InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Special Alert: CFPB Takes Enforcement Action Against "Buy-Here, Pay-Here" Auto Dealer for Alleged Unfair Collection and Credit Reporting Tactics
On November 19, the CFPB announced an enforcement action against a ‘buy-here, pay-here’ auto dealer alleging unfair debt collection practices and the furnishing of inaccurate information about customers to credit reporting agencies. ‘Buy-here, pay-here’ auto dealers typically do not assign their retail installment sale contracts (RISCs) to unaffiliated finance companies or banks, and therefore are subject to the CFPB’s enforcement authority. Consistent with the position it staked out in CFPB Bulletin 2013-07, in this enforcement action the CFPB appears to have applied specific requirements of the Fair Debt Collection Practices Act (FDCPA) to the dealer in its capacity as a creditor based on the CFPB’s broader authority over unfair, deceptive, or abusive acts practices.
Alleged Violations
The CFPB charges that the auto dealer violated the Consumer Financial Protection Act, 12 U.S.C. §§ 5531, 5536, which prohibits unfair, deceptive, or abusive acts or practices, by (i) repeatedly calling customers at work, despite being asked to stop; (ii) repeatedly calling the references of customers, despite being asked to stop; and (iii) making excessive, repeated calls to wrong numbers in efforts to reach customers who fell behind on their auto loan payments. Specifically, the CFPB alleges that the auto dealer used a third-party database to “skip trace” for new phone numbers of its customers. As a result, numerous wrong parties were contacted who asked to stop receiving calls. Despite their requests, the auto dealer allegedly failed to prevent calls to these wrong parties or did not remove their contact information from its system.
In addition, the CFPB alleges that the auto dealer violated the Fair Credit Reporting Act by (i) providing inaccurate information to credit reporting agencies; (ii) improperly handling consumer disputes regarding furnished information; and (iii) not establishing and implementing “reasonable written policies and procedures regarding the accuracy and integrity of the information relating to [customers] that it furnishes to a consumer reporting agency.” Specifically, the CFPB alleges that, since 2010, the auto dealer did not review or update its written furnishing policies, despite knowing that conversion to its third-party servicing platform had led to widespread inaccuracies in furnished information. Also, the consent order alleges that the auto dealer received more than 22,000 credit disputes per year, including disputes regarding the timing of repossessions and dates of first delinquency for charged-off accounts, but nevertheless furnished inaccurate information.
Resolution
The consent order requires the auto dealer to (i) end its alleged unfair collection practices; (ii) provide collection options to customers explaining how customers can limit the times of day that the auto dealer can contact them; (iii) provide affected customers with a free annual credit report from one or more of the credit reporting agencies which received inaccurate information; and (iv) pay an $8 million dollar civil money penalty.
Further, the auto dealer must (i) cease reporting inaccurate repossession information; (ii) correct inaccurate credit reporting information; (iii) implement an audit program to assess the accuracy of information furnished to credit reporting agencies on at least a monthly basis; and (iv) retain an independent consultant to review the auto dealer’s collection and furnishing policies, procedures, and practices and then implement any recommendations or explain in writing why it is not implementing a particular recommendation.
CFPB’s Continued Focus on Auto Finance
This action is the latest CFPB enforcement effort in connection with auto finance. In August, the CFPB fined a Texas auto finance company $2.5 million for allegedly failing to have reasonable policies and procedures regarding the accuracy and integrity of customer information furnished to the credit reporting agencies. This action also comes on the heels of the CFPB’s October proposed rule defining the larger participants of the automobile financing market. The comment period on the proposed rule ends December 8th. We anticipate additional CFPB auto finance-related actions as its authority expands.
CFPB Report Highlights Errors In Mortgage And Student Loan Servicing
On October 28, the CFPB released the fifth edition of its Supervisory Highlights report. The report highlighted the CFPB’s recent supervisory findings of regulatory violations and UDAAP violations relating to consumer reporting, debt collection, deposits, mortgage servicing and student loan servicing. The report also provided updated supervisory guidance regarding HMDA reporting relating to HMDA data resubmission standards. With respect to consumer reporting, the report identified a variety of violations of FCRA Section 611 regarding dispute resolution. The report noted findings of several FDCPA and UDAAP violations in connection with debt collection, including: (i) unlawful imposition of convenience fees; (ii) false threats of litigation; (iii) improper disclosures to third parties; and (iv) unfair practices with respect to debt sales. For deposits, the report identified several Regulation E violations found, including: (i) error resolution violations; (ii) liability for unauthorized transfers; and (iii) notice deficiencies. The report outlines four main compliance issues identified in the mortgage servicing industry: (i) new mortgage servicing rules regarding oversight of service providers; (ii) delays in finalizing permanent loan modifications; (iii) misleading borrowers about the status of permanent loan modifications; and (iv) inaccurate communications regarding short sales. Finally, the report outlines six practices at student loan servicers that could constitute UDAAP violations: (i) allocating the payments borrowers make to each loan, which results in minimum late fees on all loans and inevitable delinquent statuses; (ii) inflating the minimum payment due on periodic and online account statements; (iii) charging late fees when payments were received during the grace period; (iv) failing to give borrowers accurate information needed to deduct loan interest payments on tax filings; (v) providing false information regarding the “dischargeable” status of a loan in bankruptcy; and (vi) making debt collection calls to borrowers outside appropriate hours.
Eleventh Circuit Refuses To Compel Arbitration In Dispute Between Loan Servicer and Borrower
On October 2, the Eleventh Circuit affirmed a district court’s decision refusing to compel arbitration sought by a servicer in a dispute with a borrower over the terms of a loan agreement. Inetianbor v. Cashcall, Inc. No. 13-13822 (11th Cir. 2014). In Inetianbor, the plaintiff and the servicer had a dispute as to whether the borrower had satisfied his obligations under the terms of the loan agreement. When the borrower refused to pay amounts the servicer believed it was due, the servicer reported the purported default to the various credit agencies. The borrower sued the servicer who subsequently moved to compel arbitration under the terms of the loan agreement. The loan agreement’s forum selection clause required any dispute be resolved in arbitration by the Cheyenne River Sioux Tribal Nation (the “Tribe”). The Tribe, however, declined to arbitrate the dispute. The district court allowed the suit to proceed in federal court on the grounds that the arbitral forum was not available to hear the dispute. On appeal, the Eleventh Circuit affirmed the district court’s refusal to compel arbitration. The Eleventh Circuit held that the forum selection clause was integral to the loan’s arbitration provision. Because the arbitral forum was unavailable to hear the dispute, arbitration was not an option under the terms of the agreement and the district court was correct in refusing to compel arbitration.
CFPB Enforcement Action Targets Auto Finance Company's Credit Reporting Practices
On August 20, the CFPB announced a consent order with a Texas-based auto finance company to address alleged deficiencies in the finance company’s credit reporting practices. The company offers both direct and indirect financing of consumer auto purchases, and, according to the CFPB, specializes in lending to consumers with impaired credit profiles. In general, the CFPB took issue with the finance company’s alleged failure to implement policies and procedures regarding the accuracy and integrity of information furnished to consumer credit reporting agencies (CRAs) and alleged deceptive acts in the finance company’s representations regarding the accuracy of furnished information.
The CFPB’s action specifically alleged that the finance company violated the Fair Credit Reporting Act (FCRA) by providing inaccurate information to credit reporting agencies regarding how its borrowers were performing on their accounts, including by: (i) reporting inaccurate information about how much consumers were paying toward their debts; (ii) reporting inaccurate “dates of first delinquency,” which is the date on which a consumer first became late in paying back the loan; (iii) substantially inflating the number of delinquencies for some borrowers when it reported borrowers’ last 24 months of consecutive payment activity; (iv) informing CRAs that some of its borrowers had their vehicles repossessed, when in fact those individuals had voluntarily surrendered their vehicles back to the lienholder. The CFPB claims this activity took place over a three-year period, even after the company was made aware of the issue. The CFPB believes the company furnished incorrect information to the CRAs on as many as 118,855 accounts.
The consent order requires the company to pay a $2.75 million penalty to the CFPB. In addition, the finance company must: (i) review all previously reported accounts for inaccuracies and correct those accounts or delete the tradeline; (ii) arrange for consumers to obtain a free credit report; and (iii) inform all affected consumers of the inaccuracies, their right to a free consumer report, and how consumers may dispute inaccuracies. The order also directs the company to sufficiently provide the staffing, facilities, systems, and information necessary to timely and completely respond to consumer disputes in compliance with the FCRA.
Bankruptcy Court Refuses To Dismiss Class Suit Claiming Bank's Credit Reporting Practices Violated Bankruptcy Code
On July 22, the U.S. Bankruptcy Court for the Southern District of New York rejected a bank’s motion to dismiss a putative class action adversary proceeding alleging that certain of the bank’s credit reporting practices violated U.S. bankruptcy law. In re Haynes, No. 11-23212, 2014 WL 3608891 (S.D.N.Y. Jul. 22, 2014). The named plaintiff-debtor alleged that the bank charged off and sold his debt, which was subsequently discharged in bankruptcy, but failed to correct his credit report that listed the debt, post-discharge, as being only “charged off,” rather than being “discharged in bankruptcy.” The bank moved to dismiss for failure to state a claim, arguing that because it sold the debt pre-bankruptcy, it did not have an obligation under the FCRA or Sections 727 and 524(a) of the Bankruptcy Code to correct the debtor’s credit report. The court denied the bank’s motion on the grounds that (i) the bank continues to have an economic interest in the debt—notwithstanding its sale—because the bank continues to receive a percentage payment of the proceeds of each debt repaid to it and forwarded to the debt’s purchaser; and (ii) by failing to correct the credit reports, the bank is enhancing its purchasers’ ability to collect on the debt.
Federal Reserve Board Repeals Duplicative Regulations, Finalizes Red Flag Rule Amendments
On May 22, the Federal Reserve Board repealed its Regulation DD, which implements TISA, and Regulation P, which implements Section 504 of the GLBA because the Dodd-Frank Act transferred rulemaking authority for those laws to the CFPB, and the CFPB has already issued rules implementing them. The Board also finalized amendments to the definition of “creditor” in its Identity Theft Red Flags rule, which implements Section 615 of FCRA. Generally, the Red Flags rule requires each financial institution and creditor that holds any consumer account to develop and implement an identity theft prevention program. The revision excludes from the foregoing requirements businesses that do not regularly and in the ordinary course of business (i) obtain or use consumer reports in connection with a credit transaction; (ii) furnish information to consumer reporting agencies in connection with a credit transaction; or (iii) advance funds to or on behalf of a person. The repeals and Red Flags rule amendments take effect June 30, 2014.
CFPB Proposes Limited Relief From Annual Privacy Notice Delivery Requirements
On May 7, the CFPB issued a proposed rule that would provide financial institutions an alternative method for delivering annual privacy notices. The Gramm-Leach-Bliley Act (GLBA) and Regulation P require financial institutions to, among other things, provide annual privacy notices to customers—either in writing or electronically with consumer consent. Industry generally has criticized the current annual notice requirement as ineffective and burdensome, with most financial institutions providing the notices by U.S. postal mail. The proposed rule would allow financial institutions, under certain circumstances, to comply with the GLBA annual privacy notice delivery requirements by (i) continuously posting the notice in a clear and conspicuous manner on a page of their websites, without requiring a login or similar steps to access the notice; and (ii) mailing the notices promptly to customers who request them by phone.
Specifically, under the CFPB’s proposal, a financial institution subject to the GLBA privacy notice requirements would be permitted to post annual notices online, provided the institution:
- Does not share the customer’s nonpublic personal information with nonaffiliated third parties in a manner that triggers GLBA opt-out rights;
- Does not include on its annual privacy notice a Fair Credit Reporting Act (FCRA) § 603(d)(2)(A)(iii) notice regarding the ability to opt out of information sharing with the institution’s affiliates;
- Does not use its annual privacy notice as the only notice provided to satisfy affiliate marketing opt-out notice requirements under section 624 of FCRA;
- Has not changed the information included in the privacy notice since the customer received the previous notice;
- Uses the model form provided in Regulation P; and
- Inserts a clear and conspicuous statement, at least once per year on a notice or disclosure the institution issues under any other provision of law, announcing that the annual privacy notice is available on the institution’s website, such notice has not changed since the previous notice, and a copy of such notice will be mailed to customers who request it by calling a toll-free telephone number.
The CFPB cites the following benefits of the proposed rule:
- Provides consumers with constant access to privacy policies;
- Incentivizes financial institutions to limit their data sharing with unaffiliated third parties;
- Allows consumers who are concerned about their personal information to comparison shop before deciding which financial institution to use; and
- Reduces the cost for companies to provide annual privacy notices.
The proposed rule would provide some relief to industry, particularly where broader bipartisan legislative solutions have failed to gain substantial traction. Last year, the House passed legislation that would fully exempt a financial institution from the annual notice requirement if it (i) provides nonpublic personal information only in accordance with specified requirements, and (ii) has not changed its policies and practices with regard to disclosing nonpublic personal information from its most recent disclosure. A similar Senate bill introduced early last year has not moved forward, though its sponsor, Senator Sherrod Brown (D-OH), pressed the CFPB director about the issue during a hearing last fall.
The CFPB’s proposal will remain open for comment for 30 days following its publication in the Federal Register.
Federal Reserve Board Proposes To Repeal Duplicative Regulations Amend Identity Theft Red Flags Rule
On February 12, the Federal Reserve Board proposed to repeal its Regulation DD, which implements the TISA, and Regulation P, which implements Section 504 of the GLBA because the Dodd-Frank Act transferred rulemaking authority for those laws to the CFPB, and the CFPB has already issued interim final rules implementing them. The Board also proposed to amend the definition of “creditor” in its Identity Theft Red Flags rule, which implements Section 615 of the FCRA. Generally, the Indemnity Theft Red Flags rule requires each financial institution and creditor that holds any consumer account to develop and implement an identity theft prevention program. The proposed revision will exclude from the foregoing requirements businesses that do not regularly and in the ordinary course of business (i) obtain or use consumer reports in connection with a credit transaction; (ii) furnish information to consumer reporting agencies in connection with a credit transaction; or (iii) advance funds to or on behalf of a person. The Board will accept comments on the proposal for 60 days from publication in the Federal Register.
Ninth Circuit Holds Alleged Statutory Violations Sufficient For Standing Under FCRA
On February 4, the U.S. Court of Appeals for the Ninth Circuit held that a plaintiff’s claim against a data broker alleged to have published inaccurate information about him has standing by virtue of the alleged violation of his statutory rights and need not demonstrate injury. Robins v. Spokeo, Inc., No. 11-56843, 2014 WL 407366, (9th Cir. Feb. 4, 2014). The district court held that the plaintiff failed to allege an injury in fact because his claims that the inaccurate information harmed, among other things, his ability to obtain employment did not sufficiently allege any actual or imminent harm. Applying its own precedent established in a long-running RESPA case that the U.S. Supreme Court declined to review in 2012, the court held that the violation of a statutory right usually is a sufficient injury to confer standing and that statutory causes of action do not require a showing of actual harm. The court determined that violations of statutory rights created by FCRA are concrete injuries that Congress can elevate to the status of legally cognizable injuries and are therefore sufficient to satisfy Article III’s injury-in-fact requirement. Further, the plaintiff adequately pled causation and redressability because (i) an alleged violation of a statutory provision caused the violation of a right created by that provision; and (ii) FCRA provides for monetary damages to redress the violation. The court reversed the trial court and remanded.
CFPB Reports On Impacts Of Regulations For Banks
On November 22, the CFPB released findings of a study the Bureau conducted on the impact of certain deposit regulations on the day-to-day operations of banking institutions, focusing on compliance costs related to checking accounts, traditional savings accounts, debit cards, and overdraft programs. The study collected information from seven banks about activities related to compliance with regulations implementing the Truth in Savings Act, the Electronic Fund Transfer Act, the financial privacy requirements of the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act (Regulations DD, E, P, and V, respectively), as well as FCRA’s adverse action requirements, which are not implemented by regulation. According to the Bureau, compliance costs were concentrated in the Operations, Information Technology, Human Resources, Compliance, and Retail functions, and banks incurred the most substantial costs complying with rules related to authorization rights, error resolution requirements, disclosure mandates, and advertising standards.
The report identifies the compliance-related activities that entailed the highest costs across business functions and suggests that “authorization rights” (i.e., opt-ins and opt-outs) and error-resolution requirements are the most costly to administer. The report also discusses the potential for the study—which the Bureau characterizes as representing “some of the most rigorous information currently available” on compliance costs—to advance research on the cost of compliance, influence the ultimate understanding of regulatory impacts on consumers and markets, and inform the CFPB’s ongoing efforts to avoid unnecessary compliance costs. The Bureau states that estimating the operational effects of consumer financial services regulation alone has “limited value to policymaking” and is mainly helpful in determining the impact of a specific regulation on product pricing and availability or market structure and competition. The Bureau concluded that research on the effects of regulations will remain an ongoing priority, but it will nevertheless continue to address problems observed in the marketplace — “mindful that, whatever the costs of regulation, the costs of not regulating adequately can be even larger.”
The full report, Understanding the Effects of Certain Deposit Regulations on Financial Institutions' Operations: Findings on Relative Costs for Systems, Personnel, and Processes at Seven Institutions, is available here.