OCC Revises Civil Money Penalty Manual
The U.S. Office of the Comptroller of the Currency (OCC) announced revisions to its civil money penalty (CMP) manual on November 29, 2022. This may have important implications for smaller banks that have entered into partnerships with fintech companies. The updated manual will go into effect on January 1, 2023.
Generally, the OCC revises the matrix it uses to quantify the degree of severity of violations, unsafe or unsound practices, and breaches of fiduciary duty. Used as guidance when assessing CMPs, the matrix considers three statutory factors and 13 assessment factors set forth in an interagency policy from the Federal Financial Institutions Examination Council (FFIEC). According to the OCC, the revised matrix will allow for sufficient differentiation among varying levels of misconduct or by institution size, as well as provide a stronger incentive for banks to fully address underlying deficiencies.
The three revisions to the matrix include: (1) revising the mitigating factors of self-identification, remediation or corrective action, and restitution; (2) increasing the scoring weight of mitigating factors; and (3) revising the table titled “Suggested Action Based on Total Matrix Score and Total Assets of Bank.”
Notably, the “Suggested Action” table now states that there may be cases in which an institution’s total assets are not an appropriate proxy for determining CMPs. For instance, the table cautions that “the asset size of trust banks and federal branches of foreign banks often do not reflect the size of the financial resources of these institutions or the impact of the conduct at issue,” as well as that “there may be cases when the relevant conduct reflects transaction volume on par with that of a much larger institution.” Accordingly, under such circumstances, the table notes that it may be appropriate to consider suggested CMPs for an institution in a higher total asset category.
This may have significant implications for smaller banks. Traditionally, such banks would not have the same transaction volume as that of larger banks, and as a result, would receive lower fines. However, as these smaller banks increasingly enter partnerships with fintech companies to provide loans, payment processing, and other financial services, they may find themselves subject to larger fines in line with the new guidance in the “Suggested Action” table—not to mention that the revised table generally increased fines across the board as well.
New York Governor Kathy Hochul Signs Legislation Package to Protect Credit and Gift Card Holders
On December 10, Governor Kathy Hochul of New York signed legislation (S.3467-B/A.4629-C) that prohibits certain fees and limits expiration dates on gift cards and gift certificates.
The new law aims to protect consumers by prohibiting all fees on gift cards and prohibiting gift cards that decline in value over time. The bill specifically prohibits the imposition of any “activation fees, retroactive fees, redemption fees, service fees, dormancy fees, latency fees, administrative fees, handling fees, access fees, periodic fees, renewal fees, re-loading fees, or any other fee of any kind.” However, one exception permits a gift card or gift certificate that is redeemable at multiple, unaffiliated merchants to charge a one-time activation fee, not to exceed $9.00.
In addition, the bill prohibits expiration dates on gift cards and gift certificates that occur earlier than nine years from the date of issuance. By comparison, the federal Credit Card Accountability Responsibility and Disclosure Act (CARD) of 2009 prohibits expiration dates prior to five years after issuance. The bill also allows for the recipient of a gift card or gift certificate to opt to receive cash when the remaining balance is less than $5.00.
The new law was passed as part of a package of legislation that also included new protections for credit card holders, such as creating a grace period for the use of reward points after the closing of an account.
CFPB Proposes Registry to Detect Repeat Offenders
The Consumer Financial Protection Bureau (CFPB or the Bureau) issued a proposed rule on December 12, subject to a 60-day public comment window, that would require certain nonbank financial firms under public orders to register with the Bureau. According to the CFPB, the proposed rule would help identify and mitigate risks to consumers and ensure that supervised companies perform their obligations.
The proposed rule would require certain nonbank covered entities that are under final public orders in connection with the offering or provision of a consumer financial product or service to report the existence of such orders to a Bureau registry. Additionally, the proposed rule would require larger, supervised nonbanks to submit annual written statements regarding compliance with each underlying order. The statements would have to be signed by an attesting executive who has knowledge of the entity’s relevant systems and procedures for achieving compliance and control over the entity’s compliance efforts.
As part of registering, entities would be required to provide basic identifying information about the company and the order, which the Bureau would publish on its website and potentially in other mediums. All final public written orders and judgments (including consent and stipulated orders and judgments) obtained or issued by the Bureau or any government agency (federal, state, or local) for violation of certain consumer protection laws would be included under the proposed rule. Insured depository institutions, insured credit unions, related persons, states, certain other entities, and natural persons would be excluded from the registration requirement.
According to the CFPB, the proposed rule would benefit consumers and the public by allowing the Bureau to effectively monitor potential risks arising from both individual instances and broader patterns of recidivism. For instance, persons subject to one or more orders may pose greater risks to consumers than others, and the existence of multiple orders may indicate broader problems at a particular entity (e.g., lack of sufficient controls). Furthermore, the existence of enforcement activity in multiple jurisdictions among certain products or services could indicate areas of heightened consumer risk that warrant further attention. The absence of enforcement activity, by contrast, could indicate less risk or could be evidence of less attention and the need to increase monitoring activities.