InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB issues guidance on “excessive” account information fees, returns $140 million to consumers
On October 11, the CFPB issued an advisory opinion concerning consumers’ requests for information regarding their accounts with large banks and credit unions (financial institutions). According to the Bureau, Section 1034(c) of the Consumer Financial Protection Act (the “law”) requires insured depository institutions that offer consumer financial products or services and that have total assets of more than $10 billion, as well as their affiliates, to “comply in a timely manner with consumer requests for information concerning their accounts for consumer financial products and services, subject to limited exceptions.” The advisory opinion includes the following guidance and interpretations:
- Requirements of the law apply even if a customer does not expressively invoke the law.
- Requirements of the law apply to consumer requests for information including information that appears on periodic statements or in online portals including: (i) the amount of the balance in a deposit account; (ii) the interest rate on a loan or credit card; (iii) individual transactions or payments; (iv) bill payments; (vi) recurring transactions; (vii) terms and conditions; and (viii) fee schedules.
- The term “supporting written documentation” in the law requires financial institutions to provide, upon request, “written documents that will substantiate information provided in response to consumer questions, or that will assist consumers with understanding or verifying information regarding their accounts.”
- Financial institutions must provide account information and documentation that is in their “control” and “possession.” This excludes (i) confidential commercial information; (ii) information collected to prevent fraud or money laundering or detecting or making any report regarding unlawful conduct; (iii) information required by law to be kept as confidential; and (iv) supervisory information and nonpublic information.
- The law does not contain language stating or suggesting that financial institutions cannot impose unreasonable conditions on consumer information, but there is no reason Congress intended for the law to allow financial institutions to do so. Generally, the Bureau believes requiring fees and obstacles that impede a consumer’s ability to access their rights granted by the law is a violation of the provision. A financial institution could violate this law by imposing “excessively long wait times to make a request to a customer service representative, requiring consumers to submit the same request multiple times, requiring consumers to interact with a chatbot that does not understand or adequately respond to consumers’ requests, or directing consumers to obtain information that the institution possesses from a third party instead,” among other things.
- There is no fixed time limit for an institution to respond to a consumer’s request, but the CFPB does not view the timing requirements of this law to differ from the timing requirements of other applicable federal laws or regulations.
- Responses must provide all information requested accurately to be considered compliant.
CFPB Director Rohit Chopra delivered remarks on a press call, in which he emphasized that the Bureau’s investigations have uncovered many examples of junk fee-related misconduct by large financial institutions. He reminded consumers that financial institutions should not charge them excessive fees when trying to manage their finances. “Congress passed a law a decade ago requiring heightened customer service standards," said Chopra. "To date, this law has not been enforced. We are changing that.” Chopra also announced that later this month, the CFPB will propose rules to create more competition in banking to make switching financial institutions for better rates and less junk fees, more accessible.
The CFPB additionally issued the results of its recent oversight inspections of major financial institutions, which resulted in financial institutions refunding $140 million in junk fees, $120 million of which were for “surprise overdraft fees and double-dipping on non-sufficient funds fees.”
FTC announces second request for public comment on rule to ban “junk fees”
On October 11, the FTC released a notice of proposed rulemaking meant to prohibit unfair and deceptive, costly fees, also known as “junk fees.” After announcing its Advance Notice of Proposed Rulemaking last year (covered by InfoBytes here), and after considering more than 12,000 public comments, the FTC determined that some businesses misrepresent overall costs by omitting mandatory fees from advertised prices until consumers are “well into completing the transaction,” and fail to adequately explain the nature and amount of fees. The Commission is seeking another round of comments for its proposed rule, which, for any entity that “offers goods or services” to consumers, would prohibit:
- Offering, displaying, or advertising an amount a consumer may pay without “clearly and conspicuously” disclosing the “total price,” which must be displayed “more prominently than any other pricing information.”
- Misrepresenting “the nature and purpose of any amount a consumer may pay.”
- Disclosing “any other pricing information” besides the total price “more prominently” than disclosures of the total price in an “offer, display, or advertisement.”
The proposed rule would also grant the FTC more robust enforcement authority to seek refunds for harmed consumers and impose monetary penalties of up to $50,120 per violation. The proposed rule also requires businesses to include any mandatory costs for ancillary goods or services in their price disclosures.
The FTC is working alongside the CFPB, OCC, FCC, HUD and the Department of Transportation to develop and implement rules banning junk fees. The CFPB has also issued guidance emphasizing that large banks and credit unions are prohibited from imposing unreasonable obstacles on customers, such as charging excessive fees, for basic information about their accounts. Further, the White House has called on federal agencies “to reduce or eliminate hidden fees, charges, and add-ons for everything from banking services to cable and internet bills to airline and concert tickets.”
The Commission is seeking public input on 37 questions, with comments due 60 days after publication in the Federal Register.
Software provider settles allegations related to data breach
On October 5, a software provider serving nonprofit fundraising entities agreed to pay almost $50 million to settle claims with 49 states and the District of Columbia alleging that the provider maintained insufficient data security measures and inadequately responded to a 2020 data breach. Specifically, the settlement resolved claims that the software provider violated state consumer protection laws, breach-notification laws, and the Health Insurance Portability and Accountability Act (HIPAA).
According to the allegations, the data breach exposed donor information, including Social Security numbers and financial records, of over 13,000 nonprofit groups and organizations and the provider waited two months before informing these clients of the breach.
The settlement requires the provider to improve its cybersecurity protections and breach notification procedures.
Earlier this year, the software provider also settled claims with the SEC for $3 million to address allegations of misleading disclosures relating to the same 2020 data breach.
California enacts amendments to the Consumers Legal Remedies Act: Advertisements
On October 7, the California governor approved SB 478 (the “Act”), enacting amendments to the Consumers Legal Remedies Act designed to prohibit “drip pricing,” which involves advertising a price that is lower than the actual price a consumer will have to pay for a good or service. The Act, with specified exceptions, will make advertising the price of a good or service excluding additional fees or charges other than taxes, unlawful. The California Legislature declared that the Act is not intended to prohibit any particular method of determining prices for goods or services, including algorithmic or dynamic pricing. Instead, it is intended to regulate how prices are advertised, displayed, and/or offered.
The Act is effective July 1, 2024.
FTC data spotlight reveals social media as primary source for scams over other contact methods
On October 6, the FTC released a data spotlight showing that more scams have originated on social media than on any other method of contact with consumers, accounting for $2.7 billion in consumer losses from 2021 to 2023. The FTC reports that the most frequently reported frauds in 2023 were online shopping scams on social media. However, promotions of fake investment opportunities, mostly those relating to cryptocurrency, on social media had the largest overall monetary losses. The FTC also provided a list of tips for consumers to limit their risks of fraud on social media, including restricting who can contact them on these platforms.
Fed finalizes rule establishing capital requirements for supervised insurers
On October 6, the Fed approved a final rule to implement a rule establishing capital requirements for insurers it supervises. The final rule includes the Building Block Approach (BBA) framework, which is a regulatory framework for assessing capital requirements for insurance companies, tailored to their specific risks by leveraging state-based requirements. It sets a minimum standard comparable to the 8 percent minimum total capital ratio for insured depository institutions (IDIs).
Specifically, the rule requires a Fed-supervised insurance organization (SIO) to aggregate the available capital and required capital of its top-tier company with its subsidiaries to determine whether the aggregate ratio meets the Board’s minimum requirement and “capital conservation buffer.” Among other things, the final rule gives SIOs two options to show compliance with Section 171(b) of Dodd-Frank: (i) demonstrate that it meets, on a fully consolidated basis, the minimum risk-based capital requirements that apply to IDIs; or (ii) demonstrate that it meets the minimum IDI risk-based capital requirements on a partially consolidated basis, excluding the assets and liabilities of certain subsidiary insurers. Should SIOs choose the second option, there are two possible treatments for unconsolidated insurance subsidiaries: (i) “a deduction from qualifying capital of the aggregate amount of the outstanding equity investment in the subsidiary, including retained earnings”; or (ii) “inclusion of the net investment in the subsidiary as an asset subject to a risk weight of 400 percent, consistent with the current treatment of certain equity exposures under the regulatory capital rules applicable to IDIs.”
Governor Michelle Bowman commented that although she supports the final rule, she cannot support the delegation of authority to staff within the current package. Concerned that the package grants broad authority to staff to make various determinations regarding the rule’s application, Bowman argues that the Board should have the opportunity to review specific cases where such authority would be exercised and suggests that it would be more appropriate to establish clear guidelines for the use of delegated authority in the context of actual determinations.
The Fed noted that the final rule is “substantially similar” to the 2019 proposed rule. The final rule is effective on January 1, 2024.
CFPB announces new advisory committee members
On October 5, the CFPB released new membership details for its advisory boards and councils, including the Consumer Advisory Board, Community Bank Advisory Council, Credit Union Advisory Council, and Academic Research Council. The Bureau noted that under Dodd-Frank, it is tasked with establishing a Consumer Advisory Board to provide insights on various consumer finance matters. These board members represent different districts of the Fed and are recommended by Federal Reserve Bank presidents. The Community Bank Advisory Council and Credit Union Advisory Council guide the CFPB on financial issues concerning community banks and credit unions respectively. Meanwhile, the Academic Research Council contributes to shaping research plans and agendas, and offers feedback on research methodologies and data collection strategies.
Members of these advisory boards and councils serve voluntarily and do not receive compensation. They also cannot officially represent the CFPB or the Fed, and their selection does not imply endorsement of their respective organizations.
3rd Circuit Limits furnishers’ labeling authority
On October 2, the U.S. Court of Appeals for the Third Circuit ruled that a collection agency who was acting as a furnisher of credit reporting information could not shirk its duty to investigate a dispute by labeling the dispute “frivolous” when the complaint was referred for investigation by a credit reporting agency (CRA). The decision overturned the lower court’s ruling which had sided with the furnisher.
According the ruling, the plaintiff in this action claimed that a fraudulent account had been opened in his name with a television service provider. Plaintiff was described as having first disputed the account directly with the television service provider, but failed to provide supporting documents which the television service provider had requested. Following the plaintiff’s failure to provide the requested documentation, the television service provider referred the disputed account to the collection agency, who in turn reported the delinquent account to the CRA.
The ruling states that when the disputed account appeared on the plaintiff’s consumer report, the plaintiff made an indirect dispute of the information with the CRA, who in turn forwarded the dispute to the collection agency for investigation. The ruling notes that the collection agency undertook no further investigation in response to the dispute, and instead merely confirmed the account information and updated the plaintiff’s address, which the court noted took only 13 seconds.
The court noted that although the FCRA does allow for the recipient of disputes “to preliminarily vet the dispute for frivolousness or irrelevance before investigating,” once a CRA has referred a dispute to a furnisher, “the furnisher does not have such discretion.” Because in this case the collection agency had been referred to it by a CRA, it “had a duty to investigate [plaintiff’s] indirect dispute when it received notice thereof from [the CRA].”
Supreme Court hears oral argument in challenge to CFPB
On October 3, the Supreme Court heard oral argument in CFPB v. Community Financial Services Association of America —a case presenting the most significant challenge yet to the constitutionality of the CFPB. As previously covered by InfoBytes, a panel of the U.S. Court of Appeals for the Fifth Circuit agreed with the plaintiff industry groups that the CFPB’s funding structure violates the appropriations clause. At oral argument, the U.S. Solicitor General observed that the lower court decision was the “first time any court in our nation’s history has held that Congress violated the Appropriations Clause by enacting a statute providing funding.” She noted that Congress has approved similar “standing appropriations” for agencies including the U.S. Customs Service, the U.S. Post Office, and the U.S. Mint.
Several conservative justices pushed back against the CFPB’s and Solicitor General’s stance. For example, Chief Justice Roberts called it “very aggressive view” of Congress’ authority, and Justice Alito emphasized that the CFPB’s funding mechanism was unique in that its funding comes from the Federal Reserve, which is itself not funded through normal appropriations. However, Justice Thomas challenged counsel for the industry groups, noting that “we need a finer point” on “what the constitutional problem is,” beyond the uniqueness of the funding mechanism. Justice Barrett, too, stated she was “struggling to figure out” what standard courts might use in determining whether a cap on an agency’s appropriation is too high.
Find continuing InfoBytes coverage on CFPB v. Community Financial Services Association of America here.
District Court grants summary judgement for bank in “spoofing” case
On September 29, the U.S. District Court for the Southern District of New York granted summary judgement on all claims in favor of the defendant bank, while denying summary judgement for the New Jersey-based plaintiff. The plaintiff alleged violations of the UCC, breach of contract, and gross negligence arising from a “spoofing” fraud incident that resulted in more than $8.5 million being wired from the plaintiff’s account with the defendant. The district court reasoned that the plaintiff was not entitled to a refund because the plaintiff’s employees authorized the wires – and claims under Section 4-A of the UCC require that a payment order be both not authorized and not effective in order to refund a payment. The court rejected the plaintiff’s argument that the wires were improper because the bank’s policy prohibited bank employees from authorizing wires over $500,000 – noting that the policy was for “internal use only,” and solely for the bank’s protection. Further, the court rejected the plaintiff’s common law claims as pre-empted by Article 4-A.