Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • D.C. Circuit says CFPB’s Prepaid Rule does not mandate model disclosures for payment companies

    Courts

    On February 3, the U.S. Court of Appeals for the D.C. Circuit reversed a district court’s decision that had previously granted summary judgment in favor of a payment company and had vacated two provisions of the CFPB’s Prepaid Rule: (i) the short-form disclosure requirement “to the extent it provides mandatory disclosure clauses”; and (ii) the 30-day credit linking restriction. As previously covered by InfoBytes, the company sued the Bureau alleging, among other things, that the Bureau’s Prepaid Rule exceeded the agency’s statutory authority “because Congress only authorized the Bureau to adopt model, optional disclosure clauses—not mandatory disclosure clauses like the short-form disclosure requirement.” The Bureau countered that it had authority to enforce the mandates under federal regulations, including the EFTA, TILA, and Dodd-Frank, and argued that the “EFTA and [Dodd-Frank] authorize the Bureau to issue—or at least do not foreclose it from issuing—rules mandating the form of a disclosure.”

    The district court concluded, among other things, that the Bureau acted outside of its statutory authority, and ruled that it could not presume that Congress delegated power to the agency to issue mandatory disclosure clauses just because Congress did not specifically prohibit it from doing so. Instead, the Bureau can only “‘issue model clauses for optional use by financial institutions’” since the EFTA’s plain text does not permit the Bureau to issue mandatory clauses, the district court said. The Bureau appealed, arguing that both the EFTA and Dodd-Frank authorize the Bureau to promulgate rules governing disclosures for prepaid accounts, and that the decision to adopt such rules is entitled to deference. (Covered by InfoBytes here.) However, the Bureau maintained that the Prepaid Rule “does not make any specific disclosure clauses mandatory,” and stressed that companies are permitted to use the provided sample disclosure wording or use their own “substantially similar” wording.

    In reversing and remanding the ruling, the appellate court unanimously determined that because the Bureau’s Prepaid Rule does not mandate “specific copiable language,” it is not mandating a “model clause,” which the court assumed for purposes of the opinion that the Bureau was prohibited from doing. While the Prepaid Rule imposes formatting requirements and requires the disclosure of certain enumerated fees, the D.C. Circuit stressed that the Bureau “has not mandated that financial providers use specific, copiable language to describe those fees.” Moreover, formatting is not part of a “model clause,” the appellate court added. And because companies are allowed to provide “substantially similar” disclosures, the appellate court held that the Bureau has not mandated a “model clause” in contravention of the EFTA. The appellate court, however, did not address any of the procedural or constitutional challenges to the Bureau’s short-form disclosures that the district court had not addressed in its opinion, but instead directed the district court to address those questions in the first instance.

    Courts CFPB Appellate D.C. Circuit Prepaid Rule Disclosures Prepaid Accounts Dodd-Frank EFTA TILA

  • CFPB says EFTA applies to pandemic assistance prepaid cards

    Courts

    On January 10, the CFPB filed an amicus brief in a case before the U.S. Court of Appeals for the Fourth Circuit concerning the scope of accounts covered under EFTA and Regulation E. (See also CFPB blog post here.) As previously covered by InfoBytes, last August the U.S. District Court for the District of Maryland dismissed a putative class action alleging violations of EFTA and state privacy and consumer protection laws brought against the national bank on behalf of consumers who were issued prepaid debit cards providing pandemic unemployment benefits. The named plaintiff alleged that he lost nearly $15,000 when an unauthorized user fraudulently used a prepaid debit card containing Pandemic Unemployment Assistance (PUA) funds that were intended for him. However, the district court dismissed the class claims with respect to EFTA and Regulation E, finding that the PUA payments were “qualified disaster relief payments” and, as such, they were excluded from Regulation E’s definition of a “prepaid account.”

    The Bureau disagreed. In its amicus brief, it argued that a prepaid debit card loaded with PUA funds is a “government benefit account” subject to EFTA and Regulation E and their error resolution requirements, which apply to alleged unauthorized transfers such as the one at issue in the case. Writing that the district court erred by applying “a regulatory exclusion to hold that prepaid accounts loaded with pandemic unemployment benefits were excluded from coverage,” the Bureau claimed that the holding is not supported by statutory and regulatory text and “undermines the primary purpose of EFTA to provide individual rights to consumers.” According to the Bureau, a “prepaid account” under Regulation E includes specific categories of accounts, including a “government benefit account,” which is not subject to the prepaid account exclusions.

    Courts CFPB Appellate Fourth Circuit EFTA Regulation E Class Action Covid-19 Consumer Finance

  • CFPB says remittance provider violated EFTA

    Federal Issues

    On December 22, the CFPB announced a consent order against an international remittance company for multiple alleged violations of the requirements governing electronic money transfers. According to the Bureau, the company allegedly failed to comply with many requirements of the Electronic Fund Transfer Act, including failing to provide refunds to customers after the company made money transfer errors. The Bureau also alleged that the company violated the Remittance Rule by failing to develop and maintain required written policies and procedures for error resolution, and claimed the company violated Regulation E by failing to retain evidence demonstrating compliance with the Remittance Rule’s error-resolution requirements. Under the terms of the consent order, the company is required to provide consumer redress of approximately $30,000 to harmed customers and pay a $700,000 civil money penalty to the Bureau. The company is also required to update disclosure and key transfer information that is provided to customers, as well as its error-resolution policies and procedures.

    Federal Issues CFPB Enforcement Consumer Finance Remittance Rule EFTA Regulation E

  • District Court stays action against remittance provider while Supreme Court weighs CFPB’s funding structure

    Courts

    On December 9, the U.S. District Court for the Southern District of New York stayed an action brought by the CFPB and the New York attorney general against a defendant remittance provider until after the U.S. Supreme Court decides if it will review whether the U.S. Court of Appeals for the Fifth Circuit erred in holding that the Bureau’s funding structure violates the Appropriations Clause of the Constitution. Last month the DOJ, on behalf of the CFPB, submitted a petition for a writ of certiorari seeking Supreme Court review of the 5th Circuit’s decision during its current term. (Covered by InfoBytes here.) The New York AG and the Bureau sued the defendant in April for allegedly violating the EFTA and its implementing Regulation E, the Remittance Rule, and the Consumer Financial Protection Act (CFPA), among various consumer financial protection laws, in its handling of remittance transfers. (Covered by InfoBytes here.)

    The defendant argued that the district court should hold off on deciding on its motion to dismiss per the aforementioned argument, but should nonetheless rule on its pending motion to transfer. The Bureau opposed the defendant’s request for a stay, countering “that a stay would not promote efficiency” since the issue of the Bureau’s standing would not affect the claims brought in the current action. The Bureau further asserted “that the public and the parties’ interest weighs against a stay, as it would hinder Plaintiffs’ enforcement of the consumer protection laws and make obtaining evidence down the line more difficult.”

    The district court disagreed, stating that the Supreme Court may address the broader issue of the Bureau’s standing to bring enforcement actions in its decision, and that, regardless, the agency’s claims in the current action “are inextricably linked to CFPB rules and regulations, which themselves may be implicated by a Supreme Court decision should it grant the petition.” The district court stayed the case in its entirety and said that it will wait to decide on both motions until after the Supreme Court decides on the Bureau’s filed petition for a writ of certiorari.

    Courts State Issues CFPB Enforcement New York State Attorney General Consumer Finance CFPA Remittance Rule Regulation E EFTA U.S. Supreme Court Repeat Offender Appellate Fifth Circuit Constitution Funding Structure

  • CFPB sues payment processor over junk fees and dark patterns

    Federal Issues

    On October 18, the CFPB filed a complaint against a Texas-based payment processing service platform (primarily related to collecting and processing event fees) for allegedly violating the Consumer Financial Protection Act (CFPA) and the EFTA by engaging in deceptive and abusive acts and practices. The Bureau alleged that the defendant enrolled consumers in, and charged them, for discount club memberships without their consent that were largely unrelated to the event the consumers were signing up for. The complaint noted that although the defendant’s memberships had a 30-day free “negative option trial membership,” the memberships automatically begin charging the membership fees at the end of the trial period. The Bureau also alleged that the defendant deployed dark patterns, which “are hidden tricks or trapdoors that companies build into their websites to get consumers to inadvertently click links, sign up for subscriptions, or purchase products or services.” The Bureau further alleged that the defendant violated the EFTA and Regulation E by increasing consumers’ membership fees without sending the consumer written notice of the new amount and the date of the new payment at least 10 days before initiating the new payment, which also constitute violations of the CFPA. The Bureau is seeking permanent injunctive relief, damages, restitution, disgorgement, civil money penalties, and other relief.

    According to a statement by CFPB Director Rohit Chopra, the Bureau is “closely watching whether financial services firms are deploying digital dark patterns,” and is “looking at a range of ways to reduce unwanted junk fees.” He also added that the Bureau is “working to ensure our payments system is working safely and fairly” and that it “will continue to look at how payment platforms extract data and fees from their users.”

    Federal Issues CFPB Enforcement Junk Fees Dark Patterns CFPA EFTA UDAAP Consumer Finance Payment Processors

  • Fed finalizes debit card transaction requirement changes

    On October 3, the Federal Reserve Board adopted a final rule amending Regulation II, which implements Section 920 of the EFTA, to require that each debit card transaction, including “card-not-present” transactions, must be able to be processed on at least two unaffiliated payment card networks. The final rule, which is substantially similar to the Fed’s notice of proposed rulemaking issued in May 2021 (covered by InfoBytes here), also clarified that the debit card issuer is responsible for ensuring at least two unaffiliated networks have been enabled to process a debit card transaction, and standardizes and clarifies the use of certain terminology in the Fed’s Official Board Commentary on Regulation II. The Fed noted that when the rule was initially issued in 2011, the market had not yet developed solutions to broadly support multiple networks for card-not-present debit card transactions. Claiming technology has since evolved to address these challenges, the Fed said the final rule includes changes to make it easier for debit card issuers to determine whether they are in compliance and encourages competition between networks. The Fed noted, however, that the final rule does not modify interchange fee requirements. The agency said it will continue to review these requirements in light of recently collected debit card industry cost data, and may propose to modify these requirements in the future. The final rule is effective July 1, 2023.

    Federal Reserve Governor Michelle W. Bowman voted against adopting the final rule. “During the public comment process, community banks raised substantial concerns with the proposal,” she said. “Although the Board has attempted to identify the likely effects of the proposed rule based on available information, I believe that significant questions remain about how the rule will affect banks, and particularly community banks, with respect to both fraud and the cost of compliance. Given this continued uncertainty, I do not support the final rule.”

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance Debit Cards Federal Reserve EFTA Regulation II

  • CFPB rescinds no-action letter and sandbox policies

    Agency Rule-Making & Guidance

    On September 27, the CFPB issued a statement in the Federal Register rescinding its No-Action Letter Policy and its Compliance Assistance Sandbox Policy. As previously covered by InfoBytes, in September 2019, the CFPB issued three final innovation policies: the No-Action Letter (NAL) PolicyCompliance Assistance Sandbox (CAS) Policy, and Trial Disclosure Program (TDP) Policy. The NAL policy provided a NAL recipient assurance that the Bureau will not bring a supervisory or enforcement action against the company for providing a product or service under the covered facts and circumstances. The CAS policy evaluated a product or service for compliance with relevant laws and offered approved applicants a “safe harbor” from liability for certain covered conduct during the testing period under TILA, ECOA, or the EFTA. Following the rescission, the statement noted that the Bureau will no longer accept NAL or CAS applications by September 30, but will continue to accept and process requests under the TDP. Entities that have made submissions under the NAL or CAS policies will be notified if the Bureau intends to take additional steps on their submissions. According to the statement, the Bureau “determined that the Policies do not advance their stated objective of facilitating consumer-beneficial innovation” and “that the existing Policies failed to meet appropriate standards for transparency and stakeholder participation.”

    Agency Rule-Making & Guidance Federal Issues CFPB Consumer Finance Regulatory Sandbox TILA EFTA Federal Register ECOA

  • 10th Circuit: Payday lender must pay $38.4 million restitution order

    Courts

    On September 15, the U.S. Court of Appeals for the Tenth Circuit affirmed the CFPB’s administrative ruling against a Delaware-based online payday lender and its founder and CEO (respondents/petitioners) regarding a 2015 administrative enforcement action that alleged violations of the Consumer Financial Protection Act (CFPA), TILA, and EFTA. As previously covered by InfoBytes, in 2015, the CFPB announced an action against the respondents for alleged violations of TILA and the EFTA, and for engaging in unfair or deceptive acts or practices. Specifically, the CFPB alleged that, from May 2008 through December 2012, the online lender (i) continued to debit borrowers’ accounts using remotely created checks after consumers revoked the lender’s authorization to do so; (ii) required consumers to repay loans via pre-authorized electronic fund transfers; and (iii) deceived consumers about the cost of short-term loans by providing them with contracts that contained disclosures based on repaying the loan in one payment, while the default terms called for multiple rollovers and additional finance charges. The order required the respondents to pay $38.4 million as both legal and equitable restitution, along with $8.1 million in penalties for the company and $5.4 million in penalties for the CEO.

    According to the opinion, between 2018 and 2021, the U.S. Supreme Court issued four decisions, Lucia v. SEC (covered by InfoBytes here), Seila Law v. CFPB (covered by a Buckley Special Alert here), Liu v. SEC (covered by InfoBytes here), and Collins v. Yellen (covered by InfoBytes here), which “bore on the Bureau’s enforcement activity in this case,” by “decid[ing] fundamental issues such as the Bureau’s constitutional authority to act and the appointment of its administrative law judges (‘ALJ’).” The decisions led to intermittent delays and restarts in the Bureau’s case against the petitioners. For instance, the opinion noted that two different ALJs decided the present case years apart, with their recommendations separately appealed to the Bureau’s director. The CFPB’s director upheld the decision by the second ALJ and ordered the lender and its owner to pay the restitution, and a district court issued a final order upholding the award. The petitioners appealed.

    On appeal, the petitioners made three substantive arguments for dismissing the director’s final order. The petitioners argued that under Seila, the CFPB’s structure was unconstitutional and therefore the agency did not have authority to issue the order. The appellate court disagreed, stating that it is “to use a ‘scalpel rather than a bulldozer’ in remedying a constitutional defect,” and that “because the Director’s actions weren’t unconstitutional, we reject Petitioners’ argument to set aside the Bureau’s enforcement action in its entirety.”

    The petitioners also argued that the enforcement action violated their due-process rights by denying the CEO additional discovery concerning the statute of limitations. The petitioners claimed that they were entitled to a “new hearing” under Lucia, and that the second administrative hearing did not rise to the level of due process prescribed in that case. The appellate court determined that there was “no support for a bright-line rule against de novo review of a previous administrative hearing," nor did it see a reason for a more extensive hearing. Moreover, the petitioners “had a full opportunity to present their case in the first proceeding,” the 10th Circuit wrote. The appellate court further rejected the company’s argument regarding various evidentiary rulings, including permitting evidence about the company’s operational expenses, among other things. The appellate court also concluded that the CFPA’s statute of limitations commences when the Bureau either knows of a violation or, through reasonable diligence, would have discovered the violation. Therefore, the appellate court rejected the argument “that the receipt of consumer complaints triggered the statute of limitations.”

    The petitioners also challenged the remedies order, claiming they were not allowed “to present evidence of their good-faith reliance on counsel (as to restitution and civil penalties) and evidence of their expenses (as to the Director’s residual disgorgement order).” The appellate court rejected that challenge, holding that the director properly considered all factors, including good faith, and rejected the petitioners’ challenge to the ALJ’s recommended civil penalties.

    The 10th Circuit affirmed the district court’s order of a $38.4 million restitution award, rejecting the petitioners’ various challenges and affirming the director’s order.

    Courts Appellate Tenth Circuit CFPB TILA EFTA Disclosures CFPA UDAAP Enforcement U.S. Supreme Court Payday Lending

  • District Court dismisses EFTA claims concerning fraudulent transactions

    Courts

    On August 18, the U.S. District Court for the Eastern District of Michigan dismissed a class action alleging violations of the EFTA brought against a national bank on behalf of consumers who were issued prepaid debit cards providing Covid-19 pandemic unemployment insurance payments. Two of the plaintiffs alleged they experienced fraudulent transactions on their accounts. According to the plaintiffs, the bank froze one of the defendant’s accounts but failed to credit his account for the allegedly fraudulent transaction. In response to a second plaintiff’s fraud report, the bank allegedly froze her account and informed her that she had “to contact the unemployment agency because an unauthorized person had ‘gained access to the card and was using the unemployment benefits.’” The third plaintiff alleged that the bank froze her account based on suspected fraud and was informed that she would have to contact someone else to unfreeze the account. Plaintiffs sued for violations of the EFTA and raised several breach of contract and negligence claims.

    The court dismissed the EFTA claim on several grounds, including that (i) the second plaintiff’s claim is time-barred; (ii) the other two plaintiffs’ claims stem from the bank’s alleged errors related to unauthorized transactions, yet neither requested information or clarification about an electronic funds transfer; (iii) one of the plaintiffs never actually experienced fraud (the court emphasized that the EFTA does not regulate account freezes; it regulates electronic funds transfers); and (iv) one of the plaintiff’s failed to plausibly plead that he complied with the EFTA’s notification requirements that must be met before a defendant conducts an investigation. The court also determined that the breach of contract claims failed, citing, among other things, that if an account did not have an unauthorized transaction a defendant cannot breach its reimbursement duties. Nor did the other two plaintiffs provide proper notice to trigger the bank’s duty to investigate, the court wrote, adding that the negligence claims also failed because the plaintiffs failed to respond to a request asking them to show how the bank’s actions caused them injury.

    Courts EFTA Covid-19 Consumer Finance Fraud

  • District Court dismisses EFTA claims over prepaid debit card fraud

    Courts

    On August 11, the U.S. District Court for the District of Maryland dismissed a putative class action alleging violations of the EFTA and state privacy and consumer protection laws brought against a national bank on behalf of consumers who were issued prepaid debit cards providing pandemic unemployment benefits. The named plaintiff—a self-employed individual who did not qualify for state unemployment insurance but who was eligible to receive temporary Pandemic Unemployment Assistance (PUA) benefits—alleged that he lost nearly $15,000 when an unauthorized user fraudulently used a prepaid debit card containing PUA funds that were intended for him. The court dismissed the class claims with respect to the EFTA and Regulation E, finding that the Covid-19 pandemic was a “qualified disaster” under applicable law and regulations (i.e. PUA payments were “qualified disaster relief payments”), and that as such, the payments satisfied the CFPB’s official interpretation of Regulation E and were excluded from the definition of a “prepaid account.” The court further explained that while relevant CFPB regulations define an “account” to include a prepaid account, Regulation E excludes “any ‘account that is directly or indirectly established through a third party and loaded only with qualified disaster relief payments.’” Because the prepaid debit card in question was established through a third party and was loaded only with PUA funds, it did not meet the definition of a “prepaid account” and therefore fell outside the EFTA’s definition of a covered account. The court also disagreed with the plaintiff’s contention that PUA payments were authorized by Congress in the CARES Act due to the public health emergency rather than a disaster.

    Courts EFTA Regulation E Prepaid Cards Consumer Finance Class Action Covid-19 CFPB CARES Act Fraud

Pages

Upcoming Events