September Regulatory Update: The CFPB and 1071 plus lots of enforcement news

Summer is coming to a close, but attention on the CFPB and Section 1071 is heating up. August also brought a RESPA enforcement action against a mortgage company, a fair lending settlement courtesy of the Department of Justice, and a big fine for banks that aren’t communicating on official channels. Plus, the latest crypto regulation.

Want the rundown from the Ncontracts expert team of regulatory professionals? It’s right here. Or, for even more detail, log into Ncomply for updates. 

The Latest on the CFPB and Section 1071

The big news in August centered on the Consumer Financial Protection Bureau (CFPB) and implementation of Section 1071 of the Dodd-Frank Act. The American Bankers Association and Texas Bankers Association filed a lawsuit calling for a delay of 1071 implementation until the Supreme Court issues a final decision on the constitutionality of the CFPB’s funding structure, which is expected next year. The judge issued an emergency injunction for ABA and TBA members. Now ABA and TBA are requesting the delay apply for all FDIC-Insured institutions in a letter written to the CFPB.

The Independent Community Bankers of America (ICBA), Independent Bankers Association of Texas, the Credit Union National Association (CUNA), Cornerstone League, and Texas City-based Texas First Bank and Rally Credit Union also joined the lawsuit and filed an emergency motion requesting the injunction cover their members. The Kentucky Bankers Association and several Kentucky banks also filed a lawsuit in a Kentucky federal district court challenging the CFPB's rule and seeking a preliminary injunction.

The CFPB filed its opposition to the motion for a preliminary injunction, and the Supreme Court denied the request of 27 Republican Attorney Generals to be included in oral arguments but did not offer up any reasoning. Oral arguments before the Supreme Court on the constitutionality of the CFPB’s funding will be heard October 3. A decision isn’t expected until June.

In related news, a New York court issued an order staying a lawsuit against an indirect auto lender until the CFPB Supreme Court case is decided.

1071 Small Business Lending Data Update

The CFPB revised its filing instructions guide for small business lending data collection in 2024. Specifically, the CFPB updated the Filing Instruction Guide, focusing on data products for Small Business Lending data. These updates encompass changes in validation IDs, transitioning from name codes to alphanumeric codes. There have also been adjustments to the Race/Ethnicity Enumeration for Demographic information to ensure alignment with the Home Mortgage Disclosure Act. Some minor adjustments have been made to clarify wording within the pricing information data point.

FHFA Issues Supplemental Guidance on Framework for Adversely Classifying Loans

The FHFA released supplemental guidance to an Advisory Bulletin published in 2021 on the framework for adversely classifying loans, other real estate owned, and other assets and listing assets for special mention. This guidance includes the definition of balance for financial assets, non-financial assets, and off balance-sheet credit exposures; when to determine the fair value of collateral; specification that contractual terms can be considered when evaluating a loan for classification; how to classify loans for borrowers who have declared bankruptcy but remain current on payments; and more.

CFPB Enforcement Action

The CFPB took action against a mortgage company and a real estate brokerage firm for alleged violations of the Real Estate Settlement Procedures Act (RESPA) and its implementing regulations. The mortgage company will pay $1.75 million under a CFPB order for allegedly providing illegal kickbacks to real estate agents for sending borrowers their way. The real estate broker will pay $200,000 in penalties for accepting the kickbacks.

Justice Department Settles Redlining Case

The DOJ announced a settlement to resolve allegations against a $384 million-asset Oklahoma bank alleged to have engaged in a pattern or practice of lending discrimination by redlining in Tulsa, Oklahoma. The DOJ says all the bank’s branches and loan production offices were located in majority-white neighborhoods, that the bank designated a service area that excluded all majority-Black and Hispanic-census tracts in the metropolitan, including the historically Black neighborhoods that were the site of the 1921 Tulsa Race Massacre. The DOJ says the bank failed to “appropriately monitor and address fair lending risk.”

The DOJ was tipped off by the FDIC. The bank will invest over $1.15 million to increase credit opportunities in neighborhoods of color in the Tulsa metropolitan area.

MLS Cyberattack Impact on Appraisals

Listing sites for the multiple listing (MLS) were struck by a cyberattack, limiting access to the database in some areas for several days. The MLS is a valuable tool for appraisals, including those conducted for loans sold to Freddie Mac, creating delays in appraisals and closings. In situations like this, it is important to communicate with borrowers and be transparent about the delays to avoid complaints.

Treasury and IRS Propose Rule for Brokers Using Digital Assets 

The Treasury Department and IRS proposed a rule requiring brokers—including digital asset trading platforms, digital asset payment processors and certain digital asset-hosted wallets—to file information returns and furnish payee statements on dispositions of digital assets effected for customers in certain sale or exchange transactions.

The proposal defines ‘digital asset payment processors’ as payment card issuers that make payments in digital assets to acquiring banks. Example 16 provides a detailed description to understand if the proposal applies to your institution.

Additionally, if your institution is involved in closing real estate deals, this proposal may require reporting the fair market value of digital currencies received by sellers. This responsibility includes filing Information returns and providing payee statements for purchasers using digital assets. If your institution is thinking about launching new digital currency services, like a rewards card, take note of this proposal and the requirements that come along with it.

Fed Announces Crypto and Nonbank Partnership Supervisory Program

The Federal Reserve announced a Novel Activities Supervision Program for Fed-supervised banks that want to become involved in crypto-assets, distributed ledger technology (DLT), and complex, technology-driven partnerships with nonbanks to deliver financial services to customers. It is designed to work with existing supervisory processes, and the Fed will inform banks in writing if they are included in the program.

In a related note, state-member banks that want to issue, hold, or transact in dollar tokens to facilitate payments must demonstrate sufficient controls to ensure safety and soundness. These banks must obtain written notification of supervisory nonobjection from the Fed before engaging in the proposed activities.

OCC Issues Legal Lending Limit Guidance

The OCC issued a bulletin (Bulletin 2023-27) to provide banks with guidance regarding the applicability of the legal lending limit (LLL) to purchased loans. The bulletin provides background information on loan purchase activities and the LLL, guidance on the applicability of the LLL to purchased loans, and types of recourse arrangements.

NCUA Letter on Cyber Incident Notification Requirements 

The National Credit Union Administration released a letter to credit unions (23-CU-07) on cyber incident notification requirements that took effect September 1. Credit unions should make sure to update response plans, review contracts with third-party service providers, train employees, have a monitoring and review system in place, and plan for accurate and timely documentation of all incidents.

Related: How to Write a Comment Letter on a Regulatory Proposal

SEC Demonstrates High Cost of Not Keeping Communication Records 

Wells Fargo, BNP Paribas, and Société Générale are among a host of banks and broker-dealers that collectively agreed to pay $549 million to U.S. regulators after their employees were caught communicating company business via their personal devices. The SEC also fined several Wall Street firms a total of $1.8 billion for similar issues, stemming from using text messages and platforms like WhatsApp that leave no official record of company business.

Related: Lessons Learned from an $8 Million BSA Civil Money Penalty

Wish you had access to all the latest regulatory updates as they happen? Wish someone would explain what they mean for your institution?