<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Regulatory Brief for December 2021: Recapping the Year and Preparing for 2022

3 min read
Jan 6, 2022

Hopefully you’ve started the New Year refreshed, renewed, and ready to tackle regulatory compliance! As we move forward into 2022, let’s take a moment to recap December’s biggest regulatory updates covered in this month’s episode of the Ncast podcast Regulatory Brief.

Each month the Ncontracts team of compliance pros breaks down the hottest regulatory trends and changes. What do you need to know about mortgages acquired by Fannie and Freddie? What’s drawing regulatory scrutiny? Read on and find out!

Remember: You can also log in to Ncomply for updates and implementation guides on changes to state and federal regulations.

Here are the highlights from the Ncast Regulatory Brief covering December 2021:

2022 Conforming Loan Limits. The Federal Housing Finance Authority (FHFA) announced an increase of conforming loan limits for one-unit properties to $647,200 (an increase of $98,950 from $548,250 in 2021) for mortgages acquired by Fannie Mae and Freddie Mac. In high-cost areas the limit is $970,800.

Freddie Says “No” to Crypto. Freddie Mac announced that borrowers can’t use cryptocurrency as income to qualify for a mortgage, but it must be included in the borrower’s debt payment-to-income ratio if security a debt. If needed for the mortgage transaction, it must be exchanged to U.S. dollars.

CFPB opens inquiry into “Buy Now, Pay Later” credit.  The Consumer Financial Protection Bureau (CFPB) issued orders to collect information on the risks and benefits of “buy now, pay later” (BNPL) credit from the largest BNPL lenders (Affirm, Afterpay, Klarna, PayPal, and Zip). The CFPB is concerned about accumulating debt, regulatory arbitrage, and data harvesting in a consumer credit market already quickly changing with technology.

CFPB signals interest in overdraft fees. Overdraft practices (ODP) are back in the headlines years after a series of class action lawsuits and hefty civil monetary penalties were imposed on institutions for ODP practices such as arranging transactions to maximize fees and failing to appropriately opt-in a customer to the overdraft program. 

The CFPB is reviving the issue after noting an increase in reliance on ODP programs during the pandemic at both large and smaller financial institutions. The CFPB’s interest stems from the fact that programs tend to impact the most financially vulnerable (i.e., those with low deposit balances).  The CFPB, NCUA and OCC have all remarked they will be focusing on overdraft fees, so expect increased regulatory scrutiny.

Other regulatory updates in December 2021

OCC issues final rule rescinding June 2020 CRA Rule. We knew it was coming, but now it’s official. The OCC rescinded its June 2020 Community Reinvestment Act (CRA) rule and replaced it with a rule largely based on OCC’s 1995 CRA rule adopted jointly with FRB and FDIC.  It’s effective January 1, 2022, with exception to provisions related to public notice and public filing requirements, which are effective April 1, 2022.

FTC Standards for Safeguarding Customer Information: Information Security Program. The Federal Trade Commission (FTC) issued a final rule amending the Standards for Safeguarding Customer Information. This final rule is especially noteworthy for mortgage companies and non-federally insured credit unions. The rule:

    • adds provisions designed to provide covered financial institutions with more guidance on how to develop and implement specific aspects of an overall information security program, such as access controls, authentication, and encryption;
    • adds provisions designed to improve the accountability of financial institutions’ information security programs, such as requiring periodic reports to boards of directors or governing bodies; and
    • exempts financial institutions that collect less customer information from certain requirements.

The FTC is also requesting public comment on its proposal to further amend the Standards for Safeguarding Customer Information to require covered financial institutions to report to the FTC any security event where the financial institutions have determined misuse of customer information has occurred or is reasonably likely and at least 1,000 consumers have been affected or reasonably may be affected. 

For even deeper insights, including tensions at the FDIC, New York’s new reverse mortgage rules for co-op apartments, NCUA third-party provider crypto services, FinCEN’s proposed rule for beneficial ownership, and an update to the BSA/AML Examination Manual, tune in to the Ncast.

You can listen here or subscribe on your favorite podcast platform.


What Is A Compliance Management System And Why Your FI Needs One


New call-to-action

Subscribe to the Nsight Blog