Tag: Consumer Protection

Consumer Financial Protection Bureau Issues New Rule Regarding Consumer Mortgage Transaction Forms

Michael Best Logo

 

On November 20, 2013 the Consumer Financial Protection Bureau (CFPB) issued a rule that will simplify and improve disclosure forms for consumer mortgage transactions. This rule implements the Dodd-Frank Act’s directive to integrate mortgage loan disclosures required by the Truth In Lending Act (TILA) and the Real Estate Settlement Procedures Act (RESPA). The two new disclosures are the Loan Estimate, which must be given three business days after application, and the Closing Disclosure, which must be given three business days before closing.

The Loan Estimate form replaces two current federal forms, the Good Faith Estimate designed by the U.S. Department of Housing (HUD) under RESPA and the “early” Truth in Lending disclosure required by TILA. The Closing Disclosure form replaces the current form used to close a loan, the HUD-1, which was designed by HUD under RESPA. It also replaces the revised Truth in Lending disclosure designed by the Federal Reserve Board under TILA.

These new rules apply to most closed-end consumer mortgages. They do not apply to home equity lines of credit, reverse mortgages or mortgages secured by mobile homes or by dwellings not attached to real property. To assist lenders, the final rule and official interpretations contain detailed instructions as to how these forms should be completed.

To permit time for lenders to come into compliance, the final rule will be effective on August 1, 2015.

Article by:

Jon G. Furlow

Of:

Michael Best & Friedrich LLP

New Federal Communication Commission (FCC) Rules to Protect Telephone Consumers from Autodial/Robocalls

Lewis & Roca

On October 16, 2013, new Federal Communication Commission rules took effect to further protect consumers under the Telephone Consumer Protection Act of 1991 (TCPA). See 47 U.S.C. § 227; 47 C.F.R. § 64.1200. The changes ordered by the FCC are designed to protect consumers from unwanted autodialed or pre-recorded telemarketing calls, also known as “telemarketing robocalls.” The new TCPA rules accomplish four main things: (1) require prior written consent for all autodialed or pre-recorded telemarketing calls to wireless numbers and residential lines; (2) require mechanisms to be in place that allow consumers to opt out of future robocalls even if during the middle of a current robocall; (3) limit permissible abandoned calls on a per-calling campaign basis in order to discourage intrusive calling campaigns; and (4) exempt from TCPA requirements calls made to residential lines by health care related entities governed by the Health Insurance Portability and Accountability Act of 1996. None of the FCC’s actions change the requirements for prerecorded messages that are non-telemarketing, informational calls such as calls by or on behalf of tax-exempt organizations, calls for political purposes, and calls for other non-commercial purposes including those to people in emergency situations.

Under the FCC’s new rules, “prior written consent” will require two things: a clear and conspicuous disclosure that by providing consent the consumer will receive auto-dialed or prerecorded calls on behalf of a specific seller, and a clear an unambiguous acknowledgement that the consumer agrees to receive such calls at the mobile number. The content and form of consent may include an electronic or digital form of signature such as the FTC has recognized under the E-SIGN Act. See Electronic Signatures in Global and National Commerce Act, 15 U.S.C. § 7001 et seq. However, prior written consent may be terminated at any time. In addition, the written agreement must be obtained “without requiring, directly or indirectly, that the agreement be executed as a condition of purchasing any good or service.” 16 C.F.R. § 310.4(b)(v)(A)(ii).

Read the full rule here.

Article By:

Working with 3rd Party Providers to Make Dodd Frank Conflict Mineral Compliance Easy

Assent Logo

At your firm or within your company dealing with conflict minerals, you might have recently heard the buzz about the latest Dodd Frank Conflict Mineral Compliance requirements. If these requirements affect the way law firms or companies do business, then working towards compliance initiatives remains a priority.

Regulatory Assessment and Scope Analysis

This involves examining the law firm’s client or company seeking compliance product portfolio and doing an analysis of whether the product are affected by the law and therefore must be in compliance, or “in scope” Vs “out of scope.” It can also include:

  • Examining corporate obligations
  • Determination of key regulatory compliance decision points
  • Creation of a conflict minerals technical document

Creation of a Compliance Plan

This involves creating an end to end compliance plan and associated processes

  • All activities detailed in chronological order
  • Creation of application of due diligence standards
  • Responsibilities assigned to personnel
  • Determination of compliance communication pathways

Software Set Up

Industry standard to date for the majority of companies in scope of this regulation involve using a software platform to manage the large amount of data and suppliers that will be surveyed.Vendor Selection

  • Vendor Selection
  • Decisions to integrate with Enterprise Resource Planning system  (ERP), which is used to design and manage resources within a company, as well as Product Lifecyle Management (PLM), used to design, manufacture and plan the development of products
  • Methodology of supplier communication

Supplier Engagement

This portion of the process involves communication and data collection from the supply chain. Includes:

  • Data collection methodology
  • Reporting and analytics of the data collected
  • Corrective action and addressing problem suppliers

Reporting

Once data has been collected firms enter the reporting phase to complete the process for the first year. This process is then replicated year over year. With the infrastructure in place firms enter the “maintenance” phase of compliance.

Standard practise in the compliance industry has also seen that Law firms or the company seeking Dodd Frank compliance are engaging 3-4 outside service providers.

They are usually:

1.       Law firms: To determine exact requirements and legal requirements.

2.       Software: To provide the platform for data collection, management and analytics.

3.    Accounting: To audit the data collected and ensure strong data backing the program.

4.    Consulting: To develop the processes, work with /train suppliers and help with data collection.

Assisting your clients with Dodd Frank Conflict Mineral Compliance does not have to be complicated. Working through the 5 step process above and working with other 3rd party providers makes compliance at any level easy.

Article By:

 of

What Does The Word “Natural” Mean, Anyway?

Mintz Logot’s 2 o’clock in the afternoon, you need a snack – maybe a granola bar, but which one? Does the package that boasts it is “100% Natural” win out over the one that is only “All Natural”?  Would you even consider one that is merely “Natural”? Well, don’t expect the U.S. Food and Drug Administration to help you decide anytime soon – they have left it up to the courts to grapple with.

Lawsuits against food companies alleging consumer fraud based on deceptive labeling have increased in the last few years.  Many of these lawsuits have been brought in the U.S. District Court in the Northern District of California, causing that court to be known as the “Food Court” (no, not the one at the mall).  One common bone of contention is the use of the word “natural” in food labeling.  “Natural” remains undefined by the U.S. Food and Drug Administration after a failed attempt to do so in 1991.  It reaffirmed its informal policy for use of the word “natural” on food labeling claims:

The agency will maintain its current policy . . . not to restrict the use of the term “natural” except for added color, synthetic substances, and flavors as provided in [21 CFR] §101.22.  Additionally, the agency will maintain its policy . . . regarding the use of “natural,” as meaning that nothing artificial or synthetic (including all color additives regardless of source) has been included in, or has been added to, a food that would not normally be expected to be in the food.  Further, at this time the agency will continue to distinguish between natural and artificial flavors as outlined in §101.22. See more here.

A typical claim in a lawsuit will contend that the use of the word “natural,” whether as “100% Natural,” “All Natural,” or something similar, is misleading if the product contains or was processed with a compound perceived by plaintiffs to be artificial or synthetic.  The problem in these lawsuits is that the term is undefined, and even FDA says that it is difficult to define a food product that is natural because it has likely been processed and is no longer a “product of the earth.”  This leaves fertile ground for plaintiff’s class action attorneys to bring claims against food companies for any use of the word.

Article By:

 of

Consumer Financial Protection Bureau (CFPB) Releases Exam Procedure Updates For Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA)

Sheppard Mullin 2012

On August 15 the Consumer Financial Protection Bureau released updates to its examination procedures in connection with the new mortgage regulations that were issued in January. These updates offer valuable guidance on how the CFPB will conduct examinations for compliance with the Truth in Lending Act and the Real Estate Settlement Procedures Act.

The updates incorporate the first set of interim TILA exam procedures from June. The CFPB Examination manual now contains updated interim exam procedures for RESPA, covering final rules issued by the CFPB through July 10, procedures for TILA, covering final rules issued by the CFPB through May 29, and the previously released interim exam procedures for the Equal Credit Opportunity Act, covering final rules issued by the CFPB through January 18.

A copy of the RESPA exam procedures released on August 15 can be found at:http://files.consumerfinance.gov/f/201308_cfpb_respa_narrative-exam-procedures.pdf

A copy of the TILA exam procedures released on August 15 can be found at: http://files.consumerfinance.gov/f/201308_cfpb_tila-narrative-exam-procedures.pdf

Article By:

of

ALERT: Fraud Scheme Targets Foreign Nationals

GT Law

Foreign nationals are advised to be aware of a reported fraud scheme that is currently being perpetrated in the United States.

Individuals purporting to be officers of U.S. Citizenship and Immigration Services (USCIS) are reportedly telephoning foreign nationals to falsely claim a discrepancy or problem in such individuals’ immigration records and pressure victims to pay a “penalty” to rectify the issue. Victims are told to wire funds to an address the caller provides.

The perpetrators may possess personal information about the victim and may ask victims to provide or confirm immigration information, including an I-94 number, an alien registration number or a visa control number.

Foreign nationals who receive such calls should not forward any funds as instructed by the caller or disclose any personal information. Those targeted by the scheme should contact law enforcement, the Federal Trade Commission Bureau of Consumer Protection, and an attorney.

Article By:

 of

Recent Data Breach Reports: And the Hits Keep on Coming….

Mintz Logo

The ”hits” to data bases, in any event.   Here is a rundown of some of the most recent data breach reports –

Oregon Health & Science University Data Breach Compromises 3,000 Patients’ Records in the Cloud.

Modern Healthcare (subscription may be required) reports that the Oregon Health & Science University announced it is “notifying more than 3,000 of its patients of a breach of their personally identifiable information after their data were placed by OHSU resident physicians on a pair of Google’s cloud-based information-sharing services.” The data breach, which involves “patients’ names, medical record numbers, dates of service, ages, diagnoses and prognoses and their providers’ names” posted to Gmail or Google Drive, was discovered in May by an OHSU faculty member.  According to  Healthcare IT News, this is OHSU’s “fourth big HIPAA breach since 2009 and third big breach just in the past two years, according to data from the Department of Health and Human Services.”

Citigroup Reports Breach of Personal Data in Unredacted Court Filings; Settles with Justice Department

American Banker reports that Citigroup recently admitted having failed to safeguard the personal data (including birthdates and Social Security numbers) of approximately 146,000 customers who filed for bankruptcy between 2007 and 2011. Citi apparently failed to fully redact court records placed on the Public Access to Court Electronic Records (PACER) system. “The redaction issues primarily resluted from a limitation in the technology Citi had used to redact personally identifiable information in the filings,” Citi said in a statement. “As a result of this limitation in technology, personally identifiable information could be exposed and read if electronic versions of the court records were accessed and downloaded from the courts’ online docket system and if the person downloading the information had the technical knowledge and software to restore the redacted information.”

In a settlement with the Justice Department’s U.S. Trustee Program, Citi has agreed to redact the customer information, notify all affected debtors and third parties, and offer all those affected a year of free credit monitoring.

University of Delaware Reports Cyberattack – 72,000 Records Affected

The University of Delaware is notifying the campus community that it has experienced a cyberattack in which files were taken that included confidential personal information of more than 72,000 current and past employees, including student employees. The confidential personal information includes names, addresses, UD IDs (employee identification numbers) and Social Security numbers.

Stanford University Reports Hack – Investigating Scope

Stanford University has announced that its information technology infrastructure has been breached, “similar to incidents reported in recent months by a range of companies and large organizations in the United States,” according to a Stanford press release. Though the school does not yet “know the scope of the intrusion,” an investigation is underway. “We are not aware of any protected health information, personal financial information or Social Security numbers being compromised, and Stanford does not conduct classified research.”

Japan’s Railway Company Apologizes for Unauthorized “Sharing”

The Wall Street Journal reported yesterday (registration may be required) that Japan’s national railway system has apologized for sharing its passengers’ travel habits and other personal information with a pre-paid fare card system without user consent, The Wall Street Journal reports. East Japan Railway admitted to selling the data to Suica—one of the pre-paid card businesses. The data included card holders’ ID numbers, ages, genders and where and when passengers got on and off the train. A transportation ministry official, however, said they will not investigate the issue for privacy violations because the railway company “told us that it wasn’t personal information, as it didn’t include names and addresses of users.” The Ministry of Internal Affairs and Communications is looking into the issue and has set up a team to research the matter, the report states.

Article By:

 of

In Largest Known Data Breach Conspiracy, Five Suspects Indicted in New Jersey

DrinkerBiddle

On July 25, 2013, the United States Attorney for the District of New Jersey announced indictments against five men alleging their participation in a global hacking and data breach scheme in which more than 160 million American and foreign credit card numbers were stolen from corporate victims, including retailers, financial institutions, payment processing firms, an airline, and NASDAQ.  The scheme is the largest of its kind ever prosecuted in the United States.

The Second Superseding Indictment alleges the defendants (four Russian nationals and one Ukrainian national) and other uncharged co-conspirators targeted corporate victims’ networks using “SQL [Structured Query Language] Injection Attacks,” meaning the hackers identified vulnerabilities in their victims’ databases and exploited those weaknesses to penetrate the networks.  Once the defendants had access to the networks, they used malware to create “back doors” to allow them continued access, and used their access to install “sniffers,” programs designed to identify, gather and steal data.

Once the defendants obtained the credit card information, they allegedly sold it to resellers all over the world, who in turn sold the information through online forums or directly to individuals and organizations.  The ultimate purchasers encoded the stolen information on blank cards and used those cards to make purchases or withdraw cash from ATMs.

The defendants allegedly used a number of methods to evade detection.  They used web-hosting services provided by one of the defendants, who unlike traditional internet service providers, did not keep records of users’ activities or share information with law enforcement.  The defendants also communicated through private and encrypted communication channels and tried to meet in person.  They also changed the settings on the victims’ networks in order to disable security mechanisms and used malware to circumvent security software.

Four of the defendants are charged with unauthorized access to computers (18 U.S.C. §§ 1030(a)(2)(C) and (c)(2)(B)(i)) and wire fraud (18 U.S.C. § 1343).  All of the defendants are charged with conspiracy to commit these crimes.

Two of the defendants have been arrested, with one in federal custody and the other awaiting an extradition hearing.  The other three defendants, two of whom have been charged in connection with hacking schemes, remain at large.

This conspiracy is noteworthy for its massive scale, and for the patience the hackers demonstrated in siphoning data from the networks.  The U.S. Attorney “conservatively” estimates more than 160 million credit card numbers were compromised in the attacks, and alleges that the hackers had access to many victims’ computer networks for more than a year.  Many prominent retailers were targets, including convenience store giant 7-Eleven, Inc.; multi-national French retailer Carrefour, S.A.; American department store chain JCPenney, Inc.; New England supermarket chain Hannaford Brothers Co.; and apparel retailer Wet Seal, Inc.  Payment processors were also heavily targeted, including one of the world’s largest credit card processing companies, Heartland Payment Systems, Inc., as well as European payment processor Commidea Ltd.; Euronet, Global Payment Systems and Ingenicard US, Inc. The hackers also targeted financial institutions such as Dexia Bank of Belgium, “Bank A” of the United Arab Emirates; the NASDAQ electronic securities exchange; and JetBlue Airways.  Damages are difficult to estimate with precision, but they total several hundred million dollars at least.  Just three of the corporate victims suffered losses totaling more than $300 million.

Article By:

of

Recent Consumer Financial Protection Bureau (CFPB) Developments

Rules Creating Exemptions to the ATR Rule Finalized

The Consumer Financial Protection Bureau (CFPB) recently finalized rules that modified and created specific exemptions to the CFPB’s Ability-to-Repay Rule. The rules have three main effects.

  1. They exempt certain community development lenders and nonprofits—specifically those that lend only to low- and moderate-income consumers, and make 200 or fewer such loans per year—from the ATR Rule.
  2. They facilitate lending by community banks and credit unions that have less than $2 billion in assets, and make 500 or fewer first lien mortgages per year.
  3. They no longer require that compensation paid by a broker or lender to a loan originator counts towards the Dodd-Frank points and fees limits.

These changes to the ATR Rule will take effect on January 10, 2014.

Effective Date of Prohibitions on Financing Credit Insurance Premiums Delayed

The CFPB has delayed the effective date of a regulation prohibiting creditors from financing credit insurance premiums secured by a dwelling. The regulation, previously effective June 1, 2013, has been delayed until January 10, 2014. The CFPB wanted to clarify how the rule applied to transactions other than those where a lump-sum premium was added to the loan amount at closing.

CFBP Seeking Comments on Possible Revisions to the Civil Penalty Rule

The CFPB is seeking comments on possible revisions to the Consumer Financial Civil Penalty Fund Rule. The CFBP uses this fund, established by the Dodd-Frank Act, to deposit civil penalties obtained in judicial or administrative actions under federal consumer financial laws. The fund can be used to pay victims of violations of federal consumer financial laws, or, if victims cannot be found, to educate consumers and provide financial literacy programs. The rule articulates the CFPB’s interpretations of what kind of victim payments are appropriate and how to otherwise allocate the funds. Comments are due on July 8, 2013.

White Paper Concerning Overdraft Practice Concerns Published

The CFPB published a white paper concerning overdraft practice concerns and institutional practices. The paper finds that a large portion of consumer checking account revenue continues to come from overdraft fees. Furthermore, those consumers who choose, let alone use, overdraft coverage have higher costs and a higher chance of having their checking accounts involuntary closed. No action, other than further research, is currently planned.

CFPB Launches New Mortgage Rule Implementation Page

The new mortgage rule implementation page is part of an effort to help lenders comply with the Dodd-Frank Act reforms and CFPB rules. Debtors and potential debtors can find potentially useful information, including quick reference charts, video guides, manuals, etc.—related to the new 2013 mortgage rules. While the CFPB’s intention for the site is to help understand the rules, the materials are not a substitute for the rules themselves.

Ryan C. Fairchild, summer law clerk at Poyner Spruill, co-authored this article.

Article By:

 of

The Consumer Financial Protection Bureau, Week in Review: June 10 – June 14, 2013

GT Law

CFPB Launches Regulatory Implementation Page

In an effort to streamline resources and better assist financial institutions implementing the many new rules and policies promulgated by the CFPB, the CFPB announced the launch of its “Regulatory Implementation” webpage, available here. The page is a one-stop shop for financial institutions looking for assistance in understanding some of the more salient differences and requirements of the rules. In addition to a number of quick-reference guides, the page also contains compliance guides for the following rules: (i) Ability to Repay/Qualified Mortgage; (ii) 2013 HOEPA Rule; (iii) Loan Originator Compensation; (iv) ECOA Valuations; (v) TILA HPML Appraisals; (vi) Escrows; and (vii) TILA and RESPA Servicing.

CFPB Examines Impact of Overdraft Practices on Consumers

On June 11, 2013, the CFPB released its “CFPB Study of Overdraft Programs” (the Report), which is available here. The Report was based upon (i) responses the CFPB received to a request for information published in the Federal Register in February 2012, and (ii) aggregate, institution-level information data and random samples of consumer checking accounts. Through the inquiry, the CFPB determined that overdraft programs are costly to consumers, provide substantial sources of checking account revenue for financial institutions, and vary widely across financial institutions.

The Report noted that overdraft practices employed by financial institutions are frequently very complex. Not only do the fees charged for overdraft protection vary, but many other differences exist throughout the industry, including: the number of times a consumer can be charged; whether there are caps on such charges; the amount of such caps; the scope of overdraft protection; and even the order in which transactions are posted. Each of these factors can play a significant role in determining the fees consumers will face. Accordingly, the CFPB’s report raises concerns about consumers’ ability to understand, navigate and anticipate fees.

In light of the Report’s findings, the CFPB has announced its intention to engage in further review of account-level data to better understand how differences in practices affect consumers.

CFPB Proposes New Redress System for Victims of Unlawful Activities

Under Section 1055(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the CFPB may obtain various types of monetary relief, such as restitution, refunds and damages, in both judicial and administrative proceedings. The CFPB collectively refers to such relief as “redress”, and can be required to receive such redress from a defendant and then distribute it to victims of unlawful activities. In order to better assist this process, which is known as “Bureau-Administered Redress,” the CFPB is proposing a new system of records that will enable the CFPB to manage distributions to consumers.

Specifically, the new system will enable the CFPB to: (i) track the collection, allocation and distribution of funds in the Civil Penalty Fund and redress monies; (ii) identify and locate victims who may receive such payments; (iii) determine the amounts that the CFPB will distribute to such victims; (iv) maintain associated account and financial information; and (v) develop reports to applicable tax officials regarding such payments.

The proposal, which is available here, states that any comments on the proposed system must be received no later than July 11, 2013. The new system will become effective on July 22, 2013, unless comments are received that result in a contrary determination.

CFPB Releases New Training Module to Combat Financial Exploitation of Older Americans

On June 12, 2013, the CFPB along with the Federal Deposit Insurance Corporation (FDIC), released a tool called “Money Smart for Older Adults.” The purpose of the module is to assist older adults (age 62 and older), as well as their caregivers, in avoiding and preventing financial exploitation. In addition, it provides information to educate consumers about planning for a secure financial future and making informed financial decisions.

The module, which consists of a scripted instructor guide, a participant/resource guide and Power Point slides, has been designed to be presented and administered by financial institution representatives, adult protective services agencies, senior advocacy organizations, law enforcement, and similar organizations and agencies.  The module is available, free of charge, on the FDIC website. Click here to view.

CFPB Assistant Director Tells Nonbanks to Quickly Implement Compliance Management Systems

During the American Bankers Association’s Regulatory Compliance Conference on June 12, 2013, Peggy Twohig, the CFPB’s Assistant Director for Supervision Policy, urged nonbank entities to implement compliance management systems without delay. She specifically pointed to many payday lenders, consumer reporting agencies, mortgage lenders and servicers, student lenders and debt collectors that have yet to implement these compliance management systems.

Article By:

of