Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 2, the CFPB released its spring 2022 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, prepaid accounts, remittances, and student loan servicing. The report’s findings cover examinations completed between July and December 2021. Highlights of the examination findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to wrongful repossessions, misleading final loan payment amounts, and overcharges for add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include (i) both CRCs and furnishers failed to provide written notice to consumers providing the results of reinvestigations and direct dispute investigations; (ii) furnishers failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse consumers after determining a billing error had occurred; (iii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iv) provide consumers with the evidence relied upon to determine a billing error had not occurred. Examiners also identified Regulation Z violations connected to creditors’ acquisitions of pre-existing credit card accounts from other creditors, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA and CFPA violations where debt collectors used false or misleading representations in connection with identity theft debt collection. Report findings also discussed instances where debt collectors engaged in unfair practices by failing to timely refund overpayments or credit balances.
- Deposits. The Bureau discussed violations related to Regulation E, which implements the EFTA, including occurrences where institutions (i) placed duplicate holds on certain mobile check deposits that were deemed suspicious instead of a single hold as intended; (ii) failed to honor a timely stop payment request; (iii) failed to complete error investigations following a consumer’s notice of error because the consumer did not submit an affidavit; and (iv) failed to provide consumers with notices of revocation of provisional credit connected with error investigations regarding check deposits at ATMs.
- Mortgage Origination. Bureau examiners identified Regulation Z violations concerning occurrences where loan originators were compensated differently based on the terms of the transaction. Under the Bureau’s 2013 Loan Originator Final Rule, “it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” Examiners also found that certain lenders failed to retain sufficient documentation to establish the validity for revisions made to credit terms.
- Prepaid Accounts. The Bureau found violations of Regulation E and EFTA related to institutions’ failure to submit prepaid account agreements to the Bureau within the required time frame. Examiners also identified instances where institutions failed to honor oral stop payment requests related to payments originating through certain bill pay systems. The report cited additional findings where institutions failed to properly conduct error investigations.
- Remittances. Bureau examiners identified violations of the EFTA, Regulation E, and deceptive acts and practices. Remittance transfer providers allegedly made false and misleading representations concerning the speed of transfers, and in multiple instances, entered into service agreements with consumers that violated the “prohibition on waivers of rights conferred or causes of action created by EFTA.” Examiners also identified several issues related to the Remittance Rule’s disclosure, timing, and recordkeeping requirements.
- Student Loan Servicing. Bureau examiners identified several unfair acts or practices connected to private student loan servicing, including that servicers failed to make advertised incentive payments (which caused consumers to not receive payments to which they were entitled), and failed to issue timely refund payments in accordance with loan modification payment schedules.
The report also highlights recent supervisory program developments and enforcement actions, including the Bureau’s recent decision to invoke a dormant authority to examine nonbanks (covered by InfoBytes here).
On March 31, the FDIC released the spring 2022 edition of the Consumer Compliance Supervisory Highlights to provide information and observations related to the FDIC’s consumer compliance supervision of state non-member banks and thrifts in 2021. Topics include:
- A summary of the FDIC’s supervisory approach in response to the Covid-19 pandemic, including efforts made by banks to meet the needs of consumers and communities.
- An overview of the most frequently cited violations (approximately 78 percent of total violations involved TILA, the Flood Disaster Protection Act (FDPA), EFTA, Truth in Savings Act, and RESPA). During 2021, the FDIC initiated 20 formal enforcement actions and 24 informal enforcement actions addressing consumer compliance examination observations, and issued civil money penalties totaling $2.7 million against institutions to address violations of the FDPA and Section 5 of the FTC Act.
- Information on the charging of multiple non-sufficient funds fees (NSF) for re-presented items, and risk-mitigating activities taken by banks to avoid potential violations. According to the FDIC, “failure to disclose material information to customers about re-presentment practices and fees” may be deceptive. The failure to disclose material information to customers “may also be unfair if there is the likelihood of substantial injury for customers, if the injury is not reasonably avoidable, and if there is no countervailing benefit to customers or competition. For example, there is risk of unfairness if multiple fees are assessed for the same transaction in a short period of time without sufficient notice or opportunity for consumers to bring their account to a positive balance.” Recommendations on addressing overdraft issues are discussed in the report.
- An overview of fair lending concerns highlighting ways to mitigate risk, including “[m]aintaining written policies and procedures that include information for lending staff to reference when applying credit decision criteria and determining whether borrowers are creditworthy” and reviewing requirements used to screen potential applicants to make sure there is no “discriminatory impact.”
- Information on regulatory developments, such as (i) rulemaking related to the Community Reinvestment Act, flood insurance, false advertising/misuse of the FDIC’s name or logo rulemaking, deposit insurance, and LIBOR; and (ii) guidance on fintech due diligence, artificial intelligence/machine learning, and third-party risk management.
- A summary of consumer compliance resources available to financial institutions.
- An overview of consumer complaint trends.
On February 23, the U.S. District Court for the Eastern District of New York ruled that parties must arbitrate class claims concerning alleged fraudulent transactions on app users’ accounts. Plaintiffs—users of the defendants’ mobile payment platform who claimed that third parties fraudulently withdrew funds from their app accounts—alleged that the defendants’ inadequate dispute resolution process “improperly places the burden on the user to prove that a disputed transaction was unauthorized” in violation of the EFTA and N.Y. Gen. Bus. Law § 349. Defendants, however, countered that the plaintiffs agreed to arbitrate any disputes related to their app accounts, and moved to compel arbitration and dismiss the complaint. The court analyzed the applicable sign-up flows and ruled that in signing up for the apps, users agreed to unambiguous terms of service, which included an arbitration agreement presented in a clickable hyperlinked URL. The court rejected plaintiffs’ assertion that a reasonably prudent smartphone user would not think to click on the terms of service hyperlink, stating that the hyperlink for both apps provided reasonably clear and conspicuous interfaces. The court further found that the claims were subject to arbitration because plaintiffs’ specifically assented to the arbitration provisions and that the parties’ agreed to present any question of arbitrability to an arbitrator.
On February 15, the CFPB released a bulletin reiterating that the EFTA and its implementing regulation, Regulation E, apply to government benefit accounts with the exception of certain state and local electronic benefit transfer programs. The EFTA establishes, among other things, that “no person may require a consumer to establish an account for receipt of electronic fund transfers with a particular financial institution as a condition of employment or receipt of government benefits.” According to the Bulletin, this “compulsory use prohibition ensures that consumers receiving the government benefits” are provided “a choice with respect to how they receive their funds.” The bulletin also summarized the regulation’s disclosure requirements for government benefit accounts, which includes disclosing that the consumer: (i) “has several options to receive benefit payments, followed by a list of the options available to the consumer, and a statement directing the consumer to tell the agency which option the consumer chooses”; or (ii) “does not have to accept the government benefit account and directing the consumer to ask about other ways to receive government benefit payments.”
Recently, the CFPB updated its remittance transfer examination procedures to reflect the latest amendments to Regulation E (EFTA’s implementing regulation), Subpart B, as of May 2020. The updates are reflected within the Bureau’s Supervision and Examinations Manual. The updated procedures outline practices for examiners when evaluating institutions that provide remittances in the normal course of business to individuals and businesses in foreign countries. “Examiners should complete a risk assessment, conduct necessary scoping, and use these procedures, in conjunction with the compliance management system review procedures, to conduct a remittance transfer examination,” the Bureau stated. The procedures specify four objectives for remittance transfer examinations: (i) to assess the quality of a regulated entity’s compliance risk management systems in its remittance transfer business; (ii) to identify acts or practices that materially increase the risk of federal consumer financial law violations, as well as associated harm to consumers in connection with remittance transfers; (iii) to gather facts to help determine whether a supervised entity engages in acts or practices in connection with remittance transfers that are likely to violate federal consumer financial law; and (iv) to determine, in accordance with CFPB internal consultation requirements, whether a federal consumer financial law has been violated and whether it is appropriate to take further supervisory or enforcement action.
On December 20, the U.S. Court of Appeals for the Ninth Circuit affirmed in part and reversed in part a district court’s dismissal of an action under the EFTA against a national bank related to alleged unauthorized electronic fund transfers. The plaintiff, a foreign national who resided primarily outside the U.S., held several accounts with the defendant, including the checking account at issue. According to the plaintiff, “through unknown means, unidentified individuals gained access to her  checking account in October 2017 and began making unauthorized withdrawals without her knowledge.” A separate bank flagged a large transfer from the plaintiff’s account and reached out to the defendant’s fraud department. That bank ultimately refunded the plaintiff’s money; however, according to the opinion, the defendant allegedly did not change the plaintiff’s account number and password, freeze her account, or inform her of the unauthorized transfer. From November 2017 through March 2019, more than 100 additional unauthorized withdrawals were made. The plaintiff acknowledged that she did not report any of these unauthorized transactions until March 2019, claiming she had been overseas with “‘very limited or no’ internet access to check her bank statements.” While some of the unauthorized withdrawals were reimbursed through the defendant’s internal dispute-resolution process, the defendant allegedly “refused to reimburse her for $300,000 of the losses she suffered, citing her failure to report the initial unauthorized withdrawals within 60 days of their appearance on her bank statements, as the EFTA ordinarily requires.” The plaintiff sued, claiming that the defendant violated the EFTA or, alternatively, California’s EFTA counterpart, and asserting various other state law claims. The district court granted the defendant’s motion to dismiss, ruling that because the plaintiff “failed to report the withdrawals at issue” within the required time frame, “the EFTA bars her claim as a matter of law.”
On appeal, the 9th Circuit determined that the plaintiff plausibly alleged sufficient facts under the EFTA to suggest that “the subsequent unauthorized transfers for which she sought reimbursement would still have occurred.” While the plaintiff did not dispute that she failed to report any of the unauthorized withdrawals to the defendant within EFTA’s 60-day reporting period, she argued that her compliance was excused based on her limited access to her banking records and that the defendant “was already aware of the initial $29,000 withdrawal in November 2017[.]” The appellate court agreed with the district court that the plaintiff failed to “plausibly explain how someone with [her] financial means lacked adequate internet access to view her banking records for more than a year.” The 9th Circuit also rejected the plaintiff’s argument that she did not need to report the unauthorized withdrawals by virtue of the defendant’s communications with the other bank, agreeing that the EFTA “says nothing about a bank receiving notice from third-party sources unaffiliated with the consumer”
However, the 9th Circuit disagreed with the district court’s decision to dismiss the EFTA claim or its California counterpart, after concluding that the plaintiff satisfied her pleading burden by alleging facts “plausibly suggesting that even if she had reported an unauthorized transfer within the 60-day period, the subsequent unauthorized transfers for which she [sought] reimbursement would still have occurred.” The panel emphasized that a consumer may be held liable for unauthorized transfers occurring after the 60-day period only where the bank establishes that those transfers “‘would not have occurred but for the failure of the consumer’” to report the earlier unauthorized transfer within the 60-day period. The district court “overlooked this requirement, and the error was not harmless,” the appellate court explained.
On December 13, the CFPB released updated Electronic Fund Transfers FAQs, which pertain to compliance with the Electronic Fund Transfer Act (EFTA) and Subpart A to Regulation E. The updated topics include transaction coverage, financial institution coverage, error resolution, and unauthorized EFT error resolution. Highlights from the updated FAQs include:
- Person-to-person (P2P) payments can be unauthorized electronic transfers under Regulation E.
- “[A] ‘pass-through’ payment transfers funds from the consumer’s account held by an external financial institution to another person’s account held by an external financial institution,” which is “initiated through a financial institution that does not hold a consumer’s account, for example, a non-bank P2P provider.”
- “Regulation E section 1005.2(i) defines financial institution under EFTA and Regulation E to include banks, savings associations, credit unions, and: any other person that directly or indirectly holds an account belonging to a consumer, or any other person that issues an access device and agrees with a consumer to provide electronic fund transfer (EFT) services.”
- “Any P2P payment provider that meets the definition of a financial institution, as discussed in Electronic Fund Transfers Coverage: Financial Institutions Question 1, is a financial institution under Regulation E.” Therefore, “if a P2P payment provider directly or indirectly holds an account belonging to a consumer, they are considered a financial institution under Regulation E.”
- The transfer is considered to be an unauthorized EFT under Regulation E if a consumer’s account is obtained from a third party through fraudulent means (hacking), and a hacker utilizes that information to make an unauthorized electronic transfer from the consumer’s account.
- “Although private network rules and other commercial agreements may provide for interbank finality and irrevocability, they do not reduce consumer protections against liability for unauthorized EFTs afforded by the Electronic Fund Transfer Act…. Accordingly, any financial institution in this transaction must comply with the error resolution requirements discussed in Electronic Fund Transfers Error Resolution Question 2, as well as the liability protections for unauthorized transfers.”
On December 8, the CFPB released its fall 2021 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of credit card account management, debt collection, deposits, fair lending, mortgage servicing, payday lending, prepaid accounts, and remittance transfers. The report’s findings cover examinations that were completed between January and June of 2021 in addition to prior supervisory findings that led to public enforcement actions in the first half of 2021. Highlights of the examination findings include:
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse late fees after determining a missed payment was not credited to a consumer’s account; and (iii) conduct reasonable investigations into billing error notices concerning missed payments and unauthorized transactions. Examiners also identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors represented to consumers that their creditworthiness would improve upon final payment under a repayment plan and the deletion of the tradeline. Because credit worthiness is impacted by numerous factors, examiners found “that such representations could lead the least sophisticated consumer to conclude that deleting derogatory information would result in improved creditworthiness, thereby creating the risk of a false representation or deceptive means to collect or attempt to collect a debt in violation of Section 807(10).”
- Deposits. The Bureau discussed violations related to Regulation E, including error resolution violations related to misdirected payment transfers and failure to investigate error notices where consumers alleged funds were sent via a person-to-person payment network but the intended recipient did not receive the funds.
- Fair Lending. The report noted instances where examiners cited violations of ECOA and Regulation B by lenders "discriminating against African American and female borrowers in the granting of pricing exceptions based upon competitive offers from other institutions,” which led to observed pricing disparities, specifically as compared to similarly situated non-Hispanic white and male borrowers. Among other things, examiners also observed that lenders’ policies and procedures contributed to pricing discrimination, and that lenders improperly inquired about small business applicants’ religion and considered religion in the credit decision process.
- Mortgage Servicing. The Bureau noted that it is prioritizing mortgage servicing supervision attributed to the increase in borrowers needing loss mitigation assistance due to the Covid-19 pandemic. Examiners found violations of Regulations Z and X, as well as unfair and deceptive acts and practices. Unfair acts or practices included those related to (i) charging delinquency-related fees to borrowers in CARES Act forbearances; (ii) failing to terminate preauthorized EFTs; and (iii) assessing fees for services exceeding the actual cost of the performed services. Deceptive acts or practices found by examiners related to mortgage servicers included incorrectly disclosed transaction and payment information in a borrower’s online mortgage loan account. Mortgage servicers also allegedly failed to evaluate complete loss mitigation applications within 30 days, incorrectly handled partial payments, and failed to automatically terminate PMI in a timely manner. The Bureau noted in its press release that it is “actively working to support an inclusive and equitable economic recovery, which means ensuring all mortgage servicers meet their homeowner protection obligations under applicable consumer protection laws,” and will continue to work with the Federal Reserve Board, FDIC, NCUA, OCC, and state financial regulators to address any compliance failures (covered by InfoBytes here).
- Payday Lending. The report identified unfair and deceptive acts or practices related to payday lenders erroneously debiting consumers’ loan balances after a consumer applied and received confirmation for a loan extension, misrepresenting that consumers would only pay extension fees on the original due dates of their loans, and failing to honor loan extensions. Examiners also found instances where lenders debited or attempted one or more duplicate unauthorized debits from a consumer’s bank account. Lenders also violated Regulation E by failing “to retain, for a period of not less than two years, evidence of compliance with the requirements imposed by EFTA.”
- Prepaid Accounts. Bureau examiners found violations of Regulation E and EFTA related to stop-payment waivers at financial institutions, which, among other things, failed to honor stop-payment requests received at least three business days before the scheduled date of the transfer. Examiners also observed instances where service providers improperly required consumers to contact the merchant before processing a stop-payment request or failed to process stop-payment requests due to system limitations even if a consumer had contacted the merchant. The report cited additional findings where financial institutions failed to properly conduct error investigations.
- Remittance Transfers. Bureau examiners identified violations of Regulation E related to the Remittance Rule, in which providers “received notices of errors alleging that remitted funds had not been made available to the designated recipient by the disclosed date of availability” and then failed to “investigate whether a deduction imposed by a foreign recipient bank constituted a fee that the institutions were required to refund to the sender, and subsequently did not refund that fee to the sender.”
The report also highlights recent supervisory program developments and enforcement actions.
On November 8, the U.S. District Court for the District of New Hampshire denied a credit union’s motion to dismiss claims concerning its overdraft fees and policies. Plaintiffs filed a putative class action alleging that the defendant failed to properly disclose how it assessed overdrafts in violation of EFTA and implementing Regulation E. According to the plaintiffs, the defendant’s overdraft fee opt-in disclosure did not provide a “clear and readily understandable” explanation of the meaning of “enough money,” nor did it specify whether overdrafts are calculated based on the actual balance or the available balance. The defendant moved to dismiss, arguing that the opt-in disclosure should be read in conjunction with a separate membership agreement that outlines the account terms and discloses the defendant’s use of the “available balance” method to determine when an account is overdrawn. The defendant further contended that it did not violate Regulation E and that it qualifies for EFTA’s safe harbor provision. The court disagreed, ruling that the plaintiffs had plausibly alleged a violation of Regulation E, as it requires the opt-in disclosure to be “segregated from all other information.” Among other things, the court stated that “[c]ountless courts examining virtually identical language have agreed” that language similar to the phrase “enough money” can plausibly amount to a violation of Regulation E’s “clear and readily understandable” explanation of overdraft fees.
With respect to defendant’s safe harbor claim, the court observed that EFTA may provide safe harbor to banks using an appropriate CFPB model clause (15 U.S.C. § 1693m(d)(2)) or a disclosure form “substantially similar” to the Bureau’s Model Form A-9, which states “[a]n overdraft occurs when you do not have enough money in your account to cover a transaction, but we pay it anyway.” The court agreed, however, with the reasoning of several courts that using language identical to that in the A-9 does not necessarily provide safe harbor defeating plaintiffs’ claims where, as here, the plaintiffs “have plausibly stated a claim that the clause from Model Form A-9 was not ‘appropriate’ because the language did not describe [defendant’s] overdraft policy in a ‘clear and readily understandable’ way.”
On October 21, the CFPB issued orders to six large U.S. technology companies seeking information and data on their payment system business practices. The Bureau stated that the information is intended to help the Bureau understand how these companies use personal payments data and manage data access to users. The Bureau issued the orders citing its authority under the CFPA, Section 1022(c)(4), which grants the agency “statutory authority to order participants in the payments market to turn over information to help the Bureau monitor for risks to consumers and to publish aggregated findings that are in the public interest.” The Bureau’s press release also noted it intends to study the payment system practices of two major Chinese tech companies.
The Bureau made available an example order that contains 55 requests seeking various information and data on several topics, including: (i) “[d]ata harvesting and monetization”; (ii) “[a]ccess restrictions and user choice”; and (iii) documents and information related to payment platforms and compliance with federal consumer protection laws, such as the EFTA and the Gramm-Leach-Bliley Act. Citing consumer data and privacy expectations, the Bureau explained that “[c]onsumers expect certain assurances when dealing with companies that move their money. They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law.”
Director Rohit Chopra issued a statement commenting on the purpose of the orders. He noted that the Bureau’s inquiry “is one of many efforts within the Federal Reserve System to plan for the future of real-time payments” and that it “will help to inform regulators and policymakers about the future of our payments system.”
- Kathryn L. Ryan to discuss "State licensing and NMLS challenges" at MBA’s Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss “Fair lending and equal opportunity laws” at the MBA Legal Issues and Regulatory Compliance Conference
- Jeffrey P. Naimon to discuss “Contemplating the boundaries of UDAAP” at the MBA Legal Issues and Regulatory Compliance Conference
- Steven vonBerg to speak at closing “super session“ on compliance topics at MBA Legal Issues and Regulatory Compliance Conference
- Buckley Webcast: Fifth Circuit muddles CFPB’s plans to use in-house judges in enforcement proceedings
- Jeffrey P. Naimon to discuss “Understanding the ESG impact on compliance” at the ABA’s Regulatory Compliance Conference