Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 9, the CFPB released a special edition of its fall 2019 Supervisory Highlights, focusing on recent supervisory findings in the areas of consumer reporting and information furnishing to consumer reporting companies (CRCs). This is the second special edition to focus on consumer reporting issues, and follows a report that the Bureau released in March 2017 covered by InfoBytes here. According to the Bureau, recent supervisory reviews of FCRA and Regulation V compliance have identified new violations as well as compliance management system (CMS) weaknesses at CFPB-supervised institutions. However, the Bureau noted that examiners have also observed significant improvements, such as continued investment in FCRA-related CMS.
Highlights of the supervisory findings include:
- Recent examples of CMS weaknesses and FCRA/Regulation V violations (where corrective action has either been taken or is currently being taken) in which one or more (i) mortgage loan furnishers did not maintain policies and procedures “appropriate to the nature, size, complexity, and scope of the furnisher’s activities”; (ii) auto loan furnishers’ policies and procedures failed to provide sufficient guidance for investigating indirect disputes containing allegations of identity theft; (iii) debt collection furnishers’ policies and procedures failed to differentiate between FCRA disputes, FDCPA disputes, or validation requests, leading to a lack of consideration for applicable regulatory requirements when handling these matters; and (iv) deposit account furnishers lacked written policies and procedures for furnishing or validating the information provided to specialty CRCs.
- Examiners found that one or more furnishers provided information they knew, or had reasonable cause to believe, was inaccurate. Examples include inaccurate derogatory status codes due to coding errors and unclear addresses for consumers to submit disputes.
- Examiners discovered several instances where furnishers failed to send prompt notifications to CRCs after determining that information previously furnished was inaccurate, including situations where furnishers failed to promptly update or correct information after consumers paid charged-off balances in full or discharged them in bankruptcy.
- Examiners found that some furnishers reported the incorrect date of the first delinquency in connection with their responsibility to provide notice of delinquent accounts to CRCs.
- Examiners found several instances where furnishers failed to investigate disputes, complete investigations in a timely manner, or notify consumers of certain determinations related to “frivolous or irrelevant” disputes.
The Bureau also discussed supervisory observations concerning CRC compliance with FCRA provisions, and commented that CRCs continue to (i) improve procedures concerning the accuracy of information contained in consumer reports; (ii) implement improvements to prevent consumer reports from being furnished to users who lack a permissible purpose; (iii) strengthen procedures to “block information that a consumer has identified as resulting from an alleged identity theft”; and (iv) investigate and respond to consumer disputes.
On December 10, in a speech before the National Association of Attorneys General Capital Forum, CFPB Director Kathy Kraninger discussed partnership with the states, as well as recent efforts between the Bureau and states in the areas of supervision and enforcement, including innovation policies. Kraninger also discussed the Bureau’s small dollar and debt collection rules. Noting that the Bureau will “effectively enforce the law to fulfill our consumer protection mission … after thoroughly reviewing the facts,” Kraninger recapped FY 2019 enforcement actions and settlements, which have resulted in more than $777 million in total consumer relief, which included over $600 million in consumer redress and more than $174 million in other relief. These actions, Kraninger stated, have resulted in more than $185 million in civil money penalties, not taking into account suspended amounts. Kraninger also highlighted several joint efforts with states and other agencies over the past year, including (i) a multi-agency action resolving a 2017 data breach (InfoBytes coverage here); (ii) a joint action with the New York Attorney General against a network of New York-based debt collectors that allegedly engaged in improper debt collection tactics (InfoBytes coverage here); (iii) a coordinated action with the Minnesota Attorney General’s Office, the North Carolina Department of Justice, and the Los Angeles City Attorney concerning a student loan debt relief operation (InfoBytes coverage here); and (iv) an action with the South Carolina Department of Consumer Affairs against an operation that offered high-interest loans to veterans and other consumers in exchange for the assignment of some of the consumers’ monthly pension or disability payments (InfoBytes coverage here).
Kraninger also discussed the Bureau’s recently-announced American Consumer Financial Innovation Network (ACFIN), which is designed to enhance coordination among federal and state regulators to facilitate financial innovation. (InfoBytes coverage here). ACFIN currently includes nine state attorneys general and four state financial regulators. Kraninger noted that the Bureau is presently reviewing approximately 190,000 comments concerning proposed changes related to certain payday lending requirements and mandatory underwriting provisions (InfoBytes coverage here), as well as over 14,000 comments submitted in response to its Notice of Proposed Rulemaking issued in May concerning amendments to the debt collection rule (InfoBytes coverage here). Kraninger stressed that the Bureau plans to release a Supplemental Notice of Proposed Rulemaking “very early” in 2020, and will be “interested in practical and pragmatic ideas of how to make time-barred debt disclosures work.”
On December 10, the FTC announced a settlement with a for-profit school and its parent company to resolve allegations that they employed deceptive advertisements in violation of the FTC Act that gave the impression that the school had relationships and job opportunities with various technology companies and tailored curricula to those jobs. In the complaint, the FTC claims the defendants relied upon false and misleading advertisements to attract prospective students that gave the impression that the school’s relationship with certain companies would create employment opportunities. In addition, the FTC alleges that while the defendants claimed the companies also worked with the school to develop its courses, in reality the partnerships were primarily marketing relationships that did not create jobs or curricula for the school’s students. Moreover, the FTC claims that some of these advertisements specifically targeted current and former military members and Hispanic consumers. Under the terms of the settlement, the school is required to pay $50 million in consumer redress and cancel approximately $141 million in student loan debts owed to the school by former students who first enrolled during the covered period.
The FTC’s press release notes, however, that the “settlement will not affect student borrowers’ federal or private loan obligations,” and directs borrowers to the Department of Education’s income-driven repayment plans for guidance on lowering monthly payments. The FTC also states that borrowers who believe they may have been defrauded or deceived can apply for loan forgiveness through the Borrower Defense to Repayment procedures.
On December 9, parties filed briefs in Seila Law LLC v. CFPB. As previously covered by InfoBytes, the U.S. Supreme Court granted cert in Seila to answer the question of whether an independent agency led by a single director violates the Constitution’s separation of powers under Article II, while also directing the parties to brief and argue whether 12 U.S.C. §5491(c)(3), which sets up the CFPB’s single director structure and imposes removal for cause, is severable from the rest of the Dodd-Frank Act, should it be found to be unconstitutional. While both parties are in agreement on the CFPB’s single-director leadership structure, they differ on how the matter should be resolved.
According to Seila Law’s brief, the CFPB’s single-director leadership structure is a blatant violation of the Constitution’s separation of powers clause. Seila Law proposes that the Court eliminate the CFPB entirely, leaving Congress to determine how to address the unconstitutionality of the Bureau, rather than save the law by making the director an at-will employee of the President. Removing the director at will, Seila Law argues, “would radically reshape the CFPB, creating a mutant version of the agency that Congress envisioned—one that would still be unaccountable to Congress, yet fully within presidential control.” Discussing the U.S. Court of Appeals for the Ninth Circuit’s reliance in part on a 1935 Supreme Court decision in Humphrey’s Executor v. United States (which dealt with removal protections for members of a nonpartisan, multimember commission) in its May ruling which held that the Bureau’s single-director structure is constitutional (InfoBytes coverage here), Seila Law states that the Court’s ruling in Humphrey’s Executor was “badly reasoned, wrongly decided, and should be overruled,” and, in any event, is distinguishable when addressing the CFPB’s single-director leadership structure. Whether the Court distinguishes or overturns Humphrey’s Executor’s precedent, Seila Law argues, it should hold that the Bureau’s structure violates the separation of powers clause and reverse the 9th Circuit’s judgment.
“By insulating the director of the CFPB from removal at will by the President while empowering him to exercise substantial executive power, Congress breached the President’s core prerogatives under Article II of the Constitution,” Seila Law further asserts, claiming that the appropriate remedy for the constitutional violation would be to deny the CFPB’s petition to enforce the CID and ultimately let Congress determine how to address the “constitutional defect in the CFPB’s structure.” Seila Law also argues that should the Court decide to engage in severability analysis, it should invalidate all of Title X of Dodd-Frank, which does not allow the current leadership structure to be altered to a multi-member commission.
In contrast, though the CFPB concedes that Dodd-Frank’s restriction on the President’s ability to remove the Bureau’s director violates the “separation of powers” principles of the Constitution, it contends in its brief that, should the removal provision be found unconstitutional, it should be severed from the rest of the law in accordance with Dodd-Frank’s express severability clause. “Even considering only the Bureau-specific provisions contained in Title X . . . , there is no basis to conclude that Congress would have preferred to have no Bureau at all rather than a Bureau headed by a Director who would be removable like almost all other single-headed agencies,” the CFPB wrote. “Nothing in the statutory text or history of the Bureau’s creation suggests, much less clearly demonstrates, that Congress would have preferred, for example, that the regulatory authority vested in the Bureau revert back to the seven federal agencies that previously administered those responsibilities if a court were to invalidate the Director’s removal restriction.”
Oral arguments are scheduled for March 3, 2020.
On December 9, the OCC released its Semiannual Risk Perspective for Fall 2019, identifying and reiterating key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations, including credit, operational, and interest rate risks. While the OCC commented that “bank financial performance is sound,” it also advised that “[b]anks should prepare for a cyclical change while credit performance is strong,” emphasizing that “[c]redit risk has accumulated in many portfolios.” The OCC also highlighted that competition with nonbank mortgage and commercial lending could pose a risk as well.
Specific areas of concern that the OCC described include: elevation of operational risk as advances in technology and innovation in core banking systems result in a changing and increasingly complex operating environment; increased use of third-party service providers that contribute to continued threats of fraud; need for prudent credit risk management practices that include “identifying borrowers that are most vulnerable to reduced cash flows from slower than anticipated economic growth”; “volatility in market rates [leading] to increasing levels of interest rate risk”; Libor’s anticipated cessation and whether banks have started to determine the potential impact of cessation and develop risk management strategies; and strategic risks facing banks as non-depository financial institutions (NDFI) use evolving technology and expand data analysis abilities (the OCC commented that NDFIs “are strong competitors to bank lending models”). The OCC also noted that there is increased interest from banks in sharing utilities with NDFIs to implement Bank Secrecy Act/anti-money laundering compliance programs and sanctions processes and controls.
On December 10, the CFPB released the latest quarterly consumer credit trends report, which evaluated the extent to which removal of public records from credit reports affects consumer credit scores and credit performance. As previously covered by InfoBytes, the three major U.S. credit reporting agencies began using stricter guidelines when considering consumer public records, such as tax liens and civil judgments, to be included in consumer credit reports as a result of the National Consumer Assistance Plan (NCAP). The NCAP, among other things, imposed restrictions on medical debt reporting and civil public records such as tax liens, civil judgments, and bankruptcies. Observing that the “NCAP public records provision resulted in the removal of all civil judgments and almost half of tax liens from credit reports by the end of July 2017,” this report compared consumer credit scores and credit performance for consumers that had public records removed from their credit report and consumers who did not. According to the report, “there was only a slight increase in credit scores following the NCAP,” and “the NCAP did not seem to have a large effect on the relationship between credit scores and consumers’ credit performance for consumers whose credit report included a lien or judgment compared with consumers whose credit report did not.”
On December 6, the FTC issued an unanimous opinion against a British consulting and data analytics firm, finding that the firm violated the FTC Act by engaging in “deceptive practices to harvest personal information from tens of millions of [a social media company’s] users.” The information—which was allegedly collected through an application that told users it would not harvest identifiable information—was then used to target potential voters. The opinion also found that the firm engaged in deceptive practices relating to its participation in the EU-U.S. Privacy Shield framework. The opinion follows an administrative complaint issued against the firm in July (previously covered by InfoBytes here). Under the terms of the administrative final order, the firm is prohibited from misrepresenting “the extent to which it protects the privacy and confidentiality of personal information as well as its participation in the EU-U.S. Privacy Shield framework and other similar regulatory or standard-setting organizations,” and it must apply Privacy Shield protections to personal information collected during its participation in the program or return or delete the information. Among other things, the firm also must delete or destroy the personal information collected from consumers through the app, as well as any other information or work product that originated from the information.
On December 12, the OCC and the FDIC jointly issued a notice of proposed rulemaking (NPR) to modernize the regulatory framework implementing the Community Reinvestment Act. The NPR generally focuses on expanding and delineating the activities that qualify for CRA consideration, providing benchmarks to determine what levels of activity are necessary to obtain a particular CRA rating, establishing additional assessment areas based on the location of a bank’s deposits, and increasing clarity, consistency, and transparency in reporting.
* * *
Click here to read the full special alert.
If you have any questions regarding the CRA or other related issues, please visit our Fair Lending practice page or contact a Buckley attorney with whom you have worked in the past.
On December 4, the Senate Commerce Committee held a hearing titled “Examining Legislative Proposals to Protect Consumer Data Privacy” to discuss how to “provide consumers with more security, transparency, choice, and control over personal information both online and offline.” Among the issues discussed at the hearing was how consumer privacy rights should be enforced. As previously covered by InfoBytes, some FTC commissioners, at a hearing earlier this year, expressed that authorization to enforce federal privacy laws should vest not only in the FTC, but also in the states’ attorneys general. At the Senate hearing, there was testimony suggesting that the FTC is spread too thin to be in charge of enforcing new privacy laws. At least one witness championed state privacy regulation, while other witnesses endorsed preemption of the state laws by the envisioned federal privacy law. Although different views were expressed regarding what the law should look like, the hearing participants generally seemed to agree that a federal privacy law may be needed now in light of recent state legislative agendas and, as one Senator raised, the growing use of artificial intelligence.
On December 5, the FTC and the Ohio attorney general announced that the U.S. District Court for the Western District of Texas issued a temporary restraining order (TRO) against a VoIP service provider and its foreign counterpart for facilitating (or consciously avoiding knowing of) a “phony” credit card interest rate reduction scheme committed by one of its client companies at the center of a joint FTC/Ohio AG action. As previously covered by InfoBytes, the original complaint alleged that a group of individuals and companies—working in concert and claiming they could reduce interest rates on credit cards—had violated the FTC Act, the Telemarketing Sales Rule, and various Ohio consumer protection laws. In addition to obtaining a TRO against the most recent alleged participants, the FTC and Ohio AG amended their July complaint to add the telecom companies as defendants alleging the companies were “played a key role in robocalling consumers to promote a credit card interest reductions scheme.”