Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 5, the CFPB issued a policy statement outlining the application process for entities seeking to terminate a consent order before the original expiration date. Generally, consent orders issued by the Bureau carry five-year terms, although the term may be extended in certain circumstances. While reiterating the essential role consent orders play in the Bureau’s enforcement work, the Bureau recognizes that consent orders can impose costly and resource-intensive reporting and record-keeping requirements, and may impact a regulated depository institution’s ability to open new branches or merge or acquire other financial institutions. Acknowledging that there may be “exceptional circumstances” where early termination may be appropriate, the policy statement sets forth eligibility criteria that entities must meet, and lays out the standards that the Bureau intends to use when evaluating early termination applications. It also notes that only entities are permitted to apply for early termination of a consent order. Individuals are not eligible do so.
Among other things, an entity applying for early termination must demonstrate that it (i) has fully complied with the consent order’s terms and conditions; and (ii) has a “satisfactory” compliance management system in its institutional product line or compliance area under which the consent order was issued. Entities must also meet certain timing and threshold eligibility criteria. The policy statement further specifies that an entity may not apply if it has been banned from participating in a certain industry, if the consent order involves violations of an earlier order, or if any criminal activity is involved. Once an application is determined to be complete, the Bureau states that it “generally intends to complete [its] compliance review within six months.”
The policy statement takes effect October 8.
On June 2, the CFPB announced a settlement with a payday and auto title loan lender and its subsidiaries (collectively, “lender”) resolving allegations that the lender violated the Consumer Financial Protection Act (CFPA) and TILA. Specifically, the Bureau asserts that the lender—which is based in Cleveland, Tennessee and operates 156 stores in eight states—violated the CFPA and TILA by (i) disclosing finance charges that were substantially lower than what the consumer would actually incur if repaid according to the amortization schedules; (ii) delayed refunds of consumer credit balances for months; (iii) made repeated debt collection calls to third-parties, including workplaces after being told to stop; and (iv) improperly disclosed, or risked disclosure, of consumer debt information to third parties. The Bureau alleges that the lender received over $3.5 million in finance charges that exceeded the amount stated in required TILA disclosures.
The consent order requires the lender to pay $2 million of the $3.5 million in consumer redress and $1 civil money penalty, based on a demonstrated inability to pay. The consent order also prohibits the lender from misrepresenting finance charges or engaging in unlawful collection practices and requires certain compliance and reporting measures to be undertaken.
On April 1, the CFPB announced a $1.3 million settlement with a Texas-based short-term lender to resolve allegations that the lender violated the Consumer Financial Protection Act, FCRA, and TILA. The Bureau alleged that while “marketing, servicing, and collecting on high-interest payday, auto-title, and unsecured consumer-installment loans,” the lender made deceptive representations through advertisements and telemarketing calls when promoting purported loan discounts. The Bureau also alleged that the lender engaged in unfair collection call practices by allegedly calling consumers who failed to make payments numerous times—some more than 15 or 20 times a day—even after being asked to stop. In addition, the lender allegedly repeatedly called consumers’ workplaces and references as a tactic to obtain payments and disclosed, or risked disclosing, to third parties the existence of the delinquent debts. According to the Bureau, the lender also violated FCRA by failing to maintain adequate consumer reporting policies and procedures to ensure the “accuracy and integrity” of the information furnished to consumer reporting agencies, and violated TILA by failing to provide telemarketers guidance on how to lawfully disclose a loan’s annual percentage rate as required by federal law when responding to consumers’ questions about interest and other loan costs.
Under the terms of the consent order, the lender is required to pay a $1.1 million civil money penalty, $286,675 in consumer redress, and is, among other things, (i) permanently restrained from certain collection practices; (ii) required to ensure employees do not misrepresent discount offers when marketing or selling consumer financial products or services; and (iii) tasked with ensuring employees correctly disclose the APR of loan products.
On March 4, the U.S. Court of Appeals for the Fifth Circuit affirmed summary judgment in favor of a debt collector (defendant) accused of violating the FDCPA and the terms of a CFPB consent order. According to the opinion, the defendant attempted to collect a credit card debt from the plaintiff that the plaintiff did not recognize. In December 2014, the defendant filed suit to collect the past due debt. In the meantime, the CFPB issued a consent order against the defendant for violations of the FDCPA (covered by InfoBytes here) while the parties awaited trial. Thereafter, the plaintiff filed a complaint with the CFPB regarding the validity of the debt, but the Bureau closed that complaint after verifying the defendant’s ownership of the plaintiff’s debt. The plaintiff responded by filing his own lawsuit in March 2017, claiming the defendant violated the FDCPA by (i) “lacking validation of his debt prior to his January 2016 trial”; (ii) failing to timely validate his debt in violation of provisions of its consent order with the CFPB; and (iii) “misrepresenting that it intended to prove ownership of his debt if contested.” The district court granted summary judgment for the defendant based on the plaintiff’s failure to prove actual damages.
On appeal, the appellate court determined that the district court erred in ruling that the plaintiff failed to plead actual damages, finding that “the FDCPA does not require proof of actual damages to ground statutory damages.” However, the appellate court did not reverse the district court’s decision. Instead, the appellate court affirmed, holding that the plaintiff’s debt validation claims were time-barred because he did not file suit within the FDCPA’s one-year statute of limitations. Regarding the other two claims, the appellate court stated that while the claims were not time-barred, the plaintiff lacked standing because “private persons may not bring actions to enforce violations of consent decrees to which they are not a party.” The CFPB’s consent order with the defendant specified that the CFPB was the enforcer of the order, and its text could not be read to invoke a private right of action permitting the plaintiff’s suit. Accordingly, the appellate court affirmed summary judgment against the plaintiff on these remaining two claims.
On February 5, the CFPB announced a settlement with a Texas-based payday lender and six subsidiaries (defendants) for allegedly assisting in the collection of online installment loans and online lines of credit that consumers were not legally obligated to pay based on certain states’ usury laws or licensing requirements. As previously covered by InfoBytes, the Bureau filed a complaint in 2017—amended in 2018—against the defendants for allegedly violating the CFPA’s prohibitions on unfair, deceptive, and abusive acts and practices by, among other things, making deceptive demands and originating debit entries from consumers’ bank accounts for loans that the defendants knew were either partially or completely void because the loans were void under state licensing or usury laws. The defendants—who operated in conjunction with three tribal lenders engaged in the business of extending and collecting the online installment loans and lines of credit—also allegedly provided material services and substantial assistance to two debt collection companies that were also involved in the collection of these loans.
Under the stipulated final consent order, the defendants are prohibited from (i) extending, servicing, or collecting on loans made to consumers in any of the identified 17 states if the loans violate state usury limits or licensing requirements; and (ii) assisting others engaged in this type of conduct. Additionally, the settlement imposes a $1 civil money penalty against each of the seven defendants. The Bureau’s press release notes that the order “is a component of the global resolution of the [defendants’] bankruptcy proceeding in the Bankruptcy Court for the Northern District of Texas, which includes settlements with the Pennsylvania Attorney General’s Office and private litigants in a nationwide consumer class action.” The press release also states that “[c]onsumer redress will be disbursed from a fund created as part of the global resolution, which is anticipated to have over $39 million for distribution to consumers and may increase over time as a result of ongoing, related litigation and settlements.”
On January 30, the Federal Reserve Board (Fed) announced an enforcement action against a New York-based bank for allegedly violating the National Flood Insurance Act (NFIA) and Regulation H, which implements the NFIA. The consent order assesses a $36,500 civil money penalty against the bank for an alleged pattern or practice of violations of Regulation H, but does not specify the number or the precise nature of the alleged violations. The maximum civil money penalty under the NFIA for a pattern or practice of violations is $2,000 for each violation. The consent order was signed by both the bank and the Fed on January 24.
On January 16, the California Department of Business Oversight (DBO) and a point-of-sale finance company entered into a consent order to resolve the DBO’s allegations that the company had made loans without a license to California consumers. According to the order, the company applied for a license under the California Financing Law (CFL) in September 2019. The DBO initially denied the company’s license application on December 30, 2019 (previously covered by InfoBytes here) and issued a statement of issues explaining its reasoning. The DBO found that the company’s transactions were disguised loans subject to the CFL. The company had argued that its transactions were credit sales not subject to the CFL. Ultimately, the company agreed to resolve the matter and pay $282,000 in refunds to consumers and a $28,200 fine for unlicensed lending. Additionally, the company agreed to “cease providing loans or extensions of credit to California residents by means of purchasing credit sales contracts from merchants” and “only provide loans or extensions of credit to California residents under the authority of a license issued by the Commissioner under the CFL.” Simultaneous with the announcement of the consent order, the DBO issued the company a license.
On November 22, in a speech at The Clearing House + Bank Policy Institute Annual Conference, CFPB Director Kathy Kraninger noted that the Bureau is considering changes to its consent order process to “ensur[e] consent orders remain in effect only as long as needed to achieve their desired effects.” Specifically, Kraninger discussed that while most consent orders are effective for five-year periods and companies can request early termination or termination of indefinite orders, the Bureau has only terminated “a few” consent orders in the past. Similar to the Bureau’s recent changes to its Civil Investigative Demand (CID) policy (covered by InfoBytes here), Kraninger stated that the Bureau intends to announce an updated consent order policy “soon,” in order to “provide clarity and consistency.”
On September 24, the FTC announced a proposed $23 million settlement with a Belizean bank resolving allegations that it assisted various entities in deceiving U.S. consumers into purchasing parcels of land in a luxury development in Belize. As previously covered by InfoBytes, in November 2018, the FTC filed charges and obtained a temporary restraining order against the operators of an international real estate investment scheme, which allegedly violated the FTC Act and the Telemarketing Sales Rule by advertising and selling parcels of land through the use of deceptive tactics and claims. The FTC asserted that consumers who purchased lots in the development purchased them outright or made large down payments and sizeable monthly payments, including HOA fees, and that defendants used the money received from these payments to fund their “high-end lifestyles,” rather than invest in the development. The FTC argued that “consumers either have lost, or will lose, some or all of their investments.” At the time, the FTC filed separate charges against the Belizean bank for allegedly assisting and facilitating the scam.
According to the FTC, the bank has now agreed to the proposed consent order to settle the allegations. The consent order requires the bank to pay $23 million, which will be used to provide equitable relief, including consumer redress, and to cease all non-liquidation business activities permanently. Additionally, the consent order prohibits the liquidator or anyone else from seeking to re-license and operate the bank’s business. The consent order must be approved by the U.S. District Court for the District of Maryland.
On September 6, the FTC voted 5-0 to approve a final settlement under which a software provider agreed to better protect the data it collects, resolving allegations that the company failed to implement reasonable data security measures and exposed personal consumer information obtained from its auto dealer clients in violation of the FTC Act and the Standards for Safeguarding Customer Information Rule, issued pursuant to the Gramm-Leach-Bliley Act.
As previously covered by InfoBytes, in its complaint, the FTC alleged the company’s failure to, among other things, (i) implement an organization information security policy; (ii) implement reasonable guidance or training for employees; (iii) use readily available security measures to monitor systems; and (iv) impose reasonable data access controls, which resulted in a hacker gaining unauthorized access to the company’s database containing the personal information of approximately 12.5 million consumers. The approved settlement requires the company to, among other things, implement and maintain a comprehensive information security program designed to protect the personal information it collects, including implementing specific safeguards related to the FTC’s allegations. Additionally, the settlement requires the company to obtain third-party assessments of its information security program every two years and have a senior manager certify compliance with the order every year.
- H Joshua Kotin to discuss "Being fair, responsible, & profitable" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- Kathryn L. Ryan to discuss "NMLS mortgage call report – Where’s NMLS 2.0?" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Jeffrey P. Naimon to discuss "2021 - A new beginning/what's to come" at the QuestSoft Lending Compliance & Risk Management Virtual Conference
- H Joshua Kotin to discuss "Mortgage servicing in a recession: Early intervention, loss mitigation and more" at the NAFCU Virtual Regulatory Compliance Seminar
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "Cyber security, incident response, crisis management" at the Legal & Diversity Summit
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "BSA/AML - Covid impact and regulatory/guidance roundup" at an NAFCU webinar