InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB and New York say auto lender misled consumers
On January 4, the CFPB and New York attorney general filed a complaint against a Michigan-based auto finance company accused of allegedly misrepresenting the cost of credit and deceiving low-income consumers into taking out high-interest loans on used vehicles. (See also AG’s press release here.) The joint complaint alleges, among other things, that the defendant based the price of a loan (and then artificially inflated the principal amount) and the payment to the dealer on the projected amount that may be collected from the consumer during the life of the loan (without factoring in whether consumers could actually afford the loan).
The Bureau and AG further argued that the true cost of credit is hidden in inflated principal balances in order to evade state interest rate caps. An investigation conducted by the AG found that while the defendant’s loan agreements in New York claimed an APR of 22.99 percent or 23.99 percent (just below the 25 percent usury cap), the defendant actually charged on average more than 38 percent (and on many occasions charged an APR in excess of 100 percent). These high-interest loans, the AG claimed, often caused consumers to accrue additional fees and become delinquent on their loans.
The complaint also alleged the defendant failed to consider consumers’ ability to repay their loans in full, engaged in aggressive debt collection tactics, and created financial incentives for dealers to add on extra products, such as vehicle service contracts. Add-on products generated roughly $250 million in revenue for the defendant in 2020, the complaint said, adding that these alleged deceptive lending practices lowered consumers’ credit scores and cost borrowers millions of dollars. The complaint further maintained that the defendant packaged the consumer loans into securities that were sold to investors on the premise that the underlying loans complied with applicable law. These alleged false representations, the complaint said, constituted securities fraud under New York’s Martin Act.
The complaint — which also alleges violations of the Consumer Financial Protection Act’s prohibition against deceptive and abusive acts or practices, New York usury limits, and other state consumer and investor protection laws — seeks, among other things, injunctive relief, monetary relief, disgorgement, and civil money penalties of $1,000,000 for each day of violations.
The defendant was previously targeted for violating consumer protection laws in 2021 by the Massachusetts attorney general, who announced a $27.2 million settlement to resolve allegations of predatory lending and deceptive debt collection practices. (Covered by InfoBytes here.)
Agencies warn banks of crypto-asset risks
On January 3, the FDIC, Federal Reserve Board, and OCC issued a joint interagency statement highlighting key risks banks should consider when choosing to engage in cryptocurrency-related services. Risks flagged by the agencies include: (i) the possibility of fraud and scams among crypto-asset sector participants; (ii) legal uncertainties related to custody practices, redemptions, and ownership rights; (iii) misleading disclosures made by crypto firms that may be unfair, deceptive, or abusive; (iv) volatility in crypto-asset markets, including the susceptibility of stablecoins to run risk, which could impact deposit flows; (v) contagion risks resulting from interconnections among crypto-asset participants that may present concentration risks for banks with exposure to the crypto-asset sector; (vi) lack of maturity in risk management and governance practices within the crypto-asset sector; and (vii) elevated risks associated with open, public, and/or decentralized networks.
The agencies commented that while they will continue to take a cautious approach to current or proposed crypto-asset-related activities (and are not prohibiting nor discouraging banks from providing crypto services to customers, as permitted by law or regulation), they currently “believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe-and-sound banking practices.” Moreover, the agencies expressed “significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.” Agencies have developed processes for banks to engage in robust supervisory discussions with their supervisory office about any proposed or existing crypto-asset-related activities, the agencies advised, adding that before launching any activities, banks should take appropriate risk management measures and assess whether the activity can be performed in a safe and sound manner, is legally permissible, and complies with applicable laws and regulations. Additional statements will be released in the future by the agencies.
“The events of the past year have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector,” the agencies said as they stressed the importance of keeping crypto-asset risks that cannot be mitigated or controlled from migrating to the banking system.
The OCC separately issued a bulletin advising supervised banks to follow processes outlined in OCC Interpretive Letter 1179 (covered by InfoBytes here) before engaging in certain crypto-asset-related activities.
Crypto platform reaches $100 million settlement to resolve alleged compliance failures
On January 4, NYDFS issued a consent order against a cryptocurrency trading platform for engaging in alleged violations of New York virtual currency, anti-money laundering, transaction monitoring, and cybersecurity regulations. According to the consent order, in 2020, NYDFS found significant deficiencies across the respondent’s compliance program, including its Know-Your Customer/Customer Due Diligence (KYC/CDD) procedures, Transaction Monitoring System (TMS), OFAC screening program, and AML risk assessments. As a result of these findings, the respondent agreed to improve its BSA/AML and OFAC compliance programs, including engaging an independent consultant to develop a remediation plan and improve its compliance program.
In 2021, NYDFS launched an investigation to determine whether the respondent’s compliance deficiencies had resulted in any legal violations. The investigation found “substantial lapses in [the respondent’s] KYC/CDD program, its TMS, and in its AML and OFAC sanctions controls systems, as well as issues concerning [the respondent’s] retention of books and records, and with respect to meeting certain of its reporting obligations to the Department.” NYDFS noted that in late 2020 and 2021, the respondent took steps to remediate the issues identified by the Department and the independent consultant; however, substantial weaknesses remained, and its compliance system was inadequate to handle the growing volume of the respondent’s business.
Under the terms of the consent order, the respondent must pay a $50 million civil penalty to NYDFS and invest $50 million in its compliance program. Additionally, an independent third party will continue to work with the respondent for another year, which may be extended at the Department’s sole discretion. NYDFS noted that the respondent has already taken steps to build a more effective and robust compliance program under the supervision of NYDFS and the NYDFS-appointed independent monitor. According to the respondent’s press release, the company “has taken substantial measures to address these historical shortcomings” and “remains committed to being a leader and role model in the crypto space, including partnering with regulators when it comes to compliance and other areas.”
OFAC settles with Danish company for routing prohibited financial transactions though a U.S. bank
On December 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a more than $4.3 million settlement with a multinational Danish manufacturer to resolve allegations that its wholly owned United Arab Emirates (UAE)-based subsidiary directed customers in Iran, Syria, and Sudan to make payments to its bank account at the UAE branch of a U.S. financial institution. According to OFAC’s enforcement release, between November 2013 and August 2017, the subsidiary sold products to customers in Sudan, Syria, and Iran. Customers were instructed to remit payments to at least three accounts at banks located in the UAE, including the parent company’s U.S. branch account. OFAC further contended that the subsidiary used third-party payers to make five transfers (disguising the originator or beneficiary of the transactions) from its U.S. branch account to parties in Syria and Iran, which prevented the bank’s transactional screen filters from stopping the payments. The total value of all the transfers was roughly $16,959,683, OFAC said, claiming that by causing a U.S. financial institution to facilitate prohibited financial transactions and export financial services, the parent company violated the Iranian, Syrian, and Sudanese sanctions regulations.
While OFAC found no evidence that the parent company willfully engaged third-party payers to evade sanctions, it determined that the subsidiary “was aware since at least 2011 that using a U.S. financial institution to send or receive payments related to sanctioned jurisdictions could be prohibited.” Moreover, the subsidiary allegedly received communications from the parent company and various financial institutions regarding concerns flagged in its banking activity but continued to use the U.S. branch account to collect payments from customers in sanctioned jurisdictions. These alleged violations, OFAC stated, occurred primarily due to deficiencies in the parent company’s global sanctions compliance program.
OFAC noted that while the parent company disclosed the alleged violations, the agency was already in possession of the relevant information and therefore the submission did not qualify as a voluntary self-disclosure. However, OFAC considered various mitigating factors, including that the parent company had not received a penalty notice from OFAC in the preceding five years, and the parent company took quick action to determine the root causes of the alleged conduct and undertook significant remedial measures to prevent future violations.
Providing context for the settlement, OFAC stated that the “enforcement action highlights the risks to multinational companies, including to non-U.S. entities, that involve the U.S. financial system in commercial activity involving an OFAC- sanctioned country, region, or person,” and emphasized that “[c]ommercial activity that might not otherwise violate OFAC regulations—such as the sale of non-U.S. goods by a non-U.S. person to an entity in an OFAC-sanctioned country—can nonetheless cause a violation when the financial transactions related to that activity are processed through or involve U.S. financial institutions.”
Arizona AG: Earned wage access products are not loans
Recently, the Arizona attorney general issued an opinion confirming that earned wage access (EWA) products are not considered consumer loans under Arizona law, and that persons who make, procure, or advertise an EWA product are not subject to licensure as a consumer lender by the Arizona Department of Insurance and Financial Institutions. The opinion concluded that an EWA product offered as a no-interest, no-fee, non-recourse product does not fall within the definition of “consumer loan” under Arizona Revised Statutes § 6-601(7).
First, a fully non-recourse EWA product “represents a payment of wages already earned by the employee” and “does not allow recourse against the employee in the event the provider is unable to recoup all or some portion of the advance,” the opinion explained. The opinion added that a fully non-recourse EWA product is one in which “the provider obtains no legal or contractual right to repayment against the employee, does not engage in any debt collection activities with regard to any unpaid balance, does not sell or assign any unpaid balance to a third party, and does not report non-payment to any consumer credit reporting agency.”
Second, and independently, the AG opined that an EWA product is not a consumer loan so long as the provider does not impose a “finance charge,” as that term is defined by A.R.S. § 6-601(11). Specifically, “a non-recourse EWA product that requires repayment only of the principal balance is not a 'loan.'” While the Consumer Lenders Act (CLA) “does not expressly state that the obligation to repay principal is not a “finance charge,” requiring repayment of principal is self-evidently not an amount payable incident to or as a condition of a consumer lender loan.”
The opinion noted, however, that a provider “may also receive revenue through services ancillary to providing an EWA product without converting the EWA product into a “loan” under the CLA, such as by requesting a voluntary gratuity, charging a fee for expedited transfer of an EWA payment, or earning interchange revenue for processing a card payment. As long as the provider does not condition the provision of an EWA product on the “receipt of any such ancillary revenue” or impose fees or charges that fall within the CLA’s definition of “finance charge,” the EWA product will not meet the CLA’s definition of a “consumer loan.”
The opinion referred to guidance issued by other regulators who have drawn similar conclusions that an EWA product is not a loan so long as the program meets specific criteria. Such references include the 2020 CFPB advisory opinion on EWA products. As previously covered by InfoBytes, the Bureau’s advisory opinion addressed uncertainty as to whether EWA providers that meet short-term liquidity needs that arise between paychecks “are offering or extending ‘credit’” under Regulation Z, which implements TILA. The advisory opinion stated that “‘a Covered EWA Program does not involve the offering or extension of ‘credit,’” and noted that the “totality of circumstances of a Covered EWA Program supports that these programs differ in kind from products the Bureau would generally consider to be credit.” The Arizona AG opinion highlighted the Bureau’s conclusion that EWA products do not involve debt because “a Covered EWA Program facilitates employees’ access to wages they have already earned, and to which they are already entitled, and thus functionally operate[] like an employer that pays its employees earlier than the scheduled payday.”
Last January, CFPB General Counsel Seth Frotman issued a letter in response to concerns raised by consumer advocates (covered by InfoBytes here), stressing that the CFPB’s 2020 advisory opinion “is limited to a narrow set of facts—as relevant here, earned wage products where no fee, voluntary or otherwise, is charged or collected.” Frotman noted, however, that due to “repeated reports of confusion caused by the advisory opinion due to its focus on a limited set of facts,” he planned to recommend that the CFPB director consider ways to provide greater clarity on these issues. He emphasized that the advisory opinion did not purport to interpret whether covered EWA products would be “credit” under other statutes other than TILA, such as the CFPA or ECOA, or whether they would be considered credit under state law.
NYDFS revises proposed amendments to third-party debt collection rules
In December, NYDFS released revised proposed amendments to 23 NYCRR 1, which regulates third-party debt collectors and debt buyers. NYDFS first issued a proposed amendment to 23 NYCRR 1 in December 2021 (covered by InfoBytes here), which factored in findings from NYDFS investigations that revealed instances of abusive and deceptive debt collection practices, as well as consumer debt collection complaint data. The first proposed amendment, among other things, is intended to enhance consumer protections by increasing transparency, requiring heightened disclosures, reducing misleading statements about consumer debt obligations, and placing stricter limits on debt collection phone calls than those currently imposed under federal regulations. The revised proposal, among other things, also include the following requirements:
- A debt collector must send written notification within five days after the initial communication with a consumer that clearly and conspicuously contains validation information as required under Regulation F. Debt collectors are prohibited from using the charge-off date as the itemization date for the alleged debt unless it is a revolving or open-end credit account. Instead, debt collectors should use the last payment date as the itemization date if available.
- Written notifications must be clear and conspicuous and also include the following, in addition to validation information: (i) the reference date relied upon to determine the itemization date; (ii) for revolving or open-end credit accounts, an account number (or a truncated version of the account number) associated with the debt on the last payment date or the last statement date if no payment has been made; (iii) the merchant brand, affinity brand, or facility name, if any, associated with the debt; (iv) the date and amount of the last payment or a statement noting that no payment was made, if available; (v) the applicable statute of limitations expressed in years for debt that has not been reduced to judgment; (vi) information on a debt that has been reduced to a judgment, if applicable; and (vii) notice that a consumer has the right to dispute the validity of a debt and instructions on how to submit a dispute.
- Debt collectors must inform consumers of available language access services and are required to record the consumer’s language preference, if other than English, in the written notification.
- Unless affirmatively requested by the consumer, required disclosures may not be made exclusively by electronic communication. Additionally, a debt collector may communicate with a consumer exclusively through electronic communication only if: (i) the consumer has voluntarily provided contact information for electronic communication; (ii) the consumer has given revocable consent in writing to receive electronic communication from the debt collector in reference to a specific debt (electronic signatures constitute written consent); (iii) the debt collector retains the written consent for six years or until the debt is discharged, sold, or transferred (whichever is longer); and (iv) all electronic communications include clear and conspicuous disclosures regarding revoking consent.
- Communications sent in the form of a pleading in a civil action will not be considered an initial communication for the purposes of these amendments.
- Debt collectors must provide substantiation of debt within 45 days.
- Debt collectors may not communicate or attempt to communicate excessively with a consumer. Specifically, debt collectors are limited to one completed phone call and three attempted phone calls per seven-day period per alleged debt. Telephone calls more than these limits may be permitted when required by federal or state law, or when made in response to the consumer’s request to be contacted and in the manner indicated by the consumer, if any.
Comments are due February 13. The amendments are scheduled to take effect 180 days after the notice of adoption is published in the State Register.
National bank to pay $2 million in mortgage fee violation class action
On December 19, the U.S. District Court for the Central District of California granted final approval of a settlement in a $2 million class action resolving allegations that a national bank violated California’s Rosenthal Fair Debt Collection Practices Act (RFDCPA) and Unfair Competition Law (UCL). According to the order for preliminary approval, the plaintiff class alleged that the bank improperly charged and collected transaction fees when processing mortgage payments. The district court certified the class, which included “all persons who have or had a California address, and at any time between June 1, 2016 and the date of the Court’s order preliminarily approving the settlement, paid at least one transaction fee to [the defendant] for making a payment on a residential mortgage loan serviced by [the defendant] by telephone, IVR, or the internet.” The district court determined that the settlement agreement was “reasonable and adequate.” The two class representatives who filed the suit were awarded $1,500 each, and their attorneys were awarded $499,000 in fees.
FDIC issues November enforcement actions
On December 30, the FDIC released a list of orders of administrative enforcement actions taken against banks and individuals in November. The FDIC made public nine orders consisting of “two consent orders; two orders terminating deposit insurance; three orders to pay civil money penalties; one order terminating consent order; and one Section 19 order.” Among the orders is a civil money penalty against a Wisconsin-based bank related to violations of the Flood Disaster Protection Act. The FDIC determined that the bank had engaged in a pattern or practice of violations that included the bank’s failure to: (i) obtain adequate flood insurance on the building securing a designated loan at the time of loan origination; (ii) obtain adequate flood insurance at the time of the origination; (iii) notify borrowers that the borrower should obtain flood insurance where a determination had been made that flood insurance had lapsed or a loan was not covered with the required amount of insurance; (iv) provide borrowers with a Notice of Special Flood Hazard and Availability of Federal Disaster Relief Assistance when making, increasing, extending or renewing a loan; and (v) provide borrowers with a Notice of Special Flood Hazard and Availability of Federal Disaster Relief Assistance within a reasonable time before the completion of the transaction. The order requires the payment of a $39,000 civil money penalty.
The FDIC also issued a civil money penalty against an Oregon-based bank for allegedly violating Section 8(a) of RESPA “by entering into mortgage lead generation arrangements with the operator of a real estate website and the operator of an online loan marketplace that were used to facilitate and disguise referral payments for mortgage business.” The FDIC also determined that the bank violated the FTC Act “by making deceptive and misleading representations in three of the bank’s prescreened offers of credit” and violated the FCRA “by obtaining the consumer reports of former loan clients with recent credit inquiries without a legally permissible purpose.” The order requires the payment of a $425,000 civil money penalty.
Additionally, the FDIC issued a consent order against a Tennessee-based bank alleging the bank engaged in “unsafe or unsound banking practices relating to weaknesses in capital, asset quality, liquidity, and earnings.” The bank neither admitted nor denied the allegations but agreed, among other things, that its board would “increase its participation in the affairs of the bank by assuming full responsibility for the approval of the bank’s policies and objectives and for the supervision of the bank’s management, including all the bank’s activities.” The bank also agreed to maintain a Tier 1 Leverage Capital ratio equal to or greater than 8.50 percent and a Total Capital ratio equal to or greater than 11.50 percent. The FDIC also issued a consent order against a New Jersey-based bank claiming the bank engaged in “unsafe or unsound banking practices relating to, among other things, management supervision, Board oversight, weaknesses in internal controls, interest rate sensitivity, and earnings.” The bank neither admitted nor denied the allegations but agreed, among other things, that it would retain a third-party consultant “to develop a written analysis and assessment of the bank’s board and management needs (Board and Management Report) for the purpose of ensuring appropriate director oversight and providing qualified management for the bank.”
FHFA issues model risk management guidance
On December 21, FHFA issued guidance to Freddie Mac, Fannie Mae, the Federal Home Loan Banks (FHLBanks), and the Office of Finance on its model risk management framework. According to the bulletin, the purpose of the guidance—formatted as Frequently Asked Questions—“is to provide supplemental guidelines that will address some of the gaps in [FHFA’s 2013 Model Risk Management guidance] prompted by changes in model-related technologies and questions generated from the expanded use of complex models by the FHLBanks.” “The supplemental guidance also addresses model documentation, the communication of model limitations, model performance tracking, on-top adjustments, challenger models, model consistency, and internal stress testing.”
FCC proposes $300 million fine against auto warranty scam robocaller
On December 21, the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations, “which is the largest robocall operation the FCC has ever investigated.” According to the announcement, the two individuals in charge of the operation ran a complex robocall sales lead generation scheme, which was designed to sell vehicle service contracts that were deceptively marketed as car warranties. This “scheme made more than 5 billion robocalls to more than half a billion phone numbers during a three-month span in 2021, using pre-recorded voice calls to press consumers to speak to a ‘warranty specialist’ about extending or reinstating their car’s warranty.” As previously covered by InfoBytes, in July, the FCC took initial action by ordering “phone companies to stop carrying traffic regarding a known robocall scam marketing auto warranties.” The FCC noted that the operation is also the target of an ongoing investigation by the FCC’s Enforcement Bureau and a lawsuit by the Ohio attorney general. The Ohio AG filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation (covered by InfoBytes here). The complaint, filed in the U.S. District Court for the Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” In addition to the fine, among other things, the individuals who allegedly ran the operations are prohibited from making telemarketing calls pursuant to FCC actions.