Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 2, a global payments provider recently sued by the New York attorney general and the CFPB responded to allegations claiming the “repeat offender” violated numerous federal and state consumer financial protection laws in its handling of remittance transfers. As previously covered by InfoBytes, the complaint claimed the defendant, among other things, (i) violated the Remittance Rule requirements by repeatedly failing “to provide fund availability dates that were accurate, when the Rule required such accuracy”; (ii) “repeatedly ignored the Rule’s error-resolution requirements when addressing notices of error from consumers in New York, including in this district, and elsewhere;” and (iii) failed to establish policies and procedures designed to ensure compliance with money-transferring laws, in violation of Regulation E. The complaint further asserted that the defendant violated the CFPA “by failing to make remittance transfers timely available to designated recipients or to make refunds timely available to senders,” and that the defendant failed to adopt and implement a comprehensive fraud prevention program mandated by a 2009 FTC order for permanent injunction (covered by InfoBytes here).
The defendant refuted the charges, calling the allegations “false, inflammatory and misleading.” According to the defendant, “before the CFPB filed its lawsuit against the Company on April 21, 2022, [it] had never before been subject to any enforcement action by the CFPB, nor had [it] ever been publicly accused of violating any of the laws or regulations under the CFPB’s purview.” The defendant also took issue with the Bureau’s suggestion that it had “uncovered widespread and systemic issues involving ‘substantial’ consumer harm,” contending that “data from the CFPB’s own consumer complaint portal strongly suggest otherwise. For example, a search of the CFPB’s Consumer Complaint Database shows that in the nine years that the Remittance Rule has been in place, only 351 complaints were made to the CFPB against [the defendant] for failing to deliver money when promised. These complaints represent 0.0001% of the over 325 million transactions subject to the Remittance Rule that [the defendant] processed during that time period. In New York, the total number of complaints in the CFPB Database for that time period was 28, approximately three per year. There have simply never been widespread or systemic violations by [the defendant] of the Remittance Rule.”
On May 2, the CFPB released its spring 2022 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, prepaid accounts, remittances, and student loan servicing. The report’s findings cover examinations completed between July and December 2021. Highlights of the examination findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to wrongful repossessions, misleading final loan payment amounts, and overcharges for add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include (i) both CRCs and furnishers failed to provide written notice to consumers providing the results of reinvestigations and direct dispute investigations; (ii) furnishers failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse consumers after determining a billing error had occurred; (iii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iv) provide consumers with the evidence relied upon to determine a billing error had not occurred. Examiners also identified Regulation Z violations connected to creditors’ acquisitions of pre-existing credit card accounts from other creditors, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA and CFPA violations where debt collectors used false or misleading representations in connection with identity theft debt collection. Report findings also discussed instances where debt collectors engaged in unfair practices by failing to timely refund overpayments or credit balances.
- Deposits. The Bureau discussed violations related to Regulation E, which implements the EFTA, including occurrences where institutions (i) placed duplicate holds on certain mobile check deposits that were deemed suspicious instead of a single hold as intended; (ii) failed to honor a timely stop payment request; (iii) failed to complete error investigations following a consumer’s notice of error because the consumer did not submit an affidavit; and (iv) failed to provide consumers with notices of revocation of provisional credit connected with error investigations regarding check deposits at ATMs.
- Mortgage Origination. Bureau examiners identified Regulation Z violations concerning occurrences where loan originators were compensated differently based on the terms of the transaction. Under the Bureau’s 2013 Loan Originator Final Rule, “it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” Examiners also found that certain lenders failed to retain sufficient documentation to establish the validity for revisions made to credit terms.
- Prepaid Accounts. The Bureau found violations of Regulation E and EFTA related to institutions’ failure to submit prepaid account agreements to the Bureau within the required time frame. Examiners also identified instances where institutions failed to honor oral stop payment requests related to payments originating through certain bill pay systems. The report cited additional findings where institutions failed to properly conduct error investigations.
- Remittances. Bureau examiners identified violations of the EFTA, Regulation E, and deceptive acts and practices. Remittance transfer providers allegedly made false and misleading representations concerning the speed of transfers, and in multiple instances, entered into service agreements with consumers that violated the “prohibition on waivers of rights conferred or causes of action created by EFTA.” Examiners also identified several issues related to the Remittance Rule’s disclosure, timing, and recordkeeping requirements.
- Student Loan Servicing. Bureau examiners identified several unfair acts or practices connected to private student loan servicing, including that servicers failed to make advertised incentive payments (which caused consumers to not receive payments to which they were entitled), and failed to issue timely refund payments in accordance with loan modification payment schedules.
The report also highlights recent supervisory program developments and enforcement actions, including the Bureau’s recent decision to invoke a dormant authority to examine nonbanks (covered by InfoBytes here).
On April 29, the CFPB released Spanish translations for certain model and sample forms included in the Prepaid Rule in Regulation E and for certain adverse action model and sample notices included in Regulation B. According to the Bureau, the release is part of its continuing effort to ensure fair access to competitive and transparent markets for all consumers. The Bureau also reminded financial institutions of their obligation to serve the communities where they conduct business, which includes communities with limited English proficiency, in addition to encouraging the use of the translations as they work with Spanish-speakers.
On April 21, the CFPB and New York attorney general filed a complaint against a remittance provider (defendant) for allegedly violating the Electronic Funds Transfer Act and its implementing Regulation E and the Remittance Rule (the Rule) and the Consumer Financial Protection Act (CFPA), among various consumer financial protection laws. The Bureau’s announcement called the defendant a “repeat offender” citing that in 2018, the FTC filed a motion for compensatory relief and modified order for permanent injunction against the defendant, which alleged that it failed to adopt and implement a comprehensive fraud prevention program mandated by the 2009 order (covered by InfoBytes here). The CFPB complaint alleges that from October 2018 through 2022, the defendant: (i) violated the Remittance Rule requirements by repeatedly failing “to provide fund availability dates that were accurate, when the Rule required such accuracy”; (ii) “repeatedly ignored the Rule’s error-resolution requirements when addressing notices of error from consumers in New York, including in this district, and elsewhere;” and (iii) failed to establish policies and procedures designed to ensure compliance with money-transferring laws, in violation of Regulation E. The complaint further noted that the defendant’s “own assessments of consumers’ complaints showed that the dates Defendants disclosed to consumers, repeatedly, were wrong,” and that the defendant “found multiple delays in making funds available to designated recipients, including delays that constituted errors under the Rule,” among other things. Finally, the Bureau claims that the defendant violated the CFPA “by failing to make remittance transfers timely available to designated recipients or to make refunds timely available to senders.” The Bureau’s complaint seeks consumer restitution, disgorgement, injunctive relief, and civil money penalties. According to a statement released by CFPB Director Rohit Chopra, "the remittance market is ripe for reinvention, and the CFPB will be examining ways to increase competition and innovation for the benefit of both families and honest businesses, while also avoiding creating a new set of harms."
On April 12, the CFPB sued a credit reporting agency (CRA), two of its subsidiaries (collectively, “corporate defendants"), and a former senior executive for allegedly violating a 2017 enforcement order in connection with alleged deceptive practices related to their marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The 2017 consent order required the corporate defendants to pay a $3 million civil penalty and more than $13.9 million in restitution to affected consumers as well as abide by certain conduct provisions (covered by InfoBytes here). The Bureau’s announcement called the corporate defendants “repeat offender[s]” who continued to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges. According to the Bureau’s complaint, the corporate defendants, under the individual defendant’s direction, allegedly violated the 2017 consent order from the day it went into effect instead of implementing agreed-upon policy changes intended to stop consumers from unknowingly signing up for credit monitoring services that charge monthly payments. The Bureau claimed that the corporate defendants’ practices continued even after examiners raised concerns several times. With respect to the individual defendant, the Bureau contended that he had both the “authority and obligation” to ensure compliance with the 2017 consent order but did not do so. Instead, he allowed the corporate defendants to “defy the law and continue engaging in misleading marketing, even in the face of thousands of consumer complaints and refund requests.” The complaint alleges violations of the CFPA, EFTA/ Regulation E, and the FCRA/Regulation V, and seeks a permanent injunction, damages, civil penalties, consumer refunds, restitution, disgorgement and the CFPB’s costs.
CFPB Director Rohit Chopra issued a statement the same day warning the Bureau will continue to bring cases against repeat offenders. Dedicated units within the Bureau’s enforcement and supervision teams will focus on repeat offenders, Chopra stated, adding that the Bureau will also work with other federal and state law enforcement agencies when repeat violations occur. “Agency and court orders are not suggestions, and we are taking steps to ensure that firms under our jurisdiction do not engage in repeat offenses,” Chopra stressed. He also explained that the charges against the individual defendant are appropriate, as he allegedly, among other things, impeded measures to prevent unintended subscription enrollments and failed to comply with the 2017 consent order, which bound company executives and board members to its terms.
The CRA issued a press release following the announcement, stating that it considers the Bureau’s claims to be “meritless” and that as required by the consent order, the CRA “submitted to the CFPB for approval a plan detailing how it would comply with the order. The CFPB ignored the compliance plan, despite being obligated to respond and trigger deadlines for implementation. In the absence of any sort of guidance from the CFPB, [the CRA] took affirmative actions to implement the consent order.” Moreover, the CRA noted that “[r]ather than providing any supervisory guidance on this matter and advising [the CRA] of its concerns – like a responsible regulator would – the CFPB stayed silent and saved their claims for inclusion in a lawsuit, including naming a former executive in the complaint,” and that “CFPB’s current leadership refused to meet with us and were determined to litigate and seek headlines through press releases and tweets.”
On February 15, the CFPB released a bulletin reiterating that the EFTA and its implementing regulation, Regulation E, apply to government benefit accounts with the exception of certain state and local electronic benefit transfer programs. The EFTA establishes, among other things, that “no person may require a consumer to establish an account for receipt of electronic fund transfers with a particular financial institution as a condition of employment or receipt of government benefits.” According to the Bulletin, this “compulsory use prohibition ensures that consumers receiving the government benefits” are provided “a choice with respect to how they receive their funds.” The bulletin also summarized the regulation’s disclosure requirements for government benefit accounts, which includes disclosing that the consumer: (i) “has several options to receive benefit payments, followed by a list of the options available to the consumer, and a statement directing the consumer to tell the agency which option the consumer chooses”; or (ii) “does not have to accept the government benefit account and directing the consumer to ask about other ways to receive government benefit payments.”
Recently, the CFPB updated its remittance transfer examination procedures to reflect the latest amendments to Regulation E (EFTA’s implementing regulation), Subpart B, as of May 2020. The updates are reflected within the Bureau’s Supervision and Examinations Manual. The updated procedures outline practices for examiners when evaluating institutions that provide remittances in the normal course of business to individuals and businesses in foreign countries. “Examiners should complete a risk assessment, conduct necessary scoping, and use these procedures, in conjunction with the compliance management system review procedures, to conduct a remittance transfer examination,” the Bureau stated. The procedures specify four objectives for remittance transfer examinations: (i) to assess the quality of a regulated entity’s compliance risk management systems in its remittance transfer business; (ii) to identify acts or practices that materially increase the risk of federal consumer financial law violations, as well as associated harm to consumers in connection with remittance transfers; (iii) to gather facts to help determine whether a supervised entity engages in acts or practices in connection with remittance transfers that are likely to violate federal consumer financial law; and (iv) to determine, in accordance with CFPB internal consultation requirements, whether a federal consumer financial law has been violated and whether it is appropriate to take further supervisory or enforcement action.
On December 13, the CFPB released updated Electronic Fund Transfers FAQs, which pertain to compliance with the Electronic Fund Transfer Act (EFTA) and Subpart A to Regulation E. The updated topics include transaction coverage, financial institution coverage, error resolution, and unauthorized EFT error resolution. Highlights from the updated FAQs include:
- Person-to-person (P2P) payments can be unauthorized electronic transfers under Regulation E.
- “[A] ‘pass-through’ payment transfers funds from the consumer’s account held by an external financial institution to another person’s account held by an external financial institution,” which is “initiated through a financial institution that does not hold a consumer’s account, for example, a non-bank P2P provider.”
- “Regulation E section 1005.2(i) defines financial institution under EFTA and Regulation E to include banks, savings associations, credit unions, and: any other person that directly or indirectly holds an account belonging to a consumer, or any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.”
- “Any P2P payment provider that meets the definition of a financial institution, as discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, is a financial institution under Regulation E.” Therefore, “if a P2P payment provider directly or indirectly holds an account belonging to a consumer, they are considered a financial institution under Regulation E.”
- The transfer is considered to be an unauthorized EFT under Regulation E if a consumer’s account is obtained from a third party through fraudulent means (hacking), and a hacker utilizes that information to make an unauthorized electronic transfer from the consumer’s account.
- “Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act…. Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”
On December 8, the CFPB released its fall 2021 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of credit card account management, debt collection, deposits, fair lending, mortgage servicing, payday lending, prepaid accounts, and remittance transfers. The report’s findings cover examinations that were completed between January and June of 2021 in addition to prior supervisory findings that led to public enforcement actions in the first half of 2021. Highlights of the examination findings include:
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse late fees after determining a missed payment was not credited to a consumer’s account; and (iii) conduct reasonable investigations into billing error notices concerning missed payments and unauthorized transactions. Examiners also identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors represented to consumers that their creditworthiness would improve upon final payment under a repayment plan and the deletion of the tradeline. Because credit worthiness is impacted by numerous factors, examiners found “that such representations could lead the least sophisticated consumer to conclude that deleting derogatory information would result in improved creditworthiness, thereby creating the risk of a false representation or deceptive means to collect or attempt to collect a debt in violation of Section 807(10).”
- Deposits. The Bureau discussed violations related to Regulation E, including error resolution violations related to misdirected payment transfers and failure to investigate error notices where consumers alleged funds were sent via a person-to-person payment network but the intended recipient did not receive the funds.
- Fair Lending. The report noted instances where examiners cited violations of ECOA and Regulation B by lenders "discriminating against African American and female borrowers in the granting of pricing exceptions based upon competitive offers from other institutions,” which led to observed pricing disparities, specifically as compared to similarly situated non-Hispanic white and male borrowers. Among other things, examiners also observed that lenders’ policies and procedures contributed to pricing discrimination, and that lenders improperly inquired about small business applicants’ religion and considered religion in the credit decision process.
- Mortgage Servicing. The Bureau noted that it is prioritizing mortgage servicing supervision attributed to the increase in borrowers needing loss mitigation assistance due to the Covid-19 pandemic. Examiners found violations of Regulations Z and X, as well as unfair and deceptive acts and practices. Unfair acts or practices included those related to (i) charging delinquency-related fees to borrowers in CARES Act forbearances; (ii) failing to terminate preauthorized EFTs; and (iii) assessing fees for services exceeding the actual cost of the performed services. Deceptive acts or practices found by examiners related to mortgage servicers included incorrectly disclosed transaction and payment information in a borrower’s online mortgage loan account. Mortgage servicers also allegedly failed to evaluate complete loss mitigation applications within 30 days, incorrectly handled partial payments, and failed to automatically terminate PMI in a timely manner. The Bureau noted in its press release that it is “actively working to support an inclusive and equitable economic recovery, which means ensuring all mortgage servicers meet their homeowner protection obligations under applicable consumer protection laws,” and will continue to work with the Federal Reserve Board, FDIC, NCUA, OCC, and state financial regulators to address any compliance failures (covered by InfoBytes here).
- Payday Lending. The report identified unfair and deceptive acts or practices related to payday lenders erroneously debiting consumers’ loan balances after a consumer applied and received confirmation for a loan extension, misrepresenting that consumers would only pay extension fees on the original due dates of their loans, and failing to honor loan extensions. Examiners also found instances where lenders debited or attempted one or more duplicate unauthorized debits from a consumer’s bank account. Lenders also violated Regulation E by failing “to retain, for a period of not less than two years, evidence of compliance with the requirements imposed by EFTA.”
- Prepaid Accounts. Bureau examiners found violations of Regulation E and EFTA related to stop-payment waivers at financial institutions, which, among other things, failed to honor stop-payment requests received at least three business days before the scheduled date of the transfer. Examiners also observed instances where service providers improperly required consumers to contact the merchant before processing a stop-payment request or failed to process stop-payment requests due to system limitations even if a consumer had contacted the merchant. The report cited additional findings where financial institutions failed to properly conduct error investigations.
- Remittance Transfers. Bureau examiners identified violations of Regulation E related to the Remittance Rule, in which providers “received notices of errors alleging that remitted funds had not been made available to the designated recipient by the disclosed date of availability” and then failed to “investigate whether a deduction imposed by a foreign recipient bank constituted a fee that the institutions were required to refund to the sender, and subsequently did not refund that fee to the sender.”
The report also highlights recent supervisory program developments and enforcement actions.
On November 8, the U.S. District Court for the District of New Hampshire denied a credit union’s motion to dismiss claims concerning its overdraft fees and policies. Plaintiffs filed a putative class action alleging that the defendant failed to properly disclose how it assessed overdrafts in violation of EFTA and implementing Regulation E. According to the plaintiffs, the defendant’s overdraft fee opt-in disclosure did not provide a “clear and readily understandable” explanation of the meaning of “enough money,” nor did it specify whether overdrafts are calculated based on the actual balance or the available balance. The defendant moved to dismiss, arguing that the opt-in disclosure should be read in conjunction with a separate membership agreement that outlines the account terms and discloses the defendant’s use of the “available balance” method to determine when an account is overdrawn. The defendant further contended that it did not violate Regulation E and that it qualifies for EFTA’s safe harbor provision. The court disagreed, ruling that the plaintiffs had plausibly alleged a violation of Regulation E, as it requires the opt-in disclosure to be “segregated from all other information.” Among other things, the court stated that “[c]ountless courts examining virtually identical language have agreed” that language similar to the phrase “enough money” can plausibly amount to a violation of Regulation E’s “clear and readily understandable” explanation of overdraft fees.
With respect to defendant’s safe harbor claim, the court observed that EFTA may provide safe harbor to banks using an appropriate CFPB model clause (15 U.S.C. § 1693m(d)(2)) or a disclosure form “substantially similar” to the Bureau’s Model Form A-9, which states “[a]n overdraft occurs when you do not have enough money in your account to cover a transaction, but we pay it anyway.” The court agreed, however, with the reasoning of several courts that using language identical to that in the A-9 does not necessarily provide safe harbor defeating plaintiffs’ claims where, as here, the plaintiffs “have plausibly stated a claim that the clause from Model Form A-9 was not ‘appropriate’ because the language did not describe [defendant’s] overdraft policy in a ‘clear and readily understandable’ way.”
- Steven vonBerg to speak at closing “super session“ on compliance topics at MBA Legal Issues and Regulatory Compliance Conference
- Buckley Webcast: Fifth Circuit muddles CFPB’s plans to use in-house judges in enforcement proceedings
- Jeffrey P. Naimon to discuss “Understanding the ESG impact on compliance” at the ABA’s Regulatory Compliance Conference