By Mercedes Kelley Tunstall

Partner | Financial Regulation

Checking in on what the Consumer Financial Protection Bureau (“CFPB”) has been up to for the last month, in case you missed it (and with some commentary):

1. On October 4, the Federal banking regulators, including the CFPB, announced updated thresholds for when Regulation Z (credit) and Regulation M (leasing) will apply to consumer credit transactions (other than mortgages and private student loans). Based upon a 3.4 annual increase in the consumer price index (“CPI-W”), these regulations cover transactions of $71,900 or less, starting in 2025, up from $69,500 in 2024. Meanwhile the 2025 threshold for special appraisal requirements for higher-priced mortgage loans applying was increased to $33,500 from $32,400.   
   
   
2. On October 1, CFPB Director Rohit Chopra participated in an event at the White House to discuss how the CFPB is addressing medical debt and its impact on consumers. In his prepared remarks, Director Chopra referenced a new advisory opinion under the auspices of the Fair Debt Collection Practices Act (“FDCPA”) and Regulation F regarding “Deceptive and Unfair Collection of Medical Debt” and consumer advisory detailing rights consumer have when being contacted by a medical debt collector (such as being able to obtain an itemized list of charges and to negotiate the amount owed). The CFPB also published a blog post addressing “Medical Debt and Non-Profit Hospital Billing Practices.”
   
   The guidance provided to the financial services industry in the advisory opinion was targeted to debt collectors and stated that “debt collectors are strictly liable under the FDCPA and Regulation F” should they engage in the following “unlawful practices when collecting medical bills”: 1) collecting an amount not owed because it was already paid; 2) collecting amounts not owed due to Federal or state law, such as the Nursing Home Reform Act that prohibits nursing homes from requiring to third parties to pay; 3) collecting amounts above what can be charged under Federal or state law; 4) collecting amounts for services not received; 5) misrepresenting the consumer’s legal obligations regarding the medical debt; and 6) collecting unsubstantiated medical bills. The advisory opinion also explained that medical debt collectors may not argue that medical debts are not “in default” and therefore the FDCPA and Regulation F does not apply. It advises, “in the context of medical debt, amounts owed are not typically paid on a regular, recurring schedule over time pursuant to the terms of a contract. To the contrary . . . medical debts are contractually generally due in full at a given time. Medical debt collectors therefore do not ‘service’ debts on an ongoing basis” like other debt collectors, and therefore the amounts being collected upon are in default.
   
   Strict liability for these debt collectors could have a meaningful impact on how medical debts are collected going forward, which would eventually impact medical providers. The CFPB chose to target the debt collectors because they are clearly “covered persons” per the Consumer Financial Protection Act (“CFPA”). For many reasons, the argument that medical costs themselves are financial services becomes murky and buried in a heap of competing public policy arguments, which means that the CFPB has a much harder time issuing guidance directly to those medical providers themselves.
   
   
3. In comments related to a report issued by the CFPB on Cash-Back Fees, issued on August 26, Director Chopra remarked that “physical cash is still a critical component of a resilient financial system and dynamic economy” and acknowledged that “in the event of a major cyberattack on our nation’s energy, telecommunications or banking infrastructure, we must be prepared for people and businesses to buy and sell goods and services in cash.” Recognition of how the dollar bill still represents freedom and crucial utility is sometimes hard to come by among Federal banking regulators these days, and so the CFPB’s focus on fees being charged for cash-back being given at the point of sale, especially at large retailers, is important. As part of the report, the CFPB identified that cash-back transactions may happen more frequently in rural areas that are “subject to persistent poverty,” meaning that the impact of cash-back fees may disproportionately fall on vulnerable populations. Contrasting the charging of cash-back fees to the relatively high fees charged at out-of-network ATMs, the CFPB found that average ATM withdrawal amounts far exceeded the cash-back limits put into place by retailers that charge a fee, meaning that “a consumer has a greater ability to distribute the cost of the fee across a larger amount of cash than with cash back.” Retailers who charge a fee for cash-back should tread carefully. There are some jurisdictional impediments to the CFPB taking action, but the charging of a fee for what is at least partially a financial transaction could be an easy way for the CFPB to clear those hurdles.
   
   
4. Finally, on September 20, the CFPB issued a proposed rule with comments due on November 4 regarding amendments to the Remittance Transfer sections of Regulation E. Described in the press release as a “narrow amendment” the printed Federal Register notice still is 19 pages long. But, basically, the proposed rule seeks to update certain disclosure requirements and about a dozen different model forms to address a couple of issues. First, the CFPB wants to minimize the number of calls it receives regarding remittance transfer issues, due to required disclosures directing consumers to reach out to the CFPB.  Stating that “as many as 35% of the total telephone calls received” by the CFPB are as a result of this disclosure, the CFPB seeks to introduce a revised disclosure statement that “would state that the sender can contact the State licensing agency and the CFPB if the sender has unresolved problems with the remittance transfer or complaints about the remittance transfer provider.” Second, and related, the CFPB wants to update the model forms indicated so that remittance transfer provider contact information is “more prominent and easier to locate by consumers.”

By Andrew Karp

Partner | Financial Regulation

The Office of the Comptroller of the Currency’s Committee on Bank Supervision sets the agency’s supervision objectives and priorities. On October 1, the Committee released the OCC’s Bank Supervision Operating Plan (the “Plan”) for fiscal year 2025 (October 1, 2024 – September 30, 2025).

The Plan’s priorities and objectives will be familiar to management of national banks, as it continues the themes of recent years. Change-management and third-party risk management continue as  topics of focus in many, if not most, examination categories. As has been the case for several years, examiners will focus on risk governance and control functions and use the banks’ audit, credit risk review, and risk management processes, provided the OCC has validated their reliability, including scope, timeliness, and competence. A new topic for 2025 will be a focus on bank credit risk transfer  (“CRT”)  transactions. Examiners are also instructed to assess the banks’ readiness for “impacts of volatile economic conditions,” noting especially recession possibilities, the path of interest rates, and deposit stability. Another 2025 feature is the direction to examiners to “consider geopolitical events that may have adverse financial, operational, and compliance implications.”

The Plan groups discrete areas of focus within three fundamental categories: financial, operational, and compliance. 

Within the financial category, examiners will focus on credit, allowance for credit losses, asset and liability management, capital, and climate-related financial risks.  Some points of interest in these areas include:

• Credit: The effectiveness of management’s actions to identify, measure, monitor, and control credit risk given “significant changes in market conditions, interest rates, and geopolitical events.”
• Allowance for Credit Losses: Whether the allowance for credit losses balance is appropriate and considers both the current economic environment and reasonable, supportable forecasts for future economic changes.
• Asset and Liability Management: Funding and deposit stability, especially with respect to interest rate levels and volatility, funding composition and concentrations (including uninsured and brokered deposits), deposit repricing assumptions, and the potential for rapid changes, and a focus on model back-testing practices to assess whether models performed accurately relative to previous large swings in interest rates.
• Capital: Examiners will monitor “capital optimization activities, including any new plans by banks to engage in credit risk transfer transactions.” Examiners will review whether banks have effective governance and risk management systems to identify, measure, monitor, and control risks posed by CRTs.
• Climate-Related Financial Risks: For depository institutions, including federal branches and agencies of foreign banks with over $100 billion in assets, there will be examinations to assess banks’ ability to identify, measure, monitor, and control climate-related financial risks.

Within the operational category, areas of focus will include cybersecurity, third-party risks, payments, change-management and operations. Some points of emphasis in these areas include:

• Cybersecurity: Examinations will review the effectiveness of information technology asset life cycle management, including end-of-life, end-of-support, and patch management processes, and assess new or changed internal controls and operational processes, including those designed to comply with regulatory incident reporting requirements.
• Third-Party Risks: Examiners will assess the effectiveness of risk management throughout all stages of the third-party risk management life cycle, particularly the rigor of risk management practices for third-party relationships that support a bank’s critical activities. Notably, examiners will likely structure examinations to develop a view of enterprise-wide third-party risk management
• Payments: Examiners will consider how varieties of payment risks (e.g., operational, compliance, financial, strategic, and reputation) are incorporated into enterprise-wide risk assessments.
• Change-Management: Examiners will assess the suitability of governance processes, internal control considerations, organizational structures, and staffing in relation to significant changes at a bank, including changes relating to M&A, system conversions, new regulatory requirements, cost control measures, new products and services, and significant changes in strategy.

Within the compliance category, examiners will concentrate on BSA/AML/CFT, consumer compliance, CRA, and fair lending. Focal points will include:

• BSA/AML/CFT: Examiners will focus on the adequacy of change management processes for rulemakings implementing the AML Act of 2020, including the Corporate Transparency Act.
• Consumer Compliance: Examiners will review whether relevant aspects of products or services, including those offered through third-party relationships, are disclosed in a clear, consistent manner with accurate, complete information, as well as third-party risk management and disclosures, and related change-management processes.
• CRA: Examiners will review the bank’s implementation of examination guidance issued in FY 2022 to address challenges posed by successive rule changes in June 2020 and December 2021.
• Fair Lending: Examiners will address the full life cycle of credit products, including the potential for mortgage lending discrimination resulting from appraisal bias or discriminatory property valuations.

By Alix Prentice

Partner | Financial Regulation

The UK’s Financial Conduct Authority ("FCA") has recently successfully applied to the Court of Appeal to uphold an earlier decision to impose requirements for redress in relation to conflicts of interest. This decision serves as a timely reminder to firms to review, and if necessary refresh, conflicts of interest policies and procedures. 

Regulatory Background

Principle 8 of the FCA’s Principles for Business requires that a firm must manage conflicts of interest fairly, between itself and its customers and between a customer and another client. Firms are obliged to take all reasonable steps to identify conflicts and have effective organisational arrangements that are aimed at preventing conflicts from constituting or giving rise to a material risk of damage to the interests of clients. When those arrangements are not sufficient to ensure, with a reasonable degree of confidence, that the risks can be prevented, firms must give sufficient disclosure to their clients.

Key Points Coming Out from the FCA’s Decision:

• merely identifying risks is inadequate as a conflicts’ mitigation measure unless the primary controls put in place to actually effect mitigation are sufficient and robust;
• those primary controls should take account of which senior staff are charged with making decisions about management and mitigation measures and how that impacts on allocation, etc.;
• similarly, once a conflict has been identified, disclosures to clients must give “sufficient information to allow them to scrutinise the substance of the conflict” as well as how the conflict is being managed;
• that information must be specific to the particular conflict; and
• asset managers conducting side-by-side management of separate investment funds simultaneously are in a particularly sensitive position when it comes to conflicts of interest given the Principle 8 obligation to manage conflicts between clients, as well as between the firm and clients.

Takeaways

Conflicts of interest are a perennial item of interest for regulators of the asset management industry. While this FCA decision turns on its particular facts, it is always useful to go back to systems and controls procedures to make sure that they remain focused on the risks that naturally arise in this sector and within the context of each individual firm’s business model.

The European Commission has produced the first leg of its long awaited consultation on the function of the EU Securitisation Framework ("ESF") in the form of a paper setting out consultation questions. 

The ESF consists of the Securitisation Regulation ("SECR"), the Capital Requirements Regulation ("CRR") and Solvency II Delegated Act, as well as certain liquidity requirements for banks in the Liquidity Coverage Ratio Delegated Act. SECR has been under review since 2022 in the context of the functioning of the EU securitisation market relative to its competitors. That review revealed that improvements were needed in order to achieve a more effectively functioning EU market, particularly around due diligence, transparency and proportionality. To that end, this first consultation paper is asking for industry input on a number of topics, including:

• the overall effectiveness of the ESF relative to its objectives which include the revival of safe securitisation markets and making sure that securitisations play their full part in funding the EU economy;
• impediments to securitising in SME loans or investing in SME loan securitisations;
• the scope of the application of SECR, including jurisdictional scope and the definitions of a securitisation and a sponsor;
• due diligence requirements;
• transparency requirements and the definition of ‘public securitisation’;
• prudential and liquidity risk treatments of securitisation for banks with a view to establishing how the prudential treatment of securitisation in the CRR can be calibrated to support an improved profile of the attractiveness of securitisation instruments for banks as originators, investors and servicers;
• risk weight floors and European proposals to lower those when banks act as originators;
• the (p) factor and whether it could potentially be reduced – questions are also raised about proposals to adjust the (p) factor on a temporary basis to adjust for the introduction of the ‘output floor’ under Basel 3.1;
• the tests in the CRR for the conditions to be met for significant risk transfer or ‘SRT’ to take place; and
• eligible asset classes for the purpose of inclusion in banks' liquidity buffers.

Next Steps

Responses to the questionnaire should be submitted online before 4 December 2024.