June 2022 Newsletters

Statement of Specific Reasons: Still a Requirement of Adverse Action Notices

The CFPB recently published a circular reminding financial institutions that no matter how the bank arrives at the decision to deny an application, the requirement of the Equal Credit Opportunity Act (ECOA / Regulation B) to provide the applicant with either a statement of specific reasons or a disclosure of the applicant’s right to a statement of specific reasons still applies for denied applications.

Institutions have more data available than ever to aid them in making lending decisions.  Many institutions choose to have computer software help them in making these decisions.  Some of these computer software models use complex algorithms that are not well understood by anyone but the developer, leaving institutions with decisions, but without supporting reasons.  As the CFPB has pointed out, this lack of understanding by institutions, of the models used, does not relieve the institution from providing the reasons for denial.

ECOA protects credit applicants against discrimination. To help ensure a creditor does not discriminate, ECOA requires that institutions provide an adverse action notice when an application is denied.  Part of the requirement of adverse action notices include specific and accurate reasons for adverse action being taken.

ECOA/Regulation B have different requirements when sending adverse action notices to consumers and business applicants.  Business applications also have different requirements, based on the gross revenue of the business applicants.

Consumer adverse action requires: 1) a statement of the action taken in writing, 2) the name and address of the creditor in writing, 3) the ECOA notice (which includes a statement of the provisions of section 701(a) of the Act and the name and address of the institutions Federal regulator) in writing, and 4) either: a statement of specific reasons for the action taken in writing or a disclosure of the applicant’s right to a statement of specific reasons for the action taken in writing.

Commercial adverse action (gross revenues of $1million or less): 1) a statement of the action (oral or in writing), and 2) disclosure of the applicant’s right to a statement of reasons in writing (may alternatively be given in writing at the time of application, if the ECOA notice (which includes a statement of the provisions of section 701(a) of the Act and the name and address of the institutions Federal regulator) is also given in writing at the time of application)

Commercial adverse action (gross revenues in excess of $1million): 1) a statement of the action taken (oral or in writing), and 2) if the applicant makes a written request within 60 days of the statement of action taken, a written statement of the reasons for adverse action and the ECOA notice (which includes a statement of the provisions of section 701(a) of the Act and the name and address of the institutions Federal regulator).

FinCEN Proposes No-Action Letters to Existing Interpretations and Relief

As part of the Anti-Money Laundering Act of 2020 FinCEN was authorized to expand the administrative rulings and exceptive/exemptive relief they currently offer to third parties to include “no-action letters.” Recently, FinCEN issued an advance notice of proposed rulemaking seeking the public’s comments related to the implementation of a no-action letter process and whether such a no-action letters are necessary.

For these purposes, an administrative ruling is a written ruling issued by FinCEN that interprets the BSA regulations found at 31 C.F.R. Chapter X, in light of individual situations for which an administrative ruling has been requested. These administrative rulings are binding if they describe an actual real-life situation an institution is facing. In addition, if FinCEN makes an administrative ruling available to the public, other third parties may also rely on the ruling as if they were the party which requested the ruling. However, if FinCEN does not publish an administrative ruling, it may not be relied upon by anyone other than the third party that requested the ruling.

In addition to administrative rulings, FinCEN may also grant an exception or exemption from regulatory requirements. These relief exceptions or exemptions may be conditional or unconditional, may apply to certain persons or classes of persons, and may apply to certain transactions or classes of transactions. These exceptions or exemptions are only applicable as expressly stated in the order from FinCEN and may be revoked by FinCEN, at their sole discretion.

With this advanced notice of proposed rulemaking, FinCEN is proposing to add a “no-action letter” to the existing guidance and relief. No-action letters are currently used by other agencies to indicate that an agency does not intend to take or recommend enforcement action. As envisioned by FinCEN, the “no-action letter” proposed would be provided in response to a third-party submission. For example, in their submission, a financial institution would detail actions being considered by the institution which have not yet taken. The institution in this scenario is seeking an indication from FinCEN that the proposed action / conduct would not prompt enforcement action by FinCEN.

In the advanced notice of proposed rulemaking, FinCEN poses 48 questions to be considered, ranging from the process by which these letters would be requested and issued, to FinCEN’s jurisdiction, to potential confidentiality concerns. Since the addition of a no-action letter process may affect other forms of regulatory guidance and relief FinCEN is additionally seeking input on whether a no-action letter process should be implemented at all, and how the process should interact with existing forms of relief. Comments are due on or before August 5, 2022.

Rescission: Count Observed Holidays

There seems to be confusion about holidays, observed holidays, and what gets counted for the purpose of complying with various regulatory requirements. The latest celebrated day that we have been getting questions about is Monday June 20th, the observed holiday of Juneteenth National Independence Day, our nation’s most recently added holiday to the federal schedule.

So, the question that keeps popping up is whether to count Monday June 20th as a business day for the purposes of rescission under Regulation Z. The short answer is “yes,” you count Monday June 20th as a business day for the purpose of rescission. To find out why, and how to determine which days, holidays and observed holidays to count, keep reading.

Adding to the confusion are the two definitions of “business day” in Regulation Z. For certain requirements the general definition applies, in which a business day means a day on which the creditor’s offices are open to the public for carrying on substantially all its business functions. However, for other requirements such as for purposes of rescission under §§ 1026.15 and 1026.23, the more precise definition of business day applies, and the term means all calendar days except Sundays and the legal public holidays.

Of the eleven legal public holidays, five are identified by a specific date: New Year’s Day (January 1), Juneteenth National Independence Day (June 19), Independence Day (July 4); Veterans Day (November 11), and Christmas Day (December 25). Because these five holidays always fall on the same date, they regularly fall on either a Saturday or Sunday.

Of the remaining six legal public holidays: Martin Luther King, Jr’s Birthday, Washington’s Birthday, Memorial Day, Labor Day, and Columbus Day always fall on Mondays. The remaining legal public holiday, Thanksgiving Day, always falls on Thursday.

When one of the specific-date holidays fall on a Saturday, for most Federal employees the preceding Friday will be observed as a holiday for pay and leave purposes. For example, when New Year’s Day (January 1) falls on a Saturday as it did in 2022, Federal offices and other entities observed the holiday on the preceding Friday (December 31, 2021). In cases where the more precise definition of business day applies, such as for the right of rescission, the observed holiday (in the example, December 31) is counted as a business day, even though federal offices may be closed on that day.

Likewise, if a holiday falls on a Sunday, for most Federal employees the following Monday will be observed as a holiday for pay and leave purposes. For example, when Juneteenth National Independence Day (June 19) falls on a Sunday this year, Federal offices and other entities will observe the holiday on the following Monday (June 20). In cases where the more precise definition of business day applies, such as for the right of rescission, the observed holiday (in this example, Monday, June 20) is counted a business day, even though federal offices may be closed on that day.

Another Day Older and Deeper in Debt

In a recent publication reminiscent of the musical stylings of Tennessee Ernie Ford, the CFPB issued a Request for Information (RFI) related to employer-driven debt.  This request seeks public input from the regarding debt obligations incurred in the context of an employment or independent contractor relationship.  The CFPB has posed upward of seventy-five questions and is interested in hearing from among others: consumers, employers, consumer rights groups, small businesses, financial institutions, and state and local government officials. Comments must be received by September 7, 2022.

Although these employer-driven debts may take various forms, the CFPB identified in this RFI two particular debt products: repayment agreements related to training and debt incurred to purchase required equipment.

The first of these products identified by the CFPB are training repayment agreements that require workers to pay their employers or third parties for previously taken training, either provided by an employer or an associated entity if the worker separates from the company either voluntarily or involuntarily within a certain time period.  For example, an employer who requires certain training that is paid for by the employer, but if the worker leaves within six months of the training, the worker is required by the employer to reimburse the employer for the cost of the training.  These trainings may be required in order to obtain or retain a job or to gain a promotion and may be of limited value outside of the specific company setting. These agreements generally require payment when workers leave their employment arrangements, either in a demand by the employer or money being withheld from an worker’s final payment.

The second of these products identified by the CFPB are debts owed to an employer or third party for the up-front purchase of equipment and supplies essential to the worker’s job or required by the employer, but not paid for by the employer. These products are more common in relationships in which workers are outsourced or classified as 1099-independent contractors, rather than W-2 employees. Workers may also owe deferred payments related to maintenance of equipment and supplies.

The CFPB is concerned that employer-driven debt could pose risks to consumers, such as by overextending household finances, through errors in servicing and collection, in cases of default, and with inaccurate credit reporting. Errors and incorrect information can heighten common risks of consumer harm at each stage of the debt life cycle. In addition to these general risks, employer-driven debt may also pose additional risks to consumers, as consumers may not understand whether these products are actually extensions of credit, whether the consumer has the ability to shop around, or whether the agreed upon debt is a condition of employment.

Additional risks specific to this kind of debt may include whether default threatens current or future employment, or whether the status of the debt is affected by the decision to seek employment elsewhere. These risks have the potential to limit competition and transparency for consumer financial products and services, which is of concern to the Consumer Financial Protection Bureau.

Customer Due Diligence for Independent ATMs

FinCEN recently released a Statement on Bank Secrecy Act Due Diligence for independent ATM owners or operators to clarify that the money laundering / terrorist financing level of risk varies from customer to customer. In this statement, FinCEN provides guidance to financial institutions on applying risk-based approaches to conducting customer due diligence (CDD) on independent ATMs owners or operators, consistent with FinCEN’s 2016 CDD Rule.

ATMs provide easy access to cash and are important in providing financial services to consumers and businesses alike; however, some independent ATM owners and operators have expressed trouble in gaining access to banking services, due to the presumed risk involved in banking these customers. Independent ATMs are those not owned by financial institutions and may be found in a variety of public spaces. An independent ATM operator is an individual or business that owns, leases, manages, or otherwise controls access to the interior (including cash) of an ATM. Independent ATMs may be owned and operated by separate individuals or businesses.

Understanding the risk a customer presents to the financial institution enables institutions comply with BSA/AML requirements by crafting and applying policies, procedures, and processes to manage and reduce risk. The CDD rule does not require that financial institutions conduct additional due diligence or institute any special due diligence processes specifically for independent ATM owners or operators. In addition to CDD, the BSA/AML regulations require customer identification, beneficial ownership of legal entity customers, currency transaction reporting, and suspicious activity reporting.

Financial Institutions should apply a risk-based approach in developing the risk profiles of their customers. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other purposes, enable banks to both understand the nature and purpose of customer relationships, and conduct regular monitoring to identify suspicious transactions. These risk-based procedures should also be used as a part of regular monitoring to update customer information when changes occur.

According to FinCEN there is no specific type of customer that automatically presents a higher risk of money laundering, terrorist financing, or other illicit financial activity. Instead, the risk or potential risk to a bank depends on a variety of factors. The BSA/AML risk for independent ATM owners or operators can vary depending on the facts and circumstances specific to the customer’s relationship with the financial institution, such as ATM location, transaction volume, and the source of funds replenishing the ATMs.

Although regulation does not require the collection of this specific information, the following customer information provided by FinCEN may be useful in making risk determinations on independent ATM owners or operators: a) organizational structure; b) operating policies, procedures, and internal controls; c) ATM currency servicing arrangements, contracts, and responsibilities; d) the source of funds used to replenish the ATM; e) location where the customer is organized and where they maintain their places of business; f) locations of owned or operated ATMs; g) expected and actual ATM activity levels; and h) whether ATM operations are the primary business of the ATM owner or operator.