Skip to Main Content

Compliance Solutions quarterly newsletter — June 2023

Important information about compliance updates, regulatory changes, document enhancements, and more.


Hello, we’re TruStage Compliance Solutions

We’re excited to officially reintroduce ourselves — unified under the TruStage™ brand as TruStage Compliance Solutions. We will continue to deliver the documents, solutions, and capabilities you know and trust. You can expect to see a mixed brand presence in market as we complete our transition.

Actions to take now

To align with the TruStage brand, you may need to make some changes. We recommend that you take action on the following items:

  1. Allow access to updated web addresses. Ensure that your organization’s internal security settings allow entry of updated web addresses. Add and other domains as trusted sites to minimize the risk of business disruption.
  2. Update your safe sender list to accept Please update your safe sender list to accept If you are unsure how to do this, reach out to your organization’s IT department.

CFPB technical corrections Final Rule

The Consumer Financial Protection Bureau (CFPB) issued a Final Rule making technical corrections and minor updates to the contact information for federal agencies in Regulations B, E, F, J, V, X, Z, and DD.

Regulation B requires that Adverse Action Notices include the federal agency contact information listed in Appendix A. As a result, the contact information for federal agencies on Adverse Action Notices must be updated.

The changes include:

  • Correction to the CFPB’s zip code
  • Update to the Federal Trade Commission’s (FTC) address
  • Removal of the option to provide FTC Regional Office contact information
  • Update to the National Credit Union Administration’s (NCUA) contact information

The mandatory compliance date for these changes is March 20, 2024.

CFPB issues guidance on UDAAP’s ‘abusive’ definition

Last April, the Consumer Financial Protection Bureau (CFPB) issued a policy statement addressing abusive acts or practices in consumer financial markets. The policy statement:

  • Summarized past enforcement actions the CFPB has taken
  • Provided clarity on how the CFPB analyzes specific elements of abusiveness in the market
  • Offered a framework that allows other governmental enforcement agencies charged with monitoring markets to identify abusive acts or practices in those markets

The framework is centered around the definition of an abusive act or practice as stated in 12 U.S.C.A. § 5531. An abusive act or practice is an act or practice that (1) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) takes unreasonable advantage of:

  • A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;
  • The inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or
  • The reasonable reliance by the consumer on a covered person to act in the interests of the consumer

The first part of the definition, material interference, can be shown when an act or omission obscures, withholds, de-emphasizes, renders confusing, or hides information that the consumer would need to understand the terms and conditions of a transaction. For example, the CFPB cites buried or withheld disclosures, digital interference with user experience, and user interfaces that make the terms and conditions of a transaction less accessible as potential material interferences. Notably, the entity’s intent to interfere is not a required element to finding an act or practice abusive.

The second part of the definition, unreasonable advantage, may be met by one of three ways.

Unreasonable advantage of lack of understanding

The lack of understanding focuses on consumers’ “gaps in understanding” material risks, costs, or conditions of the product or service. The CFPB points out that it is not required to find that the entity caused the consumer’s lack of understanding to find that the entity was acting abusively in taking unreasonable advantage of such a lack of understanding.

Unreasonable advantage of the inability to protect interests

The inability of the consumer to protect their interests focuses on entities taking advantage of consumers’ unequal bargaining power and inability to protect their interests. This includes both monetary and non-monetary interests such as time or effort necessary to obtain consumer financial products, or time required to remedy problems arising with those products. Relationships where consumers have little to no choice in providers (e.g., third-party loan servicers), while not per se abusive, are subject to closer scrutiny.

Unreasonable advantage of reasonable reliance

This involves the consumer’s reasonable reliance on the entity’s communications or expected role in a transaction. This can arise in two forms: (1) a consumer reliance based on the communication of the entity that it will act in their best interest through advertising or any other means; or (2) an entity assumes a role acting on behalf of consumers or helping them select providers in the market. In both situations, consumers should be able to expect that such relationships are free of manipulation, steering, or self-dealing.

For more information and to view the policy statement in its entirety, please visit this link.

The policy statement is set to be published in the Federal Register. The public and stakeholders can provide comments to the CFPB until July 3 by calling (855) 411-CFPB (2372).

Business lending

CFPB issues Section 1071 Final Rule

On March 30, 2023, the Consumer Financial Protection Bureau (CFPB) issued its final rule (“Final Rule”) implementing Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act – 13 years after it was originally enacted by Congress. The Final Rule adds a new Subpart B to Regulation B which requires, “[a] covered financial institution shall compile and maintain data regarding covered applications from small businesses.” Below are highlights of the Final Rule, but this information is by no means exhaustive.

Key definitions

The following are some of the key definitions provided by the Final Rule:

  • “Covered financial institution” includes, but is not limited to, banks, savings associations, credit unions, online lenders, platform lenders, community development financial institutions, lenders involved in equipment and vehicle financing, farm credit system lenders, commercial finance companies, merchant cash advance providers, governmental entities, and nonprofit lenders that originated at least 100 covered originations for small businesses in each of the two preceding calendar years.
  • “Covered credit transaction,” unless excluded, is an extension of business credit. Covered credit transactions do not include trade credit, HMDA reportable transactions, insurance premium financing, public utilities credit, securities credit, incidental credit, factoring, leases, consumer-designated credit used for business or agricultural purposes, purchases of a credit transaction, purchases of an interest in a pool of credit transactions, and purchases of partial interest in a credit transaction.
  • “Covered origination” is a covered credit transaction a financial institution originated to a small business.
  • “Small Business” is a business with gross annual revenue for its preceding fiscal year of $5 million or less, excluding governmental entities or non-profit entities. This may be adjusted for inflation every five years beginning in 2030.
  • “Covered application” means an oral or written request for a covered credit transaction that is made in accordance with procedures used by a financial institution for the type of credit requested, but does not include (1) re-evaluation, extension, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; and (2) inquiries and prequalification requests.

Data collection requirements

The following table details institution-generated data, applicant credit information, and applicant demographic data required to be collected.

Institution generated data

Applicant credit information

Applicant demographic data

  • Unique identifier
  • Application date
  • Action taken (i.e., approved, denied, originated, incomplete, etc.)
  • Action taken date
  • Application method (i.e., in-person, phone, online, mail)
  • Application recipient (i.e., direct or through third party)
  • Credit type (i.e., product, guarantees, loan term)
  • Credit purpose
  • Amount applied for
  • Census tract
  • Gross annual revenue
  • Amount approved (if applicable)
  • 3-digit NAICS code (industry classification)
  • Number of workers (i.e., full-time, part-time, seasonal, contractors, etc.)
  • Time in business
  • Number of principal owners (i.e., 0-4)
  • Denial reasons (if applicable)
  • Pricing information (i.e., interest rate, origination charges, broker fees, prepayment penalties, etc.)
  • Minority-owned status
  • Women-owned status
  • LGBTQI+-owned status
  • Principal owners’ ethnicity, race, and sex

Financial institutions may rely on information from the applicant when compiling data. Further, financial institutions cannot verify an applicant’s responses to the Final Rule’s required inquiries regarding the applicant’s minority-owned, women-owned, and LGBTQI+ owned business statuses, or about the principal owners’ ethnicity, race, or sex. These data points must be reported based solely on an applicant’s responses to the covered financial institution’s inquiries.

Firewall requirement

Generally, employees or covered financial institutions shall not have access to the demographic data of an applicant or its principal owners if that employee is involved in making credit decisions on an applicant’s covered application. However, this requirement does not apply to the extent that the financial institution determines that it is not feasible to limit that employee’s access to the demographic data AND the financial institution provides notice to the applicant as required under 12 CFR § 1002.108(d).

Timeline for initial compliance

The Final Rule provides a tiered approach to when financial institutions will need to begin complying with the data collection requirements.

Number of covered transactions

Date to beginning collecting data

Deadline for reporting first-year data to CFPB

At least 2,500 in both 2022 and 2023

October 1, 2024

June 1, 2025

At least 500 in both 2022 and 2023; and at least 100 in 2024

April 1, 2025

June 1, 2026

At least 100 in each of 2022, 2023, 2024, and 2025

January 1, 2026

June 1, 2027

Challenge to Final Rule

The issuance of the Final Rule is not the end of the story when it comes to implementing Section 1071. On April 26, the Texas Bankers Association and Rio Bank filed a complaint challenging the Final Rule (Texas Bankers Association v. Consumer Financial Protection Bureau). The plaintiffs rely heavily on federal cases challenging the CFPB’s funding structure making any rules promulgated by the CFPB invalid and argue, among other things, that the Final Rule violates the Administrative Procedure Act by expanding the 13 data points originally provided in Section 1071 to 81 datapoints in the Final Rule. While this and other cases challenging the CFPB make their way through the federal courts, the implementation date of the Final Rule could potentially be postponed.

For more information on the final rule:

SBA issues Final Rules and new standard operating procedures

There has been a flurry of recent activity related to Small Business Administration (SBA) processes and procedures which has been met with criticism from traditional financial institutions and related trade organizations. On April 10, 2023, the SBA issued a final rule entitled Affiliation and Lending Criteria for the SBA Business Loan Programs which became effective on May 11, 2023 (“SBA Affiliation Final Rule”). On April 12, 2023, the SBA issued a final rule entitled Small Business Lending Company (SBLC) Moratorium Rescission and Removal of the Requirement for a Loan Authorization which became effective on May 12, 2023 (“SBA Authorization Final Rule”).

The SBA has indicated that these final rules are intended to remove bureaucratic red tape and streamline the SBA loan process. Financial institutions and related trade organizations have indicated that these final rules and changes to the SBA 7(a) and 504 loan programs will loosen underwriting standards, lead to less oversight on SBA lending criteria, allow for less regulated lenders to participate in the SBA loan programs, and ultimately lead to a decrease in the credit quality of SBA loans and potentially increase the number of defaults on SBA loans.

SBA affiliation Final Rule changes

Below are some of the changes being made to the SBA loan program requirements:

  • SBA loans can now be used for partial changes of ownership of an entity, where a complete change of ownership was previously required.
  • Hazard insurance for SBA loans less than $500,000.00 is no longer required. Previously, hazard insurance was required for SBA loans above $150,000.00.
  • Removal of the SBA’s prior underwriting guidelines and generally allowing lenders to follow the processes and procedures that are used for underwriting similarly sized non-SBA guaranteed commercial loans.
  • SBA Franchise Directory will no longer be published by the SBA.
  • Common management, identity of interest, and franchise agreements will not be used to determine affiliation for SBA loan purposes. Affiliation will now be based on common ownership. The ownership of spouses and minor children will be aggregated to determine ownership. Stock options and similar vehicles will be given present effect to also determine ownership for affiliation purposes.

Concerns have been raised that the changes will open the door to larger or more well-funded businesses to be eligible for SBA loans. Additionally, there are concerns that the removal of underwriting guidelines and hazard insurance guardrails may lead to an increase in the rate of defaults and a decrease in credit quality of SBA loans.

SBA Authorization Final Rule changes

Some significant changes were also made to SBA loans under the SBA Authorization Final Rule:

  • Lifting the cap on Small Business Lending Companies.
  • Removal of the requirement for the standard SBA Loan Authorizations and use of the National Authorization Boilerplate for 7(a) and 504 loans.

There are concerns that this potentially opens the door to less regulated fintech or non-traditional lenders to start participating in SBA loan programs without the well-defined underwriting guidelines previously provided and without the standard regulatory oversight which governs traditional banks and credit unions.

SBA Procedural Notice 5000-846991 (“SBA Authorization Procedural Notice”) provides that the “SBA is removing the requirement for a loan Authorization and will instead rely on the use of the terms and conditions of the loan application as submitted by the SBA Lender into E-Tran.” However, as of the writing of this article, the SBA has not provided alternate instructions for detailing the terms and conditions used to document SBA loans. This puts existing SBA lenders in the potentially precarious position of trying to guess at the applicable terms and conditions or use now outdated resources to detail the terms and conditions of SBA loans with no guidance as to whether these terms and conditions will satisfy the SBA or whether the SBA will ultimately honor its guarantee in the future due to lack of guidelines or guardrails.

There have been numerous Congressional meetings on these significant changes and some discussions of attempts to delay the implementation of these rules and/or new Standard Operating Procedure (SOP) 50 10 7, as well as Congress potentially stepping in and passing legislation to address the concerns being raised. Without more clarity and guidance, and perhaps the rollback or delay on these recent final rules and the new SOP, there may be a chilling effect on the willingness of lenders to issue new SBA loans.

For more information on recent SBA changes and the new SOP 50 10 7:

Real estate lending

Update to Georgia Security Deed requirements

Georgia House Bill 974 was passed on May 5, 2022, amending Georgia Code § 44-14-63 effective July 1, 2023. These amendments involve additional recording requirements. Georgia recordable instruments have been updated to include the following information on the first page of the document:

  • Date of the document
  • Names of the signatories of the document
  • Grantee’s mailing address
  • Map and parcel identification information, if applicable
  • Loan amount
  • Maturity date
  • Any amount of intangible tax amount required to be paid
  • If no intangible tax is required to be paid, a citation to the authority providing an exemption of such tax

For legal advice regarding the intangible recording tax requirements, we encourage you to review Georgia Administrative Code § 560-11-8 and consult with your attorney.

Question of the quarter

On what documents does my NMLSR ID need to be?

The documents that must include the names and NMLSR IDs are the application, loan estimate, note or loan contract, security instrument, and closing disclosure. The NMLSR ID is only required to be disclosed with closed-end consumer credit transactions secured by a dwelling.


Recent bank failures could lead to changes to deposit insurance coverage

Three large bank failures in the past three months have left the industry wary of what’s next and wondering if there is more to come. While financial institutions continue to focus their efforts on growing deposits, customers and members want assurance that their money is safe at their bank or credit union. So now, depositors and agencies are turning their attention to deposit and share insurance coverage and contemplating whether the current insurance coverage is sufficient.

The Federal Deposit Insurance Corporation (FDIC) and the National Credit Union Association (NCUA) provide deposit and share insurance coverage for depositors in the event an insured bank or credit union fails, and both programs are backed by the full faith and credit of the United States government. Currently, deposits are insured up to $250,000 per depositor per ownership category for each FDIC-insured bank or NCUA-insured credit union.

In light of the recent bank failures, people are now more interested in deposit insurance than ever before, and regulatory agencies are looking into whether the current insurance program sufficiently meets its objectives of protecting depositors’ money and ensuring stability of the financial industry. The FDIC recently released a comprehensive overview of the deposit insurance system and proposed the following three options for deposit insurance reform:

  1. Limited coverage. Maintains the current structure, with insurance being provided up to a certain dollar amount based on ownership rights and capacities.
  2. Unlimited coverage. Extends unlimited deposit insurance coverage to all depositors.
  3. Targeted coverage. Offers varying deposit insurance coverage depending on the account type and provides for higher coverage for business payment accounts.

In its press release, the FDIC indicated it believes targeted coverage provides the best option for both financial institution stability and depositor protection based on the cost. While the FDIC would need congressional action to change the insurance coverage to one of these options, these proposed options may be a sign of more changes to come for the financial services industry.

For more information on deposit and share insurance, visit these FDIC and NCUA resource pages.

Consumer lending

Fourth Circuit holds ‘hybrid’ loan financing a vehicle and GAP is exempt from MLA

On April 12, 2023, the United States Court of Appeals for the Fourth Circuit handed down a long-awaited decision on Davidson v. United Auto Credit Corporation, ruling that the plaintiff’s loan financing a motor vehicle and Guaranteed Asset Protection (GAP) is exempt from the Military Lending Act (MLA).


In this case, while on active duty with the U.S. Army, Davidson financed a motor vehicle purchase and GAP coverage with a loan from United Auto Credit Corporation (“United Auto”). Davidson alleged that the loan violated the MLA because it mandated arbitration and did not include MLA-required disclosures.

The MLA excludes “a loan procured in the course of purchasing a car or other personal property, when that loan is offered for the express purpose of financing the purchase and is secured by the car or personal property procured.”

Court’s analysis and decision

The Court analyzed whether United Auto’s loan was “offered for the express purpose of financing the purchase” of the car and, pursuant to existing case law, looked at the ordinary meaning of the words. Ultimately, the Court determined that “for the express purpose” as used in the MLA refers to a “specific” rather than “sole” purpose. Therefore, because the loan was offered for the specific purpose of financing the purchase of the car, the loan is exempt from the MLA regardless of the fact that it also financed GAP. The Court further stated, “[t]he loan is exempted from the [MLA], no matter what else it financed.”

Notably, the Department of Justice, Department of Defense, and Consumer Financial Protection Bureau filed an amicus brief requesting the Court find that Davidson’s loan was not exempt from the protections of the MLA.

This decision is binding on the Fourth Circuit which includes Maryland, North Carolina, South Carolina, Virginia, and West Virginia. Other courts may decide to follow the Fourth Circuit’s lead on this issue, although it is not binding. We will continue to monitor this.

Question of the quarter

When is a loan modification considered a troubled debt restructuring (TDR)?

A loan modification is categorized as a TDR if the borrower is experiencing financial difficulty and the financial institution, for economic or legal reasons, grants the borrower a concession that it would not otherwise make.