CFPB Report February 7, 2014

CFPB Takes First Step in Expanding HMDA Requirements

On Friday, February 7, 2014, the CFPB announced its first step in the Home Mortgage Disclosure Act (HMDA) rulemaking process by convening a Small Business Review, or SBREFA, panel to solicit feedback from small lenders. This first step is required under the Small Business Regulatory Enforcement Fairness Act (SBREFA), and the Dodd-Frank Act requires the CFPB to update the current HMDA rules.


“Today we are asking for small businesses to provide feedback on ideas to improve the [HMDA], which monitors the largest consumer financial market in the world,” said CFPB Director Richard Cordray. “We want there to be better information, better collection, and better access to this important information.”


In its release, the CFPB provided information about the changes it is considering, which are more extensive than what is required under the Dodd-Frank Act. These include changes to the rule establishing what data financial institutions are required to provide under HMDA, and seeking feedback on current reporting requirements. The Bureau is also considering ways to improve the HMDA data collection process, including a new HMDA tool to provide the public easier access to mortgage data for 2007–2012.


The next step in the HMDA rulemaking process will come in the form of a proposal, with a comment period, which the CFPB expects will take a year to complete.


CBA has contacted the CFPB to coordinate involvement in this process. 


Comments due Friday on Mortgage Loan Closing Process

Comments to the CFPB on the mortgage loan closing process are due today, February 7, 2014. The CFPB requested information on key consumer “pain points” associated with mortgage closings and how these challenges may be addressed by market innovation and technology. This initial step is the next phase of the CFPB’s “Know Before You Owe” initiative on mortgages. The first phase was combining TILA/RESPA disclosures, which become effective on August 1, 2015.


CBA is finalizing its letter on the mortgage loan closing process and will submit comments later today. CBA’s letter will address concerns with the timing of this process, the scope of the Bureau’s inquiries, and how it will use the information collected. CBA will provide specific responses to pointed questions and suggest full review of the entire mortgage loan process for the benefit of consumers.


CFPB Releases Survey Results on Student Loan Servicing

On Monday, February 3, 2014, Rohit Chopra, the CFPB’s Private Student Loan Ombudsman, published ablog post on student loan servicing. A letter linked to the blog post summarized the results of an industry survey, initiated on November 26, 2013, focused on how servicers allocate student loan payments across multiple loans which differ from the total balance due. The Bureau found servicers may have incentives which are misaligned with consumers; for example, servicers may not desire to see a loan paid down quickly, as this would yield a reduction in fee income due to the shortened life of the loan. The survey results also pointed to challenges for servicers in allocating payments across loans, such as miscommunication from third-party payment providers and inflexible payment systems.

CBA Issues Comment Letter on OMWI Proposal

On Friday, February 7, 2014, CBA, with other trade associations, submitted comments in response to the proposed diversity assessment standards issued by the Federal Reserve, OCC, FDIC, CFPB, National Credit Union Administration, and the Securities and Exchange Commission. The proposal seeks to implement section 342 of the Dodd-Frank Act, which establishes an Office of Minority and Women Inclusion (OMWI) at each of these agencies and directs them to develop diversity assessment standards in order to “address a regulated entity’s employment practices and its business practices with regard to the procurement of goods and services.”


CBA is committed to the goal of assessing diversity and inclusion in the financial services industry, and supports a voluntary self-assessment approach for evaluation. A rigid, one-size-fits-all approach would stifle the ability of regulated institutions to develop diversity and inclusions policies tailored to their unique circumstances.


CBA offered suggestions to improve the proposed standards. To avoid duplicative requirements, regulated entities already in compliance with other federal diversity assessment standards, such as affirmative action plans, should be deemed to have satisfied the final OMWI standards. The proposed standards for assessing supplier diversity should be eliminated as they are overly burdensome, particularly for smaller institutions, and may have significant adverse consequences for small businesses. CBA also requested confidential treatment for voluntarily submitted reports and greater clarity with regard to timing and the reporting process.

Pew Releases Prepaid Report

On Thursday, February 6, 2014, The Pew Charitable Trusts released a report indicating general purpose reloadable prepaid cards have become increasingly affordable and accessible for consumers. Pew also reported a lag in prepaid protections compared to other banking products, although the CFPB is in the process of proposing a rule for prepaid cards, which is expected in spring.


“More consumers are turning to prepaid cards as a convenient tool to control spending and fees,” said Susan Weinstock, Director, Safe Checking at Pew. “While prepaid cards offer many benefits to consumers, they are a relatively new product with little oversight. A lack of protections undermines prepaid cards as a safe and easy way to manage money.”


Pew’s findings included: 

  • Prepaid cards offered by large banks are particularly economical compared to the cards studied in 2012.
  • When comparing the cost of prepaid cards and checking accounts offered at the same large financial institutions, prepaid cards are often a better deal.
  • Prepaid cards do not offer consumers the limited liability protection required by federal law for checking accounts, mostly due to omissions in the terms provided, but sometimes because of shifts of liability onto the cardholder.
  • The terms of nearly all prepaid cards explicitly state customer funds would be covered by FDIC insurance, but some disclose they do not—with disclosure much clearer in 2013 than 2012.
  • Arbitration agreements requiring a customer to settle any dispute using a private, third-party decision maker are increasingly included in prepaid cardholder agreements.

CBA continues to work on prepaid card issues with Pew, the CFPB and entities.

Trade Associations Send Memos to Congress on Data Security 

On Wednesday, February 5, 2014, CBA with other industry associations, sent memos to the House andSenate to educate policymakers on where and how data breaches are occurring. The memos acknowledge the active response by Target and Neiman Marcus to recent data breaches and their efforts to prevent future incidents. CBA expressed concern as to misinformation perpetuated by other merchants about where data breaches are occurring. CBA emphasized only four percent of data breaches occur at financial institutions, according to statistics by the Identity Theft Resource Center.

Data Security Hearings

Senate Banking Subcommittee on National Security and International Trade and Finance

On Monday, February 3, 2014, the Senate Banking Subcommittee on National Security and International Trade and Finance kicked off this week’s round of Congressional hearings related to data security. Witnesses included the Secret Service (USSS), Federal Trade Commission (FTC), American Bankers Association (ABA), National Retail Federation (NRF), U.S. Public Interest Research Group (US PIRG), and the Payment Card Industry (PCI) Security Standards Council. Chairman Mark Warner (D-VA), Ranking Member Mark Kirk (R-IL), Sens. Jon Tester (D-MT), Elizabeth Warren (D-MA), Robert Menendez (D-NJ), and Mike Johanns (R-NE) attended the hearing.


Chairman Warner began by cautioning participants the hearing was not to become a battle between merchants and banks. Senators urged those in the payment ecosystem to collaborate with each other to prevent future incidents. A general consensus favored chip and PIN card technology, although many recognized the upgrade will not be a silver bullet solution. Members agreed on the need for federal data breach legislation and the establishment of universal security standards for all cards types to be steps in the right direction. 


Participants concurred any proposed standards must be flexible to keep pace with technological innovation. "Tokenization" and mobile devices as a payment platform were also discussed, but no strong position was established. 


Sens. Warner (D-VA), Warren (D-MA), and Tester (D-MT) agreed on the need for data breach notification standards. Jessica Rich, Director of the Bureau of Consumer Protection at the FTC, also expressed support for legislation establishing federal standards, calling for FTC authority to pursue civil penalties for 'unfair' and 'deceptive' data practices. An established standard would create clear expectations for industry, and enable the FTC to pursue civil penalty claims.


Senate Judiciary Committee

On Tuesday, February 4, 2014, the Senate Judiciary Committee held its second hearing covering data security. Witnesses included representatives from Target, Neiman Marcus, Consumers Union, Symantec, the USSS, and the FTC. Chairman Patrick Leahy (D-VT), Ranking Member Chuck Grassley (R-IA), Sens. Dianne Feinstein (D-CA), Orrin Hatch (R-UT), Amy Klobuchar (D-MN), Mike Lee (R-UT), Al Franken (D-MN), Christopher Coons (D-DE), Richard Blumenthal (D-CT), Mazie Hirono (D-HI), Dick Durbin (D-IL), and Sheldon Whitehouse (D-RI) attended the hearing.


In his opening statement, Chairman Leahy referenced his recent bill, the “Personal Data Privacy and Security Act,” calling for movement on data privacy legislation to protect all parties, while protecting consumers from cyber theft. Ranking Member Grassley noted the 112th Congress was approaching agreement on comprehensive cyber security legislation, but expressed the need for “balanced” data breach notification legislation.


Emphasis on collaboration among government, retailers, payment networks, financial institutions, and consumers toward improved data security echoed sentiments from Monday’s hearing in the Senate Banking Subcommittee. Card security standards were discussed at length, with consensus on chip and PIN technology being more secure than magnetic strips.


Standardized breach notification standards were also discussed as some senators criticized retailers for lack of transparency in past data breaches. Target and Neiman Marcus, however, were commended for their reactions to recent data breaches and the willingness to work with Congress to prevent future incidents. The Consumers Union emphasized the need for prompt reporting, saying the sooner consumers are notified of a data breach, the sooner they can take steps to protect themselves.


Sen. Durbin noted his amendment governing interchange fees included an allotment of one penny per transaction for fraud prevention. He referenced Visa’s road map to move towards chip and PIN technology soon after the Dodd-Frank Act was passed. He added American Express had issued him a card with chip technology “years ago.”


House Energy & Commerce

On Wednesday, February 5, 2014, the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade held a hearing entitled: “Protecting Consumer Information: Can Data Breaches be Prevented?” focusing on recent data breaches, card security technology, and consumer privacy.


Witnesses included Edith Ramirez, Chairwoman, FTC; Lisa Madigan, Attorney General, State of Illinois; William Noonan, Deputy Special Agent in Charge, Criminal Investigations Division, Cyber Operations, USSS; Lawrence Zelvin, Director of the National Cybersecurity and Communications Integration Center, Department of Homeland Security; Michael Kingston, Senior Vice President and Chief Information Office, The Neiman Marcus Group; John Mulligan, Executive Vice President and Chief Financial Officer, Target Brands Incorporated; Bob Russo, General Manager, PCI Security Standards Council; and Phillip J. Smith, Senior Vice President, Trustwave Holdings.


In his opening remarks, Subcommittee Chairman Lee Terry (R-NE) said nearly one-quarter of American consumers have been affected by data breaches. He expressed interest in chip and PIN technology for cards, but acknowledged there is no one solution to solve data breaches. Jan Schakowsky (D-IL), the Subcommittee’s Ranking Member, suggested the Target breach could come at a cost of more than $18 billion to the U.S. economy. 


Senate Banking Committee

On Thursday, February 6, 2014, the Senate Banking, Housing and Urban Affairs Committee held ahearing entitled: “Oversight of Financial Stability and Data Security.” Witnesses included Mary J. Miller, Under Secretary for Domestic Finance, U.S. Department of Treasury; Daniel K. Tarullo, Governor, Board of Governors of the Federal Reserve System; Martin J. Gruenberg, Chairman, FDIC; Thomas J. Curry, Comptroller of the Currency, OCC; Mary Jo White, Chair, SEC, and Mark Wetjen, Acting Chairman, CFTC. Major themes of the hearing included the security of financial information, implementation of leverage and liquidity standards, the Volcker rule, and ensuring regulation takes bank size and complexity into account.


Chairman Tim Johnson (D-SD) discussed recent data breaches by retailers in his opening statement: “Those responsible must be held accountable, and we must examine what more can be done to better safeguard consumer information going forward.” Ranking Member Mike Crapo (R-ID) echoed Johnson’s sentiments, calling for examination of existing regulatory tools to mitigate damage after a breach, and consideration of new technology for payment security. Witnesses referenced a report by the Financial Stability Oversight Council (FSOC) in 2013 which pointed to cyber security as a potential systemic risk to the financial system and economy.


Witnesses noted weaknesses in payments systems which are unlikely at financial institutions. Comptroller Curry emphasized the expenses to banks for card replacement, consumer reimbursements for fraudulent transactions, and monitoring accounts.

Biggert-Waters Delay Legislation Passes Senate

On Thursday January 30, 2014, the Senate passed S.1926, the “Homeowner Flood Insurance Affordability Act of 2014” by a vote of 67-32. The bill, introduced by Senators Robert Menendez (D-NJ) and John Isakson (R-GA) requires a four-year delay of the Biggert-Waters flood insurance bill, which passed in July of 2012. Fearing an increase in flood insurance premiums and problematic escrow account provisions, Senator Kay Hagan (D-NC) offered an amendment to delay the implementation of escrow account provisions which have yet to be finalized by the Federal Financial Institutions Examination Council. CBA, with others, sent a letter to Senate Leadership urging swift passage of the amendment and delay of legislation. CBA will continue to with other trade groups to monitor progress as the legislation moves to the House.