InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB announces consent order against leasing company
On September 11, the CFPB issued a consent order against an Ohio-based nonbank consumer finance company (respondent), for deceptive practices related to consumer leasing agreements. The CFPB, along with 41 states and the District of Columbia, addressed respondent’s conduct in a parallel multi-state settlement. According to the consent order, respondent, operating through major retailers, allegedly concealed contract terms and costs from consumers, leading them to unknowingly enter into costly leasing agreements. The Bureau claims that deceptive practices left consumers unable to return products and burdened with unexpectedly high payments, violating the CFPA and Regulation M, implementing the Consumer Leasing Act.
The consent order states that respondent concealed lease agreement terms, often providing consumers with copies of the agreements after transactions or relying on verbal descriptions from store employees. Consumers were also allegedly trapped by unreasonable return practices, as respondent did not accept returns for many items, forcing consumers to pay excessively high prices. Additionally, the CFPB claimed respondent failed to provide legally required disclosures, leading to revenues of approximately $192 million from around 325,000 consumers.
As a result of the consent order, respondent is permanently prohibited from offering consumer leases and is required to close all outstanding consumer accounts. Consumers will be allowed to keep leased merchandise without further payment, amounting to approximately $33.6 million in released payments. Respondent must also pay a $2 million penalty, with $1 million going to the CFPB's victims’ relief fund and the remaining $1 million allocated to the participating states.
The CFPB's director, Rohit Chopra, emphasized the significance of the order, stating that it permanently bans respondent from engaging in such agreements. The alleged deceptive practices, which occurred from January 1, 2015 to the present, and allegedly affected over 1.8 million consumers who entered into financial agreements with the company covering a wide range of items, from auto parts to furniture and jewelry. Respondent neither admitted nor denied the CFPB’s claims.
CSBS announces Nonbank Model Data Security Law
The Conference of State Bank Supervisors (CSBS) recently released a comprehensive framework for safeguarding sensitive information held at nonbank financial institutions. CSBS’s Nonbank Model Data Security Law is largely based on the FTC’s updated Safeguards Rule, which added specific criteria for financial institutions and other entities, such as mortgage brokers, motor vehicle dealers, and payday lenders, to undertake when conducting risk assessments and implementing information security programs. (Covered by InfoBytes here.) Adopting the Nonbank Model Data Security Law allows for a streamlined and efficient approach to data security regulations for nonbank financial institutions, CSBS explained, adding that by leveraging the existing Safeguards Rule’s applicability to state covered nonbanks, the model law imposes minimal additional compliance burdens and ensures smoother implementation for financial institutions. States can also choose an alternative approach by requiring nonbank financial institutions to conform to the Safeguards Rule, CSBS said.
The Nonbank Model Data Security Law outlines numerous provisions, which are intended to protect customer information, mitigate cyber threats, and foster a secure financial ecosystem. These include standards for safeguarding customer information, required elements that must be included in a nonbank financial institution’s information security program, and an optional section that requires entities to notify the commissioner in the wake of a security event. CSBS noted that because “the proposed rule on notification requirements for the FTC Safeguards Rule is still pending, the model law allows each state to establish their own customer threshold number, providing flexibility in determining the extent of impact that triggers the notification obligation.” CSBS also provided a list of resources for adopting the Nonbank Model Data Security Law.
CFPB issues Summer ’23 supervisory highlights
On July 26, the CFPB released its Summer 2023 issue of Supervisory Highlights, which covers enforcement actions in areas such as auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday lending and remittances from June 2022 through March 2023. The Bureau noted significant findings regarding unfair, deceptive, and abusive acts or practices and findings across many consumer financial products, as well as new examinations on nonbanks.
- Auto Origination: The CFPB examined auto finance origination practices of several institutions and found deceptive marketing of auto loans. For example, loan advertisements showcased cars larger and newer than the products for which actual loan offers were available, which misled consumers.
- Auto Servicing: The Bureau’s examiners identified unfair and abusive practices at auto servicers related to charging interest on inflated loan balances resulting from fraudulent inclusion of non-existent options. It also found that servicers collected interest on the artificially inflated amounts without refunding consumers for the excess interest paid. Examiners further reported that auto servicers engaged in unfair and abusive practices by canceling automatic payments without sufficient notice, leading to missed payments and late fee assessments. Additionally, some servicers allegedly engaged in cross-collateralization, requiring consumers to pay other unrelated debts to redeem their repossessed vehicles.
- Consumer Reporting: The Bureau’s examiners found that consumer reporting companies failed to maintain proper procedures to limit furnishing reports to individuals with permissible purposes. They also found that furnishers violated regulations by not reviewing and updating policies, neglecting reasonable investigations of direct disputes, and failing to notify consumers of frivolous disputes or provide accurate address disclosures for consumer notices.
- Debt Collection: The CFPB's examinations of debt collectors (large depository institutions, nonbanks that are larger participants in the consumer debt collection market, and nonbanks that are service providers to certain covered persons) uncovered violations of the FDCPA and CFPA, such as unlawful attempts to collect medical debt and deceptive representations about interest payments.
- Deposits: The CFPB's examinations of financial institutions revealed unfair acts or practices related to the assessment of both nonsufficient funds and line of credit transfer fees on the same transaction. The Bureau reported that this practice resulted in double fees being charged for denied transactions.
- Fair Lending: Recent examinations through the CFPB's fair lending supervision program found violations of ECOA and Regulation B, including pricing discrimination in granting pricing exceptions based on competitive offers and discriminatory lending restrictions related to criminal history and public assistance income.
- Information Technology: Bureau examiners found that certain institutions engaged in unfair acts by lacking adequate information technology security controls, leading to cyberattacks and fraudulent withdrawals from thousands of consumer accounts, causing substantial harm to consumers.
- Mortgage Origination: Examiners found that certain institutions violated Regulation Z by differentiating loan originator compensation based on product types and failing to accurately reflect the terms of the legal obligation on loan disclosures.
- Mortgage Servicing: Examiners identified UDAAP and regulatory violations at mortgage servicers, including violations related to loss mitigation timing, misrepresenting loss mitigation application response times, continuity of contact procedures, Spanish-language acknowledgment notices, and failure to provide critical loss mitigation information. Additionally, some servicers reportedly failed to credit payments sent to prior servicers after a transfer and did not maintain policies to identify missing information after a transfer.
- Payday Lending: The CFPB identified unfair, deceptive, and abusive acts or practices, including unreasonable limitations on collection communications, false collection threats, unauthorized wage deductions, misrepresentations regarding debt payment impact, and failure to comply with the Military Lending Act. The report also highlighted that lenders reportedly failed to retain evidence of compliance with disclosure requirements under Regulation Z. In response, the Bureau directed lenders to cease deceptive practices, revise contract language, and update compliance procedures to ensure regulatory compliance.
- Remittances: The CFPB evaluated both depository and non-depository institutions for compliance with the EFTA and its Regulation E, including the Remittance Rule. Examiners found that some institutions failed to develop written policies and procedures to ensure compliance with the Remittance Rule's error resolution requirements, using inadequate substitutes or policies without proper implementation.
CFPB, FTC, and consumer advocates ask 7th Circuit to review redlining dismissal
The CFPB recently filed its opening brief in the agency’s appeal of a district court’s decision to dismiss the Bureau’s claims that a Chicago-based nonbank mortgage company and its owner violated ECOA by engaging in discriminatory marketing and consumer outreach practices. As previously covered by InfoBytes, the Bureau sued the defendants in 2020 alleging fair lending violations predicated, in part, on statements made by the company’s owner and other employees during radio shows and podcasts. The agency claimed that the defendants discouraged African Americans from applying for mortgage loans and redlined African American neighborhoods in the Chicago area. The defendants countered that the Bureau improperly attempted to expand ECOA’s reach and argued that ECOA “does not regulate any behavior relating to prospective applicants who have not yet applied for credit.”
In dismissing the action with prejudice, the district court applied step one of the Chevron framework (which is to determine “whether Congress has directly spoken to the precise question at issue”) when reviewing whether the Bureau’s interpretation of ECOA in Regulation B is permissible. The court concluded, among other things, that Congress’s directive does not apply to prospective applicants.
In its appellate brief, the Bureau argued that the long history of Regulation B supports the Bureau’s interpretation of ECOA, and specifically provides “that ‘[a] creditor shall not make any oral or written statement, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application.” While Congress has reviewed ECOA on numerous occasions, the Bureau noted that it has never challenged the understanding that this type of conduct is unlawful, and Congress instead “created a mandatory referral obligation [to the DOJ] for cases in which a creditor has unlawfully ‘engaged in a pattern or practice of discouraging or denying applications for credit.’”
Regardless, “even if ECOA’s text does not unambiguously authorize Regulation B’s prohibition on discouraging prospective applicants, it certainly does not foreclose it,” the Bureau wrote, pointing to two perceived flaws in the district court’s ruling: (i) that the district court failed to recognize that Congress’s referral provision makes clear that “discouraging . . . applications for credit” violates ECOA; and (ii) that the district court incorrectly concluded that ECOA’s reference to applicants “demonstrated that Congress foreclosed prohibiting discouragement as to prospective applicants.” The Bureau emphasized that several courts have recognized that the term “applicant” can include individuals who have not yet submitted an application for credit and stressed that its interpretation of ECOA, as reflected in Regulation B’s discouragement prohibition, is not “arbitrary, capricious, or manifestly contrary to the statute.” The Bureau argued that under Chevron step two (which the district court did not address), Regulation B’s prohibition on discouraging prospective applicants from applying in the first place is reasonable because it furthers Congress’ efforts to prohibit discrimination and ensure equal access to credit.
Additionally, the FTC filed a separate amicus brief in support of the Bureau. In its brief, the FTC argued that Regulation B prohibits creditors from discouraging applicants on a prohibited basis, and that by outlawing this type of behavior, it furthers ECOA’s purpose and prevents its evasion. In disagreeing with the district court’s position that ECOA only applies to “applicants” and that the Bureau cannot proscribe any misconduct occurring before an application is filed, the FTC argued that the ruling violates “the most basic principles of statutory construction.” If affirmed, the FTC warned, the ruling would enable creditor misconduct and “greenlight egregious forms of discrimination so long as they occurred ‘prior to the filing of an application.’”
Several consumer advocacy groups, including the National Fair Housing Alliance and the American Civil Liberties Union, also filed an amicus brief in support of the Bureau. The consumer advocates warned that “[i]nvalidating ECOA’s longstanding prohibitions against pre-application discouragement would severely limit the Act’s effectiveness, with significant consequences for communities affected by redlining and other forms of credit discrimination that have fueled a racial wealth gap and disproportionately low rates of homeownership among Black and Latino households.” The district court’s position would also affect non-housing credit markets, such as small business, auto, and personal loans, as well as credit cards, the consumer advocates said, arguing that such limitations “come at a moment when targeted digital marketing technologies increasingly allow lenders to screen and discourage consumers on the basis of their protected characteristics, before they can apply.”
McHenry objects to FSOC’s proposed designation framework
On June 15, House Financial Services Committee Chairman Patrick McHenry sent a letter to Treasury Secretary Janet Yellen urging the Financial Stability Oversight Council (FSOC), which Yellen chairs, to “revisit” its proposals on nonbank financial firm risks. As previously covered by InfoBytes, in April, FSOC released a proposed analytic framework for financial stability risks to provide greater public transparency on how it identifies, assesses, and addresses potential risks “regardless of whether the risk stems from activities or firms.” The same day, FSOC also released for public comment proposed interpretive guidance relating to procedures for designating systemically important nonbank financial companies for Federal Reserve supervision and enhanced prudential standards.
McHenry’s letter raised concerns with FSOC’s decision to evaluate risks based on an entity’s size and not its activities. According to McHenry, FSOC’s April proposals will essentially undo changes it made in 2019, which incorporated principles considering a financial institution’s systematic risk rather than merely its size. In his announcement accompanying the letter, McHenry elaborated on his concerns, stating that “allowing FSOC to extend its supervisory reach beyond prudential institutions to nonbank entities in this way could pose significant regulatory consequences for our financial system.” McHenry claimed these institutions may engage in different activities, thus presenting different risks, and said the proposals do not take this into account. McHenry also argued that expanding the Fed’s oversight jurisdiction is not a “panacea for financial stability.”
CFPB releases regulatory agenda
The Office of Information and Regulatory Affairs recently released the CFPB’s spring 2023 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. In January, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.” (Covered by InfoBytes here.)
- Insufficient funds fees. The Bureau is considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- Amendments to FIRREA concerning automated valuation models. On June 1, the Bureau issued a joint notice of proposed rulemaking (NPRM) with the Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations to implement quality control standards mandated by the Dodd-Frank Act concerning automated valuation models used by mortgage originators and secondary market issuers. (Covered by InfoBytes here.) Previously, the Bureau released a Small Business Regulatory Enforcement Fairness Act (SBREFA) outline and report in February and May 2022 respectively. (Covered by InfoBytes here.)
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the SBREFA and the issuance of a final report examining the impact of the Bureau’s proposals to address consumers’ personal financial data rights. (Covered by InfoBytes here.) Proposed rulemaking may be issued in October.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an NPRM last month to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The proposed effective date is at least one year after the final rule is published in the Federal Register (“but no earlier than the October 1 which follows by at least six months Federal Register publication”), with the possibility of a further extension to ensure compliance with a TILA timing requirement.
- Supervision of Larger Participants in Consumer Payment Markets. The Bureau is considering whether to engage in pre-rulemaking activity next month to define larger participants in consumer payment markets and further the scope of the agency’s nonbank supervision program.
- Nonbank registration. The Bureau announced its intention to identify repeat financial law offenders by establishing a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
- Terms and conditions registry for supervised nonbanks. At the beginning of the year, the Bureau issued an NPRM that would create a public registry of terms and conditions used in non-negotiable, “take it or leave it” nonbank form contracts that “claim to waive or limit consumer rights and protections.” Under the proposal, supervised nonbank companies would be required to report annually to the Bureau on their use of standard-form contract terms that “seek to waive consumer rights or other legal protections or limit the ability of consumers to enforce or exercise their rights” and would appear in a publicly accessible registry. (Covered by InfoBytes here.) The Bureau anticipates issuing a final rule later this year.
- Credit card penalty fees. The Bureau issued an NPRM in February to solicit public feedback on proposed changes to credit card late fees and late payments and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. A final rule may be issued later this year.
- LIBOR transition. In April, the Bureau issued an interim final rule, amending Regulation Z, which implements TILA, to update various provisions related to the LIBOR transition. Effective May 15, the interim final rule further addresses LIBOR’s sunset on June 30, by incorporating references to the SOFR-based replacement—the Fed-selected benchmark replacement for the 12-month LIBOR index—into Regulation Z. (Covered by InfoBytes here.)
Agencies release statement on LIBOR sunset; CFPB amends Reg Z to reflect transition
On April 26, the CFPB joined the Federal Reserve Board, FDIC, NCUA, and OCC in issuing a joint statement on the completion of the LIBOR transition. (See also FDIC FIL-20-2023 and OCC Bulletin 2023-13.) According to the statement, the use of USD LIBOR panels will end on June 30. The agencies reiterated their expectations that financial institutions with USD LIBOR exposure must “complete their transition of remaining LIBOR contracts as soon as practicable.” Failure to adequately prepare for LIBOR’s discontinuance may undermine financial stability and institutions’ safety and soundness and could create litigation, operational, and consumer protection risks, the agencies stressed, emphasizing that institutions are expected to take all necessary steps to ensure an orderly transition. Examiners will monitor banks’ efforts throughout 2023 to ensure contracts have been transitioned away from LIBOR in a manner that complies with applicable legal requirements. The agencies also reminded institutions that safe-and-sound practices include conducting appropriate due diligence to ensure that replacement alternative rate selections are appropriate for an institution’s products, risk profile, risk management capabilities, customer and funding needs, and operational capabilities. Institutions should also “understand how their chosen reference rate is constructed and be aware of any fragilities associated with that rate and the markets that underlie it,” the agencies advised. Both banks and nonbanks should continue efforts to adequately prepare for LIBOR’s sunset, the Bureau said in its announcement, noting that the agency will continue to help institutions transition affected consumers in an orderly manner.
The Bureau also issued an interim final rule on April 28 amending Regulation Z, which implements TILA, to update various provisions related to the LIBOR transition. The interim final rule updates the Bureau’s 2021 LIBOR Transition Rule (covered by InfoBytes here) to reflect the enactment of the Adjustable Interest Rate Act of 2021 and its implementing regulation promulgated by the Federal Reserve Board (covered by InfoBytes here). Among other things, the interim final rule further addresses LIBOR’s sunset on June 30, by incorporating references to the SOFR-based replacement—the Fed-selected benchmark replacement for the 12-month LIBOR index—into Regulation Z. The interim final rule also (i) makes conforming changes to terminology used to identify LIBOR replacement indices; and (ii) provides an example of a 12-month LIBOR tenor replacement index that meets certain standards within Regulation Z. The Bureau also released a Fast Facts summary of the interim final rule and updated the LIBOR Transition FAQs.
The interim final rule is effective May 15. Comments are due 30 days after publication in the Federal Register.
FSOC seeks feedback on risk framework, nonbank determinations
On April 21, the Financial Stability Oversight Council (FSOC) released a proposed analytic framework for financial stability risks, “intended to provide greater transparency to the public about how [FSOC] identifies, assesses, and addresses potential risks to financial stability, regardless of whether the risk stems from activities or firms.” FSOC explained in a fact sheet that the proposed framework would not impose any obligations on any entity, but is instead designed to provide guidance on how FSOC expects to perform certain duties. This includes: (i) identifying potential risks covering a broad range of asset classes, institutions, and activities, including new and evolving financial products and practices as well as developments affecting financial resiliency such as cybersecurity and climate-related financial risks; (ii) assessing certain vulnerabilities that most commonly contribute to financial stability risk and considering how adverse effects stemming from these risks could be transmitted to financial markets/market participants, including what impact this can have on the financial system; and (iii) responding to potential risks to U.S. financial stability, which may involve interagency coordination and information sharing, recommendations to financial regulators or Congress, nonbank financial company determinations, and designations relating to financial market utility/payment, clearing, and settlement activities that are, or are likely to become, systemically important.
The same day, FSOC also released for public comment proposed interpretive guidance relating to procedures for designating systemically important nonbank financial companies for Federal Reserve supervision and enhanced prudential standards. (See also FSOC fact sheet here.) The guidance would revise and update previous guidance from 2019, and “is intended to enhance [FSOC’s] ability to address risks to financial stability, provide transparency to the public, and ensure a rigorous and clear designation process.” FSOC explained that the proposed guidance would include a two-stage evaluation and analysis process for making a designation, during which time companies under review would engage in significant communication with FSOC and be provided an opportunity to request a hearing, among other things. Designated companies will be subject to annual reevaluations and may have their designations rescinded should FSOC determine that the company no longer meets the statutory standards for designation.
Comments on both proposals are due 60 days after publication in the Federal Register.
Both CFPB Director Rohit Chopra and OCC acting Comptroller Michael J. Hsu issued statements supporting the issuance of the proposed interpretive guidance. Chopra commented that, if finalized, the proposed guidance “will create a clear path for the FSOC to identify and designate systemically important nonbank financial institutions” and “will accelerate efforts to identify potential shadow banks to be candidates for designation.” Hsu also noted that sharing additional details to improve the balance and transparency of FSOC’s work “would both make it easier for [FSOC] to explain its analysis of potential risks and create an opportunity for richer public input on the analysis.”
CFPB orders nonbank title lender to pay $15 million for numerous violations
On February 23, the CFPB entered a consent order against a Georgia-based nonbank auto title lender (respondent) for alleged violations of the Military Lending Act (MLA), the Truth in Lending Act, and the Consumer Financial Protection Act. According to the Bureau, the respondent allegedly charged nearly three times the MLA’s 36 percent annual interest rate cap on auto title loans made to military families. The respondent also allegedly changed military borrowers’ personal information in an attempt to hide their protected status, included mandatory arbitration clauses and unreasonable notice provisions in its loans, and charged fees for an insurance product that provided no benefit to the borrower. The Bureau noted that the respondent has been under a consent order since 2016 for allegedly engaging in unfair and abusive acts related to its lending and debt collection practices (covered by InfoBytes here). While neither admitting nor denying any of the allegations, the respondent has agreed to pay $5.05 million in consumer redress and a $10 million penalty. The respondent must also implement robust measures to prevent future violations.
Fed revises Bank Holding Company Supervision Manual
The Federal Reserve Board recently updated sections of the Bank Holding Company Supervision Manual. (Changes to the manual were last made in November 2021.) The manual provides guidance for conducting inspections of bank holding companies and their nonbank subsidiaries, as well as savings and loan holding companies. “The supervisory objectives of the inspection program are to ascertain whether the financial strength of the bank holding company is being maintained on an ongoing basis and to determine the effects or consequences of transactions between a holding company or its nonbanking subsidiaries and its subsidiary banks,” the Fed explained. Included among the changes are updates to sections on the supervision of savings and loan holdings companies; supervision of holding companies with less than $10 billion in total consolidated assets; liquidity planning and positions applicable to large financial institutions; holding company ratings applicability and inspection frequency; supervision of subsidiaries related to nondeposit investment products; control and ownership of bank holding company formations; asset securitization risk management and internal controls; retail-credit classification; supervision of savings and loan holding companies; and Bank Holding Company Act exemptions. A new section—“Formal Corrective Actions”—revises previous guidance to include entities against which the Fed has statutory authority to take formal enforcement actions. The section also provides additional information on enforcement actions for Bank Secrecy Act and anti-money laundering compliance failures, as well as details on interagency enforcement coordination. The section further clarifies that the Fed “does not issue an enforcement action on the basis of a ‘violation’ of or ‘non-compliance’ with supervisory guidance.” Minor technical changes were made throughout the manual as well. A detailed summary of changes is available here.