Headlines
- CFPB Issues New Guidance on Abusive Financial Practices
- Federal Judge Delays Implementation of New Community Reinvestment Act Rules
- Massachusetts AG Issues Guidance on How Consumer Protection Laws Apply to AI
- FinCEN Requests Public Comments on Customer Identification Program Requirements
- Other Developments: Climate Disclosure Rule and Bank Mergers
1. CFPB Issues New Guidance on Abusive Financial Practices
The CFPB has issued a policy statement that provides an analytical framework for identifying what constitutes an abusive act or practice under the Consumer Financial Protection Act of 2010 (CFPA). The new guidance published on April 3 also offers some examples that illustrate how the CFPB applies the CFPA’s standards for abusiveness. The guidance explains that there are two separate prohibitions against abusiveness in consumer financial products and services under the CFPA. The first prohibits an act or practice that “[m]aterially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service.” The second prohibits an act or practice that “[t]akes unreasonable advantage of: a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service; the inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or, the reasonable reliance by the consumer on a covered person to act in the interests of the consumer.” The guidance notes that a violation of the CFPA on the basis of abusiveness does not require evidence that a consumer has suffered substantial injury. Any act or practice that falls into either of the categories described above will be considered abusive under the CFPA. Click here for a copy of the policy statement.
Nutter Notes: The CFPB’s policy statement clarifies that, under the CFPA’s first prohibition against abusive acts or practices, evidence of “material interference” can be shown by the intention behind an act or omission if the intention is to impede a consumer’s ability to understand terms or conditions. If the natural consequence of an act or omission is to impede a consumer’s ability to understand terms or conditions, or it actually impedes understanding, then that is also evidence of material interference according to the policy statement. Examples of such acts or practices include “buried disclosures, physical or digital interference, overshadowing, and various other means of manipulating consumers’ understanding.” According to the policy statement, the CFPA’s second prohibition against abusive acts can be summarized as leveraging certain circumstances to take an unreasonable advantage, even if the circumstances were not created by the bank or other financial services provider. Banks that violate the CFPA’s prohibitions against abusive acts or practices may become subject to regulatory enforcement action from their examiners, whether or not the bank is subject to direct supervision by the CFPB.
2. Federal Judge Delays Implementation of New Community Reinvestment Act Rules
A federal judge in Texas has granted a preliminary injunction against the implementation of the Community Reinvestment Act (CRA) final rule issued by the federal banking agencies in October 2023. The preliminary injunction issued on March 29 comes in a lawsuit brought by the American Bankers Association, the Independent Community Bankers of America, the U.S. Chamber of Commerce, and other trade associations alleging that the amendments to the rules implementing the CRA exceeded the federal banking agencies’ statutory authority. For example, the plaintiffs’ lawsuit alleges that the final rule reflects an interpretation of the ways in which a bank’s community may be defined for CRA purposes that is too expansive than what the CRA allows. The lawsuit also argues that the CRA does not permit the federal banking agencies to assess deposit products for purposes of CRA compliance. The preliminary injunction extends the effective and implementation dates of the final rule one date for each day the injunction remains in place. Click here for a copy of the preliminary injunction.
Nutter Notes: Among other changes to the CRA regulations announced in October 2023, the federal banking agencies’ final rule, if it becomes effective, would tailor performance standards to bank size, business model, and local conditions, according to the agencies. The final rule also would update asset size thresholds for small, intermediate, and large banks. Depending on a bank’s asset size or limited purpose bank designation, it would be evaluated under one or a combination of the following seven performance tests: the Retail Lending Test; the Retail Services and Products Test; the Community Development Financing Test; the Community Development Services Test; the Intermediate Bank Community Development Test; the Small Bank Lending Test; and the Community Development Financing Test for Limited Purpose Banks. The federal banking agencies cannot enforce the final rule until the preliminary injunction is lifted.
3. Massachusetts AG Issues Guidance on How Consumer Protection Laws Apply to AI
Massachusetts Attorney General Andrea Joy Campbell has released guidance to developers, suppliers, and users of artificial intelligence (AI), including banks and other financial services providers, about their obligations under state laws that protect consumers. The guidance published on April 16 aims to clarify that a business’s use of AI or other emerging technologies in connection with providing products and services to consumers does not alter the application of existing state consumer protection, anti-discrimination, and data security laws to that business or its technologies. For example, an AI technology may not discriminate against residents on the basis of a legally protected characteristic, whether resulting from algorithmic decision-making that relies on or uses discriminatory inputs and that produces discriminatory results according to the guidance. The guidance also clarifies that the Massachusetts Attorney General’s office expects AI developers, suppliers, and users to take “appropriate steps to safeguard personal data utilized by AI systems and comply with the state’s data breach notification requirements, both in accordance with applicable laws and regulations.” Click here for a copy of the guidance.
Nutter Notes: The Massachusetts Attorney General’s guidance follows recent CFPB guidance to lenders about the use of AI and other complex credit evaluation models to make underwriting decisions and about compliance with Regulation B, which implements the Equal Credit Opportunity Act (ECOA). The CFPB’s guidance issued in September 2023 noted that banks and other lenders are increasingly relying on AI and other predictive decision-making technologies in their underwriting models. Because lenders often can include data that may be harvested from third-party sources of consumer surveillance, these complex algorithms may result in credit decisions based on data that was not provided in a consumer’s application for credit or available in the lender’s credit file on that consumer. As a result, a consumer may be denied credit or otherwise be subject to an adverse change of credit conditions for reasons the consumer may not consider relevant to their finances.
4. FinCEN Requests Public Comments on Customer Identification Program Requirements
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) is seeking input on possible changes to existing requirements for banks under the Customer Identification Program (CIP) rule to collect taxpayer identification numbers from customers prior to opening an account. The request for public comments issued on March 28 will inform FinCEN’s future rulemaking as it evaluates the risks, benefits, and safeguards if banks were permitted to collect partial Social Security number (SSN) information from a customer and subsequently use reputable third-party sources to obtain the full SSN prior to account opening. The request for public comment was issued by FinCEN in consultation with the federal banking agencies. Public comments are due by May 28, 2024. Click here for a copy of the request for public comment.
Nutter Notes: The federal CIP rule generally requires banks to collect a full SSN from a customer who is an individual and a U.S. person. In its public comments request, FinCEN said that it recognizes that banks have more tools, sources, and methods available since the initial adoption of the CIP rule in 2003 to collect and verify customer identifying information, such as new identity sources on state mobile driver’s licenses. However, FinCEN indicated that it is cautious about permitting banks to collect partial SSNs due in part to consumer fraud and protection concerns.
5. Other Developments: Climate Disclosure Rule and Bank Mergers
- Congress Considers Resolution to Overturn the SEC’s Climate Disclosure Rule
Resolutions have been introduced in both the Senate and House of Representatives under the Congressional Review Act (CRA) that would overturn the SEC’s recently adopted climate disclosure rule. The resolution is reportedly backed by all Republican members of the Senate Banking Committee and Sen. Joe Manchin. The SEC has paused enforcement of the climate disclosure rule due to several pending legal challenges. Click here to access our client advisory for a more detailed discussion of the climate-related disclosure requirements and to access a copy of the final rule.
Nutter Notes: At least 24 states, including Louisiana, Ohio, Texas, and West Virginia, and major business groups like the U.S. Chamber of Commerce are challenging the SEC’s final rule in court, arguing that the SEC lacks clear authority to adopt the final rule and therefore the final rule violates the “major-questions doctrine” and asserting the final rule will only create more confusion and undermine investor confidence.
- OCC Extends Comment Period for Proposed Rulemaking and Policy Statement on Bank Mergers
The OCC announced on April 10 that it will extend until June 15, 2024, the comment period on its proposal to update its rules for business combinations to allow interested parties more time to provide comments. The OCC proposal also includes a proposed policy statement to clarify the OCC’s review of applications under the Bank Merger Act, available here.
Nutter Notes: The FDIC is currently considering a proposal to comprehensively overhaul its policy for evaluating bank merger transactions, available here. In 2022, the FDIC, OCC, and Federal Reserve each initiated reviews of various factors considered by the agencies when evaluating proposed bank merger transactions. Separately, the U.S. Department of Justice is currently considered whether to update its bank merger guidelines, which provide a framework for evaluating the competitive effects of bank mergers.