The Nutter Bank Report is a monthly electronic publication of the firm’s Banking and Financial Services Group and contains regulatory and legal updates with expert commentary from our banking attorneys.
- DOD Expands Military Lending Act Protections for Servicemembers
- DOI Issues Guidance on Timing of Notices of Transfer of Coverage
- FFIEC’s New Cybersecurity Assessment Tool Now Available Online
- Fed Proposes Revisions to Capital Plan and Stress Test Rules for Large Institutions
- Other Developments: Integrated Mortgage Disclosures and Exchange-Traded Products
1. DOD Expands Military Lending Act Protections for Servicemembers
The U.S. Department of Defense (DOD) has issued a final rule expanding the types of consumer credit products that are covered by servicemember protections under the Military Lending Act, which applies to banks and other lenders. The final rule published on July 22 amends the definition of “consumer credit” covered by the DOD’s implementing regulations under the Military Lending Act to more closely align it with the traditional definition of credit covered by the federal Truth in Lending Act (TILA). The amended definition generally covers consumer credit offered or extended to active-duty servicemembers or their dependents, as long as the credit is subject to a finance charge or payable by written agreement in more than four installments. Specifically, the final rule extends the protections of the Military Lending Act to all forms of credit cards, installment loans, unsecured open-end lines of credit, deposit advance loans, vehicle title loans, payday loans and refund anticipation loans. In accordance with the Military Lending Act, the amended definition of consumer credit continues to exclude residential mortgages and credit extended to finance the purchase of, and secured by, personal property, such as vehicle purchase loans. The final rule becomes effective on October 1, 2015 and lenders will be required to comply with the final rule by October 3, 2016.
Nutter Notes: The Military Lending Act provides servicemembers and their dependents with specific protections for covered consumer credit transactions. Among other protections, the law prohibits a lender from imposing a rate of interest, known as the Military Annual Percentage Rate (MAPR), greater than 36% in connection with an extension of consumer credit to a covered borrower. The law also provides for military-specific disclosures to a covered borrower, including disclosures related to the MAPR, both orally and in a form the borrower can keep, before or at the time the borrower becomes obligated on the transaction or establishes the account. The law also prohibits a lender from requiring a covered borrower to submit to arbitration in the event of a dispute involving a covered consumer credit transaction and prohibits a lender from charging a penalty if the borrower prepays all or part of the consumer credit. As initially implemented by the DOD in 2007, the Military Lending Act protections applied to three narrowly-defined consumer credit products: closed-end payday loans for no more than $2,000 and with a term of 91 days or fewer, closed-end auto title loans with a term of 181 days or fewer, and closed-end tax refund anticipation loans.
2. DOI Issues Guidance on Timing of Notices of Transfer of Coverage
The Massachusetts Division of Insurance has issued new guidance, Bulletin 2015-04 — Timing of Notices of Transfer of Insurance Coverage, to clarify the timeframe during which a notification of coverage transfer must be issued when a person changes the insurance provider for a current private passenger motor vehicle insurance policy. The new bulletin issued on June 25 supplements the provisions of Division of Insurance Bulletin 2008-10 — Documenting Transfers of Private Passenger Motor Vehicle Insurance. The new bulletin prohibits a notification of coverage transfer from being issued to the prior insurance producer or insurer before the issuer of the replacement policy has actually received the required down-payment or first payment. The new bulletin requires that a notification of coverage transfer must be sent no later than 10 days after the day the replacement insurer receives the down-payment or first payment for the replacement policy. These timing requirements for the delivery of notifications of coverage transfer become effective on October 1, 2015.
Nutter Notes: Bulletin 2008-10 required only that notifications of coverage transfer be sent “as soon as possible.” The Division of Insurance said that the vague timing requirement inadvertently resulted in brief lapses in motor vehicle insurance, based on complaints received by the Division. According to the Division, the primary purpose of a notification of coverage transfer is to ensure that the Registry of Motor Vehicles has the proper insurance documentation supporting a motor vehicle’s registration. The Division said that the new timing requirements are intended to both prevent unintended lapses in motor vehicle insurance coverage and provide consumers with adequate time to make changes to their existing premium installment plans to avoid unnecessary late payment notices from their prior insurer.
3. FFIEC’s New Cybersecurity Assessment Tool Now Available Online
The Federal Financial Institutions Examination Council (FFIEC) has provided a new Cybersecurity Assessment Tool to help banking organizations identify their risks and determine their cybersecurity preparedness. According to the FFIEC, the Cybersecurity Assessment Tool published on July 2 provides a repeatable and measurable process for banking organizations to measure their cybersecurity preparedness over time. The assessment incorporates cybersecurity principles from the FFIEC’s Information Technology Examination Handbook and regulatory guidance, and concepts from other industry standards, including the National Institute of Standards and Technology Cybersecurity Framework. The assessment identifies factors contributing to and determining a banking organization’s overall cyber risk, assesses the organization’s cybersecurity preparedness and evaluates whether the organization’s cybersecurity preparedness is aligned with its risks. The assessment also determines which risk management practices and controls are needed or need improvement, and what actions must be taken to achieve the desired cybersecurity preparedness. The Cybersecurity Assessment Tool and supporting resources, including an executive overview, user’s guide and instructional presentation, are available on the Cybersecurity Awareness page of the FFIEC’s website.
Nutter Notes: The FFIEC’s cybersecurity assessment consists of two parts: Inherent Risk Profile and Cybersecurity Maturity. Cybersecurity inherent risk is the level of risk posed to the banking organization by technologies and connection types, delivery channels, online and mobile products and technology services, organizational characteristics, and external threats. The profile is intended to help management determine exposure to risk that the organization’s activities, services, and products individually and collectively pose to the organization. Cybersecurity inherent risk incorporates the type, volume and complexity of the organization’s operations and threats directed at the organization. The assessment’s second part, Cybersecurity Maturity, is intended to help management measure the banking organization’s level of risk and corresponding controls. The levels range from baseline to innovative. Cybersecurity Maturity includes statements to determine whether an institution’s behaviors, practices, and processes can support cybersecurity preparedness within the areas of cyber risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and cyber incident management and resilience. An organization’s Inherent Risk Profile should align with its Cybersecurity Maturity results for each area. The FFIEC recommends that management reevaluate an organization’s Inherent Risk Profile and Cybersecurity Maturity periodically and when planned changes can affect its Inherent Risk Profile.
4. Fed Proposes Revisions to Capital Plan and Stress Test Rules for Large Institutions
The Federal Reserve has proposed a rule to modify its capital planning and stress testing regulations applicable to large bank holding companies and certain banking organizations with total consolidated assets of more than $10 billion. The changes proposed on July 17 would take effect for the 2016 capital plan and stress testing cycles. The proposal would modify the timing for several requirements that have yet to be integrated into the Federal Reserve’s stress testing framework. For all banking organizations, the proposal would remove the tier 1 common capital ratio requirement in the capital plan and stress test rules. For large bank holding companies, the proposal would modify the stress test capital action assumptions. For banking organizations subject to the advanced approaches, the proposal would delay the incorporation of the supplementary leverage ratio for one year and indefinitely defer the use of the advanced approaches risk-based capital framework in the capital plan and stress test rules. For bank holding companies with total consolidated assets of more than $10 billion but less than $50 billion and savings and loan holding companies with total consolidated assets of more than $10 billion, the proposal would eliminate the fixed assumptions regarding dividend payments for company-run stress tests and delay the application of stress testing for these savings and loan holding companies for one year, among other changes. Comments on the proposal must be submitted on or before September 24, 2015.
Nutter Notes: The Federal Reserve’s capital planning and stress testing regime is an annual assessment of a banking organization’s capital planning and capital adequacy on a post-stress basis for bank holding companies with total consolidated assets of $50 billion or more. In addition, bank holding companies with total consolidated assets of more than $10 billion but less than $50 billion, savings and loan holding companies with total consolidated assets of more than $10 billion, and state member banks with total consolidated assets of more than $10 billion must conduct annual company-run stress tests. These banking organizations are currently required to project post-stress regulatory capital ratios in their stress tests. As the common equity tier 1 capital ratio becomes fully phased in under the new regulatory capital regime, it would generally require more capital than the tier 1 common ratio. The proposal would therefore remove the requirement that banking organizations calculate a tier 1 common ratio. Bank holding companies with total consolidated assets of more than $10 billion but less than $50 billion and savings and loan holding companies with total consolidated assets of more than $10 billion would be required to incorporate their own dividend payment assumptions consistent with internal capital needs and projections under the proposal, rather than incorporate fixed assumptions regarding dividends in their stress tests.
5. Other Developments: Integrated Mortgage Disclosures and Exchange-Traded Products
- CFPB Delays the Effective Date of the New Integrated Mortgage Disclosure Rule
The CFPB issued a final rule on July 21 that delays the effective date of the new TILA and Real Estate Settlement Procedures Act (RESPA) integrated mortgage disclosure rule to October 3, 2015. The CFPB delayed the effective date to correct an administrative error that would have delayed the effective date of the rule in any event by at least two weeks – until at least August 15.
Nutter Notes: The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) directed the CFPB to establish a single disclosure scheme for use by lenders and creditors in complying with the disclosure requirements of both TILA and RESPA. The integrated mortgage disclosure rule would have become effective on August 1.
- SEC Soliciting Comments on Broker-Dealers Marketing ETPs
The SEC is seeking public comment to help inform its review of the listing and trading of new, novel or complex exchange-traded products (ETPs) on national securities exchanges and the marketing of these products by broker-dealers to retail investors. ETPs refer to a diverse class of financial products that seek to provide investors with exposure to financial instruments, financial benchmarks or investment strategies across a wide range of asset classes.
Nutter Notes: In particular, the SEC is seeking information about the extent to which individual investors buy or sell ETPs with complex investment strategies based on the recommendation of a broker-dealer and the extent to which individual investors understand the nature and operation of such ETPs. The SEC is also soliciting comments about how broker-dealers meet their obligations to customers when recommending ETPs. Comments must be submitted to the SEC by August 17.