The Nutter Bank Report is a monthly publication of the firm's Banking and Financial Services Group.

Headlines
1. Court Overturns RESPA Ruling and Holds That the CFPB is Unconstitutionally Structured
2. OCC Releases Responsible Innovation Framework; No Decision on Fintech Charters
3. FDIC Publishes Supervisory Guidance on Compliance with New Military Lending Rule
4. CFPB Issues New Consumer Protection Regulations for Prepaid Accounts
5. Other Developments: Cybersecurity Assessment, Cybersecurity Risk Management, and Promotional Savings Accounts

1. Court Overturns RESPA Ruling and Holds That the CFPB is Unconstitutionally Structured

The United States Court of Appeals for the District of Columbia Circuit has overturned an enforcement action under Section 8 of the Real Estate Settlement Procedures Act (“RESPA”) by the CFPB against a nonbank mortgage lender, holding that the CFPB violated the lender’s due process rights by retroactively applying a new interpretation of RESPA to the lender’s past activities. The court’s October 11 decision arose from the CFPB’s determination that the lender’s so-called captive reinsurance arrangements constituted a violation of the prohibition against kickbacks and unearned fees under Section 8(a) of RESPA. Prior interpretations of another RESPA provision, Section 8(c), by the agency responsible for enforcement of RESPA before the CFPB, allowed captive reinsurance arrangements as long as mortgage insurers paid no more than reasonable market value for the reinsurance provided by a lender-affiliated reinsurer. The CFPB reinterpreted Section 8(c) and took the position that even if mortgage insurers paid no more than reasonable market value for the reinsurance, the arrangement nevertheless could constitute a prohibited referral arrangement with the lender affiliate of the reinsurer. The court ruled that the CFPB could not retroactively apply its new interpretation of Section 8(c) to the mortgage lender because it would violate a constitutional due process principle that “people should have fair notice of what conduct is prohibited,” and an opportunity to conform their conduct accordingly. The court also said that the CFPB’s interpretation of Section 8(c) is “facially nonsensical.” Click here for a copy of the court’s decision.

Nutter Notes: Section 8(a) of RESPA prohibits, in relevant part, paying for a referral of business related to a residential mortgage loan. In this case, the arrangement involved mortgage insurers paying what the CFPB conceded was no more than reasonable market value to a reinsurer affiliated with the lender for the lender’s referral of mortgage loan borrowers to the mortgage insurers. Section 8(c) of RESPA carves out certain exceptions to the prohibitions of Section 8(a), including “the payment to any person of a bona fide salary or compensation or other payment for goods or facilities actually furnished or for services actually performed.” This provision of RESPA has been interpreted as a safe harbor allowing bona fide transactions between a lender and a mortgage insurer (or between a mortgage insurer and a lender-affiliated reinsurer), as long as the mortgage insurer does not pay the lender for a referral. The court specifically found that the text of Section 8(c) “permits captive reinsurance arrangements where mortgage insurers pay no more than reasonable market value for the reinsurance.” The mortgage lender also attacked the CFPB’s authority on the grounds that it was unconstitutionally structured under the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) because the Director of the CFPB is removable by the President only for cause, not at will, and therefore is not supervised or directed by the President. The Court agreed, but held that the appropriate remedy was not the abolishment of the CFPB, but rather to sever the unconstitutional for-cause provision from the Dodd-Frank Act. Under the court’s ruling, the President now will have the power to remove the Director at will.

2. OCC Releases Responsible Innovation Framework; No Decision on Fintech Charters

The OCC has released its responsible innovation framework to support the development of alternative platforms and delivery channels for financial products and services, but has not yet decided whether, or under what conditions, it might grant special purpose national bank charters to nonbank financial technology companies (“fintechs”). The OCC’s Recommendations and Decisions for Implementing a Responsible Innovation Framework, issued on October 26, announced that the OCC will establish an Office of Innovation that will be dedicated to responsible innovation and will implement the framework to improve the OCC’s ability to identify, understand, and respond to financial innovation affecting the federal banking system. The Office of Innovation will be the central point of contact and clearinghouse at the OCC for requests and information related to fintechs and innovation. The OCC’s innovation framework also includes establishing an outreach and technical assistance program for banks and nonbanks, conducting awareness and training activities for OCC staff, and establishing an innovation research function within the OCC. The OCC expects the Office of Innovation to begin operations in the first quarter of 2017. The OCC also stated that it plans to publish a paper later this year discussing the issues associated with establishing a special purpose charter for fintechs and seeking public comments on the topic. Click here for a copy of the OCC’s innovation framework.

Nutter Notes: According to the innovation framework, the Office of Innovation will conduct outreach by, among other things, organizing innovation workshops and roundtables on specific topics, leveraging existing OCC-sponsored outreach events, such as banker roundtables and consumer and community events, and sponsoring a periodic Responsible Innovation Forum. The Office of Innovation also plans to offer technical assistance to banks and fintechs by creating resource material for banks and nonbanks on regulatory principles, processes, and expectations, and designing “rules of the road” material for nonbanks. The Office of Innovation will improve OCC staff awareness by providing additional resources to all employees, such as an internal OCC web page with access to information on industry trends and innovative products, services, and processes. According to the innovation framework, the Office of Innovation will also develop a research function to collect information on specific innovations and industry technology trends, analyze how innovation affects individual banks, bank segments, and the federal banking system as a whole, and obtain information on customer needs, demographics, and financial inclusion. The OCC stated that its research would be available to applicable business lines for use in risk identification, policy development, and supervision.

3. FDIC Publishes Supervisory Guidance on Compliance with New Military Lending Rule

The FDIC has released revised interagency examination procedures that provide additional guidance on the 2015 amendments by the Department of Defense (“DOD”) to the regulations implementing the Military Lending Act of 2006 (“MLA”) and the DOD’s August 2016 interpretive rule. The guidance issued on October 17 also provides insight on the FDIC’s initial supervisory expectations in connection with its examinations of banks for compliance with the MLA rule. The MLA rule expands specific protections provided to servicemembers and their dependents under the MLA and addresses a wider range of credit products than the DOD’s previous regulation. According to the guidance, examiners will evaluate a bank’s compliance management systems and overall efforts to come into compliance. Examiners will consider a bank’s implementation plan, including actions taken to update policies, procedures, and processes, according to the guidance. Examiners will also consider a bank’s training of staff and its handling of early implementation challenges. The guidance reminds banks that they are responsible for ensuring that servicemembers and other eligible consumers receive the consumer protections afforded by the MLA. Click here for the FDIC’s MLA guidance.

Nutter Notes: The DOD issued a final rule amending the regulations implementing the MLA in July 2015. The DOD published an interpretive rule in August 2016 that states the DOD’s interpretation of certain aspects of the MLA rule in response to public questions. For example, the interpretive rule clarifies that oral payment obligation disclosures required by the MLA rule do not have to reflect the specific terms of a credit agreement or credit transaction. The interpretive rule also clarifies that oral disclosures provided through a toll-free telephone system need only be available for a reasonably necessary time. Creditors, including banks, may use “savings clauses” and need not generate special credit agreements for borrowers covered by the MLA, according to the interpretive rule. The interpretive rule states that borrowers may grant, and creditors may exercise, the right to take a security interest in a covered borrower’s checking, savings, or other financial account in connection with a credit transaction that is subject to the MLA. The interpretive rule also clarifies the types of overdraft products within the scope of the rule's definition of “consumer credit” and addresses issues regarding the calculation and application of the military annual percentage rate. The MLA rule’s provisions that apply to new covered transactions became effective on October 3, 2016. For credit extended in a new credit card account under an open-end consumer credit plan, the effective date is October 3, 2017.

4. CFPB Issues New Consumer Protection Regulations for Prepaid Accounts

The CFPB has released a final rule that amends Regulation E, which implements the Electronic Fund Transfer Act, and Regulation Z, which implements the Truth in Lending Act, to provide comprehensive consumer protections for prepaid accounts. The final rule issued on October 5 defines “prepaid accounts” to include payroll card accounts and government benefit accounts that are currently subject to Regulation E, accounts that are marketed or labeled as “prepaid” that are redeemable upon presentation at multiple, unaffiliated merchants for goods or services, or that are usable at ATMs. The definition of “prepaid accounts” also covers accounts that are issued on a prepaid basis or capable of being loaded with funds, whose primary function is to conduct transactions with multiple, unaffiliated merchants for goods or services, or at ATMs, or to conduct person-to-person transfers, and that are not checking accounts, share draft accounts, or NOW accounts. The final rule excludes from the definition of “prepaid account” gift cards and gift certificates, accounts used for savings or reimbursements related to certain health, dependent care, and transit or parking expenses, and accounts used to distribute qualified disaster relief payments, among other exclusions. The final rule generally requires banks and other prepaid account issuers to provide both a short form and a long form disclosure before a consumer acquires a prepaid account. The final rule becomes effective on October 1, 2017. Click here for a copy of the final rule.

Nutter Notes: The short form disclosure highlights key prepaid account information, including the fees that the CFPB believes are most important to consumers, including a periodic fee, per purchase fee, ATM withdrawal and balance inquiry fees, cash reload fee, customer service fees, and inactivity fee. The short form also must disclose information about other types of fees that the consumer may be charged. The comprehensive long form disclosure must contain a complete list of fees and certain other key information. Among the other new consumer protections, the final rule requires that an issuer of prepaid accounts make certain account information available to accountholders for free by telephone, online, and in writing upon request, unless the issuer provides periodic statements. The final rule provides error resolution rights and protections for lost cards and unauthorized transactions. The final rule also regulates overdraft credit features that may be offered in conjunction with prepaid accounts. Under the final rule, credit features like overdraft protection will be covered under Regulation Z, where the credit feature is offered by the prepaid account issuer, its affiliate, or its business partner, and credit can be accessed in the course of a transaction conducted with a prepaid card, subject to certain exceptions. The CFPB is also requiring that prepaid account issuers post prepaid account agreements on their websites and submit the agreements to the CFPB, which intends to post them on a public website at a future date. The requirement to submit prepaid account agreements to the CFPB is delayed until October 1, 2018.

5. Other Developments: Cybersecurity Assessment, Cybersecurity Risk Management, and Promotional Savings Accounts

  • FFIEC Issues Guidance on Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council (“FFIEC”) issued guidance on October 18 in the form of answers to frequently asked questions (“FAQs”) about the FFIEC’s Cybersecurity Assessment Tool (“CAT”). The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year. Click here for a copy of the FAQs.

Nutter Notes: The FFIEC published the CAT in June of 2015 as a voluntary tool to help bank management identify risk and determine their cybersecurity preparedness. Use of the CAT is voluntary. Banks may choose to use the CAT or another framework, or another risk assessment process, to identify inherent risk and cybersecurity preparedness.

  • Federal Banking Agencies Propose Enhanced Cybersecurity Risk Management and Resilience Standards

The federal banking agencies approved an advance notice of proposed rulemaking on October 19 on a set of proposed enhanced cybersecurity risk management and resilience standards that would apply to large and interconnected financial institutions, and to services provided by third parties to these firms. Large and interconnected financial institutions include banks and holding companies with total consolidated assets of $50 billion or more. Click here for a copy of the proposed standards.

Nutter Notes: The standards would be tiered, with an additional set of higher standards for systems that provide key functionality to the financial sector. The proposed enhanced cybersecurity standards would not apply to community banks, but nevertheless provide insight on the direction the banking agencies may take with future minimum cybersecurity standards applicable to all banks.

  • New Massachusetts Law Authorizes Promotional Savings Accounts

Legislation authorizing Massachusetts-chartered banks and credit unions to offer promotional savings accounts, which encourage consumers to put funds into a savings account each month, was signed into law by Governor Baker on October 14. The new law, Chapter 294 of the Acts of 2016, allows state-chartered depository institutions to offer prizes in connection with promotional savings accounts through periodic raffles for customers who make monthly deposits of a certain amount. Click here for a copy of the new law.

Nutter Notes: The new law provides state-chartered institutions with authority to offer promotional savings accounts that are permissible under the American Savings Promotion Act enacted in 2014. The new law requires that the only consideration required for a chance of winning a prize is the deposit of a specified amount of money in a savings account where each ticket or entry has an equal chance of being drawn. The new law becomes effective on January 12, 2017.