Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 9, the U.S. Court of Appeals for the 9th Circuit held that Fannie Mae is not a “consumer reporting agency” under the FCRA and therefore is not liable under the law. According to the opinion, homeowners attempted to refinance their current mortgage loan two years after completing a short sale on their prior mortgage. While shopping for the refinance, lenders used Fannie Mae’s Desktop Underwriting (DU) program to determine if the loan would be eligible for purchase by the agency. Three of the eight DU findings showed the loan would be ineligible due to a foreclosure reported for the homeowners within the last seven years, which was not true. The homeowners sued Fannie Mae alleging the agency violated the FCRA for inaccurate reporting. On cross motions for summary judgment, the lower court determined that Fannie Mae was liable under the FCRA for furnishing inaccurate information because the agency “acts as a consumer reporting agency when it licenses DU to lenders.”
On appeal, the 9th Circuit reviewed whether Fannie Mae was a consumer reporting agency under the FCRA and noted that the agency must “regularly engage in . . . the practice of assembling or evaluating” consumer information, which Fannie Mae argues it does not do. Specifically, the agency asserts that it simply provides software that allows lenders to evaluate consumer information. The appeals court agreed, concluding that Fannie Mae created the tool but the person using the tool is the person engaging in the act. The court reasoned, “[t]here is nothing in the record to suggest that Fannie Mae assembles or evaluates consumer information.” Moreover, the court noted, if Fannie Mae were found to be a consumer reporting agency, it would be subject to other FCRA duties to borrowers, which “would contradict Congress’s design for Fannie Mae to operate only in the secondary mortgage market, to deal directly with lenders, and not to deal with borrowers themselves.”
On January 4, the Illinois governor signed HB 4873, which amends the state’s Payday Loan Reform Act (the Act) to increase from $1 to $3 the maximum verification fee that a certified consumer reporting service may charge a lender—and that the lender may pass on to the borrower—for verifying an installment payday loan as required by the Act. The increased verification fees may be charged beginning July 1, 2010. The verification fee paid by the borrower cannot exceed the fee paid by the lender.
CFPB releases annual adjustments to HMDA, TILA, and FCRA; agencies release CRA asset-size threshold adjustments
On December 31, the CFPB published final rules adjusting both the asset-size thresholds under HMDA (Regulation C) and TILA (Regulation Z), and the maximum amount consumer reporting agencies may charge consumers for providing the consumer the consumer’s credit file under FCRA. All rules take effect on January 1, 2019.
Under HMDA, institutions with assets below certain dollar thresholds are exempt from the collection and reporting requirements. The final rule increases the asset-size exemption threshold for banks, savings associations, and credit unions from $45 million to $46 million, thereby exempting institutions with assets of $46 million or less as of December 31, 2018, from collecting and reporting HMDA data in 2019.
TILA exempts certain entities from the requirement to establish escrow accounts when originating higher-priced mortgage loans (HPMLs), including entities with assets below the asset-size threshold established by the CFPB. The final rule increases this asset-size exemption threshold from $2.112 billion to $2.167 billion, thereby exempting creditors with assets of $2.167 billion or less as of December 31, 2018, from the requirement to establish escrow accounts for HPMLs in 2019.
Lastly, the FCRA permits consumer reporting agencies to impose a reasonable charge on a consumer when disclosing the consumer’s credit file in certain circumstances. Where the annual adjustment to this maximum charge had historically been announced via regulatory notice, the Bureau is now codifying the maximum charge in Regulation V. For 2019, the Bureau increased the maximum amount consumer reporting agencies may charge for making a file disclosure to a consumer from $12.00 to $12.50.
Separately, on December 20, the Federal Reserve Board, the OCC, and the FDIC (collectively, the “Agencies”) jointly announced the adjusted asset-size thresholds used to define “small” and “intermediate small” banks and savings associations under the Community Reinvestment Act (CRA). Effective January 1, 2019, a “small” bank or savings association will be defined as an institution that, as of December 31 of either of the past two calendar years, had assets of less than $1.284 billion. An “intermediate small” bank or savings association will be defined as an institution with assets of at least $321 million as of December 31 of both of the past two calendar years, but less than $1.284 billion in assets as of December 31 of either of the past two calendar years. The Agencies published the annual adjustments in the Federal Register on December 27.
District Court allows certain check authorization recommendation claims against consumer reporting agency to proceed
On October 2, the U.S. District Court for the Western District of Texas granted in part and denied in part a request for judgment on the pleadings brought by a nationwide specialty consumer reporting agency (defendant) that provides check authorization recommendations used by merchants when determining whether to honor a consumer’s check. According to the order, the plaintiff’s attempts to cash checks were denied based upon guidelines for authorization established by the defendant. The plaintiff subsequently (i) complained to the defendant that consumers did not have access to the recommendation guidelines; (ii) disputed the accuracy of the recommendations; and (iii) requested that denied transactions be reinvestigated. In its second amended complaint, the plaintiff claimed the defendant violated the Fair Credit Reporting Act (FCRA), the Texas Consumer Credit Reporting Act (TCCRA), and the Texas Deceptive Trade Practices Act, asserting that the consumer file prepared by the defendant contained two inaccuracies and that the defendant failed to conduct a reasonable reinvestigation of his consumer file or did not have procedures in place to correct inaccurate information. While the court dismissed the FCRA and TCCRA §20.07 claims to the extent they were based on allegations that the defendant did not have reasonable procedures in place to correct inaccurate information, it held that the allegations regarding the defendant’s failure properly to reinvestigate the consumer’s file did state a plausible claim for relief.
On August 22, the CFPB released the latest quarterly consumer credit trends report, which focuses on the reporting of telecommunications-debt collections to nationwide consumer reporting agencies based on a sample of approximately 5 million credit records. The report notes that during the past five years approximately 22 percent of credit records contained at least one telecommunications-related (telecom-related) item, with nearly 95 percent of these telecom-related items being reported by collection agencies. The report highlights that 37 percent of consumers who reported having been contacted about a debt in collection in the prior year were contacted about a telecommunications debt, and more than one fifth of all debt collection revenue is telecom-related debt. The report also observed that a single telecom collection may be associated with multiple tradelines in a credit record over time, suggesting that telecom collections are often reassigned. Notably, however, the report suggests that while the presence of a telecom-related collection item on a credit record is most commonly associated with consumers with lower credit scores, the change in score before and after the collection item appears on the credit record is often small, and as a result, a single telecom-related collection is unlikely to affect a credit decision for those consumers.
On July 12, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “An Overview of the Credit Bureaus and the Fair Credit Reporting Act” to discuss the scope and enforcement of the Fair Credit Reporting Act (FCRA), the measures undertaken by the CFPB and the FTC to oversee credit bureau data security and accurate credit reporting, and other laws and regulations as they pertain to credit bureaus. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by discussing the need to understand the “current state of data security, data accuracy, data breach policy” given consumers’ increased reliance on technology and recent cybersecurity incidents.
Associate Director for the Division of Privacy and Identity Protection at the FTC, Maneesha Mithal, discussed in prepared remarks the FTC’s role in implementing, enforcing, and interpreting the FCRA, as we all as the importance of educating consumers and businesses about FCRA requirements. According to Mithal, the FCRA continues to be a “top priority” for the FTC as the consumer reporting system evolves and new technologies emerge. Mithal discussed consumer reporting agency (CRA) FCRA compliance requirements concerning, among other things, dispute resolution processes, furnisher obligations, and credit reporting accuracy. Specifically, Mithal commented on the FTC’s more than 30 FCRA enforcement actions, in addition to the more than 60 law enforcement actions taken against companies for allegedly failing to implement reasonable data security practices. Mithal also touched upon the FTC’s business guidance and consumer education efforts concerning FCRA rights and obligations.
Assistant Director for Supervision Policy at the Bureau, Peggy Twohig, similarly discussed the Bureau’s authority over CRAs and furnishers with respect to the agency’s supervisory and enforcement authority, and noted, among other things, that while the agency possesses broad authority to promulgate rules as required to enforce the FCRA, it lacks rulemaking authority under certain sections of the FCRA related to red flags and the disposal of records, which fall under the FTC’s purview. Twohig further commented on the Bureau’s efforts to educate consumers on a variety of topics, including data breaches, credit freezes, and credit and identity monitoring.
On April 11, CFPB Director Richard Cordray delivered prepared remarks at the Operation HOPE Global Forums Annual Meeting in Atlanta addressing, among other things, financial challenges facing the “economically vulnerable”—most notably with respect to credit reporting and the handling of consumer disputes. As previously covered in InfoBytes, credit reporting was one of the top three consumer complaint categories for 2016. In his speech, Cordray cited a FTC study that found that “millions of people had an error on at least one of their credit reports that was serious enough to materially affect their credit score” and outlined the Bureau’s position for addressing these concerns such as (i) requiring credit reporting companies to improve quality control systems; (ii) creating easier access for consumer to dispute errors; and (iii) cleaning up information initially provided to the credit reporting companies by examining the ways in which banks and financial companies furnish the information.
On March 23, the CFPB ordered a nationwide credit reporting company and its subsidiaries to pay $3 million for allegedly deceiving consumers about how credit scores they marketed and sold were used by lenders. The consent order claims the company developed its own proprietary credit scoring model (PLUS Score), which was used to generate credit scores from information in a consumer’s credit file. The company then allegedly deceptively marketed and sold the “educational” credit score as the same type of score lenders use to make credit decisions, when in fact lenders did not use the scores. Moreover, there were instances of significant discrepancies between the “educational” credit scores that the company sold to consumers and the actual credit scores used by the lenders. The Bureau also alleges the company—up until March 2014—violated the Fair Credit Reporting Act (FCRA) by requiring consumers to view advertisements before they could access their credit reports. Pursuant to the consent order, the company must pay a $3 million civil money penalty, truthfully inform consumers about the nature of the credit scores it sells, and develop and implement an effective compliance management system to ensure its advertising practices comply with federal consumer laws. As previously reported in InfoBytes, earlier this year the CFPB issued consent orders against two different nationwide credit reporting companies for similar allegations.
In a Decision and Order released last month, the CFPB denied a Petition to set aside or modify a civil investigative demand (CID) directed to a data provider (“Petitioner”). The order also directed Petitioner to produce responsive information within 10 calendar days.
The CFPB originally issued the CID on January 5 in connection with its efforts to gather information about Petitioner’s business, products, services, and operations. According to Petitioner, the stated purpose of the CID “purport[ed] to exercise jurisdiction over [Petitioner] under the Fair Credit and Reporting Act (‘FCRA’) or under ‘any other federal consumer financial law.’” On January 25, Petitioner moved to set aside or modify the CID arguing, among other things, that: (i) the Bureau lacks jurisdiction over Petitioner because Petitioner is neither a consumer reporting agency (“CRA”), nor a “covered person” or “service provider” under a “federal consumer financial law”; (ii) the CID’s Notification of Purpose is impermissibly vague in that it fails to adequately state the “nature of the conduct constituting the alleged violation” and/or “the provision of law applicable to such violation”; and (iii) the CID is “impermissibly overbroad and seeks information which cannot possibly be related to or reasonably relevant to the inquiry at hand (which itself remains unclear and undefined).”
Ultimately, the CFPB determined that none of three objections raised by Petitioner “warrant[ed] setting aside or modifying the CID.” In response to the argument that the CFPB lacks jurisdiction, the Bureau interpreted its authority under the Consumer Financial Protection Act to include investigative authority to issue CIDs to “any person” who may have information “relevant to a violation” of any federal consumer financial law, regardless of whether that person or entity is subject to CFPB authority. In response to Petitioner’s argument regarding the vagueness of the CID’s Notification of Purpose, the Bureau stated that the argument fails because “it is well settled that the boundaries of an agency investigation may be drawn ‘quite generally.’” Finally, as to Petitioner’s objection that the CID was overbroad and/or sought irrelevant information, the Bureau concluded that this was merely a restatement of the jurisdictional argument and fails for the same reasons. The CFPB explained that the question of whether Petitioner is properly subject to CFPB authority need not be answered at the outset of an investigation, because it is the type of question “the investigation is designed and authorized to illuminate.”
On March 7, the Pennsylvania Department of Banking and Securities announced it has published a new brochure to help consumers better understand what information should be included in their credit report and what steps to take if there is an issue.
- Buckley Webcast: Tips for this year’s FHA annual recertification and what the shutdown means
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference
- Melissa Klimkiewicz to discuss "RESPA-compliant marketing" at NEXT
- Daniel P. Stipano to provide "Update on AML/SAR reporting and enforcement" at an Mortgage Bankers Association webinar
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Successors in interest updates" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference