The banking regulators have not yet gone out on vacation, as demonstrated by this grab-bag of announcements, speeches, rules and guidance:
Acting Comptroller of the Office of the Comptroller of the Currency (OCC), Michael Hsu, gave a speech on July 10th addressing how banks should help customers to avoid fraud, which highlighted a report the OCC put out in June on How Banks Can Measure and Support Customer Financial Health Outcomes. In particular, his speech focuses on the “security” aspect of consumer financial health identified in the report, saying, “Financial institutions can support their customers by providing timely information about trending scams and ways to avoid them. For example, . . . [institutions can] enable frictions such as verifications to help consumers pause before making a payment to an unknown party.” The report on which the speech was based identifies three aspects of consumer financial health – security, stability and resilience, and goes further to suggest to banks “vital signs” that help them understand when a consumer’s financial health may be in peril, see this chart:
The report ends with concrete suggestions regarding steps that banks can take to help consumers improve their financial health any time their vital signs waver, including such things as offering low or no-transaction fee accounts to customers demonstrating cash flow concerns, offering prizes for meeting savings goals for customers with a low liquidity buffer, and offering tools to help customers with lower credit scores to more successfully manage their credit scores.
Now that the Consumer Financial Protection Bureau (CFPB) has been freed from questions regarding its constitutionality yet again, following the Supreme Court’s decision in Community Financial Services Association of America v. CFPB on May 16th, judicial stays against various rules have been released and the CFPB has begun to move forward with those rules. In particular, the CFPB issued an interim rule extending compliance deadlines for the Small Business Lending Rule implementing Section 1071 of the Consumer Financial Protection Act (CFPA) on June 25th. As the press release accompanying the interim rule states, this means that “[l]enders with the highest volume of small business loans must begin collecting data by July 18, 2025; moderate volume lenders by January 16, 2026; and the smallest volume lenders by October 18, 2026. The deadline for reporting small business lending data to the CFPB remains June 1 following the calendar year for which data are collected. Thus, high volume lenders will first submit data by June 1, 2026, while moderate and low volume lenders will first submit data by June 1, 2027. Under the interim final rule, lenders may continue using their small business originations from 2022 and 2023 to determine their initial compliance date, or instead use their originations from 2023 and 2024.” In other words, the CFPB’s consistent tone deafness regarding the fact that larger institutions are much more likely to struggle with changes in how and when information is collected and reported than smaller institutions continues.
The CFPB issued its quarterly Supervisory Highlights, which is most useful for financial institutions to understand areas that the CFPB is particularly interested in examining. Among those areas are continued focus upon proper debt collection practices – specifically sending validations of debt to consumers timely and paying attention to requests to stop debt collection communications. Also, the CFPB examined how medical professionals market financial products such as healthcare credit cards to their patients, noting “CFPB examiners will continue to assess financial services companies’ oversight of medical providers and will be monitoring marketing materials and incentives offered to enroll patients.” Finally, the CFPB noted that some big banks and credit unions have begun to waive fees for providing consumers with basic account information, including free balance inquiries at ATMs, which the CFPB says demonstrates compliance with Section 1034 of the CFPA.
The CFPB issued a proposed so-called “interpretive rule” that will replace a 2020 advisory opinion and explains how existing law applies to paycheck advance products. In particular, “The proposed interpretive rule makes clear that many paycheck advance products – whether provided through employer partnerships or marketed directly to borrowers – trigger obligations under the federal Truth in Lending Act. In addition, the press release the CFPB issued notes that the proposed interpretive rule makes clear that:
Many loan costs are finance charges: Fees for certain “tips” and expedited delivery meet the Truth in Lending Act’s standard for being finance charges. When the paycheck advance product is no-fee and truly free to the employee, many requirements would not apply.
Borrowers must receive key disclosures: Among other requirements, earned wage lenders must provide workers with appropriate disclosures about the finance charges. Clear disclosures help borrowers understand and compare loan options, sharpens price competition, and ultimately benefits companies that offer competitive products.”
On July 24th, the CFPB issued a circular to law enforcement agencies and regulators that explains the CFPB’s position regarding when broad non-disclosure agreements that companies typically have employees sign could be breaking the law by preventing whistleblowing. The circular posits that broad confidentiality agreements violate Section 1057 of the CFPA, which they interpret to mean “provides anti-retaliation protections for covered employees and their representatives who provide information to the CFPB or any other federal, state, or local law enforcement agency regarding potential violations of laws and rules that are subject to the CFPB’s jurisdiction.” The CFPB points to similar concerns of and actions taken by the Securities & Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) on this issue and suggests, “An employer can significantly reduce the risk of . . . violating Section 1057—by ensuring that its agreements expressly permit employees to communicate freely with government enforcement agencies and to cooperate in government investigations.”
In keeping with the proposed rule updating anti-money laundering (AML) rules published by the Financial Crimes Enforcement Network (FinCEN) of the Department of the Treasury (Treasury), as we reported on in our last issue, four banking regulators including the OCC, the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve, and the National Credit Union Association (NCUA) and in conjunction with FinCEN issued an Interagency Statement Regarding the Issuance of the AML/CFT Program Notices of Proposed Rulemaking on July 18th. The statement is intended to “to highlight how the proposed amendments are intended to complement and build upon current and anticipated AML Act implementation efforts, such as how the proposed amendments would codify into regulation existing risk-based practices and continue to foster the risk-based nature of AML/CFT programs.” The statement is not intended to indicate a new supervisory direction or to unduly impact the final rule, and these agencies, and the banking regulators all recognize that many banks already have AML programs that include the features identified in FinCEN’s proposed rule. Nevertheless, by issuing the statement, the regulators are “communicating their commitment to the AML Act’s purposes of modernizing the AML/CFT regime, encouraging innovation to more effectively counter money laundering and the financing of terrorism, improving law enforcement and national security objectives, and further safeguarding the financial system from illicit activity.”
On July 17th, Acting Comptroller of the Currency, Michael Hsu addressed the Exchequer Club regarding trends reshaping banking in a speech entitled, “Size, Complexity and Polarization in Banking”. On the first issue – regarding large banks – Hsu states that due to how the banking industry has changed in the last months, “by 2030, large banks as a group are likely to have $20 to $23 trillion in assets, which is roughly the size of the entire U.S. banking system today. This is not a normative view. No matter how one feels about large banks, simple, dispassionate math provides a sense of scale regarding where we’re headed.” To address the challenges large banks present to the economy and the industry, Hsu emphasizes the importance of Basel III, observes that “too big to fail” (TBTF) needs to end and that “too big to manage” (TBTM) needs to effectively curtail how large a bank can get. In particular, Hsu views proportionality, consistency and due process are key in managing the TBTM concerns. On the second issue, regarding the blurring of lines between banks and commerce, Hsu observes that while we have gotten used to having banks and non-banks work together to issue credit, we are now seeing that happen more in the payments space, “customers and merchants are increasingly using fintechs for payments, lending, and deposit services. These fintechs, in turn, partner with banks—sometimes indirectly through intermediaries or other ‘middleware’ firms—to execute on the services offered. Banks, in turn, rely on a host of nonbank service providers such as core processors to support a range of operations and functions. To top it off, banks and nonbanks, like corporations and governments, are increasingly reliant on a handful of large cloud service providers to support their digitalization initiatives.” Pointing to the Bank Services Company Act and interagency guidance on third-party relationships, Hsu comments that these changes in the payment systems mean that “more granular approaches” are necessary and he advocates for tailored federal payments regulation and supervision that will set a higher baseline than state money transmission licenses presently set for fintechs in the payments space. Finally, on the third issue of polarization, Hsu observes that “banks are being asked by states to pick a side in service of performative politics rather than deliberative policy” and he associates this shift with instability and fragmentation in financial services that hampered the United States in its early days before there was a federal banking system in place. The salvation for this issue Hsu finds in rigorous defense of preemption standards by the OCC. To this end he states, “the OCC faces two critical tasks. We must fortify and vigorously defend core preemption, and we must embrace and develop more nuanced analysis when applying Barnett. Fortifying core preemption powers will provide certainty where it matters the most—i.e., with regards to safety and soundness and compliance with federal laws and regulations. Preemption in those areas is legally absolute and non-negotiable, and the OCC will act accordingly to defend that. At the same time, we are reviewing the agency’s 2020 interpretation of preemption under the Dodd-Frank Act to determine whether updates are needed in light of the recent Cantero decision. We need to develop a more nuanced and balanced approach to Barnett. Updating that interpretation could be a helpful step toward that.” (See our discussion of this exact issue in our previous coverage on Cantero.)