CFPB Resource Center
On July 21, 2011, the Consumer Financial Protection Bureau (CFPB), an agency with unprecedented power and authority to regulate the market for consumer financial products, opened its doors for business.
Because of our focus and expertise on retail banking products and services, CBA is well positioned to be your industry resource on the CFPB and will regularly update this page as the rulemaking process unfolds. In addition, our insights and analysis on CFPB-related issues, along with the latest news and information, will provide you with the necessary tools to navigate this new regulatory environment, so please visit often.
December 12, 2014
CFPB Moves to Tacle Medical Debt Issues
week the CFPB took several steps to address the challenge of consumer
medical debt, releasing a report and data points, as well as new
requirements on Wednesday, December 10, 2014, followed by a field
hearing in Oklahoma City on Thursday, December 11, 2014.
The Bureau's report addressed the impact of medical debt on consumer credit scores and pointed to the following findings:
The CFPB expressed its concerns about the complicated process of collecting medical bills, including:
- Half of all overdue debt on credit reports is from medical debt;
in five credit reports contains overdue medical debt, totaling 43
million Americans with unpaid medical debt affecting their credit
- 15 million consumers have only medical debt on their credit reports; and
- Average reported medical debt is $579 and average unpaid, non-medical debt is $1,000.
The Bureau also announced that major consumer reporting agencies must file regular accuracy reports
with the CFPB detailing how consumer disputes are being handled. Using
information provided in the reports, the Bureau will analyze the
furnishers with the most disputes, industries with most disputes, and
furnishers with particularly high disputes relative to their industry
- Confusing process of incurring medical debt: Multiple bills from multiple providers create confusion on how much the consumers are responsible for paying;
- Haphazard system for reporting overdue medical debt: There is no standard practice for when overdue medical debt is sent to a collector or reported; and
- Opaque practice of collecting debt by "parking" it on credit reports: Debt collectors may not notify the consumer the debt is due until it is on their credit report.
The Bureau also published a Data Point offering tips for consumers on how to deal with medical debt.
The new reports, requirements and consumer tips were announced at the CFPB's field hearing in Oklahoma City, and featured remarks
from Bureau Director Richard Cordray. The hearing featured a panel
including representatives from the CFPB, Center for Responsible Lending,
Consumer Union, FICO, Healthcare Financial Management Association, a
credit reporting agency and an attorney, and was moderated by CFPB
Deputy Director Steve Antonakes.
The panelists addressed the
impact of medical debt on consumer credit scores, highlighting the
different nature of the debt, the confusion surrounding healthcare
costs, and the need for separating medical debt for purposes of credit
scores. The importance of consumer education and how credit scoring
models can alter their process to better predict risk also was
CFPB Takes Action Against Student Loan Debt Relief Companies
On Thursday, December 11, 2014, the CFPB took action against two companies offering student debt relief. The Bureau acted to shut down College Education Services and filed a lawsuit against Student Loan Processing.US. The Bureau also issued a consumer advisory warning student loan borrowers to be wary of paying high fees for free federal loan benefits.
loans are already a significant debt for many Americans. College
Education Services and Student Loan Processing.US added to that hardship
by taking advantage of troubled borrowers and failing to describe their
services honestly," said Director Cordray. "When scam artists prey on
student loan borrowers, we will take action to halt their illegal
CBA Comments on CFPB Larger Participant Proposal for Auto Financing
On Monday, December 8, 2014, CBA filed a comment letter in response to the CFPB's larger participant proposal
for the automobile financing market. The Bureau is seeking to extend
its supervisory jurisdiction over nonbank auto lenders pursuant to its
larger participant authority under section 1024 of the Dodd-Frank Act.
In its letter, CBA supported the agency's efforts to promote fair
competition between bank and nonbank auto lenders and to enhance
consumer protection. CBA also asked the CFPB to set the supervisory
threshold for larger nonbank lenders at 10,000 aggregate annual
originations, and to expressly exclude securitization-related
transactions from the definition of annual originations.
Senate Hears from Regulators on Cybersecurity Threats
On Wednesday, December 10, 2014, the U.S. Senate Banking, Housing & Urban Affairs Committee held a hearing
entitled: "Cybersecurity: Enhancing Coordination to Protect the
Financial Sector," which included testimony from the U.S. Department of
the Treasury, U.S. Department of Homeland Security, the OCC, the U.S.
Secret Service, and the Federal Bureau of Investigation. The hearing
focused on the evolving cybersecurity threats facing financial
institutions, and how the private sector and federal government can
share information to combat criminal actors, including foreign
governments and other international groups.
management of cyber risks by financial institutions is important for
consumer protection, financial stability, privacy, and national
security. Not only are financial institutions frequent targets of cyber
crime, they are uniquely interconnected with major sectors of the
economy. Cyberattacks may cause damage to the financial system without
directly attacking a bank, including through third party providers,"
said Committee Chairman Tim Johnson (D-SD) in his opening statement.
"The largest banks are under constant attack every day and spend
hundreds of millions of dollars per year on cyber defense. What many may
not realize is that the cost of defending against cyber attacks is
remarkably disproportionate compared to the cost of attacking," said
Ranking Member Mike Crapo (R-ID).
hearing focused on how federal agencies are working with financial
institutions, and other critical infrastructure, to combat cyber
threats. Cyber security as part of the larger payment environment from
the point-of-sale to where sensitive financial data may be held by the
private sector was also covered. Sen. Elizabeth Warren (D-MA) stated,
"this cannot just be about the banks." Members of the Committee
expressed payments are only as secure as their weakest links, including
merchants and third party service providers.
Cybersecurity from a
safety and soundness perspective was also addressed. Sen. Warren asked
what the repercussions to the financial system would be if financial
institutions active in the tri-party repo markets suffered a major
breach. The OCC witness emphasized hiring examiners with strong
technology backgrounds. Sen. Warren requested an unambiguous answer
about how cybersecurity risk is treated as part of determining risk to
the over-all financial system.
All witnesses informed Sen.
Charles Schumer (D-NY) further legislation from Congress is necessary,
in response to his questioning.
House Extends Terrorism Risk Insurance Act, Negotiations Continue
Wednesday, December 10, 2014, the Terrorism Risk Insurance Act (TRIA)
was passed in the House, receiving support from 417 Members who voted to
extend the measure. The bill (S. 2244), passed the Senate in July, but
differs from the House version which was amended to roll back the swaps
push out provision in the Dodd-Frank Act. Extending TRIA was considered a
"must do" by most Members of Congress and made it a vehicle for other
contentious legislative objectives.
"By playing games and
refusing to pass a clean extension of terrorism insurance, the House
Republicans have put terrorism insurance at risk," Sen. Charles Schumer
(D-NY) said in a statement.
The bill, which extends TRIA by six
years, raises the amount needed in total losses from $100 million to
$200 million before TRIA is triggered.
The bill also amends the
Federal Reserve Act to "require the President, in selecting members of
the Board of Governors of the Federal Reserve System, to appoint at
least one member with demonstrated primary experience working in or
supervising community banks having less than $10 billion in total
The maneuver puts pressure back on the Senate to pass
the amended version of the bill, before Congress goes into recess. The
threat of a government shutdown still looms over negotiations as
Congress operates under short-term Continuing Resolution that keeps the
government funded through Saturday.
House Oversight Releases FDIC, Operation Choke Point Report
On Tuesday, December 9, 2014, the House Committee on Oversight and Government Reform released a report
on its investigation into the FDIC's involvement in Operation Choke
Point, accusing the agency of violating "the most fundamental principles
of the rule of law and accountable, transparent government."
authors of the report say the FDIC targeted legal industries as part of
the operation via "circular agreement" policymaking, as there was no
articulated justification or rationale for the agency's list of
high-risk merchants – the basis for the targeted industries.
Additionally, the FDIC was found to have used the list of high risk
merchants to make sure banks "got the message" that offering services to
a certain group of businesses would carry enormous regulatory risk and
the possibility of full-blown investigations.
FSSCC Responds to Cybersecurity Inquiry
Tuesday, December 9, 2014, the Financial Services Sector Coordinating
Council (FSSCC) responded to a November, 18, 2014 letter from Sen.
Elizabeth Warren (D-MA) and Rep. Elijah Cummings (D-MD) inquiring about
cybersecurity protections at financial institutions. To combat cyber
threats, the FSSCC has established a project to standardize and automate
the flow of cyber threat information, and participated in the Merchant
and Financial Cybersecurity Partnership. The letter outlined the strong
laws already protecting the financial services industry from breaches,
including Title V of the Gramm-Leach-Bliley Act; the supervisory
guidance from the Federal Financial Institutions Examination Council;
the myriad of state laws mandating breach notification and data security
standards; and mandates from prudential regulators regarding
"risk-based" response programs. Additionally, the FSSCC urged Congress
to pass cross-sector information sharing legislation.
Fed Issues Proposal to Strength SIFI
On Tuesday, December 8, 2014, the Federal Reserve Board proposed a rule to further strengthen the capital positions of the largest, most systemically important U.S. bank holding companies.
proposal establishes a methodology to identify whether a U.S. bank
holding company is a global, systemically important banking organization
(GSIB). A firm identified as a GSIB would be subject to a risk-based
capital surcharge calibrated based on its systemic risk profile.
proposal is intended to build on a GSIB capital surcharge framework
agreed to by the Basel Committee on Banking Supervision (BCBS),
augmented to address risks to U.S. financial stability. A firm
identified as a GSIB would calculate its GSIB surcharge under two
methods and use the higher of the two surcharges.
method would consider the GSIB's size, interconnectedness,
cross-jurisdictional activity, substitutability, and complexity,
consistent with a methodology developed by the Basel Committee. The
second would use similar inputs, but would replace substitutability with
use of short-term wholesale funding and would generally result in
significantly higher surcharges than the BCBS framework.
NACHA Proposes Same-Day Settlement
On Tuesday, December 8, 2014, the National Automated Clearing House Association (NACHA) asked for comments on a proposal
to introduce a same-day settlement mechanism for the automated clearing
house network. Comment on the proposal will be accepted through
February 6, 2015.
According to NACHA, if the proposal is
approved, the network will process almost 1.4 billion same-day payments
annually within 10 years of the system's full rollout. The proposal also
contains an "interbank fee," projected to be 8.2 cents per transaction,
payable by originating banks to receiving banks. The new fee is
intended to compensate receiving institutions for costs involved in
accommodating same-day settlement. Receiving banks will be required to
handle same-day settlements. The proposal calls for same-day capability
to be established through three phases during an 18-month period,
beginning in September 2016 and ending in March 2018.
CBA Supports ABA Petition
On Monday, December 8, 2014, CBA filed a comment letter
with the Federal Communications Commission (FCC) supporting an American
Bankers Association (ABA) petition to create an exception for fraud and
identity theft alerts, data breach notifications, remediation messages,
and money transfer notifications on a free-to-end-user basis. CBA
believes the ABA petition proposes exemptions that would promote
beneficial communications without compromising consumer privacy, and
ultimately reduce the risk of fraud and identity theft associated with
payment card transactions. CBA continues to urge the Commission to
clarify that "called party" refers to the "intended recipient" for the
purposes of the Telephone Consumer Protection Act prior express consent
requirement, as outlined in CBA's Petition for Declaratory Ruling.
Cybersecurity Bills get Green Flag from Congress
week, Congress acted to pass three pieces of cybersecurity legislation.
The National Cybersecurity Protection Act of 2014 (S. 2519), sponsored
by Sens. Tom Carper (D-DE) and Tom Coburn (R-OK) codifies the existing
cybersecurity and communications operations center at the U.S.
Department of Homeland Security (DHS), known as the National
Cybersecurity and Communications Integration Center, and will be sent to
the President for his signature. "Cybersecurity is one of the biggest
national security challenges our country faces. Our laws should reflect
that reality," said Sen. Carper, who chairs the Senate Committee on
Homeland Security and Governmental Affairs.
The second bill, the
Cybersecurity Act of 2013 (S. 1353), sponsored by Sens. Jay Rockefeller
(D-WV) and John Thune (R-SD), incorporated the National Institute of
Standards and Technology (NIST) process, authorizing it to continue
facilitating the development of voluntary standards and best practices
to protect critical infrastructure. The bill is expected to be signed by
the President. "Sen. Thune shares with me a commitment to giving
businesses the flexibility and assurances they need as they work toward
this goal, and those the government must meet in a changing world of
cyber threats with potentially devastating impacts for our economy and
national security. NIST is a jewel of the federal government and it's
the right organization to guide this very important work."
Cybersecurity Workforce Assessment Act (HR 2952), sponsored by Rep.
Patrick Meehan (R-PA), requires the Secretary of DHS to assess the
Department and develop strategies to further enhance the readiness,
training, recruitment, and retention of the cybersecurity workforce.
"We've seen remarkable changes in the cyber world and the threats have
developed and changed dramatically in the last decade," said Rep.
December 12, 2014
December 5, 2014
November 21, 2014
November 14, 2014
November 7, 2014
October 31, 2014
October 24, 2014
October 17, 2014
October 10, 2014
October 3, 2014
September 26, 2014
September 19, 2014
September 12, 2014
September 5, 2014
August 29, 2014
August 22, 2014
August 15, 2014
August 8, 2014
August 1, 2014
July 18, 2014
July 11, 2014
June 27, 2014
June 20, 2014
June 13, 2014
June 6, 2014
May 30, 2014
May 23, 2014
May 16, 2014
May 9, 2014
May 2, 2014
April 25, 2014
April 18, 2014
April 11, 2014
March 28, 2014
March 21, 2014
March 14, 2014
March 7, 2014
February 28, 2014
February 21, 2014
February 14, 2014
February 7, 2014
January 31, 2014
January 24, 2014
January 17, 2014
January 10, 2014