Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On July 19, the CFPB announced it is suing a lease-to-own finance company that provides services that allows consumers, typically with limited access to traditional forms of credit for their financing, to finance merchandise or services over a 12-month period. According to the complaint, the Bureau claims that once a consumer falls behind on payments, the company’s purchase agreement essentially “lock[s] [consumers] into the 12-month schedule—even if they want to return or surrender their financed merchandise.” The alleged violations include:
- Misleading consumers. The company is accused of designing and implementing its financing program in a way that misleads consumers by using print advertisements featuring the phrase “100 Day Cash Payoff” without including details of the purchase agreement financing. The company is accused of misrepresenting that consumers could not terminate their agreement, that consumers could not return their merchandise, and that the “best” or “only” option for consumers who no longer want to finance their merchandise is to enter a “buy-back” agreement. The Bureau alleges that such conduct, among other things, violated the CFPA's prohibition on deceptive and abusive acts and practices.
- Unlawful conditioning of credit extension. The company is accused of violating the EFTA and its implementing Regulation E by allegedly improperly requiring consumers to repay credit through preauthorized automated clearing house debits.
- Failing to establish reasonable policies concerning consumer information. The Bureau alleges that the company violated the FCRA and its implementing Regulation V by not having adequate written policies and procedures to ensure the accuracy and integrity of consumer information that it furnished, considering the company’s “size, complexity, and scope.”
The Bureau seeks, among other things, injunctions to prevent future violations, rescission or reformation of the company's financing agreements, redress to consumers, and civil money penalties.
On June 5, the CFPB revised its Supervision and Examinations Manual to incorporate minor changes for larger participants under “Module 7 - Consumer Alerts, Identity Theft, and
Human Trafficking Provisions.” The updates specifically included FCRA and Regulation V requirements that prohibit credit reporting agencies (CRAs) from including information in consumer reporting in cases of human trafficking. Notably, the final rule regarding credit reporting on human trafficking victims was issued in 2022 (previously covered by InfoBytes here). The CFPB also stated that all CRAs must “establish and maintain written policies and procedures reasonably designed to ensure and monitor the compliance of the consumer reporting agency and its employees with the requirements of 12 CFR 1022.142.”
On November 15, the CFPB released its fall 2022 Supervisory Highlights, which summarizes its supervisory and enforcement actions between January and June 2022 in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, mortgage servicing, and payday lending. Highlights of the findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to add-on product charges, loan modifications, double billing, use of devices that interfered with driving, collection tactics, and payment allocation. For instance, examiners identified occurrences where consumers paid off their loans early, but servicers failed to ensure consumers received refunds for unearned fees related to add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include: (i) NCRCs that failed to report the outcome of complaint reviews to the Bureau; (ii) furnishers that failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures that contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iii) provide explanations to consumers after determining that no billing error occurred or that a different billing error occurred from that asserted. Examiners also identified Regulation Z violations where credit card issuers improperly mixed original factors and acquisition factors when reevaluating accounts subject to a rate increase, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors engaged in conduct that harassed, oppressed, or abused the person with whom they were communicating. The report findings also discussed instances where debt collectors communicated with a person other than the consumer about the consumer’s debt when the person had a name similar or identical to the consumer, in violation of the FDCPA.
- Deposits. The Bureau discussed how it conducted prioritized assessments to evaluate how financial institutions handled pandemic relief benefits deposited into consumer accounts. Examiners identified unfairness risks at multiple institutions due to policies and procedures that may have resulted in, among other things, (i) garnishing protected economic impact payments funds in violation of the Consolidated Appropriations Act of 2021; or (ii) failing to apply the appropriate state exemptions to certain consumers’ deposit accounts after receiving garnishment notice.
- Mortgage Origination. Bureau examiners identified Regulation Z violations and deceptive acts or practices prohibited by the CFPA. An example of this is when the settlement service had been performed and the loan originator knew the actual costs of those service, but entered a cost that was completely unrelated to the actual charges that the loan originator knew had been incurred, resulting in information being entered that was not consistent with the best information reasonably available. The Bureau also found that the waiver language in some loan security agreements was misleading, and that a reasonable consumer could understand the provision to waive their right to bring a class action on any claim in federal court.
- Mortgage Servicing. Bureau examiners identified instances where servicers engaged in abusive acts or practices by charging sizable fees for phone payments when consumers were unaware of those fees. Examiners also identified unfair acts or practices and Regulation X policy and procedure violations regarding failure to provide consumers with CARES Act forbearances.
- Payday Lending. Examiners found lenders failed to maintain records of call recordings necessary to demonstrate full compliance with conduct provisions in consent orders generally prohibiting certain misrepresentations.
On July 26, the CFPB announced a consent order against a nonbank automotive finance company to resolve allegations that it engaged in furnishing inaccurate information to consumer reporting companies. The CFPB alleged that the company violated the FCRA and Regulation V by, among other things, failing to: (i) “promptly update and correct information it furnished to Consumer Reporting Agencies (CRAs) that it determined was not complete or accurate, and continued to furnish this inaccurate and incomplete information;” (ii) “modify or delete information disputed by consumers that [the company] found to be inaccurate”; and (iii) “establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information provided to CRAs.” The CFPB also alleged that the company violated the CFPA because of the FCRA and Regulation V violations, which it alleged also constitute violations of the CFPA, and for using “ineffective manual processes and systems containing known logic errors to furnish information to CRAs.” Under the terms of the Bureau’s consent order, the company is required to provide $13.2 million in redress to harmed consumers, review all account files that it currently furnishes to credit reporting companies and correct all inaccuracies described in the order, then send updated information to the credit reporting companies, establish and implement written a compliance plan, and pay a $6 million civil penalty to the Bureau.
On June 23, the CFPB issued a final rule implementing amendments to the FCRA intended to assist victims of human trafficking. According to the Bureau’s announcement, the final rule prohibits credit reporting agencies (CRAs) from providing reports containing any adverse items of information resulting from human trafficking. The final rule amends Regulation V to implement changes to the FCRA enacted in December 2021 in the “Debt Bondage Repair Act,” which was included within the National Defense Authorization Act for Fiscal Year 2022. (Covered by InfoBytes here.)
Among other things, the final rule establishes methods available for trafficking victims to submit documentation to CRAs establishing that they are a survivor of trafficking (including “determinations made by a wide range of entities, self-attestations signed or certified by certain government entities or their delegates, and documents filed in a court where a central issue is whether the person is a victim of trafficking”). The final rule also requires CRAs to block adverse information in consumer reports after receiving such documentation and ensure survivors’ credit information is reported fairly. CRAs will have four business days to block adverse information once it is reported and 25 business days to make a final determination as to the completeness of the documentation. All CRAs, regardless of reach or scope, must comply with the final rule, including both nationwide credit reporting companies and specialty credit reporting companies.
The final rule takes July 25.
On May 2, the CFPB released its spring 2022 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, prepaid accounts, remittances, and student loan servicing. The report’s findings cover examinations completed between July and December 2021. Highlights of the examination findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to wrongful repossessions, misleading final loan payment amounts, and overcharges for add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include (i) both CRCs and furnishers failed to provide written notice to consumers providing the results of reinvestigations and direct dispute investigations; (ii) furnishers failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse consumers after determining a billing error had occurred; (iii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iv) provide consumers with the evidence relied upon to determine a billing error had not occurred. Examiners also identified Regulation Z violations connected to creditors’ acquisitions of pre-existing credit card accounts from other creditors, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA and CFPA violations where debt collectors used false or misleading representations in connection with identity theft debt collection. Report findings also discussed instances where debt collectors engaged in unfair practices by failing to timely refund overpayments or credit balances.
- Deposits. The Bureau discussed violations related to Regulation E, which implements the EFTA, including occurrences where institutions (i) placed duplicate holds on certain mobile check deposits that were deemed suspicious instead of a single hold as intended; (ii) failed to honor a timely stop payment request; (iii) failed to complete error investigations following a consumer’s notice of error because the consumer did not submit an affidavit; and (iv) failed to provide consumers with notices of revocation of provisional credit connected with error investigations regarding check deposits at ATMs.
- Mortgage Origination. Bureau examiners identified Regulation Z violations concerning occurrences where loan originators were compensated differently based on the terms of the transaction. Under the Bureau’s 2013 Loan Originator Final Rule, “it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” Examiners also found that certain lenders failed to retain sufficient documentation to establish the validity for revisions made to credit terms.
- Prepaid Accounts. The Bureau found violations of Regulation E and EFTA related to institutions’ failure to submit prepaid account agreements to the Bureau within the required time frame. Examiners also identified instances where institutions failed to honor oral stop payment requests related to payments originating through certain bill pay systems. The report cited additional findings where institutions failed to properly conduct error investigations.
- Remittances. Bureau examiners identified violations of the EFTA, Regulation E, and deceptive acts and practices. Remittance transfer providers allegedly made false and misleading representations concerning the speed of transfers, and in multiple instances, entered into service agreements with consumers that violated the “prohibition on waivers of rights conferred or causes of action created by EFTA.” Examiners also identified several issues related to the Remittance Rule’s disclosure, timing, and recordkeeping requirements.
- Student Loan Servicing. Bureau examiners identified several unfair acts or practices connected to private student loan servicing, including that servicers failed to make advertised incentive payments (which caused consumers to not receive payments to which they were entitled), and failed to issue timely refund payments in accordance with loan modification payment schedules.
The report also highlights recent supervisory program developments and enforcement actions, including the Bureau’s recent decision to invoke a dormant authority to examine nonbanks (covered by InfoBytes here).
On April 12, the CFPB sued a credit reporting agency (CRA), two of its subsidiaries (collectively, “corporate defendants"), and a former senior executive for allegedly violating a 2017 enforcement order in connection with alleged deceptive practices related to their marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The 2017 consent order required the corporate defendants to pay a $3 million civil penalty and more than $13.9 million in restitution to affected consumers as well as abide by certain conduct provisions (covered by InfoBytes here). The Bureau’s announcement called the corporate defendants “repeat offender[s]” who continued to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges. According to the Bureau’s complaint, the corporate defendants, under the individual defendant’s direction, allegedly violated the 2017 consent order from the day it went into effect instead of implementing agreed-upon policy changes intended to stop consumers from unknowingly signing up for credit monitoring services that charge monthly payments. The Bureau claimed that the corporate defendants’ practices continued even after examiners raised concerns several times. With respect to the individual defendant, the Bureau contended that he had both the “authority and obligation” to ensure compliance with the 2017 consent order but did not do so. Instead, he allowed the corporate defendants to “defy the law and continue engaging in misleading marketing, even in the face of thousands of consumer complaints and refund requests.” The complaint alleges violations of the CFPA, EFTA/ Regulation E, and the FCRA/Regulation V, and seeks a permanent injunction, damages, civil penalties, consumer refunds, restitution, disgorgement and the CFPB’s costs.
CFPB Director Rohit Chopra issued a statement the same day warning the Bureau will continue to bring cases against repeat offenders. Dedicated units within the Bureau’s enforcement and supervision teams will focus on repeat offenders, Chopra stated, adding that the Bureau will also work with other federal and state law enforcement agencies when repeat violations occur. “Agency and court orders are not suggestions, and we are taking steps to ensure that firms under our jurisdiction do not engage in repeat offenses,” Chopra stressed. He also explained that the charges against the individual defendant are appropriate, as he allegedly, among other things, impeded measures to prevent unintended subscription enrollments and failed to comply with the 2017 consent order, which bound company executives and board members to its terms.
The CRA issued a press release following the announcement, stating that it considers the Bureau’s claims to be “meritless” and that as required by the consent order, the CRA “submitted to the CFPB for approval a plan detailing how it would comply with the order. The CFPB ignored the compliance plan, despite being obligated to respond and trigger deadlines for implementation. In the absence of any sort of guidance from the CFPB, [the CRA] took affirmative actions to implement the consent order.” Moreover, the CRA noted that “[r]ather than providing any supervisory guidance on this matter and advising [the CRA] of its concerns – like a responsible regulator would – the CFPB stayed silent and saved their claims for inclusion in a lawsuit, including naming a former executive in the complaint,” and that “CFPB’s current leadership refused to meet with us and were determined to litigate and seek headlines through press releases and tweets.”
On April 7, the CFPB released a proposed rule and solicited comments on regulations implementing amendments to the FCRA intended to assist victims of trafficking. The proposed rule would establish a method for a trafficking victim to submit documentation to consumer reporting agencies (CRAs) establishing that they are a survivor of trafficking, and would require CRAs to block adverse information in consumer reports after receiving such documentation. The proposed rules would amend Regulation V to implement changes to FCRA enacted in the National Defense Authorization Act for Fiscal Year 2022, also referred to as the “Debt Bondage Repair Act,” which was signed into law in December 2021. (Covered by InfoBytes here). Under the law, CRAs are prohibited “from providing consumer reports that contain any negative item of information about a survivor of trafficking from any period the survivor was being trafficked.” In announcing the proposal, the CFPB noted that “Congress required the CFPB to utilize its rulemaking authorities to implement the Debt Bondage Repair Act through rule changes to Regulation V, which ensures consumers’ credit information is fairly reported by CRAs.” According to the CFPB, the proposal “would protect survivors of human trafficking by preventing CRAs from including negative information resulting from abuse.” Comments are due 30 days after publication in the Federal Register.
On January 13, the CFPB released a new Bulletin to remind debt collectors and credit reporting agencies (CRAs) of their legal obligations under the FDCPA and the FCRA when collecting, furnishing information about, and reporting medical debts covered by the No Surprises Act (NSA). Effective for plan years beginning on or after January 1, 2022, the NSA establishes new federal protections against surprise medical bills arising out of certain out-of-network emergency care. The CFPB notes that medical debt often poses special risks to consumers as consumers are “rarely informed of the costs of medical treatment in advance” and are “generally ill suited to the task of identifying [medical] billing errors.” Specifically, the Bulletin reminds debt collectors of the FDCPA prohibition against “false representation of the ‘character, amount, or legal status of any debt’” and the use of any “unfair or unconscionable means to collect or attempt to collect any debt.” According to the Bulletin, these would include “misrepresenting that a consumer must pay a debt stemming from a charge that exceeds the amount permitted by the [NSA].” The Bulletin also reminded debt collectors, as furnishers of information to CRAs, and the CRAs themselves of their obligations under the FCRA to assure the accuracy of information furnished or included in a consumer report, as well as to “conduct reasonable and timely investigations of consumer disputes to verify the accuracy of furnished information.” The Bulletin clarified that the accuracy and dispute obligations imposed by the FCRA “apply with respect to debts stemming from charges that exceed the amount permitted” by the NSA. The Bulletin further offered several examples of acts or practices that may be violative of the FDCPA and/or the FCRA in connection with medical debt covered by the NSA. According to the Bulletin, the CFPB “will hold debt collectors accountable for failing to comply with the FDCPA and Regulation F, and it will hold CRAs and furnishers accountable for failing to comply with the FCRA and Regulation V.” The Bureau also noted that it “will continue to work with the U.S. Department of Health and Human Services and other partners to address medical debt abuses.”
On November 12, the CFPB announced a settlement with an Illinois-based non-bank debt collector, resolving allegations that the company violated the Fair Credit Reporting Act (FCRA), Regulation V, and the Consumer Financial Protection Act when providing information to consumer reporting agencies (CRAs). According to the Bureau, the company allegedly (i) “furnished information to CRAs that it knew or had reasonable cause to believe was inaccurate and failed to report to CRAs an appropriate first date of delinquency on certain accounts”; (ii) failed to conduct reasonable investigations into disputes reported to the company and to the CRAs; (iii) failed to send required notices about the results of investigations; and (iv) “failed to establish, implement, and update its policies and procedures regarding its furnishing of consumer information to CRAs.” According to the consent order, the company, among other things, allegedly furnished actual payment amounts as $0.00 on roughly 165,000 accounts even though consumers had made payments. For about 72,000 accounts, the company allegedly furnished current balances and amounts past due in amounts other than $0.00 even though the accounts were settled in full.
The consent order requires the company to pay a $500,000 civil money penalty and to (i) regularly review samples of furnished account information for accuracy and integrity; (ii) review samples of consumer disputes to ensure they are handled in compliance with the FCRA; (iii) update its policies and procedures to ensure compliance and continued effectiveness; and (iv) secure at least one independent consultant who specializes in FCRA and Regulation V compliance to conduct a review of the company’s activities, policies, and procedures related to furnishing and credit reporting.