three of the nation’s largest banks for failing to protect consumers from widespread fraud on America’s most widely available peer-to-peer payment network. Early Warning Services, which operates Zelle, along with three of its owner banks—Bank of America, JPMorgan Chase, and Wells Fargo—rushed the network to market to compete against growing payment apps such as Venmo and CashApp, without implementing effective consumer safeguards. Customers of the three banks named in today’s lawsuit have lost more than $870 million over the network’s seven-year existence due to these failures.
The CFPB’s lawsuit describes how hundreds of thousands of consumers filed fraud complaints and were largely denied assistance, with some being told to contact the fraudsters directly to recover their money. Bank of America, JPMorgan Chase, and Wells Fargo also allegedly failed to properly investigate complaints or provide consumers with legally required reimbursement for fraud and errors. The CFPB is seeking to stop the alleged unlawful practices, secure redress and penalties, and obtain other relief.
Bank of America, N.A. is a national bank and subsidiary of the Bank of America Corporation, headquartered in Charlotte, North Carolina. As of June 30, 2024, Bank of America had over $2.5 trillion in consolidated total assets.
Zelle allows near-instant electronic money transfers through linked email addresses or U.S.-based mobile phone numbers, known as “tokens.” Users can create multiple tokens across different banks and quickly reassign them between institutions, a feature that has left consumers vulnerable to fraud schemes.
The CFPB alleges widespread consumer losses since Zelle’s 2017 launch due to the platform’s and the defendant banks’ failure to implement appropriate fraud prevention and detection safeguards. The CFPB alleges that Bank of America, JPMorgan Chase, Wells Fargo, and Early Warning Services violated federal law through critical failures including:
- Leaving the door open to scammers: Zelle’s limited identity verification methods have allowed bad actors to quickly create accounts and target Zelle users. For example, criminals often exploited Zelle’s design and features to link a victim’s token to the fraudster’s deposit account, which caused payments intended for the consumer’s account to instead flow to the fraudster account.
- Allowing repeat offenders to hop between banks: Early Warning Services and the defendant banks were too slow to restrict and track criminals as they exploited multiple accounts across the network. Banks did not share information about known fraudulent transactions with other banks on the network. As a result, bad actors could carry out repeated fraud schemes across multiple institutions before being detected, if they were detected at all.
- Ignoring red flags that could prevent fraud: Despite receiving hundreds of thousands of fraud complaints, the defendant banks have failed to use this information to prevent further fraud. They also allegedly violated the Zelle Network’s own rules by not reporting fraud incidents consistently or on time.
- Abandoning consumers after fraud occurred: Despite obligations under the Electronic Fund Transfer Act and Regulation E, the defendant banks failed to properly investigate Zelle customer complaints and take appropriate action for certain types of fraud and errors.
Published DEC 18, 2024
The Consumer Financial Protection Bureau (CFPB) announced major actions today to protect consumers from illegal credit card practices and help people save money on interest and fees. In a circular to other law enforcement agencies, the CFPB warned that some credit card companies operating rewards programs may be breaking the law, including by illegally devaluing rewards points and airline miles. The CFPB also published new research finding that retail credit cards—which typically offer store-specific rewards and loyalty programs—charge significantly higher interest rates than traditional cards. The CFPB further launched a new tool, Explore Credit Cards, to help consumers find the best credit card rates across both rewards cards and traditional cards. This first-of-its-kind tool enables consumers to compare more than 500 credit cards using unbiased, comprehensive data.
The CFPB’s actions arrive during the busy end-of-year shopping and travel season; for instance, retail card originations tend to be seasonal, peaking in November and December as retail sales volumes and promotions are high during the holidays.
CFPB Moves to Stop Credit Card Rewards Program Schemes
The circular released by the CFPB addresses practices in credit card rewards programs, which companies increasingly use to encourage consumers to apply for and use specific cards. Since 2019, more than 90 percent of general-purpose credit card spending occurred on rewards cards. In today’s marketplace, credit card issuers often promise cash, points, and miles sign-up bonuses to consumers, as well as rewards for certain types of spending. Consumers have reported to the CFPB that these rewards can be difficult to redeem or are sometimes devalued by policy changes by partners. Read more
Today, the Consumer Financial Protection Bureau (CFPB) issued a report on the experiences of homeowners dealing with their mortgage company after divorce or the death of an original borrower. Many homeowners report that their servicers push them to take on new, higher-interest loans instead of keeping their existing mortgage. Homeowners also report recurring requests from servicers for the same or updated documents extending over months and sometimes years, at the same time they are dealing with the death of a loved one or a divorce. Domestic violence survivors face additional challenges, including mortgage companies continuing to send critical mortgage information to the abuser and thus putting the survivor’s safety at risk. Servicers generally blame investor requirements, processing volumes, or “systems issues,” rather than taking responsibility for their shoddy customer service.
Each year, many Americans become homeowners following the death of a spouse or family member, or through divorce. If there is a mortgage on the home, these homeowners must make sure the mortgage payments are made on time to avoid foreclosure. Federal rules and mortgage program guidelines require servicers to help these successor homeowners get information on the existing mortgage, including how to make payments and evaluation for help making their payments through a loan modification, if necessary. Homeowners who want to modify their loan payments or remove a borrower from the mortgage must typically accept legal responsibility for the payments or “assume” the mortgage, and they may need to go through an investor or federal mortgage agency’s underwriting process. Read more
Today, the Consumer Financial Protection Bureau (CFPB) finalized a rule mandated by Congress that applies existing residential mortgage protections to Property Assessed Clean Energy (PACE) loans. PACE loans are used by homeowners for clean energy upgrades and disaster readiness that are paid back through their property tax bills. Because of concerns about subprime-style lending that puts homeowners at risk of losing their home, Congress required the CFPB to enhance protections.
The rule will ensure that PACE borrowers have the right to receive standard mortgage disclosures that allow them to compare the cost of the PACE loan with other forms of financing, and the lender will be responsible for ensuring that the borrower is not set up to fail with an unaffordable loan.
Most PACE loans are marketed to homeowners, typically through door-to-door sales, by a company who brokers financing and contracts for clean energy installation or other home improvements. These companies may promise that the improvements will pay for themselves with energy savings or through enhanced disaster preparedness.
While PACE financing can provide quick cash for home improvements, CFPB research shows that:
- Most PACE borrowers are eligible for other forms of financing, often at much cheaper rates than PACE loans.
- PACE loans caused borrowers’ property taxes to increase by about $2,700 per year or an 88 percent increase.
- PACE borrowers were more likely to fall behind on their first mortgage than people who chose not to finance home improvements with PACE.
- PACE loans tend to be more expensive – around five percentage points higher — than first mortgages, even though PACE loans get paid at a foreclosure sale before first mortgages. Read more
Published
Today, the CFPB issued a Final Rule related to residential Property Assessed Clean Energy (PACE) transactions.
The final rule:
- amends Regulation Z’s exclusion of tax assessments and tax liens from the definition of credit to clarify that voluntary tax assessments and tax liens, such as PACE financing, are not excluded under TILA and Regulation Z;
- recognizes PACE financing as meeting the definition of credit under TILA and Regulation Z;
- prescribes ability-to-repay requirements for residential PACE financing; and
- makes other amendments and exemptions to make clear how other rules in Regulation Z apply to PACE financing.
The Final Rule includes model Loan Estimate and Closing Disclosure forms to be used to comply with the TILA-RESPA Integrated Disclosure (TRID) Rule for PACE transactions.
You can access the Final Rule, the Executive Summary, and the TRID forms here: www.consumerfinance.gov/compliance/compliance-resources/mortgage-resources/property-assessed-clean-energy-pace-transactions/.
CFPB Uncovers Illegal Practices Across Student Loan Refinancing, Servicing, and Debt Collection
The Consumer Financial Protection Bureau (CFPB) released a special edition of its Supervisory Highlights describing a range of unlawful activities identified by CFPB examiners across student loan markets. The report covers violations related to student loan refinancing, private lending and servicing, debt collection, and federal loan servicing.
“Companies break the law when they mislead student borrowers about their protections or deny borrowers their rightful benefits,” said CFPB Director Rohit Chopra. “Student loan companies should not profit by violating the law.”
Student loans represent the second-largest form of U.S. consumer debt at more than $1.7 trillion in total outstanding balances. Within the past year, many student borrowers faced challenges, including as 28 million federal student loan borrowers returned to repayment following the end of the COVID-19 payment pause. Today’s report details how CFPB examiners identified instances of companies engaging in illegal practices across student loan markets, including:
- Lenders misleading borrowers and failing to carry out their instructions for refinancing: Refinancing or consolidating federal loans through a private lender results in the loss of important federal protections. CFPB examiners found that lenders gave misleading impressions that borrowers who refinance might not lose access to federal loan cancellation programs. Lenders also failed to re-amortize consolidated loans following borrowers’ requests to exclude federal loans.
- Private lenders deceiving borrowers or denying benefits: Supervision found that lenders unfairly denied discharge applications for borrowers who were eligible based on Total and Permanent Disability status. Lenders also inaccurately claimed certain borrowers were ineligible for autopay discounts or falsely advertised to borrowers that they could suspend their loan payments if they lost their job but later eliminated this benefit. Read more
Today, the CFPB issued a final rule that amends Regulations Z and E to ensure that extensions of overdraft credit offered by very large financial institutions adhere to consumer protections required of similarly situated products, unless the overdraft fee is at or below the institution’s costs and losses.
The CFPB also issued an unofficial redline and executive summary of the final rule.
You can read the final rule, the unofficial redline, and the executive summary here: www.consumerfinance.gov/compliance/compliance-resources/deposit-accounts-resources/overdraft-lending-very-large-financial-institutions/.
The Consumer Financial Protection Bureau (CFPB) took action to close an outdated overdraft loophole that exempted overdraft loans from lending laws. The agency’s final rule on overdraft fees applies to the banks and credit unions with more than $10 billion in assets that dominate the U.S. market. The reforms will allow large banks several options to manage their overdraft lending program: they can choose to charge $5; to offer overdraft as a courtesy by charging a fee that covers no more than costs or losses; or continue to extend profit-generating overdraft loans if they comply with longstanding lending laws, including disclosing any applicable interest rate. The final rule is expected to add up to $5 billion in annual overdraft fee savings to consumers, or $225 per household that pays overdraft fees.
“For far too long, the largest banks have exploited a legal loophole that has drained billions of dollars from Americans’ deposit accounts,” said CFPB Director Rohit Chopra. “The CFPB is cracking down on these excessive junk fees and requiring big banks to come clean about the interest rate they’re charging on overdraft loans.”
Today’s action closes the large bank regulatory loophole that exempted overdraft fees as a finance charge. When Congress passed the Truth in Lending Act (TILA) in 1968, many families used mail to send and receive checks, and were subject to various bank processing times in order for their deposits and withdrawals to clear. In 1969, the Federal Reserve Board exempted banks from TILA protections for infrequent cases where a bank was honoring a check that had not cleared and subjected the customer to overdraft fees. At the time, overdraft services were not considered profit drivers but courtesy services extended by the bank when, for instance, a paper check sent through the mail may have arrived late.
Over the past few decades, these highly profitable overdraft loans have increased consumer costs by billions of dollars. The loans have also led to tens of millions of consumers losing access to banking services, as well as facing negative credit reporting that has prevented them from opening another account in the future. Read more
Prior to joining my credit union, I spent four years on the other side of the conference room table as a National Credit Union Administration examiner. [Insert examiner joke here]. Although that job wasn’t always sunshine and rainbows, I learned so much during that time that has helped me to be successful in my current role.
Here are five things I learned as an examiner turned credit union CEO:
“All credit unions are different credit unions”
I’m a big fan of Ted Lasso quotes. Once Coach Beard reminded him that he had said “All people are different people”. So it is with credit unions. We have different fields of membership, board members with different backgrounds, different membership and community needs, and different management styles. Our regulators shouldn’t use a “one size fits all” approach, and we shouldn’t be afraid to be unique and creative in how we serve our members.
Risk management does not mean ensuring there is zero risk
According to the NCUA Examiner’s Guide, “Risk management involves understanding, analyzing, and mitigating risk to enable a credit union to achieve its objectives, while also managing risk in proportion to its ability to absorb potential losses.” Once again, all credit unions are different credit unions. We treat risk differently, but we take on risk to return a reward to our members. Most of the time the risk pays off, sometimes it doesn’t. As long as we operate safely and soundly, it is up to the board and management team at the credit union to decide and communicate our Risk Appetite, Risk Management Philosophy, and Control Environment.
Communication and transparency
I started working for NCUA in 2010 as we were still dealing with the effects of the Great Recession. NCUA and other regulatory agencies were playing catch up on issuing guidance on how to deal with unprecedented conditions. In 2010 alone, NCUA issued 47 Letters to Credit Unions and Regulatory Alerts. Sometimes I would get a call from a credit union asking about new guidance that I hadn’t even heard about. With some feedback, NCUA decided they should give examiners a heads-up when sending out new guidance. Open communication was also vital during exams with the management team, supervisory committee, and board members. I use that same standard as I communicate with my team, board members, and regulators.
Cooperation among cooperatives
I experienced the principle of “cooperation among cooperatives” first-hand as an examiner. I learned that credit unions talked to each other. They knew where we were. They knew the latest thing we were focused on. They knew who the ‘reasonable’ examiners were. The thing is, this made my job easier. Credit unions benefited from this shared information and came prepared with answers and reports that they knew were coming. I take advantage of this valuable resource in my role today. Sometimes I’m the guinea pig and sometimes I am the beneficiary of someone else’s experience, but overall, this network can create a smoother experience for everyone.
Credit union volunteers are awesome
I examined credit unions all over the country and interacted with several board and supervisory committee members. Whether they represented large or small credit unions in big cities or rural areas, these volunteers had a passion for credit unions. I remember one Joint Conference after an exam when the discussion got a little ‘heated.’ Afterwards one of the board members came up to me and apologized. I remember telling him not to worry, I appreciated his involvement and concern for what was going on. I would much rather talk with board members that care enough to engage with us that way than board members that just blindly agree. I’m lucky now to work for a board that takes their role seriously. They challenge me. They look out for our members and our staff. They understand our credit union’s mission and vision, and occasionally remind our examiners about that mission and vision.
I value all I was able to learn as an NCUA examiner. Most of all, it introduced me to the credit union movement and a career that I love. I appreciate all the credit union leaders that patiently showed me how to be a leader in this movement, and even now I appreciate our examiners for the work they do to make sure we continue to serve our members safely and soundly.
OP-ED Brian Lee, President & CEO, Landings Credit Union; Tyfone link to article. Lee joined the $241 million-asset Landings Credit Union in Tempe, Arizona, after working as an examiner for the NCUA and as an auditor for a public accounting firm.
FinCEN Issues Spanish Translations of Alert and In-Depth Analysis on Nationwide Surge in Mail Theft-Related Check Fraud Schemes Targeting the U.S. Mail
Today, the Financial Crimes Enforcement Network (FinCEN) is issuing Spanish translations of its February 2023 alert to financial institutions on the nationwide surge in check fraud schemes targeting the U.S. Mail and its September 2024 Financial Trend Analysis (FTA) on mail theft-related check fraud incidents based on Bank Secrecy Act data filed in the six months following the publication of the alert. These translations are intended to further support financial institutions located in predominantly Spanish-speaking communities and support law enforcement’s outreach to such communities impacted by this fraud.
Fraud, including check fraud, is the largest source of illicit proceeds in the United States and is one of FinCEN’s Anti-Money Laundering/Countering the Financing of Terrorism National Priorities.
Financial institutions with questions about the content of the alert and FTA should contact FinCEN’s Regulatory Support Section at [email protected].
Financial Trend Analysis: https://fincen.gov/sites/default/files/2024-12/FTA-Check-Fraud-Translation-FINAL508.pdf
- Financial Institutions
-
Casinos
-
Depository Institutions
-
Insurance Industry
-
Money Services Businesses
-
Mortgage Co/Broker
-
Precious Metals/Jewelry Industry
-
Securities and Futures
- Federal Deposit Insurance Corporation
- Federal Reserve Board
- Office of the Comptroller of the Currency
The federal bank regulatory agencies today announced their third notice requesting comment to reduce regulatory burden. The Economic Growth and Regulatory Paperwork Reduction Act of 1996 requires the Federal Financial Institutions Examination Council and federal bank regulatory agencies to review their regulations at least once every 10 years to identify outdated or otherwise unnecessary regulatory requirements for their supervised institutions.
To facilitate this review, the agencies divided their regulations into 12 categories and are now soliciting comments on their regulations for three categories: Rules of Procedure, Safety and Soundness, and Securities. The public has 90 days from publication in the Federal Register to comment on the relevant regulations.
The agencies will request comment on regulations in the remaining categories in 2025, asking the public to identify the regulations they believe are outdated, unnecessary, or unduly burdensome.
The agencies will hold a series of outreach meetings where interested parties may comment on applicable regulatory requirements directly to the agencies. Information about the outreach meetings will be publicized as details are finalized.
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, has released crucial guidance for monitoring networks and hardening devices.
This initiative comes in response to a widespread cyber espionage campaign attributed to a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers. The newly published Cybersecurity Information Sheet (CSI), titled “Enhanced Visibility and Hardening Guidance for Communications Infrastructure,” offers a comprehensive set of best practices aimed at strengthening network visibility and security.
Moreover, the analysts at NSA identified that this guidance is primarily designed for network engineers and defenders of communications infrastructure but is also applicable to organizations operating on-premise enterprise equipment.
Significance of the Guidance
The CSI outlines several critical measures to enhance network security:-
- Improved Visibility: The guidance emphasizes the importance of maintaining detailed insight into network traffic, user activity, and data flow.
- Device Hardening: Recommendations include disabling unused protocols, secure password management, and limiting management connections.
- Timely Updates: Regular patching and upgrading of devices are stressed as crucial steps in maintaining security.
- Enhanced Logging: The CSI advises logging all configuration changes and management connections, with alerts set for unexpected activities.
- Strong Cryptography: Only allowing strong cryptographic protocols is highlighted as a key security measure.
Dave Luber, NSA Cybersecurity Director, underscored the importance of vigilance, stating, “Always have eyes on your systems and patch and address known vulnerabilities before they become targets”.
This guidance is particularly significant given the sophisticated nature of the cyber threats targeting exposed services, unpatched devices, and under-secured environments. The document also provides specific hardening practices for Cisco operating systems, which were identified as targets in this cyber campaign. This tailored advice demonstrates the comprehensive and practical approach of the guidance.
CISA Executive Assistant Director for Cybersecurity, Jeff Greene, emphasized the serious threat posed by PRC-affiliated cyber activity to critical infrastructure, government agencies, and businesses. The collaborative effort in producing this guidance, involving multiple U.S. agencies and international partners, highlights the global nature of the cybersecurity challenge and the need for coordinated responses.
By implementing these recommendations, organizations can significantly improve their ability to detect, prevent, and respond to cyber incidents, which will enhance the overall security of global communications infrastructure.
Tushar Subhra Dutta, Cyber Security News
CFPB Announces Return of $1.8 Billion in Illegal Junk Fees to 4.3 Million Americans Harmed in Massive Credit Repair Scheme
The Consumer Financial Protection Bureau (CFPB) is distributing $1.8 billion to 4.3 million consumers charged illegal advance fees or subjected to allegedly deceptive bait-and-switch advertising by a group of credit repair companies including Lexington Law and CreditRepair.com. Together, the payments constitute the largest-ever distribution from the CFPB’s victims relief fund, which is funded by civil penalties paid by companies that violate consumer protection laws.
In August 2023, the CFPB secured a legal judgment against the credit repair conglomerate, after a district court ruled that the companies had violated the Telemarketing Sales Rule’s advance fee prohibition. Under federal law, credit repair companies that engage in telemarketing cannot collect fees until they provide documentation showing they have achieved the promised results for consumers, at least six months after the results were achieved.
Following the district court’s ruling, the companies filed for Chapter 11 bankruptcy protection, shuttering approximately 80 percent of their business operations, including their telemarketing call centers. The CFPB’s $1.8 billion distribution to consumers harmed by the credit repair companies is a result of the agency’s enforcement action. Read more
The proposed rule would amend Regulation V to implement FCRA definitions of consumer report and consumer reporting agency, as well as certain other FCRA provisions, to, among other things, ensure that FCRA protections are applied to sensitive consumer information that the statute was designed to protect, including information sold by data brokers.
The CFPB also released a Fast Facts Summary of the proposed rule.
You can access the Notice of Proposed Rulemaking and Fast Facts Summary here: www.consumerfinance.gov/compliance/compliance-resources/other-applicable-requirements/fair-credit-reporting-act/
CFPB Proposes Rule to Stop Data Brokers from Selling Sensitive Personal Data to Scammers, Stalkers, and Spies
The Consumer Financial Protection Bureau (CFPB) today proposed a rule to rein in data brokers that sell Americans’ sensitive personal and financial information. The proposed rule would limit the sale of personal identifiers like Social Security Numbers and phone numbers collected by certain companies and make sure that people’s financial data such as income is only shared for legitimate purposes, like facilitating a mortgage approval, and not sold to scammers targeting those in financial distress. The proposal would make clear that when data brokers sell certain sensitive consumer information they are “consumer reporting agencies” under the Fair Credit Reporting Act (FCRA), requiring them to comply with accuracy requirements, provide consumers access to their information, and maintain safeguards against misuse.
The data broker industry collects and sells detailed information about Americans’ personal lives and financial circumstances to anyone willing to pay. The CFPB’s proposal would ensure data brokers comply with federal law and address critical threats from current data broker practices, including:
- National security and surveillance risks: Countries of concern, like China and Russia, can purchase detailed personal information about military service members, veterans, government employees, and other Americans for pennies per person. This enables the creation of detailed dossiers for potential espionage, surveillance, or blackmail operations, allowing relatively small investments to be leveraged into mass surveillance operations.
- Criminal exploitation: Identity thieves and scammers purchase detailed financial profiles to target vulnerable consumers, particularly seniors and financially distressed individuals. These criminals can use this data to execute sophisticated fraud schemes and steal retirement savings, often targeting Americans who can least afford the losses.
- Violence, stalking, and personal safety threats to law enforcement personnel and domestic violence survivors: The availability of sensitive contact information poses risks to those who are targeted for their profession, such as judges, police officers, prosecutors, and other government employees. Domestic violence survivors also face grave dangers when their current addresses and phone numbers are readily available for purchase through data brokers. Several states have already had to take action to protect judges and law enforcement officers after violent incidents, including the 2020 murder of a federal judge’s son by an attacker who purchased her home address.
To address these risks, the proposed rule would:
- Treat data brokers just like credit bureaus and background check companies: Companies that sell data about income or financial tier, credit history, credit score, or debt payments would be considered consumer reporting agencies required to comply with the FCRA, regardless of how the information is used.
- Protect consumers’ personal identifiers from abuse and misuse: When consumer reporting agencies collect information like names, addresses, or ages for credit reports, any subsequent sale of that information would be covered by the FCRA’s protections.
- Require clear consumer consent for data sharing: Under the proposed rule, companies relying on consumers’ consent to obtain or share a consumer’s credit report would need separate, explicit authorization to do so, rather than burying permissions in fine print.
These changes would significantly limit the ability of data brokers to sell sensitive contact information that could be used to target, harass, or dox individuals seeking privacy protection, including domestic violence survivors. The proposed rule would preserve existing pathways created by the FCRA for government agencies to access consumer report information for legitimate law enforcement, counterterrorism, and counterintelligence purposes.
Congress enacted the FCRA, one of the first data privacy laws in the world, in 1970 to, among other things, strictly limit the use of personal data by a growing data surveillance industry. The CFPB’s proposed rule would ensure that the FCRA’s strong privacy protections safeguard consumers from modern day data brokers that rely on emerging technologies and newer business models to collect and sell consumer data.
The CFPB developed this proposed rule based on extensive market monitoring that revealed widespread evasion of consumer protections. The agency found that data brokers routinely sidestep the FCRA by claiming they aren’t subject to its requirements – even while selling the very types of sensitive personal and financial information Congress intended the law to protect. This proposed rule would further Congress’s goal of protecting Americans’ privacy and financial information.
The proposed rule is part of a broader government-wide initiative to protect Americans’ sensitive personal data, complementing recent Executive Orders and actions by other federal agencies. In October, the Department of Justice proposed a rule to prevent access to Americans’ sensitive personal data by Russia, Iran, China, and other countries of concern.
CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”
The Consumer Financial Protection Bureau (CFPB) today finalized a rule to supervise the largest nonbank companies offering digital funds transfer and payment wallet apps. The rule will help the CFPB to ensure that these companies – specifically those handling more than 50 million transactions per year – follow federal law just like large banks, credit unions, and other financial institutions already supervised by the CFPB. The CFPB estimates that the most widely used apps covered by the rule collectively process over 13 billion consumer payment transactions annually.
While banks and credit unions offering consumer payment services are subject to CFPB supervisory examinations, many of these very large technology firms handling billions of transactions are not. The CFPB has closely observed developments in this emerging market, including by monitoring consumer complaints and launching an inquiry into Big Tech and peer-to-peer platforms offering popular payment apps. The final rule will enable to the CFPB to supervise companies in key areas including:
- Privacy and Surveillance: Large technology companies are collecting vast quantities of data about an individual’s transactions. Federal law allows consumers to opt-out of certain data collection and sharing practices, and also prohibits misrepresentations about data protection practices.
- Errors and Fraud: Under longstanding federal law, consumers have the right to dispute transactions that are incorrect or fraudulent, and financial institutions must take steps to look into them. The CFPB is particularly concerned about how digital payment apps can be used to defraud older adults and active duty servicemembers. Some popular payment apps appear to design their systems to shift disputes to banks, credit unions, and credit card companies, rather than managing them on their own.
- Debanking: Given the volume of payments consumers make through many popular payment apps, consumers can face serious harms when they lose access to their app without notice or when their ability to make or receive payments is disrupted. Consumers have reported concerns to the CFPB about disruptions to their lives due to closures or freezes.
In the final rule, the CFPB made several significant changes from its initial proposal. The transaction threshold determining which companies require supervision is now substantially higher, at 50 million annual transactions. Given the evolving market for digital currencies, the CFPB also limited the rule’s scope to count only transactions conducted in U.S. dollars.
CFPB Supervision has also created a supervision technology program which assesses, among other things, technology and technology controls and its impact on compliance with Federal consumer financial law.
Today’s final rule is the sixth rulemaking by the CFPB to define larger participants operating in markets for consumer financial products and services. The first five rules covered larger participants in consumer reporting, consumer debt collection, student loan servicing, international money transfers, and automobile financing.
The rule will be effective 30 days after publication in the Federal Register. Read the final rule.
Read more
CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”
The Consumer Financial Protection Bureau (CFPB) today released the annual report of the CFPB Student Loan Ombudsman, highlighting the severe difficulties reported by student borrowers due to persistent loan servicing failures and program disruptions. The report details how millions of student borrowers have received relief through new income-driven repayment plans, cancellation programs, and various adjustments and program automation processes. However, borrowers tell the CFPB how servicing breakdowns, including inaccurate information provided by servicers, improperly processed payments, and delayed income driven payment applications have stymied their return to repayment.
Today’s report focuses on the 2023-2024 Award Year (July 1, 2023 – June 30, 2024) and analyzes more than 18,000 student borrower complaints—the highest complaint volume the CFPB has received since it began collecting student borrower complaints in March 2012. Many of the servicer failures detailed in these complaints are persistent problems that have been well-documented by the CFPB, including errors with billing and auto pay, servicers providing incorrect information about accounts and repayment options, and months-long delays in the processing of income-driven repayment applications.
During the past year, 28 million federal student loan borrowers returned to repayment following the end of the COVID-19 payment pause. To assist struggling borrowers, the Department of Education implemented reforms resulting in billions of dollars in loan cancellation for almost 5 million borrowers and restored eligibility for 3 million formerly defaulted borrowers. However, servicing failures and legal challenges have hampered the implementation of critical loan relief efforts, including the Saving on a Valuable Education (SAVE) plan. Today’s report details challenges facing student borrowers, including:
- Servicer failures are causing borrowers to pay inflated amounts that jeopardize their financial well-being: Borrowers described problems with billing, including inaccurate or late statements; errors with auto pay, including thousands of dollars incorrectly debited from accounts; and payments that were not properly applied to their balances. They also said servicers failed to give accurate guidance about income-driven repayment plans and imposed costly delays in processing refunds and applications for loan relief. For example, borrowers reported delays of nine months or more in receiving large refunds of up to $60,000. Among the dozens of individual consumer disputes highlighted in the report, there was an average of more than $14,000 disputed per borrower. These servicing issues are resulting in borrowers having difficulty meeting their other financial obligations like rent and car payments, being shut out of mortgages and homeownership, and forgoing saving for retirement, among other financial difficulties.
- Legal challenges to the SAVE program are delaying loan relief: Because of ongoing litigation, enrollment in and implementation of SAVE is on hold. The eight million borrowers already enrolled in SAVE are no longer able to make payments, enroll in most other income-driven repayment plans, or gain credit towards cancellation while the litigation is ongoing. The hundreds of thousands of additional borrowers waiting to enroll in income-driven repayment plans are similarly left with few options.
- Customer service “doom loops” and inaccurate communications are harming borrowers: Student borrowers reported encountering customer service problems such as website access issues. Borrowers reported being shuffled between servicers repeatedly without receiving help, waiting months for responses, and receiving inaccurate or misleading communications, such as miscalculated payment amounts and inaccurate due dates. Across the consumer complaint narratives highlighted in the report, borrowers waited an average of eight months for servicers to resolve their issues. Read more
The Financial Crimes Enforcement Network (FinCEN) recently updated its Frequently Asked Questions (FAQs) regarding the Beneficial Ownership Information (BOI) Reporting Rule. The October 3, 2024 FAQ updates provided crucial clarifications on several aspects of the FinCEN rules. This summary highlights certain of the new and updated FAQs that we think will most greatly impact parties as they assess their filing obligations.
Access to Information (A.3 and A.6)
In updated FAQ A.3, FinCEN clarifies who may access filed information, including:
- federal governmental agencies engaged in national security, intelligence or law enforcement;
- officials at the Department of the Treasury;
- state, local and tribal law enforcement agencies with court authorization;
- foreign law enforcement and other parties by request through a U.S. federal agency for authorized activities related to national security, intelligence and law enforcement;
- financial institutions with due diligence obligations under applicable law; and
- federal regulators or other appropriate regulatory agencies that supervise or assess financial institutions.
In addition, in new FAQ A.6, FinCEN clarifies that filed beneficial ownership information reported to FinCEN is exempt from disclosure under the Freedom of Information Act (FOIA).
Conversion and New Reporting Requirements (C.18)
New FAQ C.18 addresses whether converting from one entity type to another (e.g., an LLC to a corporation) creates a new domestic reporting company requiring an initial BOI report. FinCEN clarified that the question of whether a conversion creates a “new” domestic reporting company depends on whether or not the applicable state or tribal law considers the conversion as creating a new entity. If a new entity is, in fact, created, that entity must file an initial BOI report. FinCEN further clarified that even if the conversion does not create a new entity, the converted entity may need to submit an updated BOI report to reflect changed information (e.g., the legal name or jurisdiction of formation). For example, if “Company, Inc.” converted to an LLC (but applicable state or tribal law considers the new entity to be a continuation of the old entity), its name may have changed to “Company, LLC,” and thus it may be required to file an updated BOI report because the name change is a change to required information previously submitted to FinCEN. Similarly, if a reporting company changes its jurisdiction of formation (for example, by ceasing to be a California corporation and becoming instead a Texas corporation), it must submit an updated BOI report to FinCEN.
This FAQ highlights the importance of reviewing state or tribal law and promptly updating BOI reports after conversions.
Defining Beneficial Owners and Substantial Control (D.1)
Two new subparts to FAQ D.1 clarify that (a) an individual can be a beneficial owner through substantial control, ownership or both, (b) there is no maximum number of beneficial owners who must be reported and (c) every reporting company is expected to have at least one beneficial owner due to substantial control.
Beneficial Ownership in Community Property States (D.18)
New FAQ D.18 addresses beneficial ownership in community property states. It clarifies that if state law dictates that both spouses own or control at least 25% of a reporting company’s equity interests, then both should be reported as beneficial owners unless an exception applies. This FAQ highlights the need to consider state-specific marital property laws when determining beneficial ownership.
Pooled Investment Vehicles (L.10)
New FAQ L.10 addresses the pooled investment vehicle (PIV) exemption, and whether a company would qualify for the PIV exemption if it is operated or advised by certain specific types of exempt reporting adviser (ERA). FinCEN notes that the PIV exemption from the beneficial ownership information reporting requirements only applies to PIVs operated or advised by certain types of entities, including (a) an investment adviser registered with the Securities and Exchange Commission (SEC) under the Investment Company Act of 1940 or the Investment Advisers Act of 1940, and (b) an ERA relying on the “venture capital fund adviser” exemption. The FAQ clarifies that PIVs managed by other types of ERAs (or advisers registered with states) are not exempt from the BOI reporting requirements.
Large Operating Company Exemption and Personal Residences (L.11)
New FAQ L.11 addresses the large operating company exemption for companies run from personal residences, clarifying that to qualify for such exemption, a company operating from a personal residence must itself rent or own the space used for business and that this space must be physically distinct from any other unaffiliated entity’s place of business. The company also must meet the other requirements for the exemption, such as having (a) more than 20 full-time employees and (b) over $5 million in gross receipts or sales in the prior year as reflected on the company’s tax return.
Subsidiary Exemption Clarifications
Updated FAQ L.6 clarifies the criteria necessary for reliance on the subsidiary exemption. In a prior version of FAQ L.6, FinCEN provided that a reporting company only qualifies for the subsidiary exemption if its ownership interests are 100% owned or controlled by one or more exempt entities (such that partial control by an exempt entity, with the remaining interests controlled by a non-exempt entity or an individual, would not suffice for purposes of the exemption).
The updated FAQ notes that the subsidiary exemption applies even if the subsidiary’s parent entities are exempt from the BOI reporting requirements for different reasons (e.g., one parent is an exempt large operating company and the other is an exempt public utility); provided that all of the subsidiary’s ownership interests are owned or controlled by specified exempt entities. Note that not all exemption types are listed (as eligible parents). The updated FAQ also clarifies that the exempt parent entities need not be affiliated with each other in order to qualify for the exemption.
Conclusion
The October 3, 2024 FinCEN updates provide valuable guidance on beneficial ownership reporting. Businesses and legal professionals should carefully review these FAQs and ensure that their compliance practices align with the latest FinCEN interpretations. Staying informed about these updates is crucial for navigating the evolving landscape of FinCEN reporting and minimizing potential reporting errors.
The National Credit Union Administration (NCUA) Board held its eighth open meeting of 2024 and approved the Central Liquidity Facility’s budget for 2025–2026. The Board also received a briefing on the performance of the National Credit Union Share Insurance Fund for the third quarter of 2024.
Central Liquidity Facility Budget Approved
The Board unanimously approved the 2025–2026 Central Liquidity Facility’s budget of $2,307,863 for 2025 and $2,448,263 for 2026.
“The CLF is a beneficial tool, and it should be part of any credit union’s liquidity risk management plans for a variety of contingencies, not merely during times of crises,” NCUA Chairman Todd M. Harper said. “Although it’s not required by our rules, having small and mid-sized credit unions with less than $250 million in assets join the CLF provides them access to this vital federal liquidity backstop during times of stress. Once markets freeze up, it’s difficult for institutions to quickly access emergency liquidity from market sources. Joining the CLF in advance of a liquidity event can better assist credit unions of all sizes to navigate unanticipated market situations.”
The CLF currently has 431 regular members and 11 corporate credit union correspondents. The CLF’s capacity stands at $21.7 billion compared to $20.1 billion approximately one year ago.
“While the CLF is growing in capacity, the congressional restoration of the expired CLF statutory enhancements — like the agent-membership provisions for corporate credit unions to serve a subset of their members — would serve the whole system well,” said Chairman Harper. “That’s why the NCUA Board continues to call upon Congress to reinstate these provisions. In fact, we’re unanimous in our views here.”
The 2025–2026 CLF budget justification is available on the NCUA’s website(Opens new window). The document includes information on the spending categories, sources and uses of funds, and planned activities.
Number of CAMELS Code 4 and 5 Credit Unions Increase in Third Quarter
The Chief Financial Officer briefed(Opens new window) the NCUA Board on the performance of the Share Insurance Fund for the quarter ending on September 30, 2024. The Share Insurance Fund reported a net income of $72.2 million for the third quarter of 2024, $22.6 billion in assets, and $145.8 million in total income for the third quarter of 2024.
“Overall, the Share Insurance Fund’s performance in the third quarter of 2024 was strong. Yet, we continue to find ourselves in a good news, bad news scenario,” Chairman Harper said. “Since December 2022 until today, the fund has experienced a nearly $1 billion dollar increase. This change resulted in the fund’s total assets reaching nearly $22.6 billion. Adding to the financial strength of the fund, quarterly investment income has risen a healthy $12 million since the first quarter of 2024.”
The Chairman added, “We continue to see signs of financial strain on credit union balance sheets and consumer financial stress. And, we’re seeing this play out in the number of credit unions and the percentage of assets held by composite CAMELS code 3, 4, and 5 credit unions. Of greatest concern for me has been the large number of troubled CAMELS code 4 and 5 credit unions, especially the nine troubled complex credit unions with more than $500 million in assets. These conditions are another reason why our supervision of these and all federally insured credit unions must remain risk focused. They also highlight the need for the NCUA’s examiners to be ready to act expeditiously when identifying problems.”
Additionally, for the third quarter of 2024:
- The number of composite CAMELS code 3 credit unions decreased in second quarter from 743 to 730 at the end of the third quarter. Assets for these credit unions decreased from the second quarter to $189.8 billion from $191.1 billion.
- The number of composite CAMELS codes 4 and 5 credit unions increased in second quarter from 136 to 138 at the end of the third quarter. Assets for these credit unions decreased from $19.6 billion to $19.1 billion.
As of the end of the third quarter of 2024, two federally insured credit union failures cost the Share Insurance Fund approximately $2 million in losses.
The third quarter figures are preliminary and unaudited. Additional information on the performance of the Share Insurance Fund is available on the NCUA’s website.