Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
The FTC fined two companies that sell consumer background reports through subscriptions for violations of the FTC Act and Fair Credit Reporting Act (“FCRA”). In addition to allegedly claiming, without substantiation, to have the most accurate reports available to the public, the complaint says two companies deceptively claimed individuals had criminal or arrest records when the individual did not; deceptively claimed consumers can remove information or flag it as inaccurate, and deceptively failed to disclose that third-party reviews were incentivized and biased.
The companies also furnished consumer reports to subscribers “without reason to believe those subscribers have permissible purposes to obtain such reports.”
The stipulated order requires the companies to pay a civil penalty of $5.8 million, prohibits them from advertising, marketing, promoting, or offering for sale certain reports including arrest records, bankruptcy records, and eviction records until the establish and implement a comprehensive monitoring program, and prohibits them from continuing any of the deceptive practices set forth in the complaint.
On March 31, the CFPB published its Consumer Response Annual Report for 2022, providing an overview of consumer complaints received by the agency between January 1 and December 31, 2022. According to the report, the Bureau received approximately 1,287,000 consumer complaints last year and sent more than 820,000 complaints for review and response to roughly 3,200 companies. Among other trends, the Bureau found that complaints about credit or consumer reporting continued to increase, accounting for more than 75 percent of all complaints received last year. Checking and savings account-related complaints also increased. Many consumers reported issues with managing their accounts, including account closures, fraudulent activity, and issues with customer service. While complaints relating to student loans comprised a small percentage of complaints overall, the Bureau noted a significant increase from prior years, largely due to consumers reporting issues with their lender or servicer. Consumers described issues with repayment pause extensions, proposed changes to the federal loan program, and forgiveness programs. Additionally, the Bureau observed an increase in complaints about money service fraud and scams, where consumers reported losing money through phishing/smishing scams or via fraudsters who posed as investment or financial institution representatives to steal virtual currency. The most complained-about products and services—representing approximately 95 percent of all complaints—were credit or consumer reporting, debt collection, credit cards, checking or savings accounts, and mortgages. The Bureau also received complaints related to money transfers and virtual currency; vehicle finance; student, personal, and payday loans; prepaid cards; credit repair; and title loans.
On November 15, the CFPB released its fall 2022 Supervisory Highlights, which summarizes its supervisory and enforcement actions between January and June 2022 in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, mortgage servicing, and payday lending. Highlights of the findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to add-on product charges, loan modifications, double billing, use of devices that interfered with driving, collection tactics, and payment allocation. For instance, examiners identified occurrences where consumers paid off their loans early, but servicers failed to ensure consumers received refunds for unearned fees related to add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include: (i) NCRCs that failed to report the outcome of complaint reviews to the Bureau; (ii) furnishers that failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures that contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iii) provide explanations to consumers after determining that no billing error occurred or that a different billing error occurred from that asserted. Examiners also identified Regulation Z violations where credit card issuers improperly mixed original factors and acquisition factors when reevaluating accounts subject to a rate increase, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors engaged in conduct that harassed, oppressed, or abused the person with whom they were communicating. The report findings also discussed instances where debt collectors communicated with a person other than the consumer about the consumer’s debt when the person had a name similar or identical to the consumer, in violation of the FDCPA.
- Deposits. The Bureau discussed how it conducted prioritized assessments to evaluate how financial institutions handled pandemic relief benefits deposited into consumer accounts. Examiners identified unfairness risks at multiple institutions due to policies and procedures that may have resulted in, among other things, (i) garnishing protected economic impact payments funds in violation of the Consolidated Appropriations Act of 2021; or (ii) failing to apply the appropriate state exemptions to certain consumers’ deposit accounts after receiving garnishment notice.
- Mortgage Origination. Bureau examiners identified Regulation Z violations and deceptive acts or practices prohibited by the CFPA. An example of this is when the settlement service had been performed and the loan originator knew the actual costs of those service, but entered a cost that was completely unrelated to the actual charges that the loan originator knew had been incurred, resulting in information being entered that was not consistent with the best information reasonably available. The Bureau also found that the waiver language in some loan security agreements was misleading, and that a reasonable consumer could understand the provision to waive their right to bring a class action on any claim in federal court.
- Mortgage Servicing. Bureau examiners identified instances where servicers engaged in abusive acts or practices by charging sizable fees for phone payments when consumers were unaware of those fees. Examiners also identified unfair acts or practices and Regulation X policy and procedure violations regarding failure to provide consumers with CARES Act forbearances.
- Payday Lending. Examiners found lenders failed to maintain records of call recordings necessary to demonstrate full compliance with conduct provisions in consent orders generally prohibiting certain misrepresentations.
On July 7, the CFPB issued an advisory opinion to state its interpretation that under certain FCRA-permissible purpose provisions, a consumer reporting agency may not provide a consumer report to a user unless it has reason to believe that all of the information it includes pertains to the consumer who is the subject of the user’s request. The Bureau explained that “credit reporting companies and users of credit reports have specific obligations to protect the public’s data privacy,” and reminded covered entities that “FCRA section 604(f) strictly prohibits a person who uses or obtains a consumer report from doing so without a permissible purpose.”
Among other things, the FCRA is designed to ensure fair and accurate reporting and requires users who buy these consumer credit reports to have a legally permissible purpose. Specifically, the advisory opinion clarifies that (i) insufficient matching procedures can result in credit reporting companies providing reports to entities without a permissible purpose, thus violating a consumer’s privacy rights (the Bureau explained that if a credit reporting company uses name-only matching procedures, items appearing on a credit report may not all correspond to a single individual); (ii) it is unlawful to provide credit reports of multiple people as “possible matches” (credit reporting companies are obligated to implement adequate procedures to find the correct individual); (iii) disclaimers about insufficient matching procedures will not cure a failure to take reasonable measures to ensure the information provided in a credit report is only about the individual for whom the user has a permissible purpose; and (iv) credit report users must ensure that they are not violating an individual’s privacy by obtaining a credit report when they lack a permissible purpose for doing so.
The Bureau also outlined certain criminal liability provisions in the FCRA. According to the advisory opinion, covered entities may face criminal liability under Section 619 for obtaining information on an individual under false pretenses, while Section 620 “imposes criminal liability on any officer or employee of a consumer reporting agency who knowingly and willfully provides information concerning an individual from the agency’s files to an unauthorized person.” Violators can face criminal penalties and imprisonment, the Bureau said in its announcement.
As previously covered by InfoBytes, the Bureau finalized its Advisory Opinions Policy in 2020. Under the policy, entities seeking to comply with existing regulatory requirements are permitted to request an advisory opinion in the form of an interpretive rule from the Bureau (published in the Federal Register for increased transparency) to address areas of uncertainty.
On May 2, the CFPB released its spring 2022 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, prepaid accounts, remittances, and student loan servicing. The report’s findings cover examinations completed between July and December 2021. Highlights of the examination findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to wrongful repossessions, misleading final loan payment amounts, and overcharges for add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include (i) both CRCs and furnishers failed to provide written notice to consumers providing the results of reinvestigations and direct dispute investigations; (ii) furnishers failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse consumers after determining a billing error had occurred; (iii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iv) provide consumers with the evidence relied upon to determine a billing error had not occurred. Examiners also identified Regulation Z violations connected to creditors’ acquisitions of pre-existing credit card accounts from other creditors, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA and CFPA violations where debt collectors used false or misleading representations in connection with identity theft debt collection. Report findings also discussed instances where debt collectors engaged in unfair practices by failing to timely refund overpayments or credit balances.
- Deposits. The Bureau discussed violations related to Regulation E, which implements the EFTA, including occurrences where institutions (i) placed duplicate holds on certain mobile check deposits that were deemed suspicious instead of a single hold as intended; (ii) failed to honor a timely stop payment request; (iii) failed to complete error investigations following a consumer’s notice of error because the consumer did not submit an affidavit; and (iv) failed to provide consumers with notices of revocation of provisional credit connected with error investigations regarding check deposits at ATMs.
- Mortgage Origination. Bureau examiners identified Regulation Z violations concerning occurrences where loan originators were compensated differently based on the terms of the transaction. Under the Bureau’s 2013 Loan Originator Final Rule, “it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” Examiners also found that certain lenders failed to retain sufficient documentation to establish the validity for revisions made to credit terms.
- Prepaid Accounts. The Bureau found violations of Regulation E and EFTA related to institutions’ failure to submit prepaid account agreements to the Bureau within the required time frame. Examiners also identified instances where institutions failed to honor oral stop payment requests related to payments originating through certain bill pay systems. The report cited additional findings where institutions failed to properly conduct error investigations.
- Remittances. Bureau examiners identified violations of the EFTA, Regulation E, and deceptive acts and practices. Remittance transfer providers allegedly made false and misleading representations concerning the speed of transfers, and in multiple instances, entered into service agreements with consumers that violated the “prohibition on waivers of rights conferred or causes of action created by EFTA.” Examiners also identified several issues related to the Remittance Rule’s disclosure, timing, and recordkeeping requirements.
- Student Loan Servicing. Bureau examiners identified several unfair acts or practices connected to private student loan servicing, including that servicers failed to make advertised incentive payments (which caused consumers to not receive payments to which they were entitled), and failed to issue timely refund payments in accordance with loan modification payment schedules.
The report also highlights recent supervisory program developments and enforcement actions, including the Bureau’s recent decision to invoke a dormant authority to examine nonbanks (covered by InfoBytes here).
On April 7, the CFPB released a proposed rule and solicited comments on regulations implementing amendments to the FCRA intended to assist victims of trafficking. The proposed rule would establish a method for a trafficking victim to submit documentation to consumer reporting agencies (CRAs) establishing that they are a survivor of trafficking, and would require CRAs to block adverse information in consumer reports after receiving such documentation. The proposed rules would amend Regulation V to implement changes to FCRA enacted in the National Defense Authorization Act for Fiscal Year 2022, also referred to as the “Debt Bondage Repair Act,” which was signed into law in December 2021. (Covered by InfoBytes here). Under the law, CRAs are prohibited “from providing consumer reports that contain any negative item of information about a survivor of trafficking from any period the survivor was being trafficked.” In announcing the proposal, the CFPB noted that “Congress required the CFPB to utilize its rulemaking authorities to implement the Debt Bondage Repair Act through rule changes to Regulation V, which ensures consumers’ credit information is fairly reported by CRAs.” According to the CFPB, the proposal “would protect survivors of human trafficking by preventing CRAs from including negative information resulting from abuse.” Comments are due 30 days after publication in the Federal Register.
On February 25, the U.S. District Court for the Eastern District of Pennsylvania denied in part and granted in part a defendant’s motion for summary judgment in an FCRA case. According to the opinion, the plaintiffs applied for a loan at a bank to refinance their home mortgage and the bank then engaged a service agency (defendant) to conduct a public records search and provide a report on the plaintiffs. To prepare the report, the defendant allegedly engaged an independent contractor to conduct a physical search of both the open judgment directory and the municipal lien directory. The plaintiffs claimed that the defendant’s report “erroneously” listed outstanding civil judgments against them and that defendant refused to investigate the alleged inaccuracies. The plaintiffs filed suit, alleging that the defendant violated the FCRA by failing to follow reasonable procedures to assure maximum possible accuracy when preparing a consumer report and by failing to conduct a reasonable reinvestigation of the plaintiffs’ dispute.
The defendant moved for summary judgment, asserting that it was not subject to the FCRA as a matter of law since it was not a consumer reporting agency and that it did not supply “consumer reports” within the meaning of the FCRA. Additionally, the defendant claimed that even if it was subject to the FCRA, no reasonable juror could find that it violated either of those FCRA provisions. The district court found that the defendant is a “consumer reporting agency” under FCRA because its operations met the statutory definition. The court partially granted the defendant’s summary judgment on the plaintiffs’ claims that it willfully violated the FCRA by failing to conduct a reasonable reinvestigation of the plaintiffs’ dispute.
On November 4, the CFPB issued an advisory opinion to express its interpretation that credit reporting companies, including tenant and employment screening companies, are in violation of the FCRA if they engage in the practice of matching consumer records solely by name. According to the Bureau, the use of name-only matching procedures (without the use of other personally identifying information such as address, date of birth, or Social Security number) does not assure maximum possible accuracy of consumer information. The Bureau emphasized that there is a heightened risk of mistaken identity from name-only matching among Hispanic, Black, and Asian communities due to less surname diversity among those populations as compared to the White population. “When background screening companies and their algorithms carelessly assign a false identity to applicants for jobs and housing, they are breaking the law,” Director Rohit Chopra stated. “Error-ridden background screening reports may disproportionately impact communities of color, further undermining an equitable recovery.” The advisory opinion affirms consumer reporting companies’ obligation to use reasonable procedures to assure maximum possible accuracy, and “does not create a safe harbor to use insufficient matching procedures involving multiple identifiers.” Other practices, such as combining a name with date of birth, could also lead to cases of mistaken identity, the Bureau warned. The Bureau will work closely with the FTC to eliminate illegal conduct in the background screening industry, while the FTC may be able to take actions against unfair or deceptive conduct not covered by the CFPA. The Bureau further emphasized that violating the FCRA can lead to civil penalties, restitution, damages, and other relief.
Chopra issued a statement on the Bureau’s intention to curb false identity matching, pointing out that name-only matching is just one example of an inadequate procedure and that nothing in the advisory opinion “suggests that the responsibility to follow reasonable procedures to assure maximum possible accuracy can be met with a thoughtless application of any particular loose matching criteria, even if more than names alone are matched.” He also warned companies they should not try to evade their FCRA responsibilities “by issuing a disclaimer that their report might not be matched to the right person.” Chopra further noted that the Bureau will support the FTC in its work to monitor business models that rely on harvesting and monetizing personal data, as well as big tech companies and lesser-known data brokers that traffic data and consumer reports.
On June 29, the CFPB released its summer 2021 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto loan servicing, consumer reporting, debt collection, deposits, fair lending, mortgage origination and servicing, payday lending, private education loan origination, and student loan servicing. The findings of the report, which are published to assist entities in complying with applicable consumer laws, cover examinations that generally were completed between January and December of 2020. Highlights of the examination findings include:
- Auto Loan Servicing. Bureau examiners identified unfair acts or practices related to lender-placed collateral protection insurance (CPI), including instances where servicers charged unnecessary CPI or charged for CPI after repossession. Examiners also identified unfair acts or practices related to payoff amounts where consumers had ancillary product rebates due, and also found unfair or deceptive acts or practices related to payment application.
- Consumer Reporting. The Bureau found deficiencies in consumer reporting companies’ (CRCs) FCRA compliance related to the following requirements: (i) accuracy; (ii) security freezes applicable to certain CRCs; and (iii) ID theft block requests. Specifically, examiners found that CRCs continued to include information from furnishers despite receiving furnisher dispute responses that “suggested that the furnishers were no longer sources of reliable, verifiable information about consumers.” Additionally, the report noted instances where furnishers failed to update and correct information or conduct reasonable investigations of direct disputes.
- Debt Collection. The report found that examiners found instances of FDCPA violations where debt collectors (i) made calls to a consumer’s workplace; (ii) communicated with third parties; (iii) failed to stop communications after receiving a written request or a refusal to pay; (iv) harassed consumers regarding their inability to pay; (v) communicated, and threatened to communicate, false credit information to CRCs; (vi) made false representations or used deceptive collection means; (vii) entered inaccurate information regarding state interest rate caps into an automated system; (viii) unlawfully initiated wage garnishments; and (ix) failed to send complete validation notices.
- Deposits. The Bureau discussed violations related to Regulation E and Regulation DD, including error resolution violations, issues with provisional credits, failure to investigate, failure to remediate errors, and overdraft opt-in and disclosure violations.
- Fair Lending. The report noted instances where examiners cited violations of HMDA/ Regulation C involving HMDA loan application register inaccuracies, and instances where lenders, among other things, violated ECOA/Regulation B “by engaging in acts or practices directed at prospective applicants that would have discouraged reasonable people in minority neighborhoods in Metropolitan Statistical Areas (MSAs) from applying for credit.”
- Mortgage Origination. The Bureau cited violations of Regulation Z and the CFPA related to loan originator compensation, title insurance disclosures, and deceptive waivers of borrowers’ rights in security deed riders and loan security agreements.
- Mortgage Servicing. The Bureau cited violations of Regulation X, including those related to dual tracking violations, misrepresentations regarding foreclosure timelines, and PMI terminations.
- Payday Lending. The report discussed violations of the CFPA for payday lenders, including falsely representing an intent to sue or that a credit check would not be run, and presenting deceptive repayment options to borrowers that were contractually eligible for no-cost repayment plans.
- Private Education Loan Origination. Bureau examiners identified deceptive acts or practices related to the marketing of private education loan rates.
- Student Loan Servicing. Bureau examiners found several types of misrepresentations servicers made regarding consumer eligibility for the Public Service Loan Forgiveness (PSLF) program, and identified unfair acts or practices related to a servicer’s “failure to reverse negative consequences of automatic natural disaster forbearances.” Additionally, examiners identified unfair act or practices related to failing to honor consumer payment allocation instructions or providing inaccurate monthly payment amounts to consumers after a loan transfer.
The report also highlights recent supervisory program developments and enforcement actions.
On January 19, the CFPB released a special edition of Supervisory Highlights detailing the agency’s Covid-19 prioritized assessment (PA) observations. Since May 2020, the Bureau has conducted PAs in response to the pandemic in order to obtain real-time information from supervised entities operating in markets that pose an elevated risk of pandemic-related consumer harm. According to the Bureau, the PAs are not designed to identify federal consumer financial law violations, but are intended to spot and assess risks in order to prevent consumer harm. Targeted information requests were sent to entities seeking information on, among other things, ways entities are assisting and communicating with consumers, Covid-19-related institutional challenges, compliance management system changes made in response to the pandemic, and service provider data. Highlights of the Bureau’s findings include:
- Mortgage servicing. The CARES Act established certain forbearance protections for homeowners. The Bureau pointed out that many servicers faced significant challenges, including operational constraints, resource burdens, and service interruptions. Consumer risks were also present, with several servicers (i) providing incomplete or inaccurate information regarding CARES Act forbearances, failing to timely process forbearance requests, or enrolling borrowers in unwanted or automatic forbearances; (ii) sending collection and default notices, assessing late fees, and initiating foreclosures for borrowers in forbearance; (iii) inaccurately handling borrowers’ preauthorized electronic funds transfers; and (iv) failing to take appropriate loss mitigation steps.
- Auto loan servicing. The Bureau noted that many auto loan servicers provided insufficient information to borrowers about the impact of interest accrual during deferment periods, while other servicers continued to withdraw funds for monthly payments even after agreeing to deferments. Additionally, certain borrowers received repossession notices even though servicers had suspended repossession operations during this time.
- Student loan servicing. The CARES Act established protections for certain student loan borrowers, including reduced interest rates and suspended monthly payments for most federal loans owned by the Department of Education. Many private student loan holders also offered payment relief options. The Bureau noted however that servicers faced significant challenges in implementing these protections. For certain servicers, these challenges led to issues which raised the risk of consumer harm, including (i) provision of incorrect or incomplete payment relief options; (ii) failing to maintain regular call center hours; (iii) failing to respond to forbearance extension requests; and (iv) allowing certain payment allocation errors and preauthorized electronic funds transfers.
- Small business lending. The Bureau discussed the Small Business Administration’s Paycheck Protection Program (PPP), noting that when “implementing the PPP, multiple lenders adopted a policy that restricted access to PPP loans beyond the eligibility requirements of the CARES Act and rules and orders issued by the SBA.” The Bureau encouraged lenders to consider and address any fair lending risks associated with PPP lending.
The Supervisory Highlights also examined areas related to credit card accounts, consumer reporting and furnishing, debt collection, deposits, prepaid accounts, and small business lending.