NASCUS Committee Participation Form

NASCUS Committee Signup
Please check the boxes for committees you are interested in joining. (See descriptions below)
The Legislative & Regulatory Affairs Committee (L&R Committee)

Our largest committee, consisting of over 70 members, is comprised of individuals from various segments of our membership, including regulators, credit unions, leagues, and associate members. This committee convenes on the first Wednesday of each month at 3 pm (EST) for a one-hour session to address significant issues facing our system. Additionally, this committee holds in-person meetings during our Annual NASCUS State System Summit (S3).

Furthermore, the committee plays a vital role in reviewing NASCUS comment letters, providing an open forum where any member can raise concerns or issues, and organizing special calls on topics like litigation trends and cryptocurrencies. Importantly, there is no limit on committee membership, and multiple individuals from the same credit union are welcome to participate.

The CDFI, MDI, and LICU Issues Committee

This committee, which is open to all NASCUS members, concentrates on raising awareness about the unique designations within the credit union sector, namely Community Development Financial Institution (CDFI), Minority Depository Institution (MDI), and Low-Income Credit Union (LICU). It also aims to identify advocacy objectives that NASCUS can pursue to enhance the significance of these special designations. The CDFI/MDI/LICU Issues Committee convenes every other month.

The Education Committee

This committee supervises NASCUS’s programs related to professional development, training, and education. It plays a crucial role in suggesting the educational requirements of the credit union system. It assesses NASCUS’s continuous professional development initiatives by examining program agendas, post-conference evaluations, and financial aspects of events. While membership on the Education Committee is available to all membership categories, it is limited to a maximum of eight participants.

If you have additional questions on how to participate with NASCUS Committees, please contact Shellee Mitchell.

Summary re: CFPB Request for Information Regarding Consumer Credit Card Market 

Docket No. CFPB-2023-0009

Section 502(a) of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act or Act) requires the Consumer Financial Protection Bureau (CFPB) to conduct a review of the consumer credit card market, within limits of its existing resources available for reporting purposes.  In connection with conducting that review, and in accordance with Section 502(a) of the Act, the CFPB is soliciting information from the public about a number of aspects of the consumer credit card market.

Comments must be received no later than April 24, 2023.  The RFI can be accessed here.

Summary:

The CARD Act was signed into law in May 2009.  The Act was intended to “establish fair and transparent practices related to the extension of credit” in the credit card market. 

Section 502(a) of the CARD act requires the CFPB to conduct a review, within the limits of its existing resources available for reporting purposes, of the consumer credit market every two years.  The CFPB published its last review in September 2021. To inform its next review, the CFPB invites members of the public, including consumers, credit card issuers, industry analysts, consumer groups and other interested parties to submit information and other comments relevant to the questions posed as well as any additional information they believe is relevant to a review of the credit card market.

The CFPB seeks information from members of the public about how the credit card market is functioning. Specifically, the CFPB seeks comments on the experiences of consumers and credit card issuers in the credit card market as well as the overall health of the market.  The Bureau is seeking responses to the specific questions listed below but welcomes commenters to provide any additional information they believe is relevant.

Terms of credit card agreements and the practices of credit card issuers:

  • How have the substantive terms and conditions of credit card agreements or the length and complexity of such agreements changed over the past two years?
  • How have issuers changed their pricing, marketing, underwriting, or other practices?
  • How are the terms of, and practices related to, major supplementary credit card features (such as credit card rewards, deferred interest promotions, balanced transfers, and cash advances) evolving? What are the terms of, practices related to, and prevalence of emerging supplementary credit card features (such as credit card installment plans)?
  • How have issuers’ marketing practices changed since the CFPB reported on the credit card market in 2021? Has this impacted consumers’ ability to comparison shop? If so, in what ways?
  • What practices of credit card issuers may uniquely affect special populations (such as servicemembers and their dependents, low and moderate-income consumers, old Americans, and students)? What are the effects of protections specific to special populations (for example, the Servicemembers Civil Relief Act or the Military Lending Act)? How are these changing and what, if any, trends are evolving?
  • How have practices related to collecting on delinquent and charged-off credit card debt changed over the past two years?
  • Has the use of electronic communication (e.g., email or SMS) by creditors and debt collectors in connection with credit card debt grown or otherwise evolved? If so, in what ways?
  • How are the terms of, and practices related to, partnerships between credit card issuers and merchant partners (such as hospitality, airline, healthcare, and/or retail companies) evolving?

The effectiveness of disclosure of terms, fees, and other expenses of credit card plans 

  • How effective are current disclosures of rates, fees, and other cost terms of credit card accounts in conveying to consumers the costs of credit card plans?
  • What further improvements in disclosure, if any, would benefit consumers and what costs would card issuers or others incur in providing such disclosures?
  • How well are current credit card disclosure rules and practices adapted to the digital environment? What adaptations to credit card disclosure regimes in the digital environment would better serve consumers or reduce industry compliance burden?

The adequacy of protections against unfair, deceptive, or abusive acts and practices relating to credit cards plans 

  • What unfair, deceptive, or abusive acts and practices exist in the credit card market? How prevalent are those acts and practices and what effect do they have? With regard to any unfair, deceptive, or abusive acts and practices that exist in the credit card market, how might any such conduct be prevented and at what cost?

The cost and availability of consumer credit cards

  • How have the cost and availability of consumer credit cards (including with respect to non-prime borrowers) changed since the CFPB reported on the credit card market in 2021?
  • What is responsible for changes (or absence of changes) in cost and availability? Has the impact of the CARD Act on cost and availability changed over the past two years?
  • How, if at all, are the characteristics of consumers with lower credit scores changing? How are groups of consumers in different score tiers faring in the market? How do other factors relating to consumer demographics or financial lives affect consumers’ ability to successfully obtain and use credit cards?

The safety and soundness of credit card issuers

  • What, if any, safety and soundness risks related to the credit cycle are present or growing in this market, and which entities are disproportionately affected by these risks? Has the impact of the CARD Act on safety and soundness changed over the past two years?
  • How have current dynamics related to funding sources (such as asset-backed securities or deposits) for credit card receivables affected issuers’ profitability and lending operations?
  • What changes, if any, in capital markets for credit cards have there been since the last biennial report? How do capital requirements for different types of institutions affect competition in the credit card market or consumer’s access to and cost of credit? How might these trends positively or negatively impact consumers?

The use of risk-based pricing for consumer credit cards

  • How has the use of risk-based pricing for consumer credit cards changed since the CFPB reported on the credit card market in 2021? What has driven those changes or lack of changes? Has the impact of the CARD Act on risk-based pricing changed over the past two years?
  • How have CARD Act provisions relating to risk-based pricing impacted (positively or negatively) the evolution of practices in this market?

Consumer credit card product innovation and competition

  • How has credit card product innovation changed since the CFPB reported on the credit market in 2021? What has driven those changes or lack of changes? Has the impact of the CARD Act on product innovation changed over the past two years?
  • How is the competition in the credit card market changing? How has the CARD Act (positively or negatively) impacted competition between credit card issuers? How, if at all, do these changes and impacts relate to the cost or availability of consumer credit cards?
  • What barriers to entry, if any, exist in the consumer credit market? What obstacles may smaller financial institutions face when launching a credit card product? How are these impediments changing and what, if any, trends are evolving? To what extent are financial institutions adopting “credit card-as-a-service” offerings? How might these changes affect competition, promote innovation, or introduce risk, if at all?
  • How have broader innovations in finance, such as (but not limited to) new products and entrants offering unique features (like rewards redemption for cryptocurrency, environmental causes, and other categories beyond cash-back or points), evolving digital tools, greater availability of and new applications for consumer data, and new technological tools (like machine learning), impacted the consumer credit card market, either directly or indirectly? In what ways do CARD Act provisions encourage or discourage innovation? In what ways do innovations increase or decrease the impact of certain CARD Act provisions, or change the nature of those impacts?
  • How do innovations by firms offering other consumer financial products and services (such as buy-now-pay-later credit, mobile payments, or non-card point-of-sale loans) compete with credit cards, and to what extent do consumers view them as effective alternatives to or substitutes for credit cards?
NCUA Proposed Rulemaking Summary 2022-0185
NCUA Rules 701 AND 714: Financial Innovation: Loan Participations, Eligible Obligations, and Notes of Liquidating Credit Unions

NASCUS Legislative and Regulatory Affairs Department
January 6, 2023

Background

The NCUA Board[1] approved for publication NPRM NCUA 2022-0185[2]. Published in the Federal Register on December 29, 2022[3], the proposal entitled Financial Innovation: Loan Participations, Eligible Obligations, and Notes of Liquidating Credit Unions seeks to amend 12 CFR Parts § 701 and § 714.  Comments on the NPRM are due February 28, 2023.

The proposed amendments apply to §§701.21, 701.22, 701.23, and 714.9 related to loans and lines of credit to members; the purchase of loan participations and the purchase, sale, and pledge of eligible obligations (including notes from liquidating credit unions).

The proposed amendments are intended to add clarity to the NCUA’s regulations and provide additional flexibility to federally insured credit unions (FICUs) in the use of advanced technologies and other opportunities provided by the financial technology (Fintech) sector.

The proposed amendments attempt to conform NCUA’s rules regarding the aforementioned investment/loan related rules by amending definitions of indirect lending and indirect leasing arrangements to be consistent with concepts outlined in NCUA Legal Opinion 15-0813, Loan Participations in Indirect Loans – Originating Lender[4].

The majority of the proposed changes only apply to FCUs with the exception of amendments to specific sections of §701.22 (participations).  However, the proposed amendments could indirectly impact FISCUs in cases where state agencies use similarly defined state regulations related to the determination of a purchased investment being classified as a loan to member, a participation, or a purchased obligation of a member.  Of particular interest are the proposed amendments found in §701.21.

This summary will highlight the material implications of the changes that directly affect FISCUs and those with the potential to indirectly impact FISCUs through indirect, definitional and/or SSA adoption of NCUA like rules and regulations.

Summary

The following summarizes the material changes proposed to each applicable section as part of the NPRM.

701.21 (Loans to members and lines of credit to members)

Provisions of § 701.21 apply to FCUs with only the following provisions applying to FICUs:

  • Insider lending restrictions as outlined in (c)(8);
  • Non-preferential treatment requirements to FISCU officials or related parties outlined in (d)(5); and
  • Third-party servicing of indirect vehicle loan limitations found in (h).

The NCUA Board is proposing to amend the rule by adding a new paragraph §701.21(c)(9) clarifying the definition of indirect lending and indirect leasing arrangements.  None of these changes relate directly to state-chartered credit unions but may impact state language similarly adopted or bound by definitions in §701.21.  This new language is intended to replace language currently found in §701.23(b)(4)(iv), which would be removed.

Under the proposed §701.21(c)(9) indirect lending and leasing agreements would be defined as written agreements to purchase loans or leases from an originating entity where the purchaser (1) makes the final underwriting decision, and (2) the loan or lease agreement is assigned to the purchaser very soon after it is signed by the member and the originating entity.   It is presumed that loans assigned “very soon after” the agreement between the consumer and the third-party retailer indicate the retailer acts as a facilitator of the loan as opposed to the true initial lender.

The length of time that satisfies the “very soon after” depends on the nature of the loan, the practical realities of assigning certain kinds of loans in the current marketplace and in accordance with prevailing industry standards.[5]  The NPRM states that while “very soon after” is generally determined on a case-by-case basis as described above, the longer the period between the formation of the contract and its assignment, the more likely the program will be viewed as involving the purchase of an eligible obligation rather than the making of a loan.[6]

Presuming such indirect lending or leasing arrangement requirements are met would indicate such investments would be classified as loans to members, as authorized by §701.21, and not as the purchase of an eligible obligation of a member as authorized by §701.23.

701.22 (Loan Participations)

FISCUs must comply with all provisions of §701.22, except (b)(4) which requires a borrower to become a member of one of the participating credit unions before the purchasing federally insured credit unions purchases a participation interest in the loan.

The NCUA Board is proposing to amend the rule by adding clarification to the introductory paragraph and codify NCUA Legal Opinion 15-0813.  This language would clarify that a FICU engaged in an indirect lending relationship can meet the definition of an “eligible organization” under §701.22, provided the FICU meets certain conditions.

Specifically, a FICU would be considered the originating lender and meet the definition of an “eligible organization” if the FICU (1) makes the final underwriting decision regarding the loan, and (2) the loan is assigned to the purchaser very soon after the inception of the obligation to extend credit.  An “originating lender” is defined as a participant with which the borrower initially or originally contracts for a loan and who, thereafter or concurrently with the funding of the loan, sells participations to other lenders.  An originating lender specifically includes a participant that acquires a loan through an indirect lending arrangement as defined under §701.21(c)(9).

The NPRM states the change is intended by the NCUA Board to clarify that a FICU can meet the definition of “originating lender” in certain transactions where the FICU is engaging in indirect lending arrangements with Fintech companies and other third-party loan acquisition channels, such as Credit Union Service Organizations (CUSOs) or other loan-originating retailers.

701.23 (Purchase, sale, and pledge of eligible obligations)

The NCUA Board is proposing to amend the rule through certain clarifying and conforming amendments to the introductory paragraph of §701.23.  No part of §701.23 applies to FISCUs.

Proposed amendments include the deletion of §701.23(b)(4) which excludes certain loans acquired through indirect lending and leasing arrangements from the 5-percent limit on the aggregate of the unpaid balance of certain loans purchased under §701.23.  Excluded loans include student loans, real estate loans, and eligible obligations purchased in accordance with §701.23(b)(4)(b)(1)(iii), (iv), or (i) or purchased through indirect lending arrangements defined in §701.23(b)(4)(iv).  These limitations would be removed and instead, such investments may meet the definition of a loan to a member under the proposed language of §701.21(c)(9).  The 5-percent limitation to unimpaired capital and surplus of the FCU purchaser would still apply to purchases of eligible obligations from liquidating FCUs and FICUs under §701.23(b)(1)(ii) and (2)(ii)

This change, in conjunction with the other changes in §701.21, is intended to provide clarification on the long-standing interpretation[7] that credit instruments acquired by an FCU pursuant to an indirect lending arrangement are considered loans made by the FCU under §701.21, if the aforementioned conditions of underwriting and timeliness of assignment are met, rather than eligible obligations purchased under §701.23.

Amendments to §701.23 would also include removing the CAMELS ratings and well-capitalized requirement found under §701.23(b)(2) for FCU purchases of certain non-member loans from FICUs and add principle-oriented safety and soundness requirements to section §701.23(b)(i)-(vi) concerning the purchase of eligible obligations.  These new safety and soundness requirements are proposed to offset the removal of the CAMELS/ well-capitalized requirements and the 5-percent limit constraints.

The proposed safety and soundness requirement additions on the purchasing FCU related to eligible obligations or notes from a liquidating credit union include:

  • Establishing written, board-approved policies, risk assessments, and risk management process requirements commensurate with the size, scope, type, complexity, and level of risk posed by the planned purchase activities.
  • Conducting due diligence on the seller prior to purchase.
  • Initiating written loan purchase agreements with provisions established in §701.22.
  • Conducting a legal review and assessment of applicable loan purchase agreements or contracts to protect the FCU’s legal and business interests from undue risk

Additional safety and soundness requirements to §701.23(c) relate to the selling FCU and include:

  • Obtaining a legal review and assessment of all applicable loan sale agreements on contracts.
  • Identifying the specific loan(s) being sold either directly in the written loan sale agreement or through a document incorporated by reference in the loan sale agreement.

The NPRM proposes to amend §701.23(b)(5) to broaden the grandfather provision of that section to include purchased obligations where the investments were made in compliance with the current rule so long as updated risk assessments, established concentration limits, and risk monitoring appropriate for safety and soundness are still effective.

Finally, the addition of §701.23(b)(6) implies requirements that purchases of eligible obligations from liquidating credit unions must comply with the purchasing FCUs internal written purchase policies, which must:

  • Require that the purchasing FCU conduct due diligence on the seller of the loans and other counterparties to the transaction prior to purchase.
  • Establish risk assessment and management process requirements that are commensurate with the size, scope, type, complexity, and level of risk posed by the panned loan purchase activities.
  • Establish internal underwriting and ongoing monitoring standards commensurate with the size, scope, type, complexity, and level of risk posed by the activities.
  • Require that the written agreement include (1) the specific loans purchased, the location and custodian of the original loan documents, an explanation of the duties and responsibilities of the seller, servicer, and all parties with respect to all aspects of the loans being purchased, and the circumstances and conditions under which the parties to the agreement may replace the servicer when the seller retains the servicing rights.
  • Establish portfolio concentration limits by loan type and risk category in relation to net worth commensurate with the size, scope, and complexity of the credit unions loan purchases.
  • Address when a legal review of agreements or contracts will be performed to ensure that the legal and business interests of the credit union are protected.

714.9 (Indirect leasing arrangements subject to the purchase of eligible obligation limit set forth in § 701.23)

The NCUA Board is seeking amendments to the rule proposing certain clarifying and conforming amendments. No part of §714.9 applies to state-chartered credit unions.

Proposed amendments would eliminate §714.9 completely as the amendments to the NPRM proposed under §701.23 to remove (b)(4)(iv) would no longer apply the 5-percent limitation to any purchases of eligible obligations, therefore, the current §714.9 would be rendered unnecessary.  Further, the definition of indirect leasing arrangements, previously addressed here, is now defined in §701.21(c)(9).

[1] Board agenda available at https://ncua.gov/files/agenda-items/financial-innovation-proposed-rule-20221215.pdf

[2] Available at https://www.regulations.gov/document/NCUA_FRDOC_0001-0309

[3] Available at https://www.federalregister.gov/documents/2022/12/30/2022-27607/financial-innovation-loan-participations-eligible-obligations-and-notes-of-liquidating-credit-unions

[4]NCUA Legal Op. 15-0813 (Aug. 10, 2015) available at https://www.ncua.gov/regulation-supervision/legal-opinions/2015/loan-participations-indirect-loans-originating-lenders.

[5] The preamble to the 1998 proposal to amend the eligible obligations rule requested public comment on whether the NCUA should specify a certain number of days as constituting “very soon.” 63 FR 41976, 41977 (Aug. 6, 1998). After considering the comments, however, the NCUA Board determined not to specifically define it because it wanted to provide FCUs with flexibility under various circumstances. The NCUA Board also clarified that assignment of the loan means acceptance of the loan and not necessarily the physical receipt of the loan documentation, recognizing that acceptance and payment are often done electronically. However, physical receipt of the loan documents by the FCU should occur within a reasonable time following acceptance of the loan. 63 FR 70997, 70998 (Dec. 23, 1998); see also NCUA Legal Op. 97-0546 (Aug. 6, 1997) (Concluding that an indirect lending arrangement where the retailer made a loan and assigned it to the purchasing credit union within one business day met the “very soon after” timing requirement.).

[6] 63 FR 41976, 41977 (Aug. 6, 1998).

[7] See, e.g., NCUA Legal Op. 97-0546 (Aug. 6, 1997), available at https://www.ncua.gov/regulation-supervision/legal-opinions/1997/indirect-lending.

NCUA Letter to Federal Credit Unions 22-FCU-03

NASCUS Legislative and Regulatory Affairs Department
December 10, 2022

On December 7, 2022, NCUA issued NCUA Letter 22-FCU-03[1] regarding the Expiration of Emergency Exemption from Certain In-Person Meeting Requirements.

The letter discusses the implications of three NCUA letters issued on March 2020, November 2020, and November 2021[2] providing federal credit unions (FCU) flexibility during the pandemic related to annual meetings. Specifically, the NCUA recognized the challenges intrinsic to the pandemic to physically conducting member meetings.  As a result of the letters, FCUs were allowed to conduct membership and board meetings completely virtually.  These emergency exemptions were set to expire on December 31, 2022.

Additionally, the NCUA allowed FCUs to approve, with a 2/3 board passage, bylaw language changes to article IV that would allow FCUs to invoke virtual-only meetings if a majority of the directors passed a resolution for each such meeting.  The letters provided specific wording for this bylaw amendment.

Summary

With this letter, NCUA is providing notice that the emergency conditions present to justify the flexibility enjoyed by FCUs to invoke virtual-only meetings is no longer present, and those emergency provisions will expire. FCUs that have adopted the bylaw amendment may retain it in their bylaws, but it will not be applicable after 2022 unless NCUA issues a new notification allowing it to be invoked.

NCUA also states that while “virtual-only” meetings will no longer be an option, FCUs will still have the option to best meet their needs[3] by conducting hybrid meetings that include an in-person AND virtual element.

While NCUA will permit a hybrid format, federal credit unions will still be required to meet the general quorum requirements, including counting participants in both the in-person and virtual aspects of the hybrid meeting.

NCUA believes that using a hybrid meeting format could preserve FCU resources and reduce the effort required to hold meetings without disenfranchising members for whom virtual attendance is difficult or impossible.

NCUA cautions its institutions to consider whether their current bylaws authorize hybrid meetings or whether bylaw changes would be necessary.

Finally, NCUA reminded FCUs of certain related bylaws provisions including:

  • Bylaws that permit FCU boards to conduct “virtual-only” meetings for all but one of their board meetings per calendar
  • If a quorum is obtained by “in person” attendees at the one required in-person meeting, the remaining board members could continue to attend virtually[4],
  • FCU bylaws permit flexibility for distributing member notices, including the option to provide such notices electronically if a member chooses to opt in[5].

[1] www.ncua.gov/regulation-supervision/letters-credit-unions-other-guidance/expiration-emergency-exemption-certain-person-meeting-requirements?utm_medium=email&utm_source=NCUAgovdelivery#ftn_2

[2]Letter to Federal Credit Unions, 20-FCU-02, “NCUA Actions Related to COVID-19 – Annual Meeting Flexibility;” Letter to Federal Credit Unions, 20-FCU-04, “Federal Credit Union Meeting Flexibility During the COVID-19 Pandemic;” Letter to Federal Credit Unions, 21-FCU-06, “Federal Credit Union Meeting Flexibility in 2022 Due to the COVID-19 Pandemic.”

[3]12 C.F.R. Part 701, Appendix A, Official NCUA Commentary, Article V.

[4]Id. Article VI, § 5.

[5]Id. Article IV, § 2.

Summary re: CFPB Consumer Financial Protection Circular 2022-07: Reasonable Investigation of Consumer Reporting Disputes

12 CFR Chapter X

The Consumer Financial Protection Bureau (CFPB) issued this circular to respond to two questions regarding the responsibilities of consumer reporting agencies.

The Bureau released this circular on its website on November 10, 2022, and the circular can be accessed here.

Summary

Congress enacted the Fair Credit Reporting Act (FCRA) to “prevent consumers from being unjustly damaged because of inaccurate or arbitrary information in a credit report. The Bureau notes that a central component of the protections against inaccurate information is the requirement to conduct a reasonable investigation of consumer disputes.  Since its enactment, the FCRA has required consumer reporting agencies to investigate consumer disputes.  Additionally, in 1996 Congress amended the FCRA to also impose “duties on the sources that provide credit information to CRAs (consumer reporting agencies) called “furnishers” in the statute.

In the circular, the Bureau responds to the questions:

  1. Are consumer reporting agencies and the entities that furnish information to them (furnishers) permitted under the Fair Credit Reporting Act (FCRA) to impose obstacles that deter the submission of disputes?
    • Consumer reporting agencies and furnishers are liable under the FCRA if they fail to investigate any dispute that meets the statutory and regulatory requirements, as described in more detail below. Enforcers may bring claims if consumer reporting agencies and furnishers limit consumers’ dispute rights by requiring any specific format or requiring any specific attachment, such as a copy of a police report or consumer report, beyond what that statute and regulations permit.
  2. Do consumer reporting agencies need to forward to furnishers consumer-provided documents attached to a dispute?
    • It depends. Enforcers may bring a claim if a consumer reporting agency fails to promptly provide to the furnisher “all relevant information” regarding the dispute that the consumer reporting agency receives from the consumer. While there is not an affirmative requirement to specifically provide original copies of documentation submitted by consumers, it would be difficult for a consumer reporting agency to prove they provided all relevant information if they fail to forward even an electronic image of documents that constitute a primary source of evidence.

 

 

High Level Summary and Discussion Guide of Outline of Proposals and Alternatives Under Consideration for SBREFA: Required Rulemaking on Personal Financial Data Rights

Section 1033(a) of the Dodd Frank Act authorizes the Consumer Financial Protection Bureau (CFPB) to prescribe rules requiring a “covered person to make available to a consumer (upon request) information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions or to the account including costs, charges and usage data.

The Bureau is in the process of drafting regulations to implement Section 1033.  During the process, the Bureau is required to consult with representatives of small entities likely to be affected directly by the regulations the Bureau is considering proposing and to obtain feedback on the likely impacts the rules the Bureau is considering would have on small entities.

The summary document provides a high-level summary of regulatory provisions the CFPB is considering proposing.  The proposals address the following topics:

  • Coverage of data providers who would be subject to the proposals under consideration
    • The proposals would require a defined subset of Dodd Frank Act covered persons to be considered “data providers” such as those defined as financial institutions and card issuers.
  • Recipients of information, including consumers and authorized third parties
    • The proposals would make available information (upon request) directly to consumers and to authorized third parties.
    • The proposals would require a third party requesting information to (i) provide an authorization disclosure to inform the consumer of the terms of access; obtain the consumer’s informed, express consent and certify to the consumer that it will abide by certain obligations regarding collection, use and retention of the consumer’s information.
  • The types of information that would need to be made available
    • The proposals set forth six categories of information the Bureau is considering requiring covered data providers to make available: periodic statement information; information regarding prior transactions and deposits that have not yet settled; information about prior transactions not typically shown on periodic statements or online financial account management portals; online banking transactions that the consumer has set up but that have not yet occurred; account identity information and other information, including consumer reports obtained/used by the covered product/service to a consumer, etc.
    • The proposals also provide for four exceptions to the Section 1033(a) requirement to make information available.
  • How and when information would need to be made available, including when information made available to consumers directly and to third parties authorized to access information on their behalf
    • The proposals would require a covered data provider would be required to make information available if it has enough information from the consumer to reasonably authenticate the consumer’s identity and reasonably identify the information requested.
    • The proposals would require that covered data providers be required to make available all the information that would be covered by the proposals under consideration through online financial account management portals and to allow consumers to export the information in both human and machine readable formats.
  • Third party obligations
    • The proposals would require authorized third parties to limit their collection, use and retention of consumer information to what is reasonably necessary to provide the product/service the consumer has requested.
    • The proposals would also require authorized third parties provide consumers with a simple way to revoke authorization at any point, consistent with the consumer’s mode of authorization.
  • Record retention obligations
    • The proposals would provide for record retention requirements for covered data providers and authorized third parties to demonstrate compliance with certain requirements of the rule.
  • Implementation period
    • The Bureau seeks to ensure that consumers have the benefit of a final rule within a short timeframe, while also ensuring that covered data providers and authorized third parties have sufficient time to implement the rule.

The summary also includes questions drawn from the Outline to solicit feedback from small entity representatives on specific topics.  However, the CFPB is interested in input from SERs (small entity representatives) on all aspects of the proposals under consideration and any alternatives the CFPB should consider. The summary also includes an appendix that illustrates how the CFPB’s proposals under consideration would apply to a hypothetical transaction involving data access to an authorized third party.

The Bureau’s summary and discussion guide can be found here.  The larger, more comprehensive “Outline of Proposals and Alternatives under Consideration” can be found here and the CFPB is requesting non-SER stakeholder feedback by no later than January 25, 2023.  Stakeholders are welcome to provide written feedback on the CFPB’s proposals under consideration by emailing it to [email protected].

Final Rule Summary:
Appraisal Subcommittee; Appraiser Regulation; Temporary Waiver Requests 

NASCUS Legislative and Regulatory Affairs Department
November 21, 2022

The Appraisal Subcommittee (ASC) of the Federal Financial Institutions Examination Council (FFIEC) adopted a final rule amending temporary waiver proceedings, promulgated in 1992 pursuant to Title XI of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989, as amended (Title XI). On January 13, 2022, the ASC published a related proposed rule with a 60-day public comment period.

The final rule adopts the rules of practice and procedure substantially as proposed, with the following modifications:

  • Definition of “Petition” to include State financial institutions’ regulatory agencies as potential petitioners; and
  • Clarification that either a mandatory or discretionary waiver termination requires publication in the Federal Register and that a discretionary waiver termination requires such publication with a 30-day comment period.

Summary

Section §1101.1 of the final rule clarifies the distinction between:

  • A request from a state appraiser regulatory agency (Request for Temporary Waiver in the proposed rule); and
  • Information received from other persons or entities (which could include a state appraiser regulatory agency) is referred to as “Petition” in the proposed rule.

Section §1102.2: Definitions

Petition

The proposed rule failed to include state financial institution regulators in the definition of “petition.” “Petition” in the final rule now includes State financial institution regulatory agencies as a potential petitioner.

Scarcity of Certified or Licensed Appraisers and Significant Delays in the Performance of Appraisals

The final rule retained the proposed definition of scarcity of certified or licensed appraisers and adopted the definition as the number of active certified or licensed appraisers within a State or a specified geographical, political subdivision is insufficient to meet the demand for appraisal services, and such appraisers are difficult to retain.

The final rule also adopted the definition of significant delays in the performance of appraisals which is defined as delays that are substantially out of the ordinary when compared to the performance of appraisals for similarly situated Federally Related Transactions (FRTs) based on factors such as geographic location (e.g., rural versus urban) and assignment type, and the delay is not the result of intervening circumstances outside the appraiser’s control or brought about by the appraiser’s client (e.g., inability to access the subject property).[1]

Section §1102.3: Request for Temporary Waiver

Section 1102.3(a) states that the State Appraisal Agency for the State where temporary waiver relief is sought may file a Request for Temporary Waiver.  Section 1102.3(b) sets out a complete list of requirements for a temporary waiver to be deemed received by the ASC. The list includes:

  1. A written determination by the State Appraisal Agency that there is a scarcity of certified or licensed appraisers leading to significant delays in the performance of appraisal for FRTs or a specified class of FRTs within either a portion of, or the entire State;
  2. The requirement(s) of State law from which relief is being sought;
  3. The nature of the scarcity of certified or licensed appraisers (including supporting documentation, statistical or otherwise verifiable);
  4. The extent of the delays anticipated or experienced in the performance of appraisals by certified or licensed appraisers (including supporting documentation, statistical or otherwise verifiable);
  5. How complaints concerning appraisals by persons who are not certified or licensed would be processed in the event a temporary waiver is granted; and
  6. Meaningful suggestions and recommendations for remedying the situation.

Amendments to paragraph (b) also modify the requirement for a State Appraisal Agency to provide “a specific plan for expeditiously alleviating the scarcity and service delays” to “meaningful suggestions and recommendations for remedying the situation”.  This change recognizes a situation creating scarcity and delay may be outside the control of the State Appraisal Agency.

Amendments to the final rule also include the phrase “supporting documentation, statistical or otherwise verifiable.” A Request for Temporary Waiver should include clear and specific data to support a claim that there is a scarcity of appraisers leading to significant delays in the performance of appraisals for FRTs, or a specified class of FRTs, for either a portion of or the entire State.

The final rule indicates some specific information related to the following could assist the ASC in reviewing a request for a temporary waiver:

  1. Geography – location(s) of the scarcity leading to significant delay.
  2. Transactions – types of FRTs impacted (i.e., property and transaction type(s) and transaction amount(s)).
  3. Time – length of time for waiver requested.

Section 1102.3(b) of the final rule also includes that a Request for Temporary Waiver address how complaints concerning appraisals by persons who are not certified or licensed would be processed in the event a temporary waiver is granted.

Section 1102.3(c) clarifies that a Request for Temporary Waiver will be deemed received for purposes of publication in the Federal Register for notice and comment if the ASC determines that the information submitted meets the requirements of 1102.3(b) detailed above.

Section 1102.3(d) indicates that in the event a request is deemed “not received”, it may be denied in its entirety or referred to the State Appraisal Agency for further action. In either case, the ASC is to provide written notice to the State Appraisal Agency providing an explanation for the determination.

Section §1102.4: Petition Requesting the ASC Initiate a Temporary Waiver Proceeding

For consistency with amendments to Section 1102.2(c) and the definition of “petition,” Section 1102.4(a) has been amended to include State financial institutions’ regulatory agencies as a potential petitioner.  The final rule also clarifies that a petition is a request for the ASC to exercise its discretionary authority to initiate a temporary waiver proceeding. A petition may be filed by the Federal or State financial institutions’ regulatory agencies, the regulated financial institutions, or other persons or institutions with a “demonstrable” interest in appraiser regulation, including a State Appraisal Agency.

Petitions should include:

  1. Information (statistical or otherwise verifiable) to support the existence of a scarcity of certified or licensed appraisers leading to significant delays in the performance of appraisals for FRTs or a specified class of FRTs for either a portion of, or the entire State; and
  2. The extent of the delays anticipated or experienced in the performance of appraisals by certified or licensed appraisers (including supporting documentation, statistical or otherwise verifiable).
  3. A petition may also include meaningful suggestions and recommendations for remedying the situation.

In the event a petition is submitted by a party other than a State Appraisal Agency, the party must promptly provide a copy of its petition to the State Appraisal Agency.  If further action is needed on a petition, the ASC may refer a petition back to the State Appraisal Agency, where the temporary waiver relief is sought for further evaluation, or the ASC may take further action without referring.

Section §1102.5: Order Initiating a Temporary Waiver Proceeding

Under the final rule, the ASC may exercise discretion in determining whether to issue an Order initiating a temporary waiver proceeding in response to a petition, or the ASC may exercise discretion to initiate a proceeding without the submission of a petition.

Section §1102.6: Notice and Comment

Under the final rule, the ASC will:

  • Publish promptly in the Federal Register a notice respecting:
  • A received request for a temporary waiver; or
  • An ASC Order initiating a temporary waiver proceeding

The notice of the request for temporary waiver or ASC Order shall have a 30-calendar day comment public comment period.

Section §1102.7 ASC Determination

The final rule requires the ASC, within 90 calendar days of the date of publication of the notice in the Federal Register, by Order, to grant or deny a waiver, in whole or in part, and upon specified terms and conditions, including provisions for waiver termination.

The Order shall be published in the Federal Register. In the case of an Order approving a waiver, it will only be published upon approval of the FFIEC.

Section §1102.8 Waiver Extension

Under the final rule, the ASC may initiate an extension of a temporary waiver. A State Appraisal Agency may also seek an extension by forwarding an additional written request to the ASC.

Section §1102.9 Waiver Termination

The final rule provides two types of waiver terminations.

  • Mandatory waiver termination: ASC shall terminate a temporary waiver order when the ASC determines that significant delays in the performance of appraisals by certified or licensed appraisers no longer exist.
  • Discretionary waiver termination: The ASC, at any time, may terminate a waiver Order on the finding that the terms and conditions of the waiver order are not being satisfied.

Waiver terminations are to be posted in the Federal Register. Discretionary waiver terminations require a 30-day comment period. If no further action is taken by the ASC, a discretionary waiver termination becomes final 21 calendar days after the close of the comment period.

Summary re: CFPB Consumer Financial Protection Circular 2022-06: Unanticipated Overdraft Fee Assessment Practices

12 CFR Chapter X

The Consumer Financial Protection Bureau (CFPB) has issued Consumer Financial Protection Circular 2022-06, titled “Unanticipated Overdraft Fee Assessment Practices” to respond to a question posed about whether the assessment of overdraft fees under certain instances would be considered an unfair act or practice under the Consumer Financial Protection Act (CFPA), even if the entity complies with the Truth in Lending Act (TILA) and Regulation Z and the Electronic Fund Transfer Act (EFTA) and Regulation E.

The circular became effective on October 26, 2022 and can be found here.

Summary:

The Consumer Financial Protection Act (CFPA) prohibits conduct that constitutes an unfair act or practice.  An act or practice is unfair when: (i) it causes or is likely to cause substantial injury to consumers that is not reasonably avoidable by consumers; and (ii) the injury is not outweighed by countervailing benefits to consumers or to competition.  Overdraft fee practices must comply with TILA, EFTA, Regulation Z, Regulation E and the prohibition against unfair, deceptive and abusive acts or practices in Section 1036 of the CFPA.

According to the circular, overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate are likely unfair. These unanticipated overdraft fees are likely to impose substantial injury on consumers that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition.  The circular highlights potentially unlawful patterns of financial institution practices regarding unanticipated overdraft fees and provides some examples of practices that might trigger liability under the CFPA.  The circular notes that the examples provided are illustrative and not exhaustive.

CISA Guidance Summary: Implementing Phishing-Resistant MFA — Implementing Number Matching in MFA Applications

NASCUS Legislative and Regulatory Affairs Department
November 10, 2022 

The Cybersecurity & Infrastructure Security Agency (CISA), a subordinate agency of the Department of Homeland Security (DHS) released guidance on October 31, 2022, strongly urging all organizations to implement phishing-resistant Multi-Factor Authentication (MFA) to protect against cyber threats. Additionally, CISA recommends using number matching to mitigate MFA fatigue in cases where an organization utilized push-notification-based MFA without a phishing-resistant MFA tool.

Background

CISA, a departmental agency acting as the national coordinator for critical infrastructure security and resilience, issued two fact sheets on October 31, 2022.  The first, Implementing Phishing-Resistant MFA[1], outlines the importance of MFA in authenticating access to systems.  MFA makes use of multiple factors to validate the individual accessing a system, including something you know, something you have, or something you are.  An example of different factors could include a password or pin (you know), biometric facial or fingerprint recognition (you are) and/or use of a digital certificate, specific hardware/software configuration, pin producing token (you have).

The guidance further outlines potential weaknesses utilized by threat actors to overcome such cyber defenses, including:

  • Phishing: A social engineering form in which threat actors utilize email or malicious websites to solicit information or gain access to a machine to gain access to the necessary information to access a protected network.
  • Push Bombing or Push Fatigue: Threat actors bombard a user with push notifications until they “accept” the notification and thereby grant access to the protected network.
  • The exploitation of SS & Protocol Vulnerabilities: Threat actors utilize vulnerabilities in communications systems to transfer control of the user’s phone number to a controlled SIM card.

To address these vulnerabilities, organizations are encouraged to utilize one of the following:

  • FIDO/WebAuthn Authentication: Utilizes physical tokens to authenticate to a device via USB or are hardware embedded into laptops or mobile devices as platform identity authenticators.
  • PKI-based MFA: Public Key Infrastructure utilizes smart cards or digital certificates to validate access to a system through a combination of public and private keys. Keys on the transporting hardware are accessed by a user using a password or pin and are physically connected to the device used to access the application.

The guidance understands such systems require significant infrastructure and provides a further discussion on other, less substantial, MFA tools to utilize to mitigate the potential attack avenues discussed above and how to focus on implementing a phishing-resistant MFA system.

One of the most efficient methodologies to mitigate phishing attacks on MFA discussed includes a process called number matching, the subject of the second fact sheet titled Implementing Number Matching in MFA applications[2].

This fact sheet discusses different types of MFA push prompts in which the authenticating platform provides an additional layer of protection against phishing by requiring entering a pin/password from the identity platform (i.e, your phone) into the application instead of just checking an acknowledgment on the identity platform to gain access.  In this scenario, a threat actor without the phone would not be able to access the application, and a user, fatigued by numerous access requests, cannot inadvertently allow access.

Both fact sheets provide reference material available to further research and implement appropriately hardened systems relating to MFA.

[1] Available at www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf.

[2] Available at www.cisa.gov/sites/default/files/publications/fact-sheet-implement-number-matching-in-mfa-applications-508c.pdf.

Summary re: CFPB Notice and Request for Comment Regarding the CFPB’s Inquiry Into Big Tech Payment Platforms

The Bureau ordered six large technology companies operating payments systems in the United States to provide information about certain of their business practices.  Accompanying the orders, the Director of the Bureau issued a statement and invited interested parties to submit comments to was published in the Federal Register on November 5, 2021.  The Bureau has decided to re-open the comment period for an additional 30 days to gather additional stakeholder comments.

Comments must be received by December 7, 2022, and the notice can be found here.

Summary:

On October 21, 2021, the CFPB ordered six large technology companies operating payments systems in the United States to provide information about certain of their business practices.   The orders were issued to Google, Apple, Facebook, Amazon, Square and Paypal.  The Bureau will also study the practices of the Chinese tech giants that offer payments services, such as WeChat Pay and Alipay.  The Bureau’s inquiry was intended to inform regulators and policymakers about the future of our payments system.  Stakeholders interested in commenting on the notice can find the original notice here.

The Bureau invites all interested parties to submit comments to inform the agency’s inquiry.  In addition, the Bureau is inviting comment on the following questions related to the Bureau’s inquiry:

  • What fees, fines or other penalties do large technology companies assess on users of their payment platforms, including for:
  • Purported violations of the technology companies’ acceptable use policies; or
  • Any other conduct?
  • Do the acceptable use policies for technology companies’ payment platforms include provisions that can restrict access to their platforms? If so, under what circumstances can the technology companies restrict access to their platforms?

Summary re: CFPB Bulletin 2022-06: Unfair Returned Deposited Item Fee Assessment Practices  

12 CFR Chapter X 

A returned deposited item is a check that a consumer deposits into their checking account that is returned to the consumer because the check could not be processed against the check originator’s account.  Blanket policies of charging Returned Deposited Item fees to consumers for all returned transactions irrespective of the circumstances or patterns of behavior on the account are likely unfair under the Consumer Financial Protection Act (CFPA).  The CFPB is issuing this bulletin to notify regulated entities how the Bureau intends to exercise its enforcement and supervisory authorities on this issue.   

The bulletin is effective as of November 7, 2022, and can be found here

Summary:  

The CFPA prohibits covered persons from engaging in unfair acts or practices.  Congress defined an unfair act or practice as one that (i) causes or is likely to cause substantial injury to consumers which is not reasonably avoidable and (ii) such as substantial injury is not outweighed by countervailing benefits to consumers or to competition. Blanket policies of charging “Returned Deposited Item” fees to consumers for all returned transactions irrespective of the circumstances of the transaction or patterns of behavior on the account are likely unfair.   

In addition, fees charged for Returned Deposited Items cause substantial injury to consumers.  In many instances in which fees are charged for these returned items, consumers would not be able to reasonably avoid the substantial monetary injury imposed by the fees.  An injury is not reasonably avoidable unless consumers are fully informed of the risk and have practical means to avoid it.  However, a consumer depositing a check would normally be unaware of and have little to no control over whether a check originator has funds in their account; will issue a stop payment instruction; or has closed the account.  Nor would a consumer normally be able to verify whether a check will clear with the check originator’s depository institution before depositing the check or be able to pass along the cost of the fee to check originator.   

The Bureau notes that it is unlikely that an institution will violate the prohibition if the method in which fees are imposed are tailored to only charge consumers who could reasonably avoid the injury.   

CFPB Summary re: Advisory Opinion on Fair Credit Reporting; Facially False Data
12 CFR Part 1022

The Consumer Financial Protection Bureau (CFPB) issued this advisory opinion to highlight that a consumer reporting agency that does not implement reasonable internal controls to prevent the inclusion of facially false data, including logically inconsistent information, in consumer reports it prepares is not using reasonable procedures to assure maximum possible accuracy under Section 607(b) of the Fair Credit Reporting Act (FCRA).

This advisory opinion became effective on October 26, 2022, and can be found here.

Summary:

The FCRA regulates consumer reporting.  The statute was designed to ensure that “consumer reporting agencies adopt reasonable procedures for meeting the needs of commerce for consumer credit, personnel, insurance, and other information in a manner which is fair and equitable to the consumer, with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information.”  The FCRA was enacted “to protect consumers from the transmission of inaccurate information about them and to establish credit reporting practices that utilize accurate, relevant, and current information in a confidential and responsible manner.”

The Bureau is issuing this advisory opinion to highlight that the legal requirement to follow reasonable procedures to assure maximum possible accuracy of the information concerning the individuals about whom the reports related includes, but is not limited to, procedures to screen for and eliminate logical inconsistencies to avoid including facially false data in consumer reports. The opinion provides a non-exhaustive list of examples of inconsistent account information/statuses and illogical information relating to consumers that could be considered problematic. Finally, the advisory opinion applies to all consumer reporting agencies as defined in FCRA Section 603(f).