June 13, 2024
On May 30th, an unanimous Supreme Court ruled that the Second Circuit needed to take another shot at evaluating whether Bank of America, a national bank, can pre-empt a New York state law requiring the payment of interest on mortgage escrow balances. In the Cantero v. Bank of America opinion, written by Justice Kavanaugh, the Second Circuit was characterized as not having conducted the “kind of nuanced comparative analysis” necessary to determine whether a state law may be pre-empted by a national bank, and so the Second Circuit’s decision in favor of Bank of America was vacated and the case was remanded.
National banks are typically extraordinarily protective of their pre-emption rights – rights that were arguably first granted to them in 1863 pursuant to the National Banking Act, which provides, that national banks are authorized under Federal law to exercise “all such incidental powers as shall be necessary to carry on the business of banking.” As currently conceived, national bank pre-emption rights allow national banks to, among other things, charge interest rates that may exceed state usury laws and to not have to apply for permission to do business in a state. Nevertheless, national bank pre-emption rights have consistently been rich fodder for court cases over the last one hundred and sixty years.
The reason that all of the Supreme Court justices agreed to vacate and remand the Cantero case is because they reasoned that the Second Circuit did not apply the correct pre-emption analysis to the facts of the case. In other words, the Second Circuit relied on a series of cases stemming from the famous McCulloch v. Maryland Supreme Court decision, thereby attempting to “distill a categorical test” that would allow national banks to draw a bright line regarding when state laws are or are not pre-empted. Instead, the Supreme Court has instructed the Second Circuit to rely upon the Supreme Court’s decision in Barnett Bank of Marion County, N.A. v. Nelson (517 U.S. 25 1996), which pre-emption standard Congress enacted in the Dodd-Frank Act, at least with respect to when a state consumer protection law is preempted. 12 U.S.C. §25b. Specifically, Dodd-Frank explicitly referenced Barnett Bank and provided “that the National Bank Act preempts a state law ‘only if’ the state law (i) discriminates against national banks as compared to state banks; or (ii) ‘prevents or significantly interferes with the exercise by the national bank of its powers.”
Commenting that “[w]e appreciate the desire by both parties for a clearer preemption line one way or the other.” The opinion points out that by Congress expressly incorporating Barnett Bank into the U.S. Code, the Second Circuit must “make a practical assessment of the nature and degree of the interference caused by a state law.” While the opinion seems to slightly weigh in favor of finding that the New York state law in question may not be pre-empted, it cuts short of conducting the analysis and reaching that conclusion.
Thus, all eyes will turn to see what the Second Circuit decides to do in the case, and whether the Supreme Court will have to weigh-in once again, when that decision is rendered. In the meantime, what should national banks do? When Dodd-Frank first became law, many of us spent countless hours cataloging individual state consumer protection laws that would apply to a state bank and evaluating those laws to determine whether national bank pre-emption applied. In many cases, in this practitioner’s experience, even if there were arguments that the state consumer protection law could be pre-empted, national banks chose to go ahead and comply with the state law, just to avoid the possibility of lawsuits like Cantero. In the intervening fifteen years, it is perhaps inevitable that such thoroughness and precision has degraded. Therefore, even though Cantero may take some additional years to be resolved, the Supreme Court has parsed through the Barnett Bank standard sufficiently to help national banks and practitioners alike to take another swing through state consumer protection laws and decide anew whether such laws should be pre-empted.
As we discussed in the fall over a series of articles (Part 1, Part 2, Part 3, and Part 4) and reported on further in January, the Consumer Financial Protection Bureau (“CFPB”) is on a mission to allow consumers to more easily change financial services providers so that they may experience so-called “open banking”, allowing more “opportunities for smaller financial institutions and startups” to get into the consumer financial services market. The CFPB’s proposed Personal Financial Data Rights Rule (“PFDR Rule”) conceives to achieve this by requiring regulated banks and licensed financial institutions to allow largely unlicensed big data and tech companies to access and transfer almost all consumer account information from those licensed and regulated institutions with as little of their involvement and oversight as possible. This is all because the CFPB believes that “dominant firms” maintain their market position in part by holding customer information hostage, and that a rule requiring customer information to be accessed every second of every single day by unlicensed and unregulated entities will increase competition from the smaller financial institutions and (untested) startups, resulting in a better market for consumers.
On June 5th, the CFPB announced that it was publishing a portion of its proposed PFDR Rule as a final rule. In particular, the finalized portion of the PFDR Rule establishes definitions for so-called “standard-setting bodies” and details how such entities may receive recognition from the CFPB. The role “standard-setting bodies” play within the context of the PFDR Rule is to establish and dictate to the industry technical standards by which consumer account information may be accessed and transmitted (every second of every day) by the (unlicensed and unregulated) data companies from the “dominant firms” to the smaller financial institutions and (untested) startups. In the proposed PFDR rule, the CFPB commented that it was concerned that firms which presently have the consumer data would “inappropriately” designate standards reflecting singular interests. So, instead of allowing these dominant firms to indicate what data standards they may be able to establish without completely overhauling their entire systems, the CFPB, in the interest of ensuring “competitive data access,” “preliminarily determined” that standard-setting bodies they would approve would promote such data access by reflecting in their standards “a full range of relevant interests—consumers and firms, incumbents and challengers, and large and small actors.”
Accordingly, the first portion of the finalized PFDR Rule states that the first attribute of a successful standard-setting body will be “openness” such that parties that have limited familiarity with how information is stored, organized and made accessible within a financial institution will be allowed to be involved in setting standards that will dictate how financial institutions manage that information going forward, notwithstanding the immense costs and burdens to those financial institutions to re-organize their data, much less how such “maps” to how data should be stored, organized and made accessible will allow every cybercriminal in the world to easily identify and hack such data, most likely as the data is being accessed and transmitted (every second of every day) by the (unlicensed and unregulated) data companies. Second, the standard-setting bodies must “balance” decision-making on the standards “across all interested parties, including consumer and other public interest groups” with “meaningful representation for large and small commercial entities” and taking into consideration the “ownership of participants” in achieving said balance. Third, the standard-setting body must have a “due process and appeals” methodology that allows “sufficient time” for the resolution of conflicting views among participants. Fourth, the standard-setting body must proceed primarily by consensus, but, need not “necessarily” proceed through unanimity. Finally, standard-setting bodies must be transparent and make everything, including detailed specifications of how data is stored, accessed and transmitted fully available to not just participants, but also to the public.
We have mentioned several times how the CFPB’s proposed compliance timeline for the largest of financial institutions (i.e., six months from the publication of the full final PFDR Rule) is impossible, and so perhaps this awkward partial “final” rule is a nod towards those concerns. In other words, by encouraging standard-setting bodies to begin setting to work and getting approved by the CFPB, perhaps discussions of standards can take place and make a certain amount of progress, thereby ostensibly giving “dominant firms” more time to attempt to achieve timely compliance with the full final PFDR Rule, when it comes. Even still, requiring financial institutions to all fall in line with standardized ways of maintaining data has the appearance of being a venture akin to tilting at windmills, with astronomical costs to boot.
There's been a flurry of regulatory activity in the UK and Europe over the past few weeks. Here's a look at the highlights.
- The EU has renewed its determination that the solvency regime for US-headquartered insurers and reinsurers is equivalent to that of Solvency II. Commission Delegated Decision 2024/872 was published in the Official Journal of the European Union on 7 June and runs until 31 December 2035.
- In a Notice of First Decision dated 17 May 2004, the UK’s Financial Conduct Authority (“FCA”) is requiring ICE Benchmark Administration Limited (“IBA”) to continue publishing: (1) 1-month US Dollar LIBOR; (2) 3-month US Dollar LIBOR; and (3) 6-month US Dollar LIBOR on a synthetic basis. Having originally required IBA to continue publication on a changed synthetic methodology for an initial extension period of a year after 30 June 2023, the FCA is extending this period of compulsion until 30 September 2024. The reason given is to ensure the cessation of US Dollar LIBOR can be effected “in an orderly fashion.”
- The International Organization of Securities Commissions (“IOSCO”) has published its Final Report on “Leveraged Loans and CLOs Good Practices for Consideration.” While substantially the same as the consultation draft (see our note on this here), IOSCO has made certain refinements to its recommendations to reflect feedback, including removing its recommendation relating enhanced risk factor disclosures. As a reminder, IOSCO’s good practices are neither standards or recommendations per IOSCO’s taxonomy.
- The Council of the EU has announced that it has adopted CRD VI, which covers supervisory powers, sanctions, third-country branches and ESG risks (see our note on CRD VI and third-country branches here) and CRR III. The latter speaks to requirements for credit, CVA, operational and market risk as well as the ‘output floor’ set out in Basel 3.1 measures.