Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Special Alert: Department of Defense Issues Interpretive Rule Regarding Compliance with the Military Lending Act
Today, the Department of Defense (“DoD” or “Department”) published in the Federal Register an interpretive rule regarding compliance with its July 2015 amendments to the regulations implementing the Military Lending Act (“MLA”). The July 2015 amendments will extend the MLA’s 36% military annual percentage rate (“MAPR”) cap, ban on mandatory arbitration, and other limitations to a wider range of credit products—including open-end credit—offered or extended to active duty service members and their dependents (“covered borrowers”). Compliance is mandatory beginning on October 3, 2016, except that credit card issuers have until October 3, 2017 to comply. Additional BuckleySandler materials on the MLA amendments are available here, here, and here.
DoD stated that the interpretive rule “does not substantively change the [July 2015] regulation implementing the MLA, but rather merely states the Department’s preexisting interpretations of an existing regulation” and thus is effective immediately upon publication. The DoD also emphasized that the guidance provided in the rule “represent[s] official interpretations of the Department….”
* * *
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Valerie L. Hletko, (202) 349-8054
- Manley Williams, (202) 349-8060
- Sasha Leonhardt, (202) 349-7971
- Andrew W. Grant, (202) 349-8056
With evolving regulatory expectations and increased enforcement exposure, financial institutions are under more scrutiny than ever. Nowhere is this more evident than in the management and oversight of service providers. When service providers are part of an institution’s business practice, understanding the expectations of regulators, investors, and counterparties for compliance with consumer financial laws is critical.
In 2012, the CFPB issued Bulletin 2012-03, which outlines the CFPB’s expectations regarding supervised institutions’ use of third party service providers. Banks and nonbanks alike are expected to maintain effective processes for managing the risks presented by service providers, including taking the following steps:
- Conducting thorough due diligence of the service provider to ensure that the service provider understands and is capable of complying with federal consumer financial law
- Reviewing the service provider’s policies, procedures, internal controls, and training materials
- Including clear expectations in written contracts
- Establishing internal controls and on-going monitoring procedures
- Taking immediate action to address compliance issues
Implementing consistent risk-based procedures for monitoring third party service provider relationships is an extremely important aspect of meeting the CFPB’s expectations and mitigating risk to the institution.
The Risk Management Lifecycle and Best Practices
The CFPB is but one of many agencies that have circulated vendor management guidance. Other federal prudential regulators—most notably the Office of the Comptroller of the Currency—have developed regulatory guidance describing a “lifecycle” for oversight of third parties that supervised institutions are expected to follow. The risk management lifecycle of a service provider relationship consists of:
- Planning/risk assessment
- Due diligence and service provider selection
- Contract negotiation and implementation
- Ongoing relationship monitoring
- Relationship termination/contingency plans
Supplemented by enhanced risk management processes, including meaningful involvement by the Board of Directors and extensive monitoring of performance and condition, the new framework for oversight of third parties can present both cost and operational challenges for all institutions. Financial institutions would be prudent to implement the following best practices into their vendor management procedures, among others:
- Staffing sufficiently to ensure that service providers are properly monitored
- Incorporating Board and senior executive involvement throughout the process
- Documenting its efforts at every stage of the lifecycle
The past year has seen heightened CFPB interest in the following areas: (i) deferred interest and rewards, (ii) limited English proficiency consumers, and (iii) the recent revisions to the Military Lending Act (MLA). Pursuing simplicity in the design of product features and closely following limited English proficiency issues will help credit issuers mitigate their regulatory risk. Also on the horizon in 2016 is the effective date of the MLA revisions, which were announced in July 2015.
Deferred Interest and Rewards
The Bureau has been focused on the marketing and design of deferred interest products and issued a strong admonition in September 2014 relating to the potential for consumer surprise. However, there has been relatively little enforcement activity in this regard. Instead, enforcement generally has focused on technical violations of law. For example, an August 2015 consent order arose out of point-of-sale disclosures as opposed to the product features themselves. Some deferred interest issues, such as “old fashioned mistakes,” (e.g., “if paid in full” is dropped from the marketing copy) may represent low-hanging fruit for the CFPB and should be addressed to mitigate enforcement risk. The Bureau has also expressed concern about technical issues that may complicate deferred interest for consumers, such as expiration of the promotional period prior to the payment due date.
The Bureau has suggested that consumers base their choice of credit card more on the nature and richness of the rewards than on the interest rate. Accordingly, the Bureau has expressed concern about various aspects of rewards programs, including the expiration of points and complexity surrounding how they are earned and redeemed. While simplicity may reduce regulatory risk, it undoubtedly makes rewards programs more expensive for issuers, and makes it more difficult for consumers to distinguish among them.
Limited English Proficiency
In September 2015, the CFPB issued an enforcement action related to mortgages, which required the respondent to spend $1M on targeted advertising and an outreach campaign in Spanish and English over the five-year term of the order. The CFPB recently created several Spanish language documents: a glossary of basic financial terms as well as two documents titled “Your Money, Your Goals,” and “The Newcomer’s Guide to Managing Money.”
Notwithstanding these efforts, it is worth noting that the CFPB has not translated any of the credit card model forms into Spanish. Determining the appropriate extent of Spanish-language marketing—and fulfillment, if any—is a difficult calculation, and the Bureau has provided no firm guidance. Still, while the industry awaits further developments in 2016, it is advisable to make specific efforts to engage Spanish-speaking communities.
Military Lending Act
The recently revised MLA will also impact the credit card industry in 2016. Under the new regulations, most credit card products will be subject to the MLA, including its 36 percent interest rate limitation. Creditors will need to determine who is a covered borrower, but the revised regulations also provided two safe harbors for a creditor to make such a determination. The revised regulations take effect on October 3, 2016, except for most credit cards, as to which the compliance date is October 3, 2017. BuckleySandler addressed this new rulemaking in an MLA Spotlight Series (see Part 1, Part 2, Part 3).
On July 22, 2015, the Department of Defense (“Department”) released its final rule amending the regulations that implement the Military Lending Act (“MLA”), which means that a wider range of credit products—including open-end credit—offered or extended to active duty service members and their dependents (“covered borrowers”) will now be subject to the MLA and its “all-in” 36% military annual percentage rate (“MAPR”) cap.
Specifically, the Department expanded the definition of “consumer credit” to be consistent with credit that is subject to the Truth-in-Lending Act (“TILA”)—credit offered or extended to a covered borrower primarily for personal, family, or household purposes, and that is (i) subject to a finance charge or (ii) payable by a written agreement in more than four installments.
In response to the initial proposed rule, financial services industry stakeholders undertook a substantial effort to show how proposed modifications to the MLA regulations were overly broad and, in parts, inconsistent with the Department’s mandate under the MLA. At a high level, industry comment letters fell into five categories:
- The Department was asked to provide creditors with “a substantial time period” to implement the operational changes needed to comply with the regulation.
- The Department was asked to take a more targeted approach to redefining “consumer credit,” either by focusing exclusively on certain predatory loans or by excluding certain products (such as credit cards) entirely or narrowing the requirements for such products. A link to BuckleySandler’s comment letter in this regard can be found here.
- The Department was asked to exempt from the final rule certain institutions (such as all insured depository institutions).
- The Department was asked to exempt certain charges, such as application or participation fees, from the MAPR calculation.
- The Department was asked to broaden the safe-harbor methods for determining whether a consumer is a covered borrower.
The final rule largely rejected the requests and instead retains the approach in the proposed rule. Three features stand out in this regard:
- The final rule tracks the proposed rule regarding how the regulation defines the “consumer credit” products to which it applies.
- The Department did not provide an exemption for insured depository institutions or insured credit unions.
- While credit card issuers were given until October 3, 2017 to come into compliance, the Department gave other creditors until October 3, 2016, which is only 12 months from the October 1, 2015 effective date, to comply with the final rule, as opposed to “at least 18 months,” which some commenters requested.
With that said, the final rule does contain some positive modifications that relieve onerous compliance burdens, including abandonment of the proposed requirement that a “bona fide” fee charged to a credit card account also be “customary.” These modifications are discussed below.
Modifications or requests that the Department denied
First, the Department rejected requests to change the scope of the definition of “consumer credit,” either by targeting only specific types or by excluding entirely certain types. The Department stated that, in its view, a broad definition of “consumer credit” was preferable, in part, because expanding the scope of products subject to MLA compliance would “preserve access to a wide range of products” while protecting covered borrowers. Next, the Department refused to exempt credit card accounts from the “consumer credit” definition because it determined that compliance with the CARD Act could not displace the benefits of the MLA. The Department expressed concern that lenders could exploit such an exemption by transforming high-cost open-end products into credit cards, which do not have a maximum interest rate under the CARD Act.
Second, the final rule does not completely exempt insured depository institutions or insured credit unions. Broadly speaking, the arguments for exemption included that (i) failing to provide exemption would lead to the exclusion of service members from credit products and services, and (ii) a robust regulatory and supervisory framework already exists for such institutions. The Department responded that it was “confident that…[these institutions] could find appropriate methods to provide borrowers credit products that comply with the [MLA] interest-rate limit….” Next, the Department rejected the notion that the robust regulatory and supervisory regime for insured depository institutions justifies an exclusion from the MLA because that regime was not designed to lower the costs of credit for covered borrowers.
Many commenters requested that the Department provide “a substantial period of time for compliance,” such as “at least 18 months,” because of the operational difficulties presented. The Department stated that creditors need only a “reasonable period of time” to modify their operations. Therefore, except for credit card accounts (discussed more fully below), creditors have only 12 months to comply with the requirements in the final rule.
Modifications or requests that the Department granted
In general, credit card issuers were the largest beneficiary of the Department’s modifications, notwithstanding that the Department declined to exempt credit card accounts from the final rule. First, the Department granted a complete exemption from the definition of “consumer credit” for credit extended to a covered borrower under a credit card account for a minimum of two years. The exemption expires on October 3, 2017.
Second, the final rule continues to provide a qualified exclusion for credit card accounts from the MAPR calculation for a “bona fide” fee, but it modified the proposed rule to eliminate the requirement that the bona fide fee be “customary.” This provides relief from the operational difficulties and uncertainties associated with defining “customary,” and means that credit card issuers will have a wider berth for innovation in products and services without the risk of liability under the MLA insofar as fees could be deemed not “customary.”
Finally, the final rule included the following positive modifications:
- For insured credit unions and insured depository institutions, an application fee may be excluded from the computation of the MAPR for a short-term, small amount loan, subject to certain conditions.
- The Department adopted a new “covered borrower” safe harbor to permit a creditor to “legally conclusively determine” that a consumer is a covered borrower by using information obtained in a “consumer report from a nationwide consumer reporting agency or a reseller who provides such a report.” The final rule retains the original safe harbor—permitting creditors to “legally conclusively determine” that a consumer is a covered borrower by using information obtained directly or indirectly from the MLA database—thereby giving creditors two safe-harbor options.
- Removed the “actual knowledge” clawback from the “covered borrower” safe harbor, meaning that a creditor who concludes that a borrower is not a covered borrower after conducting a covered-borrower safe-harbor check using either the MLA database or a permissible consumer report will not be liable even if the consumer is a covered borrower.
- Jedd R. Bellman to provide an “Attorney exemption/medical debt update” at the North American Collection Agency Regulatory Association annual conference
- Kathryn L. Ryan to discuss “What should crypto regulation look like: Legislation, regulation and consumer issues” at WCL's First Annual Virtual Currency Law Institute
- Elizabeth E. McGinn to discuss “How to mitigate and manage third-party risks: Leveraging tools and best practices” at The Knowledge Group’s webcast
- Elizabeth E. McGinn, Benjamin W. Hutten, and James C. Chou to discuss “The evolving regulatory landscape: Third-party and cyber risk management” at the 2022 mWISE Conference
- Sherry-Maria Safchuk to discuss “For your eyes only: Privacy updates for 2022-2023” at CCFL’s Annual Consumer Financial Services Conference
- James T. Parkinson to present a “Global anti-corruption update” at IBA’s annual conference