Alston & Bird Consumer Finance Blog

Archives for January 13, 2025

CFPB Approves Financial Data Exchange to Set Standards for 1033

By

What Happened?

Last week the CFPB issued an Order recognizing the Financial Data Exchange, Inc. (“FDX”) as the first standard setting body (“SSO”) under the CFPB’s Personal Financial Data Rights Rule (the “Rule”).  The Rule requires financial institutions, credit card issuers, and other financial providers (“Subject Entities”) to make available consumers’ financial data and transfer it to third parties, at the consumer’s request, for no charge.   The final version of the Rule was released in October, and it is the subject of a lawsuit filed by the Bank Policy Institute and the Kentucky Bankers Association.

Why does it Matter?

Background:

FDX is a standard-setting organization with more than 200 member organizations in the United States and Canada, including depository and non-depository commercial entities; data providers and data recipients; and others.  FDX’s stated primary purpose is to develop, improve and maintain a common, interoperable standard for secure consumer and business access to financial records.

SSOs:

The Role of SSOs is to issue consensus standards to help entities comply with the Rule, including protocols for secure data sharing.  In June 2024, the CFPB finalized a rule outlining the qualifications to become a recognized industry standard setting body. The CFPB identified five key qualifications that standard setting bodies must demonstrate in order to be recognized by the CFPB, including openness, transparency, balanced decision-making, consensus, and due process and appeals.

The CFPB’s recognition of FDX as an SSO is subject to a number of conditions, including:

  • Ban on “pay-to-play” and other conflicts of interest:  FDX is to develop standards to promote open banking without regard to sponsorships or other financial incentives to give certain market participants an unfair advantage.  FDX must ensure that the organization and its staff do not have any side arrangements that would skew its financial incentives toward particular entities.
  • Mandatory reporting on market adoption:  FDX is required to report to the CFPB on market use of its consensus standards and/or maintain a publicly available resource where companies can disclose their use of standards as well as any certifications of adherence to standards, for the benefit of open banking participants, regulators, and the public.
  • Transparency and availability of standards: FDX must make available to the public any consensus standards that it adopts and maintains, subject to reasonable safeguards, and to ensure that non-members have the same access as members do. FDX must also make publicly available information about its standards development and issuance processes.

What’s Next?

Although FDX was recognized as the first SSO, the CFPB continues to evaluate other applications for SSO recognition.  As these organizations will have significant impact on the way Subject Entities comply with the Rule, those entities should monitor the issuance of consensus standards as they develop.

New York Passes New Removal Procedures for Officers, Directors, Trustees, and Partners of Any Entity Regulated by Department of Financial Services

By ,

What Happened?

On December 21, 2024, New York Governor Kathy Hochul, signed into law, S7532, which repealed the existing section of the Banking Law addressing the removal of officers, directors, and trustees of banking organizations, bank holding companies and foreign banks (“covered individuals”), and enacted a new section providing a clearer process for removing such individuals and expanding the scope of the removal authority to apply to all entities regulated by the New York Department of Financial Services (“the Department”).

Repealed Section:

The former provisions regarding the removal of covered individuals were limited to banking organizations, bank holding companies, and foreign banks.

The Superintendent of the Department (“the Superintendent”) was authorized to bring an action to the Banking Board (“the Board”) to remove an officer, director, or trustee whenever it found that such individual:

  • violated any law or regulation of the Superintendent of financial services, or
  • “continued unauthorized or unsafe practices . . . after having been ordered or warned to discontinue such practices.”

Note that the Banking Board has not existed since the Department of Financial Services was created in 2011.

The Board would then serve notice of the action to the covered individual to appear before the Board to show why they should not be removed from office. A copy of this notice would be sent to each director or trustee of the banking organization and to each person in charge of and each officer of a branch of a foreign banking corporation.

If after a three-fifths vote by the Board members the Board found that the individual committed such violations, an order would be issued to remove the individual from office.

The removal became effective upon service of the order. The order and findings were not made public, and were only disclosed to the removed individual and the directors or trustees of the banking organization involved. Any such removed individual that participated in the management of such banking organization without permission from the Superintendent would be guilty of a misdemeanor.

Newly Enacted Section:

The new provision expands the removal authority of the Superintendent to apply to all entities regulated by the Department (“covered entities”), including: banks, trust companies, limited purpose trust companies, private banks, savings banks, safe deposit companies, savings and loan associations, credit unions, investment companies, bank holding companies, foreign banking corporations, licensed lenders, licensed cashers of checks, budget planners, mortgage bankers, mortgage loan servicers, mortgage brokers, licensed transmitters of money, and student loan servicers.

The Superintendent is authorized to bring an action to remove such individuals whenever it finds reason to believe that they:

  • caused, facilitated, permitted, or participated in any violation by a covered entity of a law or regulation, order issued by the Superintendent or any written agreement between such covered entity or covered individual and the Superintendent;
  • engaged or participated in any unsafe or unsound practice in connection with any covered entity; or
  • engaged or participated in any willful material act or omitted to take any material act that directly contributed to the failure of a covered entity.

The notice and hearing provisions were changed to allow the Superintendent to serve a statement of charges against the covered individual and a notice of an opportunity to appear before the Superintendent to show cause why they should not be removed from office. A copy of such notice must now be sent to the affected covered entity, instead of the directors or trustees of the covered entity and persons in charge of foreign bank branches.

Additionally, the threshold for removal was changed. Instead of being removed by a three-fifths vote of a board that no longer exists, the covered individual may be removed if, after notice and hearing: (1) the Superintendent finds that the covered individual has engaged in the unlawful conduct, or (2) if the individual waives a hearing or fails to appear in person or by authorized representative.

The order of removal is effective upon service to the individual. The order must also be served to any affected covered entity along with the statement of charges. The order remains in effect until amended, replaced, or rescinded by the Superintendent or a court of competent jurisdiction. Such removed individual is prohibited from participating in the “conduct of the affairs” of any covered entity unless they receive written permission from the Superintendent. If the individual violates such prohibition, they are guilty of a misdemeanor.

Furthermore, the Superintendent is now authorized to suspend the covered individual from office for a period of 180 days pending the determination of the charges if the Superintendent has reason to believe that:

  • a covered entity has suffered or will probably suffer financial loss that impacts its ability to operate in a safe and sound manner;
  • the interests of the depositors at a covered entity have been or could be prejudiced; or
  • the covered individual demonstrates willful disregard for the safety and soundness of a covered entity.

The suspension may be extended for additional periods of 180 days if the hearing is not completed within the previous period due to the request of the covered individual.

Why Does it Matter?

Prior to the update, the Superintendent only had the power to remove individual officers, directors, or trustees from office in various bank organizations. The new law expands this removal power to all entities regulated by the Department.

The amended statute creates an additional penalty for individuals who caused, facilitated, permitted, or participated in the violation of the Banking Law in their positions of power of a regulated entity. Such individuals may be removed from their positions and prohibited from participating in the management of any regulated entity, until they receive written permission from the Superintendent. If they violate the prohibition, they are guilty of a misdemeanor, which can be punished by imprisonment for up to 364 days or by a fine set by the Superintendent.

What Do I Need To Do?

Entities regulated by the Department that are now covered under this section should be aware that violations of law by a licensee may also lead to the removal of certain high-level individuals within the organization. If removed, such individuals would also be prohibited from managing any regulated entity until the Superintendent provides written permission to do so. Affected entities and individuals should take care to ensure compliance with the law to avoid these new penalties.