InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
New York Financial Services Regulator First To Sue Under Dodd-Frank's UDAAP Provisions
On April 23, New York State Department of Financial Services (NYS DFS) Superintendent Benjamin Lawsky became the first state regulator to sue a financial services company to enforce the Dodd-Frank Act’s Title X prohibitions against unfair, deceptive, and abusive practices (UDAAP). Last month, Illinois Attorney General Lisa Madigan filed what appears to be the first suit by a state attorney general to enforce Dodd-Frank’s UDAAP provisions. Although state authorities generally are limited to enforcing Title X against state banks and non-bank financial service companies—except that state attorneys general may enforce rules of the CFPB against national banks and thrifts—these actions bring into sharp focus the full scope and reach of the Title X’s enforcement provisions and are likely to inspire similar state actions.
Mr. Lawsky’s complaint accuses a nonbank auto finance company of violating Sections 1031 and 1036 of the Dodd-Frank Act, as well as Section 408 of the New York Financial Services Law and Section 499 of the New York Banking Law by, among other things, “systematically hid[ing] from its customers the fact that they have refundable positive credit balances.” The complaint alleges that the company concealed its customers’ positive account balances—from insurance payoffs, overpayments, trade-ins, and other reasons—by programming its customer-facing web portal to shut down a customer’s access to his or her loan account once the loan was paid off, even if a positive credit balance existed. The company allegedly failed to refund such balances absent a specific request from a customer. In addition, the complaint charges that the company hid the existence of positive credit balances by submitting to the New York State Comptroller’s Office false and misleading “negative” unclaimed property reports, which represented under penalty of perjury that the company had no unrefunded customer credit balances.The complaint claims that DFS’s examination findings for the company “demonstrate the persistent refusal and failure of [the company] and its owner . . . to implement even the most basic policies, procedures and controls necessary to manage a $300 million, state-licensed lending institution.” Further, Mr. Lawsky asserts that the company rejected “virtually all of those findings” and ignored or refused, based largely on economic considerations, to comply with written directives to institute proper policies, procedures, and controls.
In addition to being the first of its kind, the suit is notable for several other reasons. First, the suit names the company’s individual owner and CEO. Mr. Lawsky recently urged financial services regulators to consider taking more actions against individuals. His remarks added to a trend among regulators and enforcement authorities to more aggressively pursue individual alleged bad actors. In the complaint, Mr. Lawsky argues that “as the person responsible for oversight of [the company’s] operations and for setting and effectuating policies” the owner caused the company to adopt a policy of “stealing, converting, and retaining for its positive credit balances belonging to its customers.”
Second, Mr. Lawsky claims that certain of the alleged practices violate Dodd-Frank’s prohibition against “abusive” acts or practices. Although defined in the statute, the government has yet to provide additional guidance as to which acts or practices might be considered “abusive.” For instance, the CFPB, which has authority to draft regulations defining abusive practices, has declined to do so. Instead it has elected to develop the abusive standard through enforcement, most recently in an action against a for-profit educational institution, though no court has yet ruled on what constitutes an abusive practice.
Third, Mr. Lawsky filed the suit with the help of an outside plaintiffs’ firm. The practice of state agencies hiring outside counsel to represent them in investigations has been the subject of lawsuits and criticisms. The practice has been criticized in part because it creates an incentive for the outside lawyers to find violations in order to be paid. It also has been the subject of litigation where the law firm assisting the agency also represented other clients adverse to the target of the investigation.
Fourth, the complaint alleges that the finance company violated Section 1036 with regard to its data security and privacy practices and representations. Mr. Lawsky claims that the finance company falsely represented to its customers, in connection with servicing automobile loans, that it implemented reasonable and appropriate measures to protect borrowers’ personal information against unauthorized access. Instead, the complaint charges the company failed to take such reasonable and necessary actions and/or expend resources necessary to provide such protection, and in doing so took unreasonable advantage of (i) the inability of its customers to protect their own interests; and (ii) the reasonable reliance by its customers on the company to act it their interests.
Finally, the suit demonstrates the significant level of regulatory and enforcement activity originating from the NYS DFS. In recent months, Mr. Lawsky has moved to exercise the full scope of his authorities and has positioned himself at the forefront of numerous financial services issues, including, for example, by: (i) developing a regulatory framework for virtual currencies; (ii) aggressively supervising mortgage servicing rights transfers; (iii) obtaining a substantial settlement in a state licensing enforcement action; and (iv) conducting an expansive investigation related to online payday lending.
New Jersey Federal Court First To Uphold FTC's UDAP Authority To Enforce Data Security
On April 7, the U.S. District Court for the District of New Jersey denied a hotel company’s motion to dismiss the FTC’s claims that the company engaged in unfair and deceptive practices in violation of Section 5 of the FTC Act by failing to maintain reasonable and appropriate data security for customers’ personal information. FTC v. Wyndham Worldwide Corp., No. 13-1887, 2014 WL 1349019 (D.N.J. Apr. 7, 2014). The company moved to dismiss the FTC’s suit, arguing that the FTC (i) lacks statutory authority to enforce data security standards outside of its explicit data security authority under statutes such as the Gramm-Leach-Bliley Act (GLBA) and FCRA; (ii) violated fair notice principles by failing to first promulgate applicable regulations; and (iii) failed to sufficiently plead certain elements of the unfairness and deception claims. The court rejected each of these arguments. First, the court held that the FTC does not need specific authority under Section 5 to enforce data security standards. The court reasoned that the data-security legislation the followed the FTC Act, such as GLBA and FCRA, provide the FTC additional data security tools that complement, rather than preclude, the FTC’s general authority under Section 5. Second, the court held that, to bring a Section 5 data security claim, the FTC is not required to provide notice of reasonable standards by issuing a new regulation because regulations are not the only means of providing sufficient fair notice. According to the court, industry standards, past FTC enforcement actions, and FTC business guidance provided sufficient notice of what constitutes reasonable security measures. Third, the court held that the FTC properly pled its unfairness and deception claims under the FTC Act.
Illinois AG Sues To Enforce Dodd-Frank "Abusive" Prohibition
On March 19, Illinois Attorney General (AG) Lisa Madigan announced a suit against a lender for allegedly offering a short-term credit product designed to evade the state’s usury cap. The AG claims the lender offers a revolving line of credit with advertised interest rates of 18 to 24%, and then adds on “account protection fees.” The AG characterizes those fees as interest substantially in excess of the state’s 36% usury cap. According to the AG, after a borrower takes out the short-term loan, the lender allegedly provides a payment schedule and instructs the borrower to make minimum payments, which consumers who filed complaints with the AG’s office believed was a timeline to pay off the full debt. The complaint is the AG’s first under the Dodd-Frank Act and claims that the lender’s practices take unreasonable advantage of consumers and constitute abusive practices. The complaint also alleges violations of the state Consumer Fraud and Deceptive Businesses Practice Act and seeks restitution, civil penalties, disgorgement, and an order nullifying all existing contracts with Illinois consumers and prohibiting the company from selling lines of credit and revolving credit in Illinois.
CFPB Sues For-Profit Educational Institution Over Private Student Loan Origination Practices
On February 26, the CFPB filed its first enforcement action against a for-profit higher-education company, alleging that the company engaged in unfair and abusive private student loan origination practices.
In a civil complaint filed in the U.S. District Court for the Southern District of Indiana, the CFPB asserts that the company offered first-year students no-interest short-term loans to cover the difference between the costs of attendance and federal loans obtained by students. The CFPB claims that when the short-term loans came due at the end of the first academic year and borrowers were unable to pay them off, the company forced borrowers into “high-rate, high-fee” private student loans without providing borrowers an adequate opportunity to understand their loan obligations. Moreover, the CFPB claims that the company’s business model is dependent on coercing students into “high-rate, high-fee” private loans, despite the low average incomes and credit profiles of the students, and a 64 percent default rate on such loans.
The company issued a statement denying the charges, criticizing the CFPB’s decision to file suit, and challenging the CFPB’s jurisdiction. The statement describes the suit as an “aggressive attempt by the Bureau . . . to extend its jurisdiction into matters well beyond consumer finance” and expresses the company's intent to “ vigorously contest the Bureau's theories in court.”
The complaint details a number of alleged “high-pressure” origination tactics the CFPB claims resulted in part from the compensation structure the company established for its financial aid staff, which included commissions based on loan origination volume. The complaint also details the loan programs at issue, asserting that the programs were ostensibly run by third parties, but were controlled and guaranteed by the company, which allowed it to establish lenient lending criteria to maximize student participation. The company also is alleged to have misrepresented to prospective students the company’s accreditation and the placement rates and salaries of its graduates.
For certain students who did not obtain private student loans to pay-off the short-term company product and instead carried balances on the short-term credit through graduation, the CFPB asserts the company offered a “graduation discount” if the borrowers agreed to pay off some or all of the balance in a lump sum rather than through an installment plan. The CFPB reasons that to the extent the lump sum discounts were not applied to the installment plans, such discounts constituted finance charges subject to TILA’s disclosure requirements. The CFPB asserts that the company failed to clearly and conspicuously disclose those charges in writing to borrowers who opted not to pay a lump sum and instead entered into installment plans.
The CFPB brings claims for violations of the Consumer Financial Protection Act’s prohibitions on unfair and abusive practices, as well as for violations of TILA. In addition to injunctive relief, the CFPB is seeking unspecified monetary relief, including restitution for harmed borrowers, disgorgement, rescission, and civil money penalties.
CFPB Releases Money Transfer Exam Procedures, Launches New e-Regulations Tool
On October 22, the CFPB released the procedures its examiners will use in assessing financial institutions’ compliance with the remittance transfer requirements of Regulation E. Amendments to those regulations, finalized by the CFPB earlier this year, are set to take effect October 28, 2013. In general, the rule requires remittance transfer providers that offer remittances as part of their “normal course of business” to: (i) provide written pre-payment disclosures of the exchange rates and fees associated with a transfer of funds as well as the amount of funds the recipient will receive; and (ii) investigate consumer disputes and remedy errors. The rule does not apply to financial institutions that consistently provide 100 or fewer remittance transfers each year, or to transactions under $15.
The new examination procedures detail the specific objectives examiners should pursue as part of the examination, including to: (i) assess the quality of the regulated entity’s compliance risk management systems with respect to its remittance transfer business; (ii) identify acts or practices relating to remittance transfers that materially increase the risk of violations of federal consumer financial law and associated harm to consumers; (iii) gather facts that help to determine whether a supervised entity engages in acts or practices that are likely to violate federal consumer financial law; and (iv) determine whether a violation of a federal consumer financial law has occurred and, if so, whether further supervisory or enforcement actions are appropriate. In doing so, CFPB examiners will look not only at potential risks related to the remittance regulations, but also outside the remittance rule to assess “other risks to consumers,” including potential unfair, deceptive, or abusive acts or practices and Gramm-Leach-Bliley Act privacy violations. Finally, consistent with other examination procedures published by the CFPB, the examiners are instructed to conduct both a management- and policy-level review as well as a transaction-level review to inform the stated examination objectives.
Also on October 22, the CFPB announced a new tool designed to make it easier for the public to navigate the regulations subject to CFPB oversight. To start, the new eRegulations tool includes only Regulation E, which implements the Electronic Fund Transfer Act and includes the remittance requirements discussed above. Noting that federal regulations can be difficult to navigate, the CFPB redesigned the electronic presentation of its regulations, including by (i) defining key terms throughout, (ii) providing official interpretations throughout, (iii) linking certain sections of the “Federal Register preambles” to help explain the background of a particular paragraph, and (iv) providing the ability to see previous, current, and future versions. The CFPB notes that the tool is a work in progress and that suggestions from the public are welcome. Further, the CFPB encourages other agencies, developers, or groups to use and adapt the system.
CFPB Puts Creditors, Third-Party Collectors on Notice Regarding Unfair, Deceptive, and Abusive Debt Collection Practices
On July 10, the CFPB issued new debt collection guidance that, among other things, seeks to hold CFPB-supervised creditors accountable for engaging in acts or practices the CFPB considers to be unfair, deceptive, and/or abusive (UDAAP) when collecting their own debts, in much the same way debt collectors are held accountable for violations of the FDCPA. Bulletin 2013-07 reviews the Dodd-Frank Act UDAAP standards, provides a non-exhaustive list of debt collection acts or practices that could constitute UDAAPs, and states that even though creditors generally are not considered debt collectors under the FDCPA, the CFPB intends to supervise their debt collection activities under its UDAAP authority.
Separately, in Bulletin 2013-08, the CFPB provided guidance to creditors, debt buyers, and third-party collectors about compliance with the FDCPA and sections 1031 and 1036 of Dodd-Frank when making representations about the impact that payments on debts in collection may have on credit reports and credit scores. The Bulletin states that potentially deceptive debt collection claims are a matter of “significant concern” to the CFPB and describes the CFPB’s planned supervisory activities and other actions the CFPB may take to ensure that the debt collection market “functions in a fair, transparent, and competitive manner.”
In addition, the CFPB announced that it will begin accepting consumer complaints related to debt collection, and published five “action letters” that consumers can use to correspond with debt collectors. The letters address the situations when the consumer: (i) needs more information on the debt; (ii) wants to dispute the debt and for the debt collector to prove responsibility or stop communication; (iii) wants to restrict how and when a debt collector can contact them; (iv) has hired a lawyer; (v) wants the debt collector to stop any and all contact.
Spotlight on Student Lending (Part 1 of 2): Facing Increased Regulatory Scrutiny, Student Loan Lenders Prepare for CFPB Examinations
Currently, total outstanding student debt (both federal loans and private loans) has risen to roughly $1.1 trillion dollars. That figure represents an over 50% increase since 2008 and makes student loans the largest source of unsecured consumer debt – surpassing credit cards. At the same time, at least with respect to federal student loans, delinquencies have risen sharply during the same time period and, with unemployment rates for recent graduates still high by historic standards, the risk of continued high delinquency rates remains significant. Complicating matters is that student loan servicers, and servicers of private student loans in particular, have limited ability vis-à-vis a mortgage lender to modify those loans for borrowers in default.
Not surprisingly, given this backdrop, borrowers have lodged complaints with the Consumer Financial Protection Bureau (CFPB or Bureau) focused on their inability to obtain loan modifications, concerns about improper payment processing, and concerns about servicers’ debt collection practices. All of these factors have prompted the Bureau to draw comparisons to the recent mortgage servicing crisis and to increase focus and attention on the student lending and servicing industry in an effort to stave off a problem of those proportions.
In addition, the Bureau has focused its attention within student lending and servicing on other, more traditional areas of regulatory concern. For example, the Bureau in the past year indicated it intends to closely scrutinize student lenders on fair lending issues – especially the use of non-credit bureau attributes such as cohort default rate – as well as unfair, deceptive, or abusive trade practices.
For non-bank private student lenders, regulation by the CFPB represents a significant increase in the type of regulatory scrutiny to which lenders have traditionally been subject. Even for large bank student lenders, which have long been subject to examinations by their prudential regulators, CFPB regulatory oversight will present new challenges insofar as the Bureau’s focus is solely on consumer protection and compliance and it has made clear that understanding and regulating private student lending is one of its high priorities.
Here are several steps that student lenders and servicers can take now to proactively mitigate risk in the current environment, including:
- Developing, implementing and, as applicable, updating fair and responsible lending programs (including training of key employees in this area)
- Conducting periodic fair lending and UDAAP risk assessments
- Conducting gap analyses of collections and servicing practices to ensure compliance and CFPB readiness
It bears emphasizing that the future likely holds increased regulatory scrutiny, especially from the Bureau and especially in the area of student loan servicing and debt collection. Private student lenders will also see increased scrutiny with respect to fair and responsible lending compliance, including their use of non-credit bureau attributes in underwriting and pricing and their marketing practices, e.g., how borrowers are solicited and whether a lender uses different marketing efforts based on loan products, such as those specific to a particular major, school, or geography.
In December 2012, the Consumer Financial Protection Bureau released their student loan examination procedures, and since doing so, has commenced several examinations of bank and non-bank private student lenders. Lenders will have to show compliance with a variety of federal laws applicable at various stages (called modules) of the lending process and will be examined for potentially unfair, deceptive or abusive acts and practices.
The procedures indicate that exams will be composed of several modules:
- Advertising, marketing and lead generation
- Application, qualification, loan origination, and disbursement
- Repayment and account maintenance
- Customer complaints
- Collections and credit reporting
- Information sharing and privacy
The CFPB’s examination personnel will review the lender’s organizational documents and process flowcharts, board minutes, annual reports, management reports, policies and procedures, rate and fee sheets, loan applications, account documentation, notes and disclosures, file contents, operating checklists and worksheets, computer system details, due diligence and monitoring procedures, lending procedures, underwriting guidelines, compensation policies, audit reports and responses, training materials, service provider contracts, advertisements, and complaints. Examiners may also interview the lender’s personnel and observe customer interactions.
Examiners will review potential legal and regulatory violations in modules roughly corresponding to the processes by which education loans are developed, marketed, originated and serviced, and the processes for handling consumer complaints, delinquencies and defaults, credit reporting and privacy protection. The examination process is intended to help the CFPB determine whether consumer financial protection laws have been violated and, if so, whether supervisory or enforcement actions are warranted.
BuckleySandler advises student lenders to prepare for a CFPB exam by carefully reviewing the Bureau’s examination procedures, reports, and other public statements concerning student lending and servicing. We also recommend conducting a gap analyses between those materials and existing policies and procedures, and as appropriate, filling any identified gaps.
Questions regarding the matters discussed above may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Andrew R. Louis, (202) 349-8061, alouis@buckleyfirm.com
- Jeffrey P. Naimon, (202) 349-8030, jnaimon@buckleyfirm.com
- Aaron C. Mahler, (202) 349-8024, amahler@buckleyfirm.com
- Sasha Leonhardt, (202) 349-7971, sleonhardt@buckleyfirm.com
CFPB Seeks Injunction Against Debt Relief Firm's "Abusive" Practices
On May 30, the CFPB filed a complaint in federal district court against a Florida debt-relief company the CFPB alleges violated the FTC’s Telemarketing Sales Rule and the Dodd-Frank Act by promising certain debt relief services in exchange for upfront payment and then failing to provide the promised services. The complaint alleges publicly for the first time violations of the “abusive” standard established in the Dodd-Frank Act. The CFPB claims the company and its owner (i) misled consumers by falsely promising them it would begin to settle their debts within three to six months and then failed to provide the services within the promised time frame, if at all; (ii) enrolled consumers despite knowing that their income level made it highly unlikely that they could complete the debt-relief programs; and (iii) collected upfront “enrollment” fees from consumers even though the company knew that the consumers could not afford the monthly payments required by these debt-relief programs. Because these practices took “unreasonable advantage” of consumers, the CFPB charges they are abusive. The CFPB announced that it plans to file a proposed order that, if approved, would (i) require the company to pay a $15,000 penalty; (ii) permanently enjoin the company from advertising, marketing, promoting, offering for sale, or selling any debt-relief product or service; and (iii) establish a two-year compliance monitoring and reporting period for the company.
Federal Reserve Board Issues Statement on Deposit Advance Products
On April 25, the Federal Reserve Board issued a policy statement on deposit advance products. The statement came on the same day that the OCC and the FDIC proposed more formal guidance for such products. The Board statement identifies potential “significant risks” associated with deposit advance products, including UDAP risk and other consumer compliance risk. The statement directs examiners to thoroughly review any deposit advance products offered by supervised institutions for compliance with Section 5 of the FTC Act and reminds banks of their responsibility for vendors hired to offer deposit advance products.
Federal Court Approves Lender Settlement of TILA, UDAP Claims Based on HELOC Reductions
On March 15, the U.S. District Court for the Northern District of California approved a lender’s settlement with a class of borrowers who claimed that the bank suspended or reduced borrower home equity lines of credit (HELOCs) in violation of the Truth in Lending Act and California’s Unfair Competition Law. In Re Citibank HELOC Reduction Litig., No. 09-350 (N.D. Cal. Aug. 31, 2012). The borrowers claimed that the bank improperly utilized computerized automated valuation models (AVMs) as the basis for suspending or decreasing customer HELOCs because of the decline in the value of the underlying property. The complaint also charged that customers were injured because (i) the annual fee to maintain the HELOC was not adjusted to account for the decreased limit, and (ii) the borrowers’ credit ratings were damaged as a result of the reduced credit limit. The named plaintiff also alleged injury because he was forced to obtain a replacement home equity line, which resulted in payment of an early termination fee on the old HELOC and additional costs related to the new HELOC. Under the agreement, class members will have a right to request reinstatement of their HELOC accounts, the bank will expand the information contained in credit-line reduction notices based on collateral deterioration, and customers who incurred an early closure release fee when closing the account subsequent to the suspension or reduction may make a claim for the cash payment of $120. The court reduced the incentive payments owed to the six named plaintiffs by $1,000 each, but approved the proposed $1.2 million in attorneys’ fees.