InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB releases regulatory agenda
Recently, the Office of Information and Regulatory Affairs released the CFPB’s fall 2022 regulatory agenda. Key rulemaking initiatives that the agency expects to initiate or continue include:
- Overdraft and NSF fees. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation Z with respect to special rules for determining whether overdraft fees are considered finance charges. According to the Bureau, the rules, which were created when Regulation Z was adopted in 1969, have remained largely unchanged despite the fact that the nature of overdraft services has significantly changed over the years. The Bureau is also considering whether to engage in pre-rulemaking activity in November regarding non-sufficient fund (NSF) fees. The Bureau commented that while NSF fees have been a significant source of fee revenue for depository institutions, recently some institutions have voluntarily stopped charging such fees.
- FCRA rulemaking. The Bureau is considering whether to engage in pre-rulemaking activity in November to amend Regulation V, which implements the FCRA. As previously covered by InfoBytes, on January 3, the Bureau issued its annual report covering information gathered by the Bureau regarding certain consumer complaints on the three largest nationwide consumer reporting agencies (CRAs). CFPB Director Rohit Chopra noted that the Bureau “will be exploring new rules to ensure that [the CRAs] are following the law, rather than cutting corners to fuel their profit model.”
- Section 1033 rulemaking. Section 1033 of Dodd-Frank provides that covered entities, such as banks, must make available to consumers, upon request, transaction data and other information concerning consumer financial products or services that the consumer obtains from the covered entity. Over the past several years, the Bureau has engaged in a series of rulemaking steps to prescribe standards for this requirement, including the release of a 71-page outline of proposals and alternatives in advance of convening a panel under the Small Business Regulatory Enforcement Fairness Act (SBREFA). The outline presents items under consideration that “would specify rules requiring certain covered persons that are data providers to make consumer financial information available to a consumer directly and to those third parties the consumer authorizes to access such information on the consumer’s behalf, such as a data aggregator or data recipient (authorized third parties).” (Covered by InfoBytes here.) The Bureau anticipates issuing a SBREFA report in February.
- Amendments to FIRREA concerning automated valuation models. The Bureau is participating in interagency rulemaking with the Fed, OCC, FDIC, NCUA, and FHFA to develop regulations to implement the amendments made by Dodd-Frank to FIRREA concerning appraisal automated valuation models (AVMs). The FIRREA amendments require implementing regulations for quality control standards for AVMs. The Bureau released a SBREFA outline and report in February and May 2022 respectively (covered by InfoBytes here), and estimates that the agencies will issue a notice of proposed rulemaking (NPRM) in March.
- Property Assessed Clean Energy (PACE) financing. The Bureau issued an advance notice of proposed rulemaking (ANPRM) in March 2019 to extend TILA’s ability-to-repay requirements to PACE transactions. (Covered by InfoBytes here.) The Bureau is working to develop a proposed rule to implement Economic Growth, Regulatory Relief, and Consumer Protection Act Section 307 in April.
- Nonbank registration. The Bureau issued an NPRM in December to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in a database of enforcement actions taken against certain nonbank covered entities. (Covered by InfoBytes here.) In a separate agenda item, the Bureau states that the NPRM would also require supervised nonbanks to register with the Bureau and provide information about their use of certain terms and conditions in standard-form contracts. The Bureau proposes “to collect information on standard terms used in contracts that are not subject to negotiating or that are not prominently advertised in marketing.”
- Credit card penalty fees. The Bureau issued an ANPRM last June to solicit information from credit card issuers, consumer groups, and the public regarding credit card late fees and late payments, and card issuers’ revenue and expenses. (Covered by InfoBytes here.) Under the CARD Act rules inherited by the Bureau from the Fed, credit card late fees must be “reasonable and proportional” to the costs incurred by the issuer as a result of a late payment. Calling the current credit card late fees “excessive,” the Bureau stated it intends to review the “immunity provision” to understand how banks that rely on this safe harbor set their fees and to examine whether banks are escaping enforcement scrutiny “if they set fees at a particular level, even if the fees were not necessary to deter a late payment and generated excess profits.” The Bureau is considering comments received on the ANPRM as it develops an NPRM that may be released this month.
- Small business rulemaking. Section 1071 of Dodd-Frank amended ECOA to require financial institutions to report information concerning credit applications made by women-owned, minority-owned, and small businesses, and directed the Bureau to promulgate rules for this reporting. An NPRM was issued in August 2021 (covered by InfoBytes here). The Bureau anticipates issuing a final rule later this month.
FTC orders card company to let merchants use other debit networks
On December 23, the FTC ordered a payment card company to stop blocking merchants from using competing debit payment networks. According to an agency investigation, the company allegedly violated provisions of the Durbin Amendment, which requires “banks to enable at least two unaffiliated networks on every debit card, thereby giving merchants a choice of which network to use for a given debit transaction,” and “bars payment card networks from inhibiting merchants from using other networks.” The FTC claimed that the company’s policy requires the use of a token when a cardholder loads a company-branded debit card into an ewallet. Ewallets are used to make online and in-app transactions, the FTC explained, adding that because competing networks cannot access the company’s token vault, merchants are dependent on the company to convert the token to process ewallet transactions using company-branded debit cards. Moreover, since the company allegedly did not provide conversion services to competing networks for remote ewallet debit transactions, the FTC asserted that it is impossible for merchants to route their ewallet transactions on other payment networks.
Under the terms of the proposed order, the company will be required to (i) provide other payment networks with customer account information in order to process ecommerce debit payments, and prohibit any efforts that may prevent other networks from serving as token service providers; (ii) provide notice to affected persons; (iii) provide 60-days advance written notice to the FTC before launching any pilot programs or new debit products that would require merchants to route electronic debit transactions only to the company; (iv) file regular compliance reports with the FTC; and (v) notify the FTC of any events that may affect compliance with the order.
CFPB issues fall supervisory highlights
On November 15, the CFPB released its fall 2022 Supervisory Highlights, which summarizes its supervisory and enforcement actions between January and June 2022 in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, mortgage servicing, and payday lending. Highlights of the findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to add-on product charges, loan modifications, double billing, use of devices that interfered with driving, collection tactics, and payment allocation. For instance, examiners identified occurrences where consumers paid off their loans early, but servicers failed to ensure consumers received refunds for unearned fees related to add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include: (i) NCRCs that failed to report the outcome of complaint reviews to the Bureau; (ii) furnishers that failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures that contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iii) provide explanations to consumers after determining that no billing error occurred or that a different billing error occurred from that asserted. Examiners also identified Regulation Z violations where credit card issuers improperly mixed original factors and acquisition factors when reevaluating accounts subject to a rate increase, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors engaged in conduct that harassed, oppressed, or abused the person with whom they were communicating. The report findings also discussed instances where debt collectors communicated with a person other than the consumer about the consumer’s debt when the person had a name similar or identical to the consumer, in violation of the FDCPA.
- Deposits. The Bureau discussed how it conducted prioritized assessments to evaluate how financial institutions handled pandemic relief benefits deposited into consumer accounts. Examiners identified unfairness risks at multiple institutions due to policies and procedures that may have resulted in, among other things, (i) garnishing protected economic impact payments funds in violation of the Consolidated Appropriations Act of 2021; or (ii) failing to apply the appropriate state exemptions to certain consumers’ deposit accounts after receiving garnishment notice.
- Mortgage Origination. Bureau examiners identified Regulation Z violations and deceptive acts or practices prohibited by the CFPA. An example of this is when the settlement service had been performed and the loan originator knew the actual costs of those service, but entered a cost that was completely unrelated to the actual charges that the loan originator knew had been incurred, resulting in information being entered that was not consistent with the best information reasonably available. The Bureau also found that the waiver language in some loan security agreements was misleading, and that a reasonable consumer could understand the provision to waive their right to bring a class action on any claim in federal court.
- Mortgage Servicing. Bureau examiners identified instances where servicers engaged in abusive acts or practices by charging sizable fees for phone payments when consumers were unaware of those fees. Examiners also identified unfair acts or practices and Regulation X policy and procedure violations regarding failure to provide consumers with CARES Act forbearances.
- Payday Lending. Examiners found lenders failed to maintain records of call recordings necessary to demonstrate full compliance with conduct provisions in consent orders generally prohibiting certain misrepresentations.
CFPB releases annual college credit card report
On October 13, the CFPB released its annual report to Congress on college credit card agreements. The report was prepared pursuant to the CARD Act, which requires card issuers to submit to the CFPB the terms and conditions of any agreements they make with colleges, as well as certain organizations affiliated with colleges. According to the Bureau, the report “raises questions about whether some marketing deals between colleges and financial institutions comply with Department of Education rules.” The report also highlighted the need for transparency in the arrangements schools have with financial institutions. In conjunction with the report, the DOE issued guidance clarifying colleges’ responsibility to ensure that campus financial products are consistent with students’ best financial interests, including by reviewing whether any fees assessed are consistent with or below prevailing market rates. The DOE’s guidance discussed overdraft and NSF fees, given that financial institutions in the general market have increasingly been reducing or eliminating certain fees. The Bureau’s report included data on 11 account providers, including non-bank financial service providers, banks, and credit unions offering more than 650,000 student accounts in partnership with 462 institutions of higher education during the 2020-2021 award year. Key findings of the report include, among other things: (i) financial services providers and their partner schools appear to offer and promote more costly products to students than are otherwise available in the market; (ii) one entity dominates the market for financial aid disbursements, providing nearly 70 percent of the accounts offered in partnership with schools; and (iii) nearly 30 percent of accounts in the Bureau’s sample were subject to arrangements in which the financial services provider made payments to the partner school.
Republican senators and states oppose gun-store MCC
On September 20, twenty-four state attorneys general sent a letter to the CEOs of three credit card companies opposing the International Organization for Standardization’s (ISO) recommendation to create a merchant category code (MCC) for gun stores to use when processing credit and debit card transactions. According to the AGs, the MCC “will not protect public safety,” and tracking gun purchase information “can only result in its misuse, either unintentional or deliberate.” The AGs also expressed their concern “that financial institutions that place their desired public policy outcomes ahead of the well-being of their investors do so in derogation of their fiduciary obligations.”
The same week, in a separate letter, twelve Republican U.S. Senators sent a letter to the CEOs also requesting the reversal of their decision to comply with the ISO standard to create a separate MCC for the sale of firearms in the U.S. According to the letter, the CEOs “are choosing the side of gun control advocates over the privacy and Second Amendment rights of millions of law abiding Americans,” and consider the decision to comply with the MCC “the first step towards backdoor gun control on law abiding Americans.” The Senators asked the CEOs to respond to a series of ISO-related questions.
As previously covered by InfoBytes, on September 2, the California and New York AGs sent a letter to the CEOs asking for the establishment of a unique MCC for gun store purchases, writing that a specially-designated MCC would help companies flag suspicious activity. The letter followed recent requests sent by several congressional Democrats to the same companies urging them to establish an MCC code for guns.
District Court grants final approval in data breach suit
On September 13, the U.S. District Court for the Eastern District of Virginia granted final approval of a class action settlement in a data breach suit. As previously covered by InfoBytes, in July 2019, a national bank (defendant) announced that an unauthorized individual had obtained the personal information of credit card customers and applicants. In May 2020, a magistrate judge ordered the defendant to produce to plaintiffs in litigation a forensic analysis performed by a cybersecurity consulting firm regarding the defendant’s 2019 data breach, concluding the report was not entitled to work product protection. According to the final settlement, members of the settlement class, which includes approximately 98 million U.S. residents whose information was compromised in the breach disclosed in July 2019, will receive cash compensation for out-of-pocket losses traceable to the data breach, cash compensation for time spent addressing with issues related to the breach, and at least three years of identity theft defense and resolution services. Counsel can seek fees and court costs of 35 percent of the settlement fund. Additionally, each of the eight settlement class representatives could receive $5,000 in service awards, and the other plaintiffs who were deposed by the defendant will receive service awards.
States, Democrats urge card companies to create gun-store MCC
On September 2, the California and New York attorneys general sent a letter to the CEOs of three credit card companies asking for the establishment of a unique merchant category code (MCC) for gun store purchases, writing that a specially-designated MCC would help companies flag suspicious activity. The letter follows recent requests sent by several congressional Democrats to the same companies urging them to establish an MCC code for guns. According to the Democrats’ letter, MCCs are four-digit codes maintained by the International Organization for Standardization (ISO) that classify merchants by their purpose of business and are used “to determine interchange rates, assess transaction risks, and generally categorize payments.” The letter noted that according to ISO’s criteria, “a new MCC may be approved if (a) the merchant category is reasonable and substantially different from all other merchant categories currently represented in the list of code values; (b) the merchant category is separate and distinct from all other industries currently represented in the list of code values; (c) the proposal describes a merchant category or industry, and not a process; (d) the minimum annual sales volume of merchants included in the merchant category, taken as a whole is, US$10 million; and (e) sufficient justification for the addition of a new code is found.” The letter stated that a “new MCC code could make it easier for financial institutions to monitor certain types of suspicious activities including straw purchases and unlawful bulk purchases that could be used in the commission of domestic terrorist acts or gun trafficking schemes,” and could garner coordination between financial institutions and law enforcement to aid efforts across the federal government to identify and prevent illicit activity. The letters requested feedback to better understand the companies’ positions.
District Court preliminarily approves $2.25 million settlement resolving credit card upgrade claims
On August 29, the U.S. District Court for the District of New Jersey preliminarily approved a class action settlement in which a national bank agreed to pay $2.25 million to resolve misleading credit card upgrade claims made to secured credit card holders. Plaintiffs alleged in their motion for preliminary approval that they each signed an agreement with the bank that said if they used and maintained a secured credit card account for seven consecutive billing months without defaulting they would be eligible to automatically “graduate” to an unsecured credit card. Transitioning to an unsecured credit card allows customers to regain control of the collateral deposits and receive a prorated refund of the annual fee they paid while they had secured cards, plaintiffs asserted. Plaintiffs claimed that while the bank’s “form contract and promotional materials promised a meaningful review of secured card accounts after seven months in good standing that review, in fact, did not occur in a fashion consistent with the parties’ contract.” The bank denied the claims. According to court documents, this past January the bank amended the graduation provision at issue in its agreement for secured credit cards to “more adequately disclose how a cardholder becomes eligible for an unsecured credit card.” The court deemed the proposed settlement to be “fair, adequate and reasonable to the settlement class,” and granted class certification. If granted final approval, class members would be awarded a portion of the annual fee paid on their secured credit card.
CFPB reports on credit card interest rates
On August 12, the CFPB released a blog post analyzing factors affecting high credit card interest rates. According to the Bureau, over 175 million Americans have at least one credit card and nearly half of active credit card accounts carry a balance. The Bureau noted that reforms in the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act) “advanced competition and saved consumers billions of dollars by restricting harmful back-end or hidden pricing practices,” however, “after the market adjusted to these changes, credit card interest rates have increased despite falling charge-off rates, a stable share of subprime cardholders, and a historically low prime rate.” The Bureau further noted that credit card interest rates increased following the Great Recession, even though several industry indicators suggested the risk of credit card lending has fallen to an all-time low. Regarding subprime accounts, since 2015, the share of credit card holders with subprime scores has remained stable, representing less than one-fifth of total accounts. Therefore, high rates persist even though presumably riskier subprime loans have not increased. Regarding prime accounts, the Bureau noted that “[c]ompared to other lending products, credit card pricing appears to be less responsive to macroeconomic trends like changes in the cost of funds – a measure of how much banks spend to acquire money to lend to consumers – as represented by the prime rate.” As for credit card profitability, the Bureau suggested that the apparent mismatch between credit card interest rates and the risk and cost of lending may explain part of the market’s profits. The Bureau further explained that in 2021, large credit card banks reported an annualized return on assets of near seven percent, which was the highest level since at least 2000, and “[w]hile credit card portfolios have higher rates of defaults than other consumer lending products, it is unclear whether these factors fully account for revenue from high interest rates.” The Bureau also noted that because six credit card issuers account for more than two-thirds of total balances every year since 2005, the CFPB plans to assess whether this is the result of “trends, like increasing rewards and high switching costs, or the result of anti-competitive practices.”
CFPB announces plans to modernize credit card data collection
On August 19, the CFPB published a blog post announcing plans to update how credit card data is collected. Current methods for collecting and publishing credit card data make it challenging for consumers to shop for credit cards or compare interest rates, the Bureau said, explaining for example that “card issuers do not have to disclose realistic rates based on someone’s creditworthiness and instead report the midpoints of broad ranges that are often meaningless to people trying to compare cards.” The Bureau said it hopes to address the lack of transparency in credit card terms and conditions to spur competition and to give consumers power to choose the best credit card for their needs.
The Bureau explained that twice a year, at least 150 issuers send the agency information on their largest credit card plans, including data on interest rates and fees through the Terms of Credit Card Plans (TCCP) Survey. To update this process, the Bureau announced it is considering modernizing the survey to make it a more useful resource on credit card price and availability for consumers. Potential changes include: (i) collecting median APR rates by credit score tiers; (ii) gathering information on credit cards available to specific communities or groups to help expand access; (iii) requiring the top 25 credit card issuers to submit data on each of their general purpose credit cards (currently these issuers only submit information on their product with the largest number of accounts); and (iv) enabling a broader range of institutions to volunteer to participate in the survey. Comments on the proposed changes, which were published in the Federal Register, are due October 17.