Regulatory Developments
CFPB Finalizes Personal Financial Data Rights Rule
On October 22, the CFPB finalized its Personal Financial Data Rights Rule under Section 1033 of the Dodd Frank Act. The rule is intended to move the US closer to an “open banking” system by allowing consumers to more easily switch between financial institutions. The final rule expands coverage from the proposed rule to cover not only consumer data from bank accounts and credit cards but also from mobile wallets and payment apps, requiring covered financial institutions to build out application programming interfaces (APIs) that allow consumers to access their data and to share it with authorized third parties. The rule also establishes strict limitations on a third party’s use of consumer data and requires a simple and straightforward means for a consumer to revoke the third party’s access to the consumer’s data. The rule will take effect 60 days after publication in the Federal Register, with rolling compliance dates between 2026 and 2030 based on the size of the covered financial institution.
“To make our banking and payments market more competitive, it needs to be open and decentralized using a common set of data standards, free of powerful gatekeepers and middlemen that can impose private regulations and extract fees.”
— Rohit Chopra, Director, CFPB
CFPB Issues Circular Clarifying Application of FCRA to Users and Furnishers of Consumer Reports for Employment Purposes
On October 24, the CFPB issued a Circular clarifying that employers who use consumer reports about workers to make employment decisions must comply with the FCRA, including obtaining workers’ permission to procure a consumer report, providing notices before and upon taking adverse action, and not using consumer reports for purposes other than as permitted by the FCRA. Also, third parties furnishing such consumer reports to employers are consumer reporting agencies under the FCRA (i.e., report-makers who “assemble” or “evaluate” consumer information or use consumer data to train an algorithm to produce a report, score, or other assessment) and must follow reasonable procedures to assure maximum possible accuracy, disclose information in a worker’s file to the worker upon request, and investigate worker disputes alleging inaccuracies. Materials that may qualify as consumer reports include background dossiers, surveillance-based “black box” AI or algorithmic scores, and other third-party reports or scores assessing a current worker’s risk level or performance. Employment decisions for which a consumer report might be used include hiring, promotion, reassignment, and retention. The CFPB encouraged employers to review their current practices regarding the use of consumer reports to ensure compliance with the FCRA.
OCC Finalizes Revisions to Its Recovery Planning Guidelines
On October 21, the OCC finalized revisions to its enforceable Guidelines applicable to certain large insured national banks, federal savings associations, and insured federal branches of foreign banks. The revisions amend the Guidelines to apply to banks with at least $100 billion in assets, in place of the prior $250 billion threshold. The OCC believes this new, lower threshold is appropriate, because institutions with at least $100 billion have a risk level, complexity, and interconnectedness that is greatly benefited by recovery planning. The revisions also incorporate a testing standard for recovery plans, clarify the role of non-financial risk as it relates to recovery planning, and provide covered institutions timelines for compliance, which includes development of a testing framework and conducting that testing. The revisions to the Guidelines are part of the OCCs broader efforts to ensure that large banks are appropriately prepared for, and have procedures in place to respond to, the financial effects generated by severe stress. The revisions, published in the Federal Register, become effective January 1, 2025 with staggered compliance dates.
FDIC Extends Compliance Date for Subpart A of the “FDIC Official Signs and Advertising Requirements, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo”
On October 17, the FDIC extended the compliance date for Subpart A of its final rule, “FDIC Official Signs and Advertising Requirements, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo,” from January 1, 2025 to May 1, 2025 to allow financial institutions additional time to establish the necessary compliance procedures. The extension applies only to Subpart A of the final rule, which, among other obligations, requires banks and non-banks to clearly indicate when a product or institution is FDIC-insured (differentiating deposit and non-deposit products), to display FDIC signage in their digital channels, and to establish written policies to comply with the final rule.
FDIC Board of Directors Releases Semiannual Update on DIF Plan
On October 17, the FDIC Board of Directors released its semiannual update on the DIF Plan. As required by the Federal Deposit Insurance Act (FDI Act), the FDIC Board of Directors must adopt a restoration plan when the DIF’s reserve ratio – the ratio of the fund balance relative to insured deposits – falls below the statutory minimum of 1.35%. In September 2020, the FDIC established the Plan to restore the DIF reserve ratio to at least 1.35% by the statutory deadline of September 30, 2028, after extraordinary deposit growth during the first half of 2020 caused the DIF reserve ratio to decline below the statutory minimum. Between December 2023 and June 2024, the DIF reserve ratio increased from 1.15% to 1.21%, due to growth in the DIF balance and slower-than-average insured deposit growth, and the FDIC now projects that the reserve ratio will remain on track to reach 1.35% ahead of the statutory deadline.
FDIC Issues Notice of Designated Reserve Ratio for 2025
On October 17, 2024, the FDIC Board of Directors issued a notice, pursuant to the FDI Act, designating the DRR for the DIF to remain at 2% for 2025, based on certain statutory factors, including risk of losses to the DIF, economic conditions generally affecting insured depository institutions, preventing sharp swings in assessment rates, and other factors that the FDIC Board of Directors may determine to be appropriate, such as viewing the DRR as a long-range, minimum goal to reduce the risk of a large rate increase during a crisis.
Check Out Goodwin's Latest Industry Insights
Corporate Transparency Act (CTA) Resource Center
Go-to resource and compliance toolkit.
Fintech Flash
The latest news and developments for the rapidly evolving fintech industry – which often can change in a flash.
Bank Failure Knowledge Center
Visit our knowledge center for timely updates and analysis on important developments related to bank failures.
Consumer Finance Insights (CFI) Blog
The latest on consumer finance regulation, litigation, and enforcement.
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee similar outcomes.
Editors
- /en/people/b/burlingham-josh
Josh Burlingham
Associate - /en/people/k/kirby-samantha
Samantha M. Kirby
PartnerChair, Financial Services - /en/people/m/mccurdy-williamWM
William McCurdy
Senior Attorney
Contributors
- /en/people/c/cary-nikkiNC
Nikki Cary
Associate - /en/people/k/kliewer-andrew
Andrew Kliewer
Associate - /en/people/q/qandil-serene
Serene Qandil
Associate - /en/people/r/ramos-nicoNR
Nico Ramos
Associate - /en/people/x/xu-jiabao
Jiabao (Eva) Xu
Associate