Headlines

1. Supreme Court Upholds the Constitutionality of the CFPB’s Funding Structure
2. Federal Agencies Issue Guidance for Community Banks on Third-Party Risk Management
3. Regulators Request Public Input on Proposed Incentive-Based Compensation Rule
4. CFPB Determines Digital Buy Now, Pay Later Accounts Subject to Credit Card Rules
5. Other Developments: Mortgage Closing Costs and Massachusetts Disaster Relief

1. Supreme Court Upholds the Constitutionality of the CFPB’s Funding Structure

The Supreme Court has ruled that the statutory authorization that allows the CFPB to draw funds from the earnings of the Federal Reserve System does not violate the Appropriations Clause of the U.S. Constitution. The Court explained in its May 16 decision that the Appropriations Clause requires only that a law authorize expenditures “from a specified source of public money for designated purposes,” and that the law that provides for the CFPB’s funding structure satisfies these requirements. The Court’s decision resolved a challenge brought by trade associations that represent payday lenders and credit-access businesses to the CFPB’s authority to adopt its Payday Lending Rule. The Court’s decision also has implications for other cases challenging the CFPB’s final rule governing the collection of small business lending data required by Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act). Lower federal courts have previously granted injunctions delaying the implementation compliance dates for the small business lending rule until the Supreme Court decided whether the CFPB’s funding structure was constitutional. It is likely that those injunctions will be lifted, and the CFPB will need to revise the compliance dates for the small business lending rule. Click here for a copy of the Supreme Court’s decision.

Nutter Notes:  The CFPB issued its final rule amending Regulation B to implement Section 1071 of the Dodd-Frank Act on March 30, 2023. Under the final rule, covered financial institutions, including banks, would be required to collect and report data on applications for credit for small businesses, including those that are owned by women or minorities. A covered origination generally includes any extension of credit under Regulation B to a small business according to the final rule. Compliance by financial institutions that originated at least 2,500 covered originations in both 2022 and 2023 was to begin on October 1, 2024. Institutions with volumes of at least 500 but less than 2,500 covered originations would have had until April 1, 2025, to begin complying with the rule. Those with volumes of at least 100 but less than 500 covered originations would have had until January 1, 2026. The CFPB has not yet announced whether it will adjust the compliance dates following the outcome of the Supreme Court’s decision.

2. Federal Agencies Issue Guidance for Community Banks on Third-Party Risk Management

Federal banking agencies published a new guide to aid community banks in managing risks presented by third-party relationships, including relationships with financial technology (fintech) companies. The new guide released on May 3 is meant to supplement the Interagency Guidance on Third-Party Relationships: Risk Management (TPRM Guidance), issued in June 2023, to assist community banks when developing and implementing their third-party risk-management practices. The new community bank guide offers considerations, resources, and examples through each stage of management of a third-party relationship in compliance with the principles set forth in the TPRM Guidance. The TPRM Guidance provides a framework of risk management principles for banking organizations to consider in developing risk management policies and procedures for third-party vendor relationships, including due diligence and vendor selection, contract negotiation, ongoing monitoring, and termination. The TPRM Guidance emphasizes that the use of a third-party vendor does not diminish the responsibilities of a banking organization’s board of directors to provide oversight of senior management or the responsibilities of senior management to oversee the activity in which the vendor is engaged to ensure compliance with safety and soundness considerations and all applicable laws and regulations. The new community bank guide lists resources in addition to the TPRM Guidance that can help support a bank’s development and implementation of its third-party risk-management practices. Click here for a copy of the new community bank guide.

Nutter Notes:  The agencies explained that the new community bank guide “is not a checklist and does not prescribe specific risk-management practices or establish any safe harbors for compliance with laws or regulations.” The new community bank guide is meant to be used in conjunction with the TPRM Guidance, which suggests that examiners expect banking organizations to “engage in more comprehensive and rigorous oversight and management of third-party relationships that support higher-risk activities, including critical activities.” According to the TPRM Guidance, each banking organization must identify its critical activities, as an activity that is critical for one banking organization may not be critical for another. Examples of characteristics indicative of critical activities include those that could cause a banking organization to face significant risk if the vendor fails to meet expectations, have a significant impact on customers, or have “a significant impact on a banking organization’s financial condition or operations.” The TPRM Guidance provides insights into supervisory expectations for a banking organization’s third-party vendor risk management functions. For example, the TPRM Guidance explains that the federal banking agencies may use their examination authority to evaluate the functions or operations performed by a vendor on behalf of a banking organization, including evaluation of the vendor’s ability to perform its contractual obligations, and the vendor’s ability to comply with applicable laws and regulations.

3. Regulators Request Public Input on Proposed Incentive-Based Compensation Rule

The federal banking agencies along with the NCUA and the FHFA have released a proposed rule that would implement the incentive-based compensation restrictions for financial institutions under Section 956 of the Dodd-Frank Act. The proposal published on May 6 resurrects a previous attempt to implement Section 956 dating back to June 2016. The proposed rule would establish new requirements for incentive-based compensation at certain covered financial institutions, including banks that offer incentive-based compensation and have average total consolidated assets of at least $1 billion. The proposed rule would not apply to institutions with less than $1 billion in total consolidated assets. The proposed rule would prohibit all covered institutions from establishing or maintaining incentive-based compensation arrangements that could lead to material financial loss to the covered financial institution or that encourage “inappropriate risks” by providing an executive officer, employee, director, or principal shareholder of a covered institution with excessive compensation, fees, or benefits. The proposed rule identifies three categories of covered institutions based on average total consolidated assets: Level 1, greater than or equal to $250 billion; Level 2, greater than or equal to $50 billion and less than $250 billion; and Level 3, greater than or equal to $1 billion and less than $50 billion. The proposed rule contains progressively more rigorous standards for Level 2 and Level 1 institutions. The proposed rule would not apply to any incentive-based compensation plan with a performance period that begins before that compliance date. Comments on the proposed rule will be due 60 days after it is published in the Federal Register, which is expected shortly.  Click here for a copy of the proposed rule.

Nutter Notes: The proposed rule provides that an incentive-based compensation arrangement will be considered to encourage inappropriate risks that could lead to material financial loss to the covered institution unless the arrangement satisfies the following criteria: it appropriately balances risk and reward, it is compatible with effective risk management and controls, and it is supported by effective governance. The proposed rule specifically provides that an incentive-based compensation arrangement would not be considered to appropriately balance risk and reward unless it includes financial and non-financial measures of performance, is designed to allow non-financial measures of performance to override financial measures of performance, when appropriate, and is subject to adjustment to reflect actual losses, inappropriate risks taken, compliance deficiencies, or other measures or aspects of financial and non-financial performance. The proposed rule also contains requirements for the board of directors of a covered institution. Under the proposed rule, the board of directors of each covered institution (or a board committee) would be required to exercise oversight of the covered institution’s incentive-based compensation program and approve incentive-based compensation arrangements for senior executive officers, including amounts of awards and, at the time of vesting, payouts under such arrangements. The proposed rule would also require the board of directors to approve material exceptions or adjustments to incentive-based compensation policies or arrangements for senior executive officers.

4. CFPB Determines Digital Buy Now, Pay Later Accounts Subject to Credit Card Rules

The CFPB has issued an interpretive rule to clarify that lenders, including banks, that issue digital user accounts to access credit, including lenders that market loans as “Buy Now, Pay Later” (BNPL), are considered “card issuers” and such digital user accounts are considered “credit cards” for purposes of the Truth in Lending Act (TILA) and its implementing rule, Regulation Z. The interpretive rule released on May 22 also explains that such lenders that extend BNPL credit are subject to subpart B of Regulation Z, including the provisions of the rule governing periodic statements and billing disputes. According to the CFPB, BNPL lenders typically enable the payment part of the credit process by issuing a single-use virtual card to the consumer, normally through an issuer processor and a bank partner. Where a BNPL provider partners with another party to extend credit, including a bank, both may be “card issuers” under Regulation Z, depending on the facts and circumstances. Banks that partner with fintech companies to issue digital user accounts to access BNPL credit should perform due diligence on ongoing monitoring of such third parties to ensure compliance with Regulation Z consistent with the TPRM Guidance. Click here for a copy of the CFPB’s interpretive rule.

Nutter Notes:  The CFPB’s interpretive rule explains that the definition of “credit card” in TILA and Regulation Z is not limited to a physical plastic or metal embossed card. TILA defines “credit card” as “any card, plate, coupon book or other credit device existing for the purpose of obtaining money, property, labor, or services on credit.” According the interpretive rule, the CFPB interprets the term “other credit device” to include “a BNPL digital user account that a consumer can use through websites, mobile apps, browser extensions, or integrations with merchant websites or mobile apps to access BNPL credit, to the extent the user account is used to draw, transfer, or authorize the draw or transfer of credit in the course of authorizing, settling, or otherwise completing transactions to obtain goods or services.” Under this interpretation, BNPL lenders that issue credit cards are “creditors” for purposes of subpart B of Regulation Z and must comply with its requirements, including the provisions related to disclosures, periodic statements, and billing dispute resolution.

5. Other Developments: Mortgage Closing Costs and Massachusetts Disaster Relief

• CFPB Gathering Information About Junk Fees for Home Mortgage Loans

The CFPB announced on May 30 that it has launched a public inquiry into so-called “junk fees” that it believes are increasing home mortgage loan closing costs. The CFPB’s findings may signal future rulemaking under TILA, the Fair Credit Reporting Act, and the Real Estate Settlement Procedures Act to rein in home mortgage loan closing costs. Responses to the CFPB’s request for information from the public are due by August 2, 2024. Click here for a copy of the request for information from the public.

Nutter Notes:  According to the CFPB, median total loan costs for home mortgage loans increased by over 36% from 2021 to 2023. The CFPB stated that it wishes “to understand why closing costs are increasing, who is benefiting, and how costs for borrowers and lenders could be lowered.”

• FDIC Issues Guidance to Massachusetts Banks to Facilitate Recovery from Severe Storms and Flooding

The FDIC announced on May 20 a series of steps intended to provide regulatory relief to banks and facilitate recovery in areas of Massachusetts affected by severe storms and flooding. The FDIC encouraged banks to “work constructively with borrowers experiencing difficulties beyond their control because of damage caused by severe storms and flooding.” Click here for a copy of the FDIC’s guidance.

Nutter Notes:  According to the FDIC’s guidance, banks are encouraged to consider extending repayment terms, restructuring existing loans, or easing terms for new loans in a manner consistent with sound banking practices for affected borrowers. The guidance also explained that banks may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.