Weekly RoundUp September 16, 2021

CFPB Withdraws Proposal to Delay Debt Collection Final Rules

Editor's Note
In This Issue. The Consumer Financial Protection Bureau (CFPB) withdrew its proposal to delay the Debt Collection Final Rules; the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) extended the comment period on proposed risk management guidance for third-party relationships; the OCC is asking for comment on proposed rules to rescind and replace the Community Reinvestment Act rule issued in 2020; the FDIC, the FRB, and the OCC have issued guidance intended to help community banks conduct due diligence when considering relationships with Fintech companies; and the Securities and Exchange Commission (SEC) is requesting information and public comment on matters related to the use of digital engagement practices by broker-dealers and investment advisers. These and other developments are discussed in more detail below.
Editor's Note
Editor's Note
Editor's Note

Regulatory Developments

CFPB Debt Collection Final Rules Officially Take Effect November 30, 2021

On September 1, the CFPB formally withdrew its April 7 proposal to delay the effective date of its two rules revising Regulation F until January 29, 2022. Regulation F, as amended by the two final rules, implements the Fair Debt Collection Practices Act (Debt Collection Final Rules). The CFPB’s withdrawal of its proposal to delay the Debt Collection Final Rules was based on most industry commenters stating that they are prepared to comply with the Debt Collection Final Rules by November 30, 2021, and that an extension would reduce regulatory certainty and increase burden on small entities. The CFPB’s withdrawal of its former proposal means that the Debt Collection Final Rules will officially take effect on November 30, 2021.

Proposed Interagency Guidance on Third-Party Relationships: Comment Period Extended

On July 13, the FRB, the FDIC, and the OCC (the Agencies) jointly proposed issuing revised guidance on risk management practices relating to banking organizations’ third-party relationships. The proposal establishes guidelines on how banking organizations can manage and evaluate risk in the context of third-party relationships. Banking organizations would use the proposed guidance as a framework when developing their own internal protocols. The proposed guidance, if adopted, is intended to replace each Agency’s existing recommendations on the topic. In response to commenters’ requests for more time to analyze and think about the proposal, the comment period has been extended until October 18, 2021.

Agencies Issue Guide to Help Community Banks Evaluate Fintech Relationships

On August 27, the Agencies issued the “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks” (Guide), which is intended to support responsible innovation within the federal banking system by providing community banks with information that may be relevant when conducting due diligence on fintech companies in connection with entering into business relationships with those fintech companies. The Guide discusses six common areas of due diligence the community banks can consider, potential sources of information and illustrative examples. The Agencies advised that the use of the Guide is voluntary and the topics discussed should not be viewed as exhaustive. Use of the information and tools in the Guide should take into account the institution’s particular needs and the nature of its fintech arrangement.

OCC Issues Proposal to Rescind its 2020 Community Reinvestment Act Rule

On September 8, the OCC issued a notice of proposed rulemaking to replace the changes made to its Community Reinvestment Act (CRA) rules in June 2020 with rules substantially similar to those adopted jointly by the Agencies in 1995. The June 2020 rules included new performance standards (such as a CRA evaluation measure, retail lending distribution tests and community development minimums) meant to incentivize banks to achieve specific goals. However, due to implementation and clarity issues, the OCC proposes returning to a set of rules that would be substantially similar to the 1995 rules. 

The proposed rules would apply to all national banks and all federal and state savings associations. By returning to the 1995 rules, the OCC hopes to improve consistency and transparency in the CRA rules applicable to insured depository institutions; limit the burden on banks, their communities, and examiners; and ensure that the OCC continues to advance the purpose of the CRA. Furthermore, returning to the 1995 rules would align the OCC’s CRA rules with the current FRB and FDIC CRA rules, enabling the agencies to jointly update the rules in the future. 

It is important to note that until the June 2020 rules are rescinded, the OCC will continue to enforce those rules and any associated guidance. If you would like to provide comments, comments must be received by the OCC by October 29, 2021. 

“The issuance of the OCC’s NPR…is an important step toward strengthening and modernizing the CRA." 
– Michael Hsu, Acting Head of the Office of the Comptroller of the Currency

SEC Requests Information and Public Comment on Matters Related to the Use of Digital Engagement Practices by Broker-Dealers and Investment Advisers

On August 27, the SEC staff (the Staff) announced that it is requesting information and public comment regarding the use of digital engagement practices (DEPs) by broker-dealers and investment advisers. DEPs include behavioral prompts, game-like features (commonly referred to as “gamification”), features or design elements intended to engage with retail investors on digital platforms, and the analytical and technological tools and methods that create and uphold DEPs. The Staff is issuing this request in response to the proliferation of easily accessible digital platforms for investing by retail investors such as online brokerage accounts, robo-advisers and mobile phone investment apps.

The Staff stated that they are interested in understanding market practices by broker-dealers and investment advisers regarding the extent to which firms use DEPs, the types of DEPs most frequently used, the tools and methods used to develop DEPs, as well as information ascertained by firms about investor demographics, trading behaviors and investment performance through DEPs. This request for public comment indicates the Staff’s potential interest in regulating the creation and use of DEPs by investment advisers and broker-dealers.

Litigation & Enforcement

Lawsuits Targeting SPACs as Unregistered Investment Companies

Within the last two weeks, a group of plaintiffs’ attorneys have filed derivative lawsuits in U.S. federal court in New York against three separate special purpose acquisition companies (“SPACs”) — Pershing Square Tontine Holdings (“PSTH”), GO Acquisition Corp. (“GO”), and E.Merge Technology Acquisition Corp. (“E.Merge”) — and certain directors and sponsors affiliated with the SPACs, on behalf of serial plaintiff George Assad. Plaintiff’s counsel notably includes former SEC commissioner and current NYU law professor Robert Jackson as well as Yale University law professor John Morley. The lawsuits allege, among other things, that the SPACs are unregistered investment companies as defined in the Investment Company Act of 1940 (the “ICA”). While the size and prominence of PSTH, and the novel complexities of the now-abandoned business combination between PSTH and Universal Music Group B.V., made PSTH a tempting target for the plaintiffs’ bar, the similar lawsuits against GO and E.Merge suggest a broader challenge to certain structural components of SPACs.

Read the client alert to get Goodwin’s take on the lawsuits.

Goodwin News

NYDFS Cybersecurity Regulation: Focus on Proactive Cybersecurity and Incident Reporting

Now in its fifth year, the NYDFS Cybersecurity Regulation is a standout among state-level information security regulations. This year, the NYDFS is investing additional resources into cybersecurity, with a new NYDFS Cyber Intelligence Unit formed in 2021, new ransomware guidance, and increasing enforcement. Compliance with the NYDFS Cybersecurity Regulation requires financial institutions to adopt a risk-based approach to information security. The regulation’s focus on mandating a risk-based process (rather than a specific outcome) that financial institutions must follow in building their information security programs will keep the regulation from becoming obsolete. This same flexibility, however, creates compliance and enforcement risk and uncertainty in the eyes of financial institutions’ business and legal stakeholders.

Goodwin lawyers Boris Segalis, David Kantrowitz and Tony Alexis will be joined by guest speakers to help explore these concerns and introduce recent NYDFS ransomware guidance, including:

  • NYDFS ransomware guidance update, including incident reporting
  • NYDFS priorities in enforcing the Cybersecurity Regulation
  • Risk-based approach to building information security programs that align with the regulation

Register for Goodwin’s webinar today.

Check Out Goodwin’s Latest Industry Insights

FinReg + Policy Watch Blog
Stay on top of developments affecting the financial services community.

LenderLaw Watch Blog
Stay on top of news and legal issues in the consumer finance industry.

Consumer Finance Enforcement Watch Blog
Stay on top of enforcement actions, trends and issues.

Digital Currency + Blockchain Perspectives Blog
Stay on top of digital currency industry news, regulatory developments and issues.

Editors
Nicole Griffin
Samantha M. Kirby
William E. Stern

Contributors
Josh Burlingham
Justin Kanter
Brennan Meier
Rose Phipps
Sammy Tang