CURRENT MONTH (May 2023)
OCC and FDIC Issue Guidance on Overdraft Fees
By Rachael L. Aspery, McGlinchey Stafford, PLLC
On April 26, 2023, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC), (collectively “Agencies”) each individually released supervisory guidance to ensure that each respective Agencies’ supervised institutions are aware of the consumer compliance risks associated with assessing overdraft fees on a transaction that was authorized against a positive balance but settled against a negative balance (APSN). Both sets of guidance expand on previously issued guidance by each respective agency.
Generally, financial institutions process transactions by a ledger balance method or available balance method for the purpose of assessing overdraft-related fees. Available balances may be impacted by pending debit or credit transactions. Financial institutions vary when assessing overdraft fees on debit card transactions that authorize when a customer’s available balance is positive but later post to a customer’s account when their balance is negative. Even though the customer’s balance was sufficient to cover the transaction when the customer initiated the debit card transaction, a customer can be assessed an overdraft fee when the transaction settles because of one or more intervening transactions. In addition to assessing an overdraft fee on the APSN transaction, some banks also assess overdraft fees on intervening transactions that exceed the customer’s account balance. Further, some institutions also charge representment fees when a bank receives a check or ACH transaction that is presented for payment from a customer’s deposit account and the account does not have sufficient funds to pay the check or transaction.
The OCC Guidance specifies that overdraft protection programs present a variety of compliance, operational, reputational, and credit risks; emphasizes effective board and management oversight of such programs; and states that a bank should consider its controls and risk management practices. The OCC Guidance proposes practices that may assist banks in dealing with these risks and also encourages banks to consider adopting overdraft risk management practices. These include, but are not limited to: eligibility; opt-in status; consumer disclosure; overdraft protection product analysis; periodic account analysis; account monitoring; grace amounts and grace periods; online access and timely automated alerts; single daily fee; timing of fee collection; and complaint management. The OCC Guidance also encourages banks to have processes in place to identify “risk management weaknesses” and to take corrective action where appropriate.
The FDIC Guidance also provides risk mitigation practices. These include institutions reviewing practices for charging overdraft fees on APSN transactions that customers may not anticipate or otherwise avoid, ensuring any third parties involved in the payment processing are in compliance with all applicable laws and regulations, making sure the institution understands the risks presented from any third party arrangements as part of payment processing, and encouraging financial institutions to ensure that their consumer-facing disclosures describing transaction processing and charging fees on overdrafts are clearly and accurately communicated in a consistent manner. The FDIC Guidance also details its concerns with available and ledger balance methods used by institutions, as described above, when assessing overdraft fees, and clarifies that disclosures describing transaction processing may not mitigate these concerns.
Both sets of guidance share the theme that there are heightened risks for unfair, deceptive, or abusive acts or practices (UDAAP) violations when overdraft-related fees result from payment processing in which transactions are authorized on positive balances but settled on negative balances. While taking different approaches, the Agencies encourage their respective supervised financial institutions to evaluate their current risk management programs and payment processing systems in order to ensure customers are treated fairly and provided fair access to financial services in addition to compliance with all applicable laws and regulations.
FDIC Issues Overview of Deposit Insurance System
By Rachael L. Aspery, McGlinchey Stafford, PLLC
In response to the recent bank failures, on May 1, 2023, the Federal Deposit Insurance Corporation (FDIC) released a report titled “Options for Deposit Insurance Reform” (“Report”). The Report provides a comprehensive overview and discusses options to reform the financial stability concerns with the deposit insurance system. As stated in the Report, the leading public policy objectives of deposit insurance are to promote financial stability and protect depositors from loss. In a statement issued along with the Report, FDIC Chairman Martin J. Gruenberg stated that the Report “is an effort to place these recent developments in the context of the history, evolution, and purpose of deposit insurance since the FDIC was created in 1933.” Chairman Gruenberg also expressed his view that the Report serves as a starting point for consideration of the issues surrounding deposit insurance.
The Report provides context surrounding the history of deposit insurance, comparing the differences between today’s landscape and the landscape at the FDIC’s creation in 1933. The Report discusses the objectives of deposit insurance and ways in which the objectives can be supported, and it addresses possible consequences, such as bank regulation and supervision, deposit insurance pricing, and fund adequacy. Finally, the Report details three options for reform of the United States’ national deposit insurance system: Limited (which is the status quo), Unlimited, and Targeted Coverage. The Report identifies Targeted Coverage as having the greatest potential for meeting the fundamental objectives of deposit insurance relative to its costs.
The Report also points out that several developments suggest that the banking system has evolved in ways that could increase its exposure to deposit runs, including technological changes that increase the speed with which information, or misinformation, is disseminated and the speed with which depositors can withdraw funds. The Report also acknowledges the potential “moral hazard” associated with deposit insurance. In this regard, Chairman Gruenberg stated: “While acknowledging that deposit insurance can create moral hazard by providing an incentive for banks to take on greater risk, the report underscores that regulation, supervision, and deposit insurance pricing are essential for helping the deposit insurance system meet its financial stability and depositor protection objectives while constraining moral hazard.”
Consumer Finance Law
Supreme Court Amicus Briefs in Consumer Financial Protection Bureau v. Community Financial Services Association
During the week of May 15, 2023, in the U.S. Supreme Court case Consumer Financial Protection Bureau v. Community Financial Services Association, amici filed a number of briefs, most of which urged the Court to uphold the constitutionality of the CFPB’s funding structure. As we covered in prior months-in-brief, the Bureau is appealing a U.S. Court of Appeals for the Fifth Circuit holding that the Bureau’s funding structure violates the Appropriations Clause of the Constitution. Under Dodd-Frank, the Bureau is funded through the Federal Reserve System rather than through the congressional appropriations process. The Fifth Circuit held that this “double-insulated” funding structure violates the Appropriations Clause.
On May 15, 2023, a coalition of current and former Democratic members of Congress filed a brief backing the Bureau’s constitutionality. According to amici, the Constitution provides “near-plenary authority” to Congress over appropriations, and Congress acted within the scope of that authority in devising the Bureau’s funding mechanism in the Dodd-Frank Act. The members of Congress also point to a number of “procedural constraints and congressional oversight safeguards” that they believe keep the CFPB accountable to Congress.
Other briefs raised similar arguments in favor of the Bureau’s constitutionality. A brief from a coalition of states, including New York and California, argues that Congress appropriately constructed the CFPB to complement consumer protection efforts by states, and that even if the Court holds the funding structure unconstitutional, it should not invalidate the Bureau’s past regulatory actions. Another brief by a group of constitutional law and early American history scholars argues that self-funding and indefinite appropriations have a history going back to the country’s founding.
A series of mortgage and real estate trade groups filed a brief in support of neither party. However, the groups warn in their brief that the Court should avoid ruling in a way that could vacate or undermine past rulemakings by the Bureau, as doing so “could destabilize the mortgage market.” Accordingly, the trade groups insist that, should the Court rule against the Bureau, it should merely sever the offending provisions from the funding statute, and uphold the efficacy of past actions by the Bureau. Similarly, a brief by a group of financial regulation scholars argued that upholding the Fifth Circuit’s judgment would throw the consumer credit market into chaos and could prompt a recession.
CFPB Faces Pushback from Banks on Credit Card Late Fee Proposal
On February 1, 2023, the CFPB issued a proposed rule that would amend Regulation Z’s safe harbor for credit card late fees, reducing the safe harbor amount to $8 from the current level of $30 (first-time late payment) to $41 (subsequent late payments), prohibiting late fees greater than 25% of a cardholder’s required minimum payment, and removing the automatic annual adjustment for inflation. The proposed rule has drawn intense pushback from the banking industry. In a joint letter on May 3, 2023, submitted as a comment to the rulemaking, the American Bankers Association, Consumer Bankers Association, and National Association of Federally-Insured Credit Unions argue that “[t]he vast majority of consumer cardholders will be harmed by the [p]roposal,” as card issuers will be forced to raise interest rates and other fees in order to recoup the losses they will face as a result of the rule. In effect, the groups argue, the proposed rule will force issuers to “allocate the cost and risk of late payments” across all consumer cardholders, instead of primarily imposing those costs on the late-paying population.
Also on May 3, 2023, the Bank Policy Institute published its own comment, which argued that the consumer harm that the proposed rule would cause—and fails to meaningfully consider—means that any substantially similar final rule would be arbitrary and capricious, and thus invalid under the Administrative Procedure Act. The BPI comment also argued that the Bureau’s support for the $8 safe harbor was flawed and that the Bureau failed to adopt reasonable and proportional standards, independent of the safe harbor, that considered all of the relevant statutory factors, specifically deterrence and consumer conduct. A number of other banking industry groups have also submitted comments pushing back on the proposed rule, including the Credit Union National Association, Consumer Bankers Association, and the Independent Community Bankers of America.
Consumer advocacy groups, on the other hand, have submitted comments in support of the rule. Nine consumer groups, including the National Consumer Law Center, submitted a joint comment declaring their strong support for the proposed rule, arguing that “[t]he CFPB provided ample evidence that this [$8] amount is fair, reasonable, and proportional to the costs incurred by issuers for late payments,” and that the previous $30 to $41 safe harbor was “super-compensatory.”
CFPB Issues Circular on Reopening Previously Closed Deposit Accounts
On May 10, 2023, the CFPB issued a circular outlining the Bureau’s view that when a financial institution unilaterally reopens a deposit account that a consumer has previously closed, in order to process a debit against that account, that reopening may constitute a prohibited unfair practice. The circular explains that, because such a reopening may result in imposing account maintenance fees or overdraft fees on a consumer who previously provided proper notice to close their account, it “may impose substantial injury on consumers that they cannot reasonably avoid and that is not outweighed by countervailing benefits to consumers or competition.” In conjunction with the issuance of the circular, CFPB Director Rohit Chopra released a statement that “[w]hen a bank unilaterally chooses to open an account in someone’s name after they have already closed it, this is a fake account. The CFPB is acting on all fronts to halt the harvesting of illegal junk fees.”
CFPB Director Chopra Discusses Open Banking at Fintech Nexus Conference
On May 11, 2023, CFPB Director Chopra spoke at the Fintech Nexus Conference in conversation with Phil Goldfeder of the American Fintech Council. Among other topics, Director Chopra discussed the CFPB’s ongoing work to write rules on Personal Financial Data Rights, as required by the Dodd-Frank Act. Director Chopra spoke in favor of an open banking regime in which customers could more easily move between financial institutions, noting that while consumer stickiness is important for the stability of financial institutions, it should be driven by a level playing field with good products, not by the existence of a “bureaucratic nightmare” when a consumer wants to move their money. In his view, a more open banking system will drive product improvement and ultimately benefit consumers. Looking to the future, he stated, “I want to see a world where people can refinance their auto loans or mortgages and move their credit card debt more easily.”
Director Chopra also noted that the CFPB is considering imposing limits on third-party access to transaction data, so that open banking, while enabling lenders to have better information and cater to underserved sectors, would not be “polluted by scammers.” Without providing a specific timeline, Director Chopra noted that he anticipates the CFPB completing the rule writing process in 2024.
CFPB Opposes Supreme Court Review of $50 Million Administrative Judgment
On May 3, 2023, the CFPB filed a brief in the Supreme Court opposing a certiorari petition filed by Integrity Advance, LLC, a defunct online payday lender, which asked the Court to overturn a $50 million administrative judgment imposed on the company in 2021.
The CFPB first initiated administrative proceedings against Integrity Advance in 2015, which resulted in a hearing before an administrative law judge (“ALJ”). However, the Supreme Court held in 2018 in Lucia v. SEC that ALJs are “Officers of the United States” who must be nominated and confirmed to their positions in accordance with the Appointments Clause of the Constitution. This ruling required new administrative hearings where (as with Integrity Advance) the ALJ had not been properly appointed.
The new hearing provided to Integrity largely consisted of a properly appointed ALJ reviewing the paper record from the initial proceeding. The ALJ recommended the Bureau Director impose approximately $130 million in restitution plus $7.5 million in civil penalties. The Director imposed a $50 million judgement.
Integrity Advance’s petition claims that the ALJ’s refusal to grant Integrity Advance a new oral hearing is contrary to Lucia’s “new hearing” requirement, and that the CFPB’s funding structure violates the U.S. Constitution. The CFPB’s opposition brief argues that Lucia’s “new hearing” requirement does not mandate an entirely new oral hearing, and that Integrity Advance waived any Appropriations Clause argument by failing to raise it previously.
Colorado and Connecticut Set to Debut New Data Privacy Laws on July 1
By Devin P. Leary-Hanebrink, McGlinchey Stafford PLLC
Beginning July 1, 2023, the Colorado Privacy Act and the Connecticut Personal Data Privacy and Online Monitoring Act will take effect. Following California (in 2020) and Virginia (earlier this year), four states now have enacted and implemented some version of a comprehensive privacy law.
The Colorado Privacy Act applies to a “controller” that conducts business in Colorado or produces or delivers commercial products or services that are intentionally targeted to residents of Colorado and that satisfies one or both of the following thresholds: (i) controls or processes personal data of 100,000 consumers or more during a calendar year; or (ii) derives revenue or receives a discount on the price of goods or services from the sale of personal data and processes or controls the personal data of 25,000 consumers or more. However, personal data governed by certain federal or Colorado state laws and certain listed activities may be exempt. Certain entities, such as state and local governments, as well as certain financial institutions and their affiliates, may also be exempt. The Colorado Privacy Act introduces twenty-six defined terms and provides consumers with several rights in connection with their personal data, including the right to opt out, the right of access, the right to correct, and the right to deletion.
The Connecticut Personal Data Privacy and Online Monitoring Act (“PDP-OMA”) applies to persons that conduct business in Connecticut or persons that produce products or services that are targeted to residents of Connecticut and that during the preceding calendar year: (1) controlled or processed the personal data of not less than 100,000 consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or (2) controlled or processed the personal data of not less than 25,000 consumers and derived more than 25% of their gross revenue from the sale of personal data. However, like the Colorado Privacy Act, personal data governed by certain federal or state laws and certain listed activities may be exempt. Certain entities, such as state and local governments, as well as certain financial institutions and their affiliates, may also be exempt. The Connecticut PDP-OMA introduces thirty defined terms and provides consumers with several rights in connection with their personal data, including the right to confirm whether a “controller” is processing or accessing their data; request copies of, correct inaccuracies in, and/or permanently delete their data; and opt out of the processing of their data.
In general, the Colorado Privacy Act and the Connecticut PDP-OMA have a lot in common with the Virginia Consumer Data Protection Act; however, it is clear California’s Consumer Privacy Act and Privacy Rights Act also influenced the Colorado and Connecticut legislatures. Going forward, expect other states to look to California and Virginia—and now Colorado and Connecticut—as they consider similar privacy laws.
Next up, the Utah Consumer Privacy Act is scheduled to take effect on December 31, 2023.
Maryland Enacts Student Financing Act
By Tiyanna D. Lords, McGlinchey Stafford, PLLC
On May 8, 2023, Governor Wes Moore of Maryland signed HB 913 into law, creating the Student Financing Act (the “Act”). Under the Act, “student financing” is defined as an extension of credit to a consumer that is (1) not made, insured, or guaranteed under Title IV of the federal Higher Education Act of 1965, (2) extended to a consumer expressly, in whole or in part, for postsecondary education expenses, regardless of whether it is provided by the institution that the consumer attends, and (3) not a loan secured by real property or a dwelling. “Student financing” also includes (1) an extension of credit used to refinance or repay existing student financing or federal student loan debt, and (2) financial obligations in which the repayment amount is equal to a predetermined percentage of a consumer’s future income. Further, the Act defines “student financing company” as an entity engaged in the business of securing, making, or extending student financing products, or any purchaser, assignee, or holder of student financing products. The Act expressly excludes banks, savings banks, savings and loan associations, credit unions, and wholly owned subsidiaries or operating subsidiaries of these entities.
Beginning March 15, 2024, student financing companies must register with the Commissioner of Financial Regulation before providing services in Maryland and submit the requisite reports prescribed in the Act. Failure to comply with the registration and reporting requirements will make a student financing product void and unenforceable. The Act will add Subtitle 11 to Maryland’s Financial Institutions Law effective October 1, 2023.
EPA PFAS Enforcement Has Begun
By Michael R. Blumenthal, McGlinchey Stafford, PLLC
The U.S. Environmental Protection Agency (EPA) announced it has taken its first-ever Clean Water Act (CWA) enforcement action against water pollution by so-called “forever chemicals” from a West Virginia chemical plant. On April 26, 2023, EPA ordered Chemours Co., owner of Washington Works near Parkersburg, West Virginia, to take action aimed at reducing the levels of perfluoroalkyl and polyfluoroalkyl substances (PFAS) the facility discharges into the Ohio River.
Chemours operates several manufacturing units at the Washington Works facility, which produce fluorinated organic chemical products, including fluoropolymers. The facility discharges industrial process water and stormwater to the Ohio River and its tributaries under the terms of a National Pollutant Discharge Elimination System (NPDES) permit issued in 2018 by the West Virginia Department of Environmental Protection. Until 2015, E.I. du Pont de Nemours and Company was the NPDES permit holder at Washington Works. In 2015, the permit was transferred to Chemours.
The permit imposes discharge limits and requires monitoring of certain pollutants, including PFAS such as perfluorooctanoic acid (PFOA), which was used in the past as a processing aid for manufacturing, and HFPO Dimer Acid, also known as GenX—which replaced PFOA as a processing aid.
In the administrative compliance order on consent (AOC) issued, EPA sets forth that this facility exceeded permit effluent limits for PFOA and HFPO Dimer Acid on various dates from September 2018 through March 2023 and that Chemours failed to properly operate and maintain all facilities and systems required for permit compliance.
The consent order requires Chemours to:
- take necessary measures to reduce the discharge of PFAS into the water bodies in affected areas,
- conduct sampling and analysis of PFAS discharges and report the findings to the EPA,
- develop and implement a PFAS Reduction Plan that includes measures to reduce PFAS discharges into water bodies, and
- provide funding for monitoring and testing for PFAS in public water systems and private wells.
The consent order also requires Chemours to submit regular progress reports to the EPA, including updates on the implementation of the PFAS Reduction Plan and the results of monitoring and testing. Notably, the order provides for civil penalties of up to $10,000 per day for non-compliance.
The Consent Order is notable in that it is the EPA’s first AOC for the unlawful discharges of PFAS under the Clean Water Act. The Order could serve as a precedent for the EPA to bring further enforcement actions under the CWA for PFAS discharges and signal a new epoch wherein EPA’s enforcement program prioritizes the regulation of PFAS and holds entities accountable for its discharges.
Intellectual Property Law
Supreme Court Rules against Fair Use Defense in a Case Involving Warhol’s Use of a Prince Photograph
By Dredeir Roberts, General Counsel, Core States Group
On May 18, 2023, the Supreme Court rejected Warhol’s Fair Use defense in Andy Warhol Foundation for the Visual Arts, Inc. v. Goldsmith, 598 U.S. ____ (2023). The case focused on the fair use factor that weighs the purpose and character of the artwork’s use. The Court held that the commercial use paired with the similar purposes of the primary and secondary uses of the photograph at issue weighed against a finding of fair use. Justice Sotomayor, delivering the court’s opinion, reasoned that a finding against fair use here safeguarded an artist’s right to prepare and be compensated for derivative works. While the artwork at issue comes from the world-famous artist Andy Warhol, Justice Sotomayor emphasized that this ruling does not call into question all works by Andy Warhol.