The federal bank and credit union regulatory agencies (including the Consumer Financial Protection Bureau (CFPB)), acting through the Federal Financial Institutions Examination Council (FFIEC), have substantially revised the Uniform Interagency Consumer Compliance Rating System (Rating System). The new Rating System substantially reconfigures the legacy ratings system for consumer compliance, which is a standardized system used by federal and state bank supervisors to assess and rate the level and quality of a regulated financial institution’s compliance with consumer laws and regulations (not including the Community Reinvestment Act, which is separately reviewed and evaluated).

The new Ratings System, which was previously proposed for comment in May 2016, takes effect on March 31, 2017. It will apply to all banks and credit unions that are federally regulated as well as all firms that are subject to CFPB regulation and supervision. The Rating System also will be used by state bank regulatory agencies, consistent with individual states’ examination and supervision policies and practices.

As National Cybersecurity Awareness Month comes to a close, the federal financial regulators have been releasing guidance related to cybersecurity and financial technology (FinTech) issues faster than a teen can complain about slow Wi-Fi.

In the last 10 days, there have been a number of notable releases:

  • The Board of Governors of the Federal Reserve System (Federal Reserve Board), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) released a joint advance notice of proposed rulemaking titled Enhanced Cyber Risk Management Standards that would apply to large supervised financial institutions and their service providers.
  • The Federal Reserve Board’s Secure Payments Task Force identified its key priorities for addressing secure payments: payment identity management, information sharing to mitigate payments risk and fraud, and data protection. The task force has invited industry feedback on these priorities through November 8.

In the closely watched case PHH Corporation v. Consumer Financial Protection Bureau, a panel of the US Court of Appeals for the District of Columbia Circuit has held that the Consumer Financial Protection Bureau’s (CFPB’s) structure is unconstitutional but that the constitutional flaw is remedied simply by striking the CFPB provision that authorizes the statute restricting the US president’s power to remove its director except “for cause.” In this manner, the court has allowed the CFPB to continue operating as it has done with minimal real changes: if the decision ultimately becomes final, the CFPB’s director will become subject to removal from office by and the direction of the president, as is the case with any other Executive Branch agency, such as the US Department of Justice or Department of the Treasury.

Having determined that the CFPB may continue operating, the court also addressed the appeal’s merits and remanded the case to the CFPB director for further action consistent with the opinion. The CFPB may seek review of the decision by the full DC Circuit or from the US Supreme Court.

On October 7, attorneys general (all Democrats) from New York, Connecticut, the District of Columbia, Maryland, Massachusetts, New Hampshire, Pennsylvania, and Vermont filed a comment letter (Comment Letter) with the Consumer Financial Protection Bureau (CFPB) supporting proposed rules concerning Payday, Vehicle Title, and Certain High-Cost Installment Loans (Proposed Rule), to be codified at 12 C.F.R. §1041.

The Comment Letter focuses primarily on the importance of state attorneys general’s independent authority as separate sovereigns to enforce state laws that may be more stringent than federal law. The Comment Letter points to the preamble of the Proposed Rule as evidence of the CFPB’s intent to treat its proposal as a floor, not a ceiling:

On October 5, the Consumer Financial Protection Bureau (CFPB) released its final rule (Final Rule) extending an array of new substantive restrictions, upfront and ongoing disclosure obligations, and government reporting requirements on prepaid cards and a range of electronic non-bank accounts, commonly referred to as “digital wallets.”

The Final Rule makes a number of changes to both Regulation E (which implements the Electronic Funds Transfer Act) and the credit card rules that are part of Regulation Z (which implements the Truth in Lending Act). The Final Rule takes effect on October 1, 2017, with certain provisions phased in over time, and the reporting requirement for issuers is delayed until October 1, 2018.

In a significant decision, on August 31, the US District Court for the Central District of California held that a tribal bank originating loans for a non-bank lender was not the “true lender”—making the loans subject to state usury limits.


In December 2013, the Consumer Financial Protection Bureau (CFPB) commenced litigation against CashCall (a payday lender in a partnership with a tribal bank) and other defendants, claiming that they had violated the federal law prohibition on unfair, deceptive, or abusive acts or practices (UDAAP) for financial services providers by servicing and collecting on loans that were wholly or partially void or uncollectible under state law.

On August 1, the Consumer Financial Protection Bureau (CFPB) published a Notice in the Federal Register seeking comment on a proposal to expand the information it gathers for its consumer complaint database to include complaint disposition information from consumers. This new information would include a 1–5 rating by the consumer as well as a narrative block. The proposal, however, does not include a data field for businesses to describe the relief provided, if any, or to otherwise respond to a consumer’s statements.

The CFPB characterizes this new information as a tool to permit the CFPB and other enforcement and regulatory agencies to assess efforts to remediate consumer complaints. Financial institutions and other businesses that may come within the ambit of this database, however, should be concerned that a one-sided consumer comment opportunity creates a cost-free, sortable, and mineable trove of possible cases for other regulatory and law enforcement agencies, including the Federal Trade Commission and state attorneys general, as well as plaintiffs’ lawyers seeking class action plaintiffs.

On July 28, the Consumer Financial Protection Bureau (CFPB) released a detailed summary of regulations it is considering imposing on third-party debt collectors. These proposals, once finalized, stand to potentially form the basis of significant “unfair, deceptive, or abusive acts or practices” (UDAAP) enforcement and regulatory actions against large bank and non-bank financial institutions that use third-party debt collectors to collect debts on their behalf or sell charged-off debt to third-party debt collectors.

Read our LawFlash for further information on the CFPB’s action.

On July 6, North Carolina Governor Pat McCrory signed into law legislation to bring certain virtual currency businesses expressly within the existing money transfer business regulatory scheme by repealing and replacing the current law with a new article.

The new law explicitly captures virtual currency with new definitions. Under the prior law, virtual currency intermediaries were not expressly covered, although the broad definitions of “money transmission” and “monetary value” (“[a] medium of exchange, whether or not redeemable in money”) prior to the new law’s adoption likely captured virtual currency. Coinbase Inc. and Circle Internet Financial Inc. are already licensed as money transmitters. The new law provides greater legal certainty, however, by explicitly providing that money transmission “includes maintaining control of virtual currency on behalf of others.”

The Consumer Financial Protection Bureau (CFPB) today proposed rules (Payday, Vehicle Title, and Certain High-Cost Installment Loans) pursuant to its authority under 12 U.S.C. §§1022, 1024, 1031, and 1032 (Dodd-Frank) that will severely restrict what is generally referred to as the “payday lending” industry (Proposed Rules).

The Proposed Rules merit careful review by all financial services providers; in addition to true “payday lenders,” they create substantial risk for banks and other traditional financial institutions that offer short-term or high-interest loan products—and risk making such credit effectively unavailable in the marketplace. The rules also create a serious risk of secondary “assisting and facilitating” liability for all financial institutions that provide banking services (in particular, access to the ACH payments system) to lenders that the rules directly cover.