Agency Rule-Making & Guidance

Recently Florida and Arkansas made it a requirement for those engaging in virtual currency activities to obtain money transmission licenses in their respective jurisdictions.

Continue Reading Money Transmission Licenses Required for Virtual Currency Activities in Arkansas and Florida

On September 8, the FTC approved final revisions that would bring several rules implementing parts of the Fair Credit Reporting Act (FCRA) in line with the Dodd-Frank Act, which transferred rulemaking authority related to parts of the FCRA to the CFPB, and thereby narrowed the FTC’s FCRA rulemaking authority for these rules.  As such, the FTC approved changes that clarify that in some cases these FCRA rules enforced by the FTC apply only to motor vehicle dealers, which were specifically excluded from the scope of Dodd-Frank’s requirements.  The FTC previously sought comment on the proposed rule changes last year.
Continue Reading FTC Approves Changes to FCRA Rules; Clarifies Application to Motor Vehicle Dealers

On September 1, the CFPB issued a Notice of Proposed Rulemaking (NPRM) to implement Section 1071 of the Dodd-Frank Act, which amended the Equal Credit Opportunity Act (ECOA) to require financial institutions to collect and report data regarding credit applications made by women-owned, minority-owned, and small businesses (we previously discussed the proposed rule in an earlier Consumer Finance & FinTech Blog post here).  The proposed rulemaking is an expansive 918 pages and the CFPB provides both a summary and table of contents to assist industry participants in their review and comments.

Continue Reading CFPB Issues Proposed Rule Under Section 1071 of Dodd-Frank to Collect Small Business Lending Data

On August 27, the Federal Reserve, FDIC, and OCC jointly published guidance on the types of due diligence community banks should engage in when contemplating arrangements with financial technology companies or FinTechs.  While the diligence guidance is voluntary, the banking agencies suggest that community banks should conduct due diligence with respect to FinTechs in six key areas:  (i) business experience and qualifications, (ii) financial condition, (iii) legal and regulatory compliance, (iv) risk management and controls, (v) information security, and (vi) operational resilience.  The guidance then provides subcategories for due diligence within each category, and provides relevant considerations for the bank for each subcategory, and potential sources of information.  The subcategories are as follows:

Continue Reading Banking Agencies Release Due Diligence Guidance on Community Bank-FinTech Relationships

On August 11, the Federal Financial Institutions Examinations Council (FFIEC) issued new guidance, providing examples of effective authentication and access risk management principles and practices for financial institutions.  The principles and practices relate to access to digital banking services and information systems by customers, employees, and third parties accessing digital banking services and financial institution information systems.  The FFIEC — whose voting members include representatives from the FDIC, the NCUA, the OCC, the CFPB, the Federal Reserve Board, and the State Liaison Committee — issued the guidance as an update to prior submissions from 2005 and 2011.

Continue Reading FFIEC Issues Updated Guidance on Authentication and Access to Financial Institution Services and Systems

The U.S. District Court for the Northern District of California recently issued an order setting September 30 as the deadline for the CFPB to issue a notice of proposed rulemaking (NPRM) on small business lending data based on Section 1071 of the Dodd-Frank Act.  Section 1071 amended the Equal Credit Opportunity Act to require financial institutions to collect, maintain, and report to the CFPB data on credit applications made by women-owned, minority-owned, and small businesses.  Such data includes the race, sex, and ethnicity of the principal owners of the business, and would be used to facilitate enforcement of fair lending laws and to help better identify the business and community development needs of these types of entities.  The order follows a complaint that was filed in 2019 alleging the wrongful delay by the CFPB in adopting regulations to implement Section 1071.  The deadline comes as a result of a stipulated settlement agreement reached in 2020, which established a timetable for the CFPB to engage in Section 1071 rulemaking.
Continue Reading CFPB To Issue Data Collection Regulations for Small Business Lenders in September

The CFPB recently announced that its two final debt collection rules implementing the Fair Debt Collection Practices Act (FDCPA) will take effect as planned on November 30.  The CFPB had previously proposed extending the final rules’ effective date by 60 days to allow for additional comments and time for implementation for those affected by COVID-19 (a recent Sheppard Mullin article discussing the COVID-related impact on debt collection was recently covered here).  Based on industry feedback, however, the Bureau determined that an extension is unnecessary, explaining that while “consumer advocate commenters generally supported extending the effective date, they did not focus on whether additional time is needed to implement the rules.”

Continue Reading CFPB Confirms November 30 Effective Date for Debt Collection Final Rules

On August 5, California’s Department of Financial Protection and Innovation (DFPI) announced that it entered into a consent order with a New York-based FinTech company that offers student Income Share Agreements (ISAs) to finance post-secondary education and training.  According to the DFPI, it is the first agreement to subject an ISA provider to state licensing and regulation.  The agreement reflects the DFPI’s decision to treat these private financing products as student loans for the purpose of the California Student Loan Servicing Act (SLSA).  Below are significant highlights from the agreement:

  • The DFPI found that the SLSA defines “student loans” broadly to include “any loan” or “extension of credit” and does not exclude contingent debt.
  • Under the ISAs, students agree to repay a school a fixed percentage of their future gross income after graduation, but only if the student is employed and making more than an agreed-upon amount.
  • The settlement provides that the DFPI will issue the company a conditional license under the SLSA based on its finding that ISAs are “student loans” for the purposes of the SLSA.


Continue Reading California Regulator Signals New Scrutiny of Student Lending Industry, Enters Into Consent Order with Servicer of Income Share Agreements

On July 13, the Federal Reserve, FDIC, and OCC proposed risk management guidance to help banking organizations manage risks related to third-party relationships, including relationships with vendors, FinTech companies, affiliates, and the banking organizations’ holding companies.  The proposal is based on existing but disparate third-party risk management guidance from the three prudential regulators, and is intended to promote consistency across the banking agencies.  If finalized, it will replace the guidance that each agency has released independently.

Continue Reading Federal Agencies Request Comments on Risk Management Guidance for Third-Party Relationships