HUD to Reconsider Disparate Impact Rule

On June 20, 2018, the Department of Housing and Urban Development (“HUD”) published an advance notice of proposed rulemaking (“ANPR”) seeking comment on proposed changes to HUD’s 2013 regulations concerning the Fair Housing Act’s “Disparate Impact Rule” (the “Rule”).  The changes are primarily intended to ensure the Rule is consistent with the U.S. Supreme Court’s 2015 decision in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc.  The proposed rulemaking is also driven in part by the Department of the Treasury’s recommendation in 2017 for HUD to reconsider application of the Rule as it relates to the insurance industry.

The Fair Housing Act (42 U.S.C. § 3601) prohibits discrimination on the basis of race, color, religion, sex, disability, familial status, or the presence of children when individuals are renting, buying, or securing financing for any housing.  In 2013, following a notice and comment period, HUD published the Disparate Impact Rule (24 C.F.R. § 100.500), which creates liability for covered entities based on whether their business practices have a discriminatory effect, even if those practices were not motivated by discriminatory intent.

HUD supplemented the Rule in 2016 with responses to insurance industry requests for categorical exemptions or safe harbors from liability for insurance practices.  In its supplement, HUD determined that such exemptions for insurers were “unworkable and inconsistent,” and that application of the Rule to insurance practices should be addressed on a case-by-case basis.

HUD’s request for comment earlier this week follows the Supreme Court’s 2015 decision in Inclusive Communities.  Although the Supreme Court’s ruling – that disparate impact claims were cognizable under the Fair Housing Act – did not rely on the Rule, HUD opted to review and evaluate potential changes to the Rule to better align it with the Court’s decision.

HUD is also seeking comment in response to the Department of Treasury’s 2017 recommendation that it reconsider the use of the Rule.  Specifically, Treasury requested that HUD examine whether the Rule would have a “disruptive effect on the availability of homeowners insurance and whether the rule is reconcilable with actuarially sound principles.”

In addition to seeking comments on “appropriate changes” to the Rule, HUD identified questions it is particularly interested in addressing, including:

  • Whether the Rule should clarify the requirements for “stating a prima facie case under Inclusive Communities” and other rulings;
  • Whether the Rule should provide defenses or safe harbors to claims of disparate impact liability “(such as, for example, when another federal statute substantially limits a defendant’s discretion or another federal statute requires adherence to state statutes)”; and
  • If there are revisions to the Rule that could reduce uncertainty, decrease regulatory burden, or assist the public in determining what is lawful.

Public comments on the Rule are due no later than August 20, 2018.

Judge Denies Request to Stay Payday Rule Compliance Date

On June 12, 2018, a federal judge in the Western District of Texas denied a joint motion by the Bureau of Consumer Financial Protection (“Bureau”), the Community Financial Services Association of America, Ltd. (“Community Financial Services Association”) and the Consumer Alliance of Texas (“Consumer Alliance”), to stay the compliance date of the substantive provisions of the Bureau’s payday lending rule (“Payday Rule”), which is August 19, 2019, for most provisions. The Community Financial Services Association and Consumer Alliance are suing the Bureau over the Payday Rule, alleging, among other things, that the Bureau’s rulemaking process was fatally flawed and that the rule constituted agency overreach. The court did grant a simultaneous joint motion to stay the litigation itself pending completion of the rulemaking process.

The Bureau and the plaintiffs had argued that a stay of both the litigation and the rule’s compliance date were necessary because of the Bureau’s January announcement that it intends to reconsider the Payday Rule. The litigation should be stayed, they argued, because the reconsideration of the Payday Rule could render the case moot or require amending the complaint. In addition, they asked the court to stay the compliance date to “prevent irreparable injury” to affected companies that would have “no way to know whether Plaintiffs’ members will ultimately need to comply with the Payday Rule, a modified payday rule, or no rule at all.” In the absence of a stay, the parties agreed, lenders would have to begin costly preparations well before the Bureau might take action to significantly change or repeal the rule. Several consumer advocacy groups objected to the Bureau’s joining the motion, and filed an amicus brief with the court opposing the joint motion. Ultimately, the judge agreed to stay the litigation, but not the rule’s compliance date. With the decision, the Bureau may have to find another way to provide the industry with relief from the costs of preparing for a rule that may be changed. In its Spring 2018 rulemaking agenda, the Bureau targeted February 2019 for proposing a modified rule.

German Federal Financial Supervisory Authority Publishes Guidance on the Regulatory Framework for Cloud Services

The German Federal Financial Supervisory Authority (“BaFin”) recently published an article that provides guidance on the regulatory framework for cloud computing.  This is a follow-up to the circular letter Minimum Requirements for Risk Management (“MaRisk”), which was published in German in October 2017 and the circular letter Supervisory Requirements for IT in Financial Institutions (“BAIT”), which was published in German in November 2017, with its English version released recently.

BaFin outlines the regulatory framework for cloud computing in this article.  In particular, BaFin makes clear that supervised entities must refer to BAIT for general guidance.  Furthermore, it is stated that the requirements of section AT 9 MaRisk also apply if the cloud service is a material outsourcing (“wesentliche Auslagerung”) in the meaning of section AT 9 MaRisk.  If this is the case, the cloud service is required to be evaluated on a case-by case basis.  If the cloud service constitutes a material outsourcing, supervised entities must comply with the supervisory requirements for outsourcing pursuant to Section 25b of the German Banking Act and the more specific requirements of section AT 9 MaRisk.

BAIT requires supervised entities to perform a risk assessment prior to the procurement of cloud services.  Supervised entities are afforded flexibility in defining the nature and the scope of a risk assessment, and the results of the risk assessment must be taken into account in developing contractual arrangements between supervised entities and their cloud service providers.

If the procurement of cloud services constitutes a material outsourcing, BaFin makes clear that supervised entities, such as financial institutions and insurance companies, must ensure they have unrestricted information rights and audit rights with their cloud service providers.  These rights include the rights of access to the business premises, data centers, servers, and employees of the cloud service provider.  Such unrestricted rights must also be granted to BaFin via the outsourcing contract between the supervised entity and its cloud service provider, as a way to make sure BaFin would have the ability to monitor the outsourced cloud computing activities and processes.  BaFin also indicates that it plans to release more detailed guidance on the issue of cloud computing over the course of this year.

BaFin requires supervised entities to incorporate the information rights as well as the audit rights maintained by BaFin and the supervised entity into the contractual agreements between the supervised entities and cloud service providers.  BaFin would be granted the same level of rights, which would allow BaFin to monitor the outsourced services, including the option to perform on-site inspection.  BaFin emphasizes that such rights of information and audit must be unrestricted: phased information and audit procedures would constitute a restriction and would not be compliant with relevant regulatory requirements.  The audit right should also not be dependent on the concept of commercial reasonableness.

BaFin plans to publish special guidance that will provide market participants with greater details regarding the supervisory requirements related to the use of cloud services.  It will also publish a circular specifying the supervisory requirements for insurance companies and pension funds in the coming months.

FS-ISAC Launches Information Sharing Forum for Government Entities

On June 11, 2018, the Financial Services Information Sharing and Analysis Center (“FS-ISAC”) announced the launch of the CERES Forum, an information sharing initiative for central banks, regulators, and supervisors designed to strengthen responses to cyber and physical threats.  The new forum will become operational on July 1, 2018.

Although FS-ISAC primarily comprises private financial institutions and over three dozen government entities, membership in the CERES Forum will be limited to government participants.  To protect the confidentiality of existing FS-ISAC members and ensure information shared within the CERES Forum is kept separate, government participants will be required to follow different processes and access the new forum through a secure standalone portal.

In addition to serving as a trusted medium for central banks, regulators, and supervisors, the CERES Forum’s stated mission is to:

  • Gather and share best practices related to regulatory and compliance controls;
  • Collect feedback about which controls are most effective; and
  • Distribute timely threat intelligence about cyber threats, vulnerabilities, and incidents that could affect CERES Forum members and the wider global financial system.

The launch of FS-ISAC’s CERES Forum reflects the growing trend of sophisticated cyberattacks and data breaches targeting financial institutions, including central banks, around the world.  It is the first information sharing forum tailored to address the needs of central banks, regulators, and supervisors.

OCC and FDIC Formalize Shorter Securities Trading Settlement Cycle

On June 1, 2018, the OCC and FDIC issued a final rule shortening the settlement cycle for securities transactions effected by OCC- and FDIC-regulated institutions.  Under the final rule, all such banks will be required to adhere to the standard industry settlement cycle, which currently requires trades to be settled no later than the second business day after the trade date (T+2).

As of September 5, 2017, non-bank market participants in the United States have been subject to a T+2 settlement cycle under SEC, MSRB, FINRA, NYSE, NASDAQ, Options Clearing Corporation, and DTCC rules.  The OCC’s and FDIC’s rules, however, had permitted banks under those agencies’ jurisdiction to settle securities on a T+3 basis, which was the prior market convention.  (By contrast, the Federal Reserve’s corresponding regulation for state member banks incorporates the market-standard settlement cycle.)

To address this potential fragmentation, in the summer of 2017 the OCC and FDIC issued guidance indicating that banks should be prepared to settle securities transactions on a T+2 basis.  In September 2017, the agencies followed their guidance by proposing changes to their rules to require settlement no later than the second business day following the date of the trade, unless otherwise agreed to by the parties at the time of the transaction.

The final rule, however, requires OCC- and FDIC-regulated institutions to settle securities transactions no later than the number of business days in the standard settlement cycle followed by registered broker-dealers in the United States following the date of the trade, unless otherwise agreed to by the parties at the time of the transaction.  Under the final rule, the length of the standard settlement cycle is determined by reference to SEC Rule 15c6-1.

The change to a cross-reference approach in the final rule is notable because it means that if and when the SEC amends Rule 15c6-1 to require T+1 settlement in the future, the OCC and FDIC would not need to amend their regulations further to require T+1 settlement.  Instead, OCC- and FDIC-regulated banks would be subject to the T+1 settlement requirement automatically.

The final rule will be effective as of the first day of the calendar quarter beginning at least 30 days following the rule’s publication in the Federal Register, which is expected to be October 1, 2018.

Regulators Propose Revisions to the Volcker Rule

On May 30, 2018, the Federal Reserve Board approved a notice of proposed rulemaking aimed at simplifying regulations implementing section 13 of the Bank Holding Company Act (12 U.S.C. 1851), also known as the “Volcker Rule” (or the “Rule”).  Enacted as part of the Dodd-Frank Act following the financial crisis of 2008, the Volcker Rule was implemented through final regulations in 2013 and generally prohibits insured depository institutions, foreign banking organizations, and their affiliates from engaging in proprietary trading or investing in or maintaining certain relationships with “covered funds” – specifically, hedge or private equity funds.

The proposed changes to the Volcker Rule were developed jointly by the five federal financial agencies with rule-writing authority over the Rule – the Federal Reserve, the Federal Deposit Insurance Corporation (“FDIC”), the Office of the Comptroller of the Currency (“OCC”), the Securities and Exchange Commission (“SEC”), and the Commodity Futures Trading Commission (“CFTC,” and collectively, the “Agencies”) – with an eye toward ensuring the continued stability of financial institutions, clarifying compliance requirements, and simplifying certain aspects of the Rule to reduce compliance costs.

The Agencies’ proposal would make a number of changes to the Rule, including:

  • Tailoring the Rule’s requirements based on the amount of a banking entity’ trading assets and liabilities;
  • Modifying the Rule’s definition of “trading account” by replacing the definition’s prong addressing the “purpose” of a trade with a new prong that is based on the accounting treatment of a position;
  • Creating a presumption of compliance with the underwriting and market making exemptions for certain trading desks that keep their underwriting or market making activities within certain internal risk limits;
  • Changing requirements related to market making, underwriting, and hedging interests in covered funds;
  • Removing certain conditions from the exemption for a foreign banking entity’s proprietary trading activities conducted solely outside the United States;
  • Adapting compliance requirements based on a banking entity’s level of trading activity by, among other things, creating a rebuttable presumption of compliance with the Rule for banking entities with gross trading assets and liabilities of less than $1 billion, and revising the scope of application of the existing chief executive officer (“CEO”) attestation requirement; and
  • Streamlining the trading activity information that certain banking entities are required to report to the Agencies.

The proposal also seeks comment on an unusually large number of questions (342 in total), some of which indicate that the Agencies are considering more extensive changes to the Rule.  For instance, the Agencies have sought comment on whether and how to revise the definition of “covered fund”; whether to implement exemptions to so-called “Super 23A” restrictions on relationships between a banking entity and a covered fund; and the how to address so-called “foreign excluded funds” that are not “covered funds” and therefore may fall within the definition of “banking entity” if controlled by another banking entity.  The proposal’s actual proposed changes to the covered fund provisions of the Rule, however, are quite limited.

The proposal follows last week’s passage of the Economic Growth, Regulatory Relief, and Consumer Protection Act, which exempts from the Volcker Rule banking entities with (1) total assets valued at less than $10 billion, and (2) trading assets and liabilities comprising not more than 5 percent of total assets.  The Federal Reserve has indicated that it expects the Agencies to implement this new statutory exemption through a separate rulemaking process.

The CFTC’s Active Week: Virtual Currencies in Focus

This past week has been an especially active one for the U.S. Commodity Futures Trading Commission (CFTC). On Monday, in a speech to the North American Securities Administrators Association (NASAA), CFTC Chairman Giancarlo announced a Memorandum of Understanding (MOU) to increase cooperation between state securities regulators and the CFTC — particularly with respect to prosecuting potential fraud and market abuse as it pertains to virtual currencies. The CFTC Chairman also previewed a staff advisory relating to Virtual Currency Derivative Product Listings, which was released later that same day. Wrapping up the week, the press reported that the Department of Justice, in cooperation with the CFTC, has opened a criminal investigation into whether traders are manipulating the price of Bitcoin and other virtual currencies. Continue Reading

CFTC Issues Advisory Regarding Virtual Currency Derivatives

Earlier this week, the CFTC published a staff advisory regarding virtual currency derivative product listings. The guidance sets forth five areas of focus for exchanges and clearinghouses in listing a new virtual currency derivatives contract pursuant to Commission Regulation 40.2 or 40.3, including: (1) enhanced market surveillance, (2) coordination with CFTC staff, (3) large trader reporting, (4) outreach to stakeholders, and (5) derivatives clearing organization (“DCO”) risk management.

With respect to prong (1), enhanced market surveillance, the CFTC observed that designated contract markets (“DCMs”) and swap execution facilities (“SEFs”) must establish and maintain an effective oversight program. In reviewing an exchange’s surveillance program, the CFTC stated that staff would assess the exchange’s visibility into the underlying spot markets. Notably, the CFTC stated its belief that a well-designed market surveillance program includes an arrangement to share information with the underlying spot markets, including trade data, and continuous review of relevant data feeds from appropriate spot markets. In addition, the Commission expects that virtual currency contracts are based on spot markets that follow AML and KYC or similar regulations.

With respect to coordinating with CFTC staff, the CFTC conveyed its expectation that exchanges not only engage in regular discussions with the Commission, but that exchanges also provide the CFTC data related to settlements, and coordinate the timing of derivative contract launches to enable the Commission to better monitor trading of newly-listed contracts.

The commission further recommended that exchanges set the large trader reporting threshold for any virtual currency derivative contract at five bitcoin or the equivalent (if the contract is based on other virtual currencies).

Prior to listing new virtual currency contracts, exchanges should solicit comments and views on issues from interested stakeholders. Exchanges should consider including, in any submissions to the CFTC for listing a virtual currency derivative contract, an explanation of substantive opposing views and how the exchange addressed such views or objections. The Commission noted that including as much information as possible will help exchanges to avoid subsequent issues in rolling out the contract.

With respect to the final area of focus, DCO risk management, the CFTC stated that it will review proposed margin requirements and will seek other information relevant to clearing the proposed contract. Such information, the CFTC noted, includes information related to the governance process for approving the proposed contract.

California Considers a New Blockchain-Related Bill

California has taken a conservative step on the path to greater regulation of blockchain technology or legal recognition of blockchain-secured data.  On May 18, an amended bill was referred to the State Assembly Appropriations Committee for review that would provide for the establishment of a blockchain working group to evaluate “the potential uses, risks, and benefits of the use of blockchain technology by state government and California-based businesses.”  The amended bill also provides a legal definition of “blockchain.”[1]

In February, the first version of the bill was introduced by California State Senator Robert Hertzberg before the State’s Senate Banking and Financial Institutions Committee with substantially different contents.  The initial bill would have expanded the definition of “electronic record” and “electronic signature” in the California Uniform Electronic Transactions Act to include records and signatures that are secured through blockchain technology.  It also would have expanded the definition of “contract” in the Act to include a smart contract, as defined,[2] and would have given the same legal effect to blockchain-secured data, including ownership records, as data stored in a traditional database.

In April, the State’s Senate Banking and Financial Institutions Committee then amended and referred the bill to the Judiciary Committee with a “do pass” recommendation.  Notably, all reference to smart contracts was taken away in the amended version.

The bill was further revised to its current formulation by the Judiciary Committee and has been referred to the Assembly Appropriation Committee for further review.  Instead of making the significant step to legally recognize the records and signatures stored on a blockchain, as the bill initially contemplated, the amended bill merely would establish a blockchain working group to evaluate “the potential uses, risks, and benefits of the use of blockchain technology by state government and California-based businesses, on or before July 1, 2020.”  Such blockchain working group would be composed of appointees from a broad range of government and private institutions.   In particular, evaluating the privacy risks associated with the implementation of blockchain technology was singled out as the focus of the working group, which would consist of two appointees representing privacy organizations and two appointees representing consumer organizations, among others.

[1] The bill defines blockchain as “an electronic record of transactions or other data that is (1) uniformly ordered, (2) redundantly maintained or processed by one or more computers or machines to guarantee the consistency or nonrepudiation of the recorded transactions or other data; (3) validated by the use of cryptography.”  See

[2] The initial bill defined smart contract as “an event-driven program that runs on a distributed, decentralized, shared, and replicated ledger that can take custody over, and instruct transfer of, assets on that ledger.”  See

Office of the Comptroller of the Currency Encourages Banks to Meet Consumer’s Needs for Short-Term, Small-Dollar Credit; BCFP Voices Approval

Yesterday, the Office of the Comptroller of the Currency issued a bulletin encouraging national banks and federal savings associations to make short-term, small-dollar installment loans that are both safe and affordable available to consumers.

The bulletin observes that despite the need, many banks have withdrawn from this market, forcing consumers to turn to non-bank lenders. The bulletin encourages banks to fill the gap and sets forth three general lending principles that banks should bear in mind when offering short-term, small-dollar installment lending products:

  • All bank products should be consistent with safe and sound banking, treat customers fairly, and comply with applicable laws and regulations.
  • Banks should effectively manage the risks associated with the products they offer, including credit, operational, compliance, and reputation.
  • All credit products should be underwritten based on reasonable policies and practices, including guidelines governing the amounts borrowed, frequency of borrowing, and repayment requirements.

With respect to the last principle, the bulletin provides further guidance on what constitutes reasonable policies and practices, including but not limited to: loan amounts and repayment terms that align with eligibility and underwriting criteria, fair treatment of loan applicants, and pricing scaled to product risks and costs.

Notably, the OCC also stated that it “views unfavorably an entity that partners with a bank with the sole goal of evading a lower interest rate established under the law of the entity’s licensing state(s).”

Subsequent to this announcement by the OCC, the Acting Director of the Bureau of Consumer Financial Protection, Mick Mulvaney, issued a statement applauding the OCC’s move.