InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB, OCC issue consent orders against national bank
On July 14, the CFPB announced a consent order against a national bank to resolve allegations that the bank engaged in unfair and abusive acts or practices with respect to unemployment insurance benefit recipients who filed notices of error concerning alleged unauthorized electronic fund transfers (EFTs). The CFPB alleged that the bank violated the CFPA by, among other things: (i) determining that “no error had occurred and [by] freezing cardholder accounts based solely on the results of [the bank’s] automated Fraud Filter”; (ii) “retroactively applying its automated Fraud Filter to reverse permanent credits for unemployment insurance benefit prepaid debit cardholders whose notices of error [the bank] had previously investigated and paid”; and (iii) “impeding unemployment insurance benefit prepaid debit cardholders’ efforts to file notices of error and seek liability protection from unauthorized EFTs.” The CFPB also claimed that the bank violated the EFTA and Regulation E by “fail[ing] to conduct reasonable investigations” of cardholders’ notices of error. Under the terms of the Bureau’s consent order, the bank is required to provide redress to harmed consumers, review and reform its unemployment insurance benefit prepaid debit card program, and pay a $100 million civil penalty to the Bureau.
The same day, the OCC announced a consent order and a $125 million civil money penalty against the bank for alleged unsafe or unsound practices related to the same prepaid card program. According to the OCC, the bank, among other things: (i) “fail[ed] to establish effective risk management” over its unemployment card program”; and (ii) “beginning in 2020, denied or delayed many consumers’ access to unemployment benefits when consumers filed or attempted to file [unemployment insurance benefits] unauthorized transaction claims.” The OCC’s civil money penalty and remediation requirement is in addition to the CFPB’s civil money penalty.
9th Circuit partially reverses unauthorized EFTs action
On December 20, the U.S. Court of Appeals for the Ninth Circuit affirmed in part and reversed in part a district court’s dismissal of an action under the EFTA against a national bank related to alleged unauthorized electronic fund transfers. The plaintiff, a foreign national who resided primarily outside the U.S., held several accounts with the defendant, including the checking account at issue. According to the plaintiff, “through unknown means, unidentified individuals gained access to her [] checking account in October 2017 and began making unauthorized withdrawals without her knowledge.” A separate bank flagged a large transfer from the plaintiff’s account and reached out to the defendant’s fraud department. That bank ultimately refunded the plaintiff’s money; however, according to the opinion, the defendant allegedly did not change the plaintiff’s account number and password, freeze her account, or inform her of the unauthorized transfer. From November 2017 through March 2019, more than 100 additional unauthorized withdrawals were made. The plaintiff acknowledged that she did not report any of these unauthorized transactions until March 2019, claiming she had been overseas with “‘very limited or no’ internet access to check her bank statements.” While some of the unauthorized withdrawals were reimbursed through the defendant’s internal dispute-resolution process, the defendant allegedly “refused to reimburse her for $300,000 of the losses she suffered, citing her failure to report the initial unauthorized withdrawals within 60 days of their appearance on her bank statements, as the EFTA ordinarily requires.” The plaintiff sued, claiming that the defendant violated the EFTA or, alternatively, California’s EFTA counterpart, and asserting various other state law claims. The district court granted the defendant’s motion to dismiss, ruling that because the plaintiff “failed to report the withdrawals at issue” within the required time frame, “the EFTA bars her claim as a matter of law.”
On appeal, the 9th Circuit determined that the plaintiff plausibly alleged sufficient facts under the EFTA to suggest that “the subsequent unauthorized transfers for which she sought reimbursement would still have occurred.” While the plaintiff did not dispute that she failed to report any of the unauthorized withdrawals to the defendant within EFTA’s 60-day reporting period, she argued that her compliance was excused based on her limited access to her banking records and that the defendant “was already aware of the initial $29,000 withdrawal in November 2017[.]” The appellate court agreed with the district court that the plaintiff failed to “plausibly explain how someone with [her] financial means lacked adequate internet access to view her banking records for more than a year.” The 9th Circuit also rejected the plaintiff’s argument that she did not need to report the unauthorized withdrawals by virtue of the defendant’s communications with the other bank, agreeing that the EFTA “says nothing about a bank receiving notice from third-party sources unaffiliated with the consumer”
However, the 9th Circuit disagreed with the district court’s decision to dismiss the EFTA claim or its California counterpart, after concluding that the plaintiff satisfied her pleading burden by alleging facts “plausibly suggesting that even if she had reported an unauthorized transfer within the 60-day period, the subsequent unauthorized transfers for which she [sought] reimbursement would still have occurred.” The panel emphasized that a consumer may be held liable for unauthorized transfers occurring after the 60-day period only where the bank establishes that those transfers “‘would not have occurred but for the failure of the consumer’” to report the earlier unauthorized transfer within the 60-day period. The district court “overlooked this requirement, and the error was not harmless,” the appellate court explained.
CFPB releases EFTA FAQs
On December 13, the CFPB released updated Electronic Fund Transfers FAQs, which pertain to compliance with the Electronic Fund Transfer Act (EFTA) and Subpart A to Regulation E. The updated topics include transaction coverage, financial institution coverage, error resolution, and unauthorized EFT error resolution. Highlights from the updated FAQs include:
- Person-to-person (P2P) payments can be unauthorized electronic transfers under Regulation E.
- “[A] ‘pass-through’ payment transfers funds from the consumer’s account held by an external financial institution to another person’s account held by an external financial institution,” which is “initiated through a financial institution that does not hold a consumer’s account, for example, a non-bank P2P provider.”
- “Regulation E section 1005.2(i) defines financial institution under EFTA and Regulation E to include banks, savings associations, credit unions, and: any other person that directly or indirectly holds an account belonging to a consumer, or any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.”
- “Any P2P payment provider that meets the definition of a financial institution, as discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, is a financial institution under Regulation E.” Therefore, “if a P2P payment provider directly or indirectly holds an account belonging to a consumer, they are considered a financial institution under Regulation E.”
- The transfer is considered to be an unauthorized EFT under Regulation E if a consumer’s account is obtained from a third party through fraudulent means (hacking), and a hacker utilizes that information to make an unauthorized electronic transfer from the consumer’s account.
- “Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act…. Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”
CFPB supervisory highlights cover wide range of violations
On December 8, the CFPB released its fall 2021 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of credit card account management, debt collection, deposits, fair lending, mortgage servicing, payday lending, prepaid accounts, and remittance transfers. The report’s findings cover examinations that were completed between January and June of 2021 in addition to prior supervisory findings that led to public enforcement actions in the first half of 2021. Highlights of the examination findings include:
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse late fees after determining a missed payment was not credited to a consumer’s account; and (iii) conduct reasonable investigations into billing error notices concerning missed payments and unauthorized transactions. Examiners also identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors represented to consumers that their creditworthiness would improve upon final payment under a repayment plan and the deletion of the tradeline. Because credit worthiness is impacted by numerous factors, examiners found “that such representations could lead the least sophisticated consumer to conclude that deleting derogatory information would result in improved creditworthiness, thereby creating the risk of a false representation or deceptive means to collect or attempt to collect a debt in violation of Section 807(10).”
- Deposits. The Bureau discussed violations related to Regulation E, including error resolution violations related to misdirected payment transfers and failure to investigate error notices where consumers alleged funds were sent via a person-to-person payment network but the intended recipient did not receive the funds.
- Fair Lending. The report noted instances where examiners cited violations of ECOA and Regulation B by lenders "discriminating against African American and female borrowers in the granting of pricing exceptions based upon competitive offers from other institutions,” which led to observed pricing disparities, specifically as compared to similarly situated non-Hispanic white and male borrowers. Among other things, examiners also observed that lenders’ policies and procedures contributed to pricing discrimination, and that lenders improperly inquired about small business applicants’ religion and considered religion in the credit decision process.
- Mortgage Servicing. The Bureau noted that it is prioritizing mortgage servicing supervision attributed to the increase in borrowers needing loss mitigation assistance due to the Covid-19 pandemic. Examiners found violations of Regulations Z and X, as well as unfair and deceptive acts and practices. Unfair acts or practices included those related to (i) charging delinquency-related fees to borrowers in CARES Act forbearances; (ii) failing to terminate preauthorized EFTs; and (iii) assessing fees for services exceeding the actual cost of the performed services. Deceptive acts or practices found by examiners related to mortgage servicers included incorrectly disclosed transaction and payment information in a borrower’s online mortgage loan account. Mortgage servicers also allegedly failed to evaluate complete loss mitigation applications within 30 days, incorrectly handled partial payments, and failed to automatically terminate PMI in a timely manner. The Bureau noted in its press release that it is “actively working to support an inclusive and equitable economic recovery, which means ensuring all mortgage servicers meet their homeowner protection obligations under applicable consumer protection laws,” and will continue to work with the Federal Reserve Board, FDIC, NCUA, OCC, and state financial regulators to address any compliance failures (covered by InfoBytes here).
- Payday Lending. The report identified unfair and deceptive acts or practices related to payday lenders erroneously debiting consumers’ loan balances after a consumer applied and received confirmation for a loan extension, misrepresenting that consumers would only pay extension fees on the original due dates of their loans, and failing to honor loan extensions. Examiners also found instances where lenders debited or attempted one or more duplicate unauthorized debits from a consumer’s bank account. Lenders also violated Regulation E by failing “to retain, for a period of not less than two years, evidence of compliance with the requirements imposed by EFTA.”
- Prepaid Accounts. Bureau examiners found violations of Regulation E and EFTA related to stop-payment waivers at financial institutions, which, among other things, failed to honor stop-payment requests received at least three business days before the scheduled date of the transfer. Examiners also observed instances where service providers improperly required consumers to contact the merchant before processing a stop-payment request or failed to process stop-payment requests due to system limitations even if a consumer had contacted the merchant. The report cited additional findings where financial institutions failed to properly conduct error investigations.
- Remittance Transfers. Bureau examiners identified violations of Regulation E related to the Remittance Rule, in which providers “received notices of errors alleging that remitted funds had not been made available to the designated recipient by the disclosed date of availability” and then failed to “investigate whether a deduction imposed by a foreign recipient bank constituted a fee that the institutions were required to refund to the sender, and subsequently did not refund that fee to the sender.”
The report also highlights recent supervisory program developments and enforcement actions.
10th Circuit: Bank not obligated to post real-time balances
On April 8, the U.S. Court of Appeals for the 10th Circuit affirmed a lower court’s dismissal of a consumer’s suit arising out of overdraft fees charged by an Arkansas-based bank. The consumer alleged, among other things, that the bank breached its Electronic Fund Transfer Agreement (EFT Agreement) by failing to provide accurate, real-time account balance information online, which caused her to “incur unexpected overdraft fees.” According to the opinion, the consumer claimed that she frequently relied on her online account balance when making purchases, and that the bank’s alleged debiting practices—such as “batching by transaction type,” processing transactions out of chronological order, and “failing to show real-time balance information online [or] intra-bank transfers instantaneously”—sometimes caused her to pay insufficient funds and overdraft fees. The consumer filed suit asserting claims for “actual fraud; constructive fraud; false representation/deceit; breach of fiduciary duty; breach of contract (namely, the EFT Agreement) . . . breach of the implied covenant of good faith and fair dealing; and unjust enrichment.” The consumer appealed following a dismissal of all claims by the district court. In 2017, the 10th Circuit reversed and remanded the dismissal of the breach of contract claim, and affirmed the dismissal of the other claims. The district court granted summary judgment to the bank, determining that the EFT Agreement promised accuracy only to posted amounts and not to pending or unprocessed transactions.
On appeal, the 10th Circuit agreed with the district court, holding that the plain language of the EFT Agreement only promised accuracy of posted amounts, and authorized the bank to collect overdraft fees on insufficient funds items even if an ATM card or check card transaction “was preauthorized based on sufficient funds in the account at the time of withdrawal, transfer or purchase.” Moreover, the court noted that the EFT Agreement specifically stated that there was a 7:00 p.m. cut-off for transfers to be posted. Therefore, it was clear that the bank was not “contractually obligated to make intra-bank transfers instantaneously.” Furthermore, the court pointed out that the consumer failed to provide evidence demonstrating that the bank provided inaccurate balances.
Noncash Payment Growth Highlighted in Sixth Federal Reserve Payments Study
On June 30, the Board of Governors of the Federal Reserve issued its sixth payments study entitled The Federal Reserve Payments Study 2016: Recent Developments in Consumer and Business Payment Choices. The study includes data on business and consumer noncash payments made in the United States in 2015. Among other things, the study details the differences between business and consumer payments in 2015 compared to those from 2000, general-purpose payment card use in 2015, and increases in use of alternative payment methods.
According to the report, the most popular noncash payment types among consumers were, in descending order: non-prepaid debit cards, general-purpose credit cards, checks, and finally, ACH debit transfers. For businesses, however, ACH credit transfers were the most popular, then checks, general-purpose credit cards, and non-prepaid debit cards. Consumers wrote fewer than half the number of checks in 2015 than they did in 2000 but almost doubled the number of noncash payments that they made. Businesses also cut check-writing by more than half but differed from consumers by more than doubling the number of ACH transfers that they initiated during the same period.
General-purpose or “network-branded” cards accounted for more than 65 percent of noncash payments in 2015. The data showed that 60 percent of these card accounts carried revolving debt, while 40 percent of accounts were paid in full each month.
Information on fraudulent payments also was collected and should be available in the third quarter of this year.
CFPB Orders Payday Lender to Pay Over $500k in Civil Monetary Penalty and Restitution to Customers
On December 16, the CFPB announced that it had entered a stipulation and consent order assessing a $250,000 civil monetary penalty and other remediation against a financial-services company that offers payday loans and check-cashing services based on allegations that it misled consumers through deceptive online advertisements and collections letters and made unauthorized electronic transfers from consumers’ bank accounts. Among other things, the Bureau took particular issue with the fact that Bureau examiners had previously identified “significant compliance-management-system weaknesses that heightened the risk that violations w[ould] occur,” and that “[a]t the times the violations described in this order, the company had not adequately addressed these issues.”
According to the terms of the consent order, the company is required to: (i) end its deceptive practices and obtain authorization for any electronic-fund transfers; (ii) pay approximately $255,000 to redress harm caused to affected consumers; and (iii) pay a civil monetary penalty of $250,000. As explained by CFPB Director Richard Cordray, “consumers were making decisions based on false and deceptive information, and today’s action will give the company’s customers the redress they are owed.”
CFPB Releases Final Rule on Prepaid Financial Products; Chamber of Digital Commerce Comments on Scope of the Rule
On October 5, the CFPB released its final rule on prepaid financial products, including traditional prepaid cards, mobile wallets, person-to-person payment products, and other electronic accounts with the ability to store funds. The rule is intended to provide consumers with additional federal protections under the Electronic Fund Transfer Act analogous to the protections checking account consumers receive. The following federal protections are included in the new rule: (i) financial institutions will be required to provide certain account information for free via telephone, online, and in writing upon request, unless periodic statements are provided; (ii) financial institutions must work with consumers who find errors on their accounts, including unauthorized or fraudulent charges, timely investigate and resolve these incidents, and restore missing funds when appropriate; and (iii) consumers will be protected against unauthorized transactions, such as withdrawals or purchases, if their prepaid cards are lost or stolen. The rule contains new “Know Before You Owe” prepaid disclosures similar to those used for mortgages and student financial aid offers. In addition to requiring two (one short, the other long) disclosure forms, the new rule requires that prepaid account issuers post agreement offers made available to the general public on their websites, submit all agreements to the CFPB, and make agreements that are not required to be posted on their website available to relevant consumers. The new rule also includes credit protections stemming primarily from the Truth in Lending Act and the Credit Card Accountability Responsibility and Disclosure Act, including providing consumers with monthly credit billing statements, giving consumers reasonable time – at least 21 days – to repay their debt before incurring late fees, ensuring that consumers are able to repay the debt before making a credit offer, and limiting the fee and interest charges to 25% of the total credit limit during the first year an account is open. The rule, which has not yet been published in the Federal Register, has a general compliance date of October 1, 2017, but includes certain accommodations, one of which is an October 2018 effective date for the requirement that agreements be submitted to the CFPB.
The Chamber of Digital Commerce submitted comments to the CFPB in December advocating that virtual currency products and services should fall outside the scope of the prepaid rule. Pursuant to the final rule, the CFPB found that “application of Regulation E and this final rule to such products and services is outside the scope of this rulemaking.”
CFPB Releases Guidance on Financial Exploitation of Older Americans
On March 23, the CFPB simultaneously issued a report and an advisory providing financial institutions with information on the financial exploitation of older Americans and recommendations on how to prevent and respond to such exploitation. The report combines the CFPB’s “expertise regarding elder financial exploitation” with knowledge gained from interviews conducted between May 2014 to March 2016 with various stakeholders, including, but not limited to, representatives of individual banks and credit unions of various sizes, trade associations, technology vendors, and law enforcement. According to the CFPB, the release of recommendations outlined in the report and advisory mark the “first time a federal regulator has provided an extensive set of voluntary best practices to help banks and credit unions fight [financial exploitation of older Americans].” The CFPB recommended that financial institutions (i) establish protocols for ensuring staff compliance with the Electronic Fund Transfer Act; (ii) train staff to detect the warning signs of financial exploitation and respond appropriately to suspicious events; (iii) maintain fraud detection systems that provide analyses of the types of products and account activity associated with elder financial exploitation; (iv) report cases of suspected exploitation, which includes filing Suspicious Activity Reports with FinCEN when necessary; and (v) collaborate with stakeholders, including law enforcement, at the local, regional, and state level.
FTC Announces Settlements with Online Payday Lenders Over Alleged Violations of TILA and EFTA
On January 5, the FTC announced separate settlements with two online payday lenders to resolve charges dating back to April 2012 that the defendants violated TILA, the Federal Trade Commission Act (FTC Act), and the Electronic Fund Transfer Act (EFTA). According to the FTC, the defendants (i) violated TILA by failing to accurately disclose information regarding the loan terms, such as the finance charge, annual percentage rate, payment schedule, and the total of payments; (ii) violated the FTC Act’s prohibition on deceptive acts or practices by misrepresenting how much loans would cost consumers; and (iii) violated the EFTA by conditioning extension of credit to consumers on the consumers’ repayment by preauthorized debits from their bank accounts. In addition to prohibiting the defendants from engaging in practices that violate the TILA and EFTA, the FTC’s final orders require the defendants to each pay $2.2 million and collectively waive $68 million in uncollected fees to consumers. Combined with other settlements, the FTC has recovered approximately $25.5 million in connection with its case against several payday lending companies and related individuals.