InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB report looks at junk fees; official says they remain agency focus
On March 8, the CFPB released a special edition of its Supervisory Highlights focusing on junk fees uncovered in deposit accounts and the auto, mortgage, student, and payday loan servicing markets. The findings in the report cover examinations completed between July 1, 2022 and February 1, 2023. Highlights of the supervisory findings include:
- Deposit accounts. Examiners found occurrences where depository institutions charged unanticipated overdraft fees where, according to the Bureau, consumers could not reasonably avoid these fees, “irrespective of account-opening disclosures.” Examiners also found that while some institutions unfairly assessed multiple non-sufficient (NSF) fees for a single item, institutions have agreed to refund consumers appropriately, with many planning to stop charging NSF fees entirely.
- Auto loan servicing. Recently examiners identified illegal servicing practices centered around the charging of unfair and abusive payment fees, including out-of-bounds and fake late fees, inflated estimated repossession fees, and pay-to-pay payment fees, and kickback payments. Among other things, examiners found that some auto loan servicers charged “payment processing fees that far exceeded the servicers’ costs for processing payments” after a borrower was locked into a relationship with a servicer selected by the dealer. Third-party payment processors collected the inflated fees, the Bureau said, and servicers then profited through kickbacks.
- Mortgage loan servicing. Examiners identified occurrences where mortgage servicers overcharged late fees, as well as repeated fees for unnecessary property inspections. The Bureau claimed that some servicers also included monthly private mortgage insurance premiums in homeowners’ monthly statements, and failed to waive fees or other changes for homeowners entering into certain types of loss mitigation options.
- Payday and title lending. Examiners found that lenders, in connection with payday, installment, title, and line-of-credit loans, would split and re-present missed payments without authorization, thus causing consumers to incur multiple overdraft fees and loss of funds. Some short-term, high-cost payday and title loan lenders also charged borrowers repossession-related fees and property retrieval fees that were not authorized in a borrower’s title loan contract. The Bureau noted that in some instances, lenders failed to timely stop repossessions and charged fees and forced consumers to refinance their debts despite prior payment arrangements.
- Student loan servicing. Examiners found that servicers sometimes charged borrowers late fees and interest despite payments being made on time. According to the Bureau, if a servicer’s policy did not allow loan payments to be made by credit card and a customer representative accidentally accepted a credit card payment, the servicer, in certain instances, would manually reverse the payment, not provide the borrower another opportunity for paying, and charge late fees and additional interest.
CFPB Deputy Director Zixta Martinez recently spoke at the Consumer Law Scholars Conference, where she focused on the Bureau’s goal of reigning in junk fees. She highlighted guidance issued by the Bureau last October concerning banks’ overdraft fee practices, (covered by InfoBytes here), and commented that, in addition to enforcement actions taken against two banks related to their overdraft practices, the Bureau intends to continue to monitor how overdrafts are used and enforce against certain practices. The Bureau noted that currently 20 of the largest banks in the country no longer charge surprise overdraft fees. Martinez also discussed a notice of proposed rulemaking issued last month related to credit card late fees (covered by InfoBytes here), in which the Bureau is proposing to adjust the safe harbor dollar amount for late fees to $8 for any missed payment—issuers are currently able to charge late fees of up to $41—and eliminate a higher safe harbor dollar amount for late fees for subsequent violations of the same type. Martinez further described supervision and enforcement efforts to identify junk fee practices and commented that the Bureau will continue to target egregious and unlawful activities or practices.
CFPB and NLRB to share info on employer-driven debt practices and illegal surveillance
On March 7, the CFPB and the National Labor Relations Board (NLRB) entered into an information sharing agreement to create a formal partnership for addressing unlawful practices involving employer surveillance and employer driven debt. The agencies stressed in the joint announcement that their Memorandum of Understanding will help identify and end employer practices that cause workers to incur debt by forcing them to pay for employer-mandated training or equipment that they might not need, or that surveil workers and sell their personal data to financial institutions, insurers, and other employers. These actions, the agencies said, may violate the FCRA and other consumer financial protection laws. As previously covered by InfoBytes, last June the Bureau launched an inquiry into employer-driven debt practices. The request for information focused on debt obligations incurred by consumers in the context of an employment or independent contractor arrangement, and sought information on “prevalence, pricing and other terms of the obligations, disclosures, dispute resolution, and the servicing and collection of these debts.”
“Many workers discover that getting a job can mean piling up debt instead of making a living,” CFPB Director Rohit Chopra said in the announcement. “Information sharing with the [NLRB] will support our efforts to end debt traps that stop workers from leaving one job for another.” NLRB General Counsel Jennifer Abruzzo agreed, adding that as the “economy, industries and workplaces continue to change, we are excited to work with CFPB to strengthen our whole-of-government approach and ensure that employers obey the law and workers are able to fully and freely exercise their rights without interference or adverse consequences.”
Hsu presses for global supervision of crypto
On March 6, acting Comptroller of the Currency Michael J. Hsu commented that the collapse of a major cryptocurrency exchange has underscored a need for consolidated supervision of global cryptocurrency firms. Speaking before the Institute for International Banker’s Annual Washington Conference, Hsu offered thoughts on how to build and maintain trust in global banking. “To be trustworthy, global crypto firms need a lead regulator who has authority and responsibility over the enterprise as a whole,” Hsu said. “Until that is done, crypto firms with subsidiaries and operations in multiple jurisdictions will be able to arbitrage local regulations and potentially play shell games using inter-affiliate transactions to obfuscate and mask their true risk profile.” Hsu pointed out that in order to conduct business in the U.S. foreign banks must be supervised by a home country via “a lead regulator with visibility and authority over the entirety of the bank’s global activities.” In contrast, not a single crypto firm is currently subject to consolidated supervision, Hsu said.
Hsu drew comparisons between a now-defunct international bank that led to significant changes in how global banks are supervised and the collapsed crypto exchange, arguing that there are “striking similarities” between the two, including that both (i) “faced fragmented supervision by a combination of state, federal, and foreign authorities”; (ii) “lacked a lead or ‘home’ regulator with authority and responsibility for developing a consolidated and holistic view of the firms”; (iii) “operated across jurisdictions where there was no established framework for regulators to share information on the firms’ operations and risk controls”; and (iv) “used multiple auditors to ensure that no one could have a holistic view of their firms.” To close the gap in the crypto sector, Hsu said action “will have to take place outside of bank regulatory channels,” but noted that the Financial Stability Board and other international bodies have already “recognized the need for a comprehensive global supervisory and regulatory framework for crypto participants.”
CFPB publishes HMDA review
On March 3, the CFPB published findings from a voluntary review of the 2015 HMDA Final Rule issued in October 2015, as well as subsequent related amendments that eased certain reporting requirements and permanently raised coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit (covered by InfoBytes here). Under Section 1022(d) of Dodd-Frank, the Bureau is required to conduct an assessment of each significant rule or order adopted by the agency under federal consumer financial law. The Bureau noted that it previously determined that the 2015 HMDA Final Rule “is not a significant rule for purposes of section 1022(d)” and said the decision to conduct the review was voluntary.
The Report on the Home Mortgage Disclosure Act Rule Voluntary Review found, among other things, that (i) “[c]onsistent with the 2015 HMDA Final Rule’s increase in the closed-end reporting threshold for depository institutions, HMDA coverage of first lien, closed-end mortgages decreased between Q1 of 2017 and Q1 of 2018, from 97.0 percent to 93.8 percent”; (ii) for all financial institutions originating closed-end mortgages, “the share of those institutions reporting HMDA data decreased between 2015 and 2020, with the largest decreases observed in 2017 and 2020” after the reporting threshold rose from 25 loan originations to 100 loan originations; (iii) revising data points to include the age of applicant and co-applicant race, ethnicity, gender, and income, increased the amount of compiled data; and (iv) analyzing data assists in detecting fair lending risk and discrimination in mortgage lending. “HMDA’s expanded transactional coverage improved the risk screening used to identify institutions at higher risk of fair lending violation by improving the accuracy of analysis and thus reducing the false positive rate at which lenders were mistakenly identified as high risk,” the report said.
The report also noted that interest rate data “provides an important observation that enables data users, including government agencies, researchers, and consumer groups to analyze mortgage pricing in order to better serve HMDA’s purposes. In particular, interest rate information brings a greater transparency to the market and facilitates enforcement of fair lending laws.” The Bureau further noted that HMDA data is “crucial” to federal regulators when conducting supervisory examinations and enforcement investigations. The Bureau commented that the “requirement to report new HMDA data points greatly increased the accuracy of supervisory data since the additional data points are now used to assess fair lending risks and are subject to supervisory exams for accurate filing to HMDA,” adding that the data is “also used to estimate appropriate remuneration amounts for harmed consumers.”
DOJ initiates SCRA action over auto auctions and dispositions
On March 3, the DOJ filed a complaint in the U.S. District Court for the Eastern District of North Carolina against a North Carolina-based towing company for allegedly auctioning off, selling, or disposing of vehicles owned by servicemembers through the use of court judgments obtained without filing proper military affidavits. Under the Servicemembers Civil Relief Act (SCRA), plaintiffs seeking a default judgment must “file an accurate military affidavit stating whether or not the defendant is in military service, or that the plaintiff is unable to determine the defendant’s military service status.” Towing companies are also required by the statute to make a good faith effort to determine if a defendant is in military service. A court may not enter a default judgment in favor of a plaintiff until after a servicemember has been appointed an attorney.
According to the complaint, the towing company disposed of servicemembers’ vehicles without complying with these requirements from at least 2017. The DOJ further claims that several factors should have alerted the towing company to the fact that the vehicles belonged to a servicemember, including that many of the vehicles were originally towed from locations on or near a military installation and many of the vehicles “had military decals, patches, and decorations, were financed through lenders geared towards members of the military, and contained military uniforms and paperwork, including orders.” The DOJ seeks damages for the affected servicemembers and civil penalties, as well as a court order enjoining the towing company from engaging in the illegal conduct.
House committees move forward on data privacy
On March 1, the House Subcommittee on Innovation, Data, and Commerce, a subcommittee of the House Energy and Commerce Committee, held a hearing entitled “Promoting U.S. Innovation and Individual Liberty through a National Standard for Data Privacy” to continue discussions on the need for comprehensive federal privacy legislation. House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) delivered opening remarks, commenting that discussions during the hearing will build upon the bipartisan American Data Privacy and Protection Act (ADPPA), which advanced through the committee last July by a vote of 53-2. As previously covered by InfoBytes, the ADPPA (see H.R. 8152) was sent to the House floor during the last Congressional session, but never came up for a full chamber vote. The bill has not been reintroduced yet.
A subcommittee memo highlighted that absent a comprehensive federal standard, “there are insufficient limits to what types of data companies may collect, process, and transfer.” The subcommittee flagged the data broker industry as an example of where there are limited restrictions or oversight to prevent the creation of consumer profiles that link sensitive data to individuals. Other areas of importance noted by the subcommittee relate to data security protections, data minimization requirements, digital advertising, and privacy enhancing technologies. The subcommittee heard from witnesses who agreed that a comprehensive privacy framework would benefit consumers.
One of the witnesses commented in prepared remarks that preemption is key, calling the current patchwork of state laws confusing and costly to businesses and consumers. “Consumers need a strong and consistent law to protect them across jurisdictions and market sectors, and to clarify what privacy rights they should expect and demand as they navigate the marketplace,” the witness said. The witness also stated that the FTC is currently relying on outdated law, noting that while Section 5 of the FTC Act is frequently used, “virtually all of the FTC’s privacy and data security cases are settlements. That means that many of the legal theories advanced, as well as the remedies obtained, have never been tested in court.”
In advance of the hearing, the California governor, the California attorney general, and the California Privacy Protection Agency sent a joint letter opposing preemption language contained in H.R. 8152. “[B]y prohibiting states from adopting, maintaining, enforcing, or continuing in effect any law covered by the legislation, [the ADPPA] would eliminate existing protections for residents in California and sister states,” the letter warned. The letter asked Congress “to set the floor and not the ceiling in any federal privacy law” and “allow states to provide additional protections in response to changing technology and data privacy protection practices.”
Separately, at the end of February, Chairman of the House Financial Services Committee, Patrick McHenry (R-NC) introduced the Data Privacy Act of 2023 (see H.R. 1165). The bill moved out of committee by a 26-21 vote, and now goes to the full House for consideration. Among other things, the bill would modernize the Gramm-Leach-Bliley Act to better align the statute with the evolving technological landscape. The bill would also ensure consumers understand how their data is being collected and used and grant consumers power to opt-out of the collection of their data and request that their data be deleted at any time. Additional provisions are intended to protect against the misuse or overuse of consumers’ personal data and impose disclosure requirements relating to data collection methods, how data is used and who it is shared with, data retention policies, and informed choice. The bill is designed to provide consistency across the country to reduce compliance burdens, McHenry said.
Fannie says appraisals are no longer required to establish market value
On March 1, Fannie Mae issued a Selling Guide announcement to introduce a range of options for establishing a property’s market value, noting that it is “moving away from implying that an appraisal is a default requirement.” As part of Fannie’s efforts to improve the efficiency and accuracy of the home valuation process, it is rolling out choices that balance “traditional appraisals with appraisal alternatives.” Options introduce the term “value acceptance,” which will be “used in conjunction with the term ‘appraisal waiver’ to better reflect the actual process of using data and technology to accept the lender-provided value.” A new option, “value acceptance + property data” will use property data collected by vetted third parties that conduct interior and exterior data collection on a property. This data will be used by the lender to confirm property eligibility (an appraisal will not be required). “Hybrid appraisals” will be “based on interior and exterior property data collection by a vetted and trained third-party that is provided to an appraiser to inform the appraisal.” Fannie explained that hybrid appraisals will be “permitted for certain one-unit transactions where value acceptance + property data was initially started, but changes in loan characteristics results in the transaction not being eligible for that option.”
The updates also allow for alternative methods to the Appraisal Update and/or Completion Report, including a borrower/builder attestation letter verifying completion of construction, and a borrower attestation letter confirming completion of repairs for existing construction. The updates also provide additional guidance on the use of sweat equity and revise timelines and expectations for lenders’ prefunding and post-closing quality control reviews, among other things.
FHA proposes to ease branch office registration
On March 1, FHA published FHA INFO 2023-14 announcing a proposed rule to eliminate a requirement that mortgagees and lenders register all branch offices conducting FHA business with HUD. Currently, all FHA-approved mortgagees and lenders are required to register any branch office where they originate Title I or II loans or submit applications for mortgage insurance. Due to technological advances and remote service delivery, this requirement is inconsistent with current industry practices, FHA said, explaining that the proposed rule will grant mortgagees and lenders the choice as to whether to register and maintain branch offices with HUD. The proposed rule also will make branch registration fees applicable only to those branch offices registered with HUD. Unregistered branch offices will not be subject to unnecessary registration fees and will not be placed on the HUD Lender List Search page. Comments on the proposed rule are due May 1.
FTC orders refunds over compromised health data
On March 2, the FTC filed a complaint against an online counseling service alleging the respondent violated the FTC Act by monetizing consumers’ sensitive health data for targeted advertising purposes. As part of the process to sign up for the respondent’s counseling services, consumers are required to provide sensitive mental health information, as well as other personal information. Consumers are promised that their personal health data will not be used or disclosed except for limited purposes, such as for counseling services. However, the FTC claimed the respondent used and revealed consumers’ sensitive health data to third parties for advertising purposes. According to the FTC, the respondent failed to maintain sufficient policies or procedures to protect the sensitive information and did not obtain consumers’ affirmative express consent before disclosing the health data. The respondent also allegedly failed to limit how third parties could use the health data and denied reports that it revealed consumers’ sensitive information.
Under the terms of the proposed consent order, the respondent will be required to pay $7.8 million in partial refunds to affected users and will be banned from disclosing health information to certain third parties for re-targeting advertising purposes. This will be the first FTC action returning funds to consumers whose health data was compromised. The respondent will also be prohibited from misrepresenting its sharing practices and must also (i) obtain users’ affirmative express consent before disclosing personal information to certain third parties for any purpose; (ii) implement a comprehensive privacy program with strong safeguards to protect users’ data; (iii) instruct third parties to delete shared personal data; and (iv) implement a data retention schedule imposing limits on how long personal data can be retained.
Treasury seeks to advance CBDCs
On March 1, Treasury Undersecretary for Domestic Finance Nellie Liang announced that the Treasury Department will lead a new senior-level working group to advance work on a U.S. central bank digital currency (CBDC). As previously discussed in a Treasury report released last September on the future of money and payments (covered by InfoBytes here), Treasury was called to lead an interagency working group to complement work undertaken by the Federal Reserve Board to consider the implications of a U.S. CBDC. The working group will consist of leaders from Treasury, the Fed, and White House offices, including the Council of Economic Advisors, National Economic Council, National Security Council, and Office of Science and Technology Policy. In the coming months the working group “will begin to meet regularly to discuss a possible CBDC and other payments innovations,” Liang said during a workshop titled “Next Steps to the Future of Money and Payments.” The working group will focus on three main policy objectives: (i) how a U.S. CBDC would affect U.S. global financial leadership; (ii) potential national security risks posed by a CBDC; and (iii) the implications for privacy, illicit finance, and financial inclusion if a CBDC is created.
To support discussions on a possible CBDC and other payment innovations, Liang said the working group will develop an initial set of findings and recommendations. Those findings and recommendations may relate to whether a U.S. CBDC would help advance certain policy objectives, what features would be required for a U.S. CBDC to advance these objectives, choices for resolving CBDC design trade-offs, and areas where additional technological research and development might be useful.
Liang commented that the working group will also “engage with allies and partners to promote shared learning and responsible development of CBDCs.” She pointed out that CBDC efforts are already underway in jurisdictions around the world, with 11 countries already having fully launched CBDCs, “while central banks in other major jurisdictions are researching and experimenting with CBDCs, with some at a fairly advanced stage.” Liang stressed that regardless of whether a CBDC is adopted in the U.S., the country “has an interest in ensuring that CBDCs interact safely and efficiently with the existing financial infrastructure; that they support financial stability and the integrity of the international financial system; that global payment systems are efficient, innovative, competitive, secure, and resilient; and that global payments systems continue to reflect broader shared democratic values, like openness, privacy, accessibility, and accountability to the communities that rely upon them.”