InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB report analyzes college banking and credit card agreements
On December 19, the CFPB released a report titled College Banking and Credit Card Agreements: Annual Report to Congress, which found that some college-sponsored financial products marketed towards students have less advantageous terms and conditions, and higher fees compared to typical market products.
According to the report, when colleges decided to subcontract with third-party financial service providers to facilitate the application of federal financial aid, they entered “college banking agreements” offering deposit accounts for students, which can function as debit or prepaid cards. The report distinguished between colleges that pay for certain service providers to facilitate the processing of federal financial aid disbursements (referred to as Tier One college banking arrangements), and colleges that are paid by certain service providers to offer deposit accounts and prepaid cards to the student population (referred to as Tier Two college banking arrangements). Tier Two account issuers paid colleges an aggregated of over $19.6 million in 2022. The CFPB observed that some colleges’ financial product partners charge students overdraft fees, despite the general industry trend to move away from such fees. The CFPB also warned in its report that certain overdraft fees can violate the CFPA.
The report also found that students at HBCUs and Hispanic-servicing institutions on average pay higher fees per account. The CFPB also noted several other additional fees charged to students by financial institutions, including (i) dormant account fees; (ii) deposit and withdrawal fees for student ID cards that also function as prepaid cards; and (iii) “sunset” fees imposed on students to pay after graduation or reaching a certain age.
Regarding partnerships in credit cards, the CFPB noted that although the passage of the CARD Act reduced the profitability of marketing credit cards on college campuses, thousands of new accounts between colleges and credit card issuers are opened every year. The CFPB also noted that college students maintain a high level of reliance on credit cards to cover costs and it indicated that it “will continue to research evolving practices” to understand how credit cards are being marketed to college students.
CFPB reports on consumers’ experience with overdraft, NSF fees
On December 19, the CFPB released a report titled Overdraft and Nonsufficient Fund Fees: Insights from the Making Ends Meet Survey and Consumer Credit Panel, a report providing insight into consumers’ experience with overdraft/NSF activity. The CFPB stated that the report is based on data from the 2023 Making Ends Meet survey (covered by InfoBytes here) and the CFPB’s Consumer Credit Panel. Among other findings, the report found that roughly a quarter of consumers reside in households that were charged an overdraft or NSF fee in the past year. The report additionally found that 43 percent of consumers charged an overdraft fee were surprised by their most recent account overdraft, while only 22 percent expected it. The report noted that this trend is more pronounced among those who experience infrequent overdrafts (15 percent) as opposed to those who have been charged multiple overdraft fees (56 percent).
The CFPB additionally highlighted most households incurring overdraft and NSF fees have available credit on a credit card, adding that “among consumers in households charged 0, 1-3, 4-10, and more than 10 overdraft fees in the past year, the shares with no credit available on a credit card are 19 percent, 32 percent, 38 percent, and 49 percent, respectively.”
President Biden vetoes bill on CFPB small business data rule
On December 19, President Biden vetoed bill S. J. Res. 32 that would have repealed the CFPB’s small business data collection rule known as “Small Business Lending Under the Equal Credit Opportunity Act (Regulation B).” As previously covered by InfoBytes, the small business data collection rule, under Section 1071 of the Dodd-Frank Act, requires small business owners to provide demographic data (i.e., race, gender, ethnicity, etc.), as well as geographic information, lending decisions, and credit pricing to lenders. According to President Biden’s statement accompanying the veto, the CFPB’s final rule brings “transparency to small business lending” and repealing this rule would “hinder” the government’s ability to conduct oversight of predatory lenders. The bill is now to be returned to the Senate to be voted on again and can only become law if two-thirds of members support the bill. Separately, in October, a U.S. District Court in Texas imposed an injunction on the CFPB’s small business data rule (covered by InfoBytes here).
CFPB adjusts asset-size exemption thresholds for Regulations C and Z
On December 18, the CFPB adjusted the asset-size exemption thresholds for Regulation C (as part of the Home Mortgage Disclosure Act) and Regulation Z (as part of TILA), based on a 4.1 percent increase in the average year-over-year CPI-W from November. For Regulation C, the exemption threshold increased from $54 million to $56 million. Accordingly, any financial institution with assets of $56 million or less is exempt from collecting housing-related lending data in 2024.
For Regulation Z, and certain first-lien higher-priced mortgage loans, the exemption threshold increased from $2.537 billion to $2.640 billion. Similarly, but applicable to certain insured depository institutions and insured credit unions, the exemption threshold increased from $11.374 billion to $11.835 billion.
FSOC report highlights AI, climate, banking, and fintech risks; CFPB comments
On December 14, the Financial Stability Oversight Counsel released its 2023 Annual Report on vulnerabilities in financial stability risks and recommendations to mitigate those risks. The report was cited in a statement by the Director of the CFPB, Rohit Chopra, to the Secretary of the Treasury. In his statement, Chopra said “[i]t is not enough to draft reports [on cloud infrastructure and artificial intelligence], we must also act” on plans to focus on ensuring financial stability with respect to digital technology in the upcoming year. In its report, the FSOC notes the U.S. banking system “remains resilient overall” despite several banking issues earlier this year. The FSOC’s analysis breaks down the health of the banking system for large and regional banks through review of a bank’s capital and profitability, credit quality and lending standards, and liquidity and funding. On regional banks specifically, the FSOC highlights how regional banks carry higher exposure rates to all commercial real estate loans over large banks due to the higher interest rates.
In addition, the FSOC views climate-related financial risks as a threat to U.S. financial stability, presenting both physical and transitional risks. Physical risks are acute events such as floods, droughts, wildfires, or hurricanes, which can lead to additional costs required to reduce risks, firm relocations, or can threaten access to fair credit. Transition risks include technological changes, policy shifts, or changes in consumer preference which can all force firms to take on additional costs. The FSOC notes that, as of September 2023, the U.S. experienced 24 climate disaster events featuring losses that exceed $1 billion, which is more than the past five-year annual average of 18 events (2018 to 2022). The FSOC also notes that member agencies should be engaged in monitoring how third-party service providers, like fintech firms, address risks in core processing, payment services, and cloud computing. To support this need for oversight over these partnerships, the FSOC cites a study on how 95 percent of cloud breaches occur due to human error. The FSOC highlights how fintech firms face risks such as compliance, financial, operational, and reputational risks, specifically when fintech firms are not subject to the same compliance standards as banks.
Notably, the FSOC is the first top regulator to state that the use of Artificial Intelligence (AI) technology presents an “emerging vulnerability” in the U.S. financial system. The report notes that firms may use AI for fraud detection and prevention, as well as for customer service. The FSOC notes that AI has benefits for financial instruction, including reducing costs, improving inefficiencies, identifying complex relationships, and improving performance. The FSOC states that while “AI has the potential to spur innovation and drive efficiency,” it requires “thoughtful implementation and supervision” to mitigate potential risks.
CFPB fines and shuts down debt collector for alleged FDCPA, FCRA violations
On December 15, the CFPB announced a consent order against a Pennsylvania-based nonbank medical debt collection company for alleged violations of the FCRA and FDCPA. According to the order, the company failed to (i) establish and implement reasonable written policies and procedures for ensuring the accuracy and integrity of information furnished to consumer reporting agencies; (ii) conduct reasonable investigations into direct and indirect consumer disputes about furnished information; (iii) report direct dispute investigation results to consumers; and (iv) indicate disputed items when furnishing information to reporting agencies. The company also allegedly lacked a reasonable basis for debt-related representations made to consumers and engaged in collection activities after receiving a written dispute within 30 days of the consumer’s receipt of a debt validation notice but before obtaining and mailing a verification of the debt.
The consent order permanently bans the company from involvement or aid in debt collection, purchasing or selling of any debts, or any consumer reporting activities. The company must also request credit reporting agencies to delete all collection accounts previously reported by the company. Additionally, the company is obligated to pay a $95,000 civil money penalty and must display on its website information that informs consumers about the option to file a complaint with the CFPB.
District Court grants motion to dismiss in FDCPA case regarding an undated Model Validation Notice
On December 5, the U.S. District Court for the Southern District of New York granted a debt collection agency (the defendant) a motion to dismiss an individual’s (plaintiff’s) complaint. The case considers whether an undated Model Validation Notice (MVN) is a material detail that provides standing to sue under the FDCPA. An MVN is a form provided by the CFPB in Appendix B of the Debt Collection Rule to assist debt collection agencies in complying with FDCPA notice and disclosure requirements. However, the CFPB provides an undated MVN, so many debt collectors who use this template fail to provide a date when sending a debt collection letter to individuals, leading to a recipient’s confusion when the debt collector writes “today” or “now.”
In this case, the plaintiff alleges that the undated collection letter suggests the defendant “withheld a material term from [p]laintiff which made it confusing for him to understand the nature of the subject debt.” The plaintiff did not pay the debt, and instead, he alleged that he suffered damages from the defendant’s “suspicious, misleading, deceptive, unfair, and unconscionable actions.”
Before addressing the merits of the plaintiff’s claims, the court applied Article III standing to determine if the plaintiff had a basis to sue. The court considered whether the plaintiff had suffered a “concrete, particularized injury” in receiving an undated letter from the defendant and concluded that the plaintiff did not suffer harm as a result of this act under Article III because “[t]ime and money spent due to concern and confusion are not concrete harms.” The court held the plaintiff had no standing to bring this action and granted the defendant’s motion to dismiss the plaintiff’s claims. The court, however, gave the plaintiff the opportunity to file an amended complaint.
White House convenes on reducing medical debt
On December 8, President Biden met with over 80 federal and state officials to discuss reducing medical debts for Americans. The Biden-Harris administration desires to address medical payment products, unfair debt collection practices, surprise billing and facility fees, and charity care. This roundtable was one of several actions taken by the administration to lower Americans’ healthcare costs, in addition to (i) the CFPB’s report on how medical debt collectors pursue debts under the FDCPA, such as through misattributed billing and billing consumers without contacting them (previously covered by InfoBytes, here); and (ii) the CFPB’s proposed rule to remove medical bills from credit reports (also previously covered by InfoBytes, here). The roundtable featured speakers from the president’s council, the CFPB, the Center for Medicare and Medicaid Services, DHHS, the Treasury, and representatives from California, Colorado, and Washington.
House Financial Services Committee questions financial agency representatives on technological implementations
On December 5, the U.S. House Financial Services Subcommittee on Digital Assets, Financial Technology and Inclusion held a hearing on “Fostering Financial Innovation: How Agencies Can Leverage Technology to Shape the Future of Financial Services.” The Committee invited representatives to testify from the SEC, OCC, FDIC, CFPB, NCUA, and the Federal Reserve. The representatives fielded an array of questions focused on artificial intelligence, cryptocurrencies, and central bank digital currencies (CBDCs), and broadly focused on the need to balance technological innovation within the financial sector with managing risk.
On cryptocurrencies, congressional representatives posed questions on the nature of criminal activity among other risks. The discussion addressed bank risks related to crypto assets—while banks do not hold crypto assets, the representative from the Federal Reserve noted how banks may face liquidity risks when holding deposits from crypto-related companies. On CBDCs, the Committee asked for an update on the U.S. CBDC; the Federal Reserve representative mentioned the Fed’s current research on CBDC technologies but noted that the agency is still “a long way off from thinking about the implementation of anything related to a CBDC.”
On the topic of artificial intelligence, agency representatives discussed how banks are using the technology for fraud monitoring and customer service. The discussion addressed how artificial intelligence technology can create deepfakes using generative models to mimic an individual’s appearance or voice, and thus help scammers bypass traditional security checks. In response, some countries have implemented a secure digital ID that biometrically syncs to one’s smartphone, and the NCUA noted that it is currently evaluating this technology.
CFPB orders bank to pay $6.2 million; alleges overdraft fees violate CFPA, EFTA
On December 7, the CFPB announced a consent order against a Virginia-based bank, alleging it engaged in deceptive acts and practices and failed to comply with Regulation E. According to the CFPB, the bank did not comply with Regulation E because it did not provide appropriate written disclosures before enrolling customers in its overdraft service and imposing overdraft fees. The CFPB alleged that under the bank’s procedures, branch employees would provide oral disclosures and obtain oral consent but did not provide customers with the required written consent form under Regulation E until the end of the account-opening process. According to the CFPB, while the bank changed its practices partway through the period covered by the consent order, the disclosures it provided were still inadequate. The bank allegedly “requested that new customers orally specify their enrollment decision before providing them with adequate written notice describing the [opt-in] service,” which thereby allegedly breached the Electronic Fund Transfer Act.
The CFPB also alleged the bank committed deceptive actions or practices when marketing opt-in overdraft services to consumers via telephone. Specifically, the CFPB alleged that the bank did not provide its customer service representatives with a script, which resulted in representatives failing to clearly differentiate between transactions covered by the bank’s standard versus its opt-in overdraft protection service. The CFPB asserted that these statements qualified as “representations and omissions of key information were likely to mislead consumers,” and that as a result, the Bank did not comply with the CFPA and Regulation E.
The consent order imposes a $1.2 million civil money penalty and requires the bank to refund at least $5 million to affected consumers. The consent order also requires the bank to obtain a new overdraft enrollment decision from affected consumers before charging overdraft fees. Moreover, the bank must also create and implement a comprehensive compliance plan to ensure its overdraft program complies with all applicable laws. Finally, the consent order requires the bank to monitor compliance, maintain records, and inform the CFPB of any changes or developments that could impact its compliance responsibilities in the consent order.