ViClarity Compliance Update

CFPB advisory on medical debt collection; 2025 thresholds for higher-priced mortgage loans will increase; email bomb attack advisory; and more. 

The Dakota Credit Union Association’s dues-supported compliance solution –  ViClarity – is a world leader in credit union compliance. To read the complete articles/answers that are linked, you will need to log in with your username and password. If you have questions about establishing your members-only account with ViClarity, click here for detailed instructions or contact John Alexander in the DakCU office.

CFPB Issues Advisory Opinion on Medical Debt Collection Tactics
The Consumer Financial Protection Bureau (CFPB) has issued guidance regarding illegal debt collection practices surrounding medical debt. The guidance details illegal practices and prohibits debt collectors from engaging in those practices. The opinion clarified that debt collectors, including third-party “revenue cycle management” companies, are violating federal law when they collect on inaccurate or legally invalid medical debt. Included in the list of illegal practices are debt collectors who attempt to “double-dip” to get paid for services already covered by insurance, harassing consumers to pay fake or exaggerated charges, misrepresenting consumers’ rights to contest bills, and collecting on debts without documentation that a debt is actually owed. Read the full article here.
 
The CFPB in Joint Agency Actions Increase Certain Thresholds for 2025
The Consumer Financial Protection Bureau (CFPB), the Federal Reserve Board (the Board), and the Office of the Comptroller of the Currency (OCC), have announced that the 2025 threshold for higher-priced mortgage loans subject to special appraisal requirements will increase. The threshold increase is a result of a rise in the Consumer Price Index for Urban Wage Earners and Clerical Workers (CPI-W) from this past June. More on the topic here.
 
Mobile Device Users Warned of 50,000 Email Bomb Attack
Recently, mobile device users have been warned about a 50,000 email bomb attack, which shut down the inbox of unsuspecting victims. The attack came shortly after the Department of Health and Human Services, Human Cybersecurity Coordination Center (HHS) released an alert, raising awareness about the prevalence of email bombs. HHS defines an email bomb as an electronic occurrence where a bad actor (either a singe actor or a group of actors) floods an e-mail address or server with hundreds to thousands of email messages. The “bomb” is a type of Denial of Service (DoS) attach that allows the bad actors to bury legitimate transaction and security messages in an unsuspecting inbox by rendering the victim’s mailbox useless. In the 21st Century’s version of “burying the evidence,” the attackers hope that a victim will miss important emails like account sign-in attempts, updates to contact information, financial transaction details or online order confirmations. Learn more here.
 
CFPB Proposed Rule on Change to Remittance Transfer Receipt Information
Credit unions engaged in the purchasing of community banks should expect heightened scrutiny from the Federal Deposit Insurance Corporation (FDIC). In guidelines issued September 17, 2024, the FDIC stated that it is considering requiring credit unions to provide more information on proposed bank purchases so that the agency can assess whether the merger serves community needs. The agency also noted that it plans on including credit unions and other non-bank entities when considering competition factors in bank purchases, particularly in rural areas. Full article available here.