ABA Banking Journal: CFPB releases final rule on financial data sharing
October 22, 2024
The Consumer Financial Protection Bureau today released the final rule implementing Section 1033 of the Dodd-Frank Act, which requires banks and other financial institutions to make a consumer’s financial information available to them or a third party at the consumer’s direction. The final rule also bans third parties from using consumer data to advertise products the consumer didn’t request and requires businesses to delete personal information once customers have revoked access to that data.
The CFPB first proposed the rule last year to move the U.S. close to an “open banking” system where customers will be able to share and gain access to data associated with bank accounts, credit cards and other payment products with few barriers. One change from the original proposal is the final rule bases coverage on the total assets held by a depository institution data provider, exempting institutions with equal to or less than $850 million in assets from the requirements.
The initial compliance dates are April 1, 2026, for depository institutions with at least $250 billion in total assets and nondepository institutions that generated at least $10 billion in total receipts in either 2023 or 2024; April 1, 2027, for depository institutions with at least $10 billion in assets and nondepository institutions that did not generate $10 billion in receipts; April 1, 2028, for depository institutions with at least $3 billion in assets; April 1, 2029, for depository institutions with at least $1.5 billion in assets; and April 1, 2030, for depository institutions with more than $850 million in assets.
In a statement, ABA President and CEO Rob Nichols said that while the association appreciates that the final rule incorporates the efforts of industry-led bodies, ultimately the process “devolved into a press-release driven, political exercise based on the false premise that consumers lack choices and a misunderstanding of whether Dodd-Frank grants CFPB the authority to radically reshape the financial services marketplace.”
“While we are still evaluating the details of the final rule, it is clear that our longstanding concerns about scope, liability, and cost remain largely unaddressed,” Nichols said. “This is disappointing after so many years of good-faith efforts by parties on all sides to improve consumer outcomes.”
ABA also plans to release a staff analysis providing an overview of the final rule in the near future.
The cost of a data breach is not easy to define, but as more and more organizations fall victim to attacks and exposures, the financial repercussions are becoming clearer.
For modern businesses regardless of industry or size, the monetary impact of a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, from March 2023 to February 2024, the average cost of a data breach globally reached an all-time high of $4.88 million. This figure represents a 10% increase over the same period ending February 2023 and a 26.4% rise from 2018. Over the course of the past decade, data breach costs have risen 39.4%.
“The report highlights trends I have been concerned about since the second half of 2023 when we started seeing organizations cut security staffing and budget,” said David Shipley, CEO and co-founder of Beauceron Security. “These are predictable outcomes of the combination of an out-of-control cybercrime wildfire combined with cutbacks both in cyber fire prevention and firefighting.”
Of the 604 organizations that took part in the study, 70% experienced a significant or very significant disruption to business resulting from a breach.
The Financial Crimes Enforcement Network today issued an alert for financial institutions to help identify and report suspicious activity supporting the Lebanese terrorist group Hezbollah (also spelled Hizballah). The alert builds upon an advisory issued in May concerning Iran-backed organizations.
The alert notes that Hezbollah’s financing is global in scale, with large portions of its revenue coming from smuggling oil, electronics and other goods. The organization and its supporters operate a global network of front companies and legitimate businesses in real estate, import/export, construction, diamonds and precious stones, and high-value art to move and launder funds, according to FinCEN.
Red flags for financial institutions to look out for include customer transactions with entities and individuals that the U.S. Office of Foreign Assets Control has designated due to their connection with Hezbollah, customers utilizing the services of foreign financial institutions designated being of “primary money laundering concern,” and customer transactions to money services businesses and financial institutions that operate in jurisdictions at high risk for Hezbollah terrorist financing.
ABA Banking Journal: FinCEN Releases Commercial on Beneficial Ownership Information Reporting
The Financial Crimes Enforcement Network this week released a new video and radio commercial to educate business owners on the new beneficial ownership information reporting requirements. It is part of a larger public outreach campaign by the agency, which includes a dedicated website and videos on BOI reporting.
FinCEN last month issued a notice to financial institution customers about BOI reporting, explaining why certain customers must report directly to the agency in addition to giving information to their banks, which are subject to the customer due diligence rule.
ABA Banking Journal: ABA continues push for FCC action on illegal texts
October 21, 2024
The American Bankers Association continued its advocacy to push the Federal Communications Commission to issue new rules to help stem the flow of illegal texts and calls to consumers, sending a letter to the agency last week after a recent meeting with Commissioner Brendan Carr’s staff. The FCC had been scheduled to consider the new rules during its meeting on Sept. 26, but the rules were removed from the agenda.
ABA’s letter follows a correspondence sent to the FCC last by 52 state bankers associations, which urged the agency to adopt the new rules.
The rules under consideration would require mobile wireless providers that originate text messages to block all texts from a particular source when notified by the FCC of illegal texts from that source, except under limited circumstances. Existing rules require terminating providers — but not originating providers — to block all texts from a particular number when notified by the FCC of illegal texts from that number. In prior comments, ABA urged the FCC to expand this requirement to cover originating providers.
The rules also would require mobile wireless providers to offer email-to-text as an opt-in service. In previous comments, ABA warned the FCC that bad actors are increasingly using email-to-text as a primary means to place a large volume of illegal texts quickly.
ABA continues to ask bankers to write to submit their own comment to urge the FCC to adopt the new rules.
Last week, the SDBA was pleased to welcome South Dakota Attorney General, Marty Jackley, to the SDBA office to record a podcast episode titled, "Tips to Avoid Financial Fraud". Not only is October is Cybersecurity Awareness Month, but the ABA's 'Banks Never Ask That' campaign is also in full swing.
Take a listen as SDBA President Karl Adam and Attorney General Jackley go over tips and reminders for everyday life, but also with the holiday shopping season just around the corner, they share some timely and excellent reminders to keep at the forefront. We encourage you to share on your socials, share with your family and friends, and help us thank Attorney General Jackley and the Office of Consumer Protection for their attention and diligent work in keeping South Dakota's consumers safe and educated.
2024SDBA NEXT STEP: Emerging Leaders Summit
Tuesday, October 29, 2024 Holiday Inn City Centre| Downtown Sioux Falls, SD
LAST CALL!! Plan to attend the 2024 SDBA NEXT STEP: Emerging Leaders Summit in downtown Sioux Falls, South Dakota, on Tuesday, October 29, 2024. This year's agenda is another good one, with guest speaker and emcee kicking things off, Jack Stahlmann, the Don't Flinch Guy. Jack’s presentation, The Intangible It, examines the "it" quality movie stars possess that you can't quite put your finger on… or can you? Also on the agenda: former South Dakota Governor and Lt. Governor, Dennis Daugaard and Matt Michels; Marissa Brinkman; Sioux Falls Mayor, Paul Ten Haken; Janet Kittams with The Helpline Center; and South Dakota native, Andrew Kightlinger, film director and writer.
The IRA Update builds on the attendees’ knowledge of IRA basics to address some of the more complex IRA issues their financial organizations may handle. This course includes how the SECURE Act really changes our two biggest topics: RMDs and death distributions and discusses any pending legislation. This is a specialty session; some previous IRA knowledge is assumed. The instructor uses real-world exercises to help participants apply information to job-related situations.
Q: Would flood insurance be required on a loan in which the bank is only taking a mobile home as collateral?
A: If the mobile home in question is affixed to a permanent foundation / site (and presuming that the mobile home is located / will be located in an SFHA, and the community in which the mobile home is located participates in the NFIP), then the subject property would meet the definition / eligibility of a building, even without any land being taken as collateral, and therefore flood insurance would likely be required under 12 CFR 339.3(a).
It is worth noting that if the mobile home is not located on a permanent foundation - i.e., a so-called "home only" loan - the regulatory agencies note that such transactions are generally excluded from the definition of mobile home and the notice requirements would not apply to these transactions:
"In the case of loan transactions secured by mobile homes not located on a permanent foundation, the Agencies note that such “home only” transactions are excluded from the definition of mobile home and the notice requirements would not apply to these transactions. However, the Agencies encourage a lender to advise the borrower that if the mobile home is later located on a permanent foundation in an SFHA, flood insurance will be required. If the lender, when notified of the location of the mobile home subsequent to the loan closing, determines that it has been placed on a permanent foundation and is located in an SFHA in which flood insurance is available under the Act, flood insurance coverage becomes mandatory and a force placement notice must be given to the borrower under those provisions.71 If the borrower fails to purchase flood insurance coverage within 45 days after notification, the lender must force-place the insurance." Loans in Areas Having Special Flood Hazards; Interagency Questions and Answers (pdf. pg. 193 - 194)
FinCEN issues alert on Hezbollah financing
LAST CALL!! Plan to attend the 2024 SDBA NEXT STEP: Emerging Leaders Summit in downtown Sioux Falls, South Dakota, on Tuesday, October 29, 2024. This year's agenda is another good one, with guest speaker and emcee kicking things off, Jack Stahlmann, the Don't Flinch Guy. Jack’s presentation, The Intangible It, examines the "it" quality movie stars possess that you can't quite put your finger on… or can you? Also on the agenda: former South Dakota Governor and Lt. Governor, Dennis Daugaard and Matt Michels; Marissa Brinkman; Sioux Falls Mayor, Paul Ten Haken; Janet Kittams with The Helpline Center; and South Dakota native, Andrew Kightlinger, film director and writer. 
