InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB issues spring supervisory highlights
On May 2, the CFPB released its spring 2022 Supervisory Highlights, which details its supervisory and enforcement actions in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, prepaid accounts, remittances, and student loan servicing. The report’s findings cover examinations completed between July and December 2021. Highlights of the examination findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to wrongful repossessions, misleading final loan payment amounts, and overcharges for add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include (i) both CRCs and furnishers failed to provide written notice to consumers providing the results of reinvestigations and direct dispute investigations; (ii) furnishers failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) reimburse consumers after determining a billing error had occurred; (iii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iv) provide consumers with the evidence relied upon to determine a billing error had not occurred. Examiners also identified Regulation Z violations connected to creditors’ acquisitions of pre-existing credit card accounts from other creditors, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA and CFPA violations where debt collectors used false or misleading representations in connection with identity theft debt collection. Report findings also discussed instances where debt collectors engaged in unfair practices by failing to timely refund overpayments or credit balances.
- Deposits. The Bureau discussed violations related to Regulation E, which implements the EFTA, including occurrences where institutions (i) placed duplicate holds on certain mobile check deposits that were deemed suspicious instead of a single hold as intended; (ii) failed to honor a timely stop payment request; (iii) failed to complete error investigations following a consumer’s notice of error because the consumer did not submit an affidavit; and (iv) failed to provide consumers with notices of revocation of provisional credit connected with error investigations regarding check deposits at ATMs.
- Mortgage Origination. Bureau examiners identified Regulation Z violations concerning occurrences where loan originators were compensated differently based on the terms of the transaction. Under the Bureau’s 2013 Loan Originator Final Rule, “it is not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” Examiners also found that certain lenders failed to retain sufficient documentation to establish the validity for revisions made to credit terms.
- Prepaid Accounts. The Bureau found violations of Regulation E and EFTA related to institutions’ failure to submit prepaid account agreements to the Bureau within the required time frame. Examiners also identified instances where institutions failed to honor oral stop payment requests related to payments originating through certain bill pay systems. The report cited additional findings where institutions failed to properly conduct error investigations.
- Remittances. Bureau examiners identified violations of the EFTA, Regulation E, and deceptive acts and practices. Remittance transfer providers allegedly made false and misleading representations concerning the speed of transfers, and in multiple instances, entered into service agreements with consumers that violated the “prohibition on waivers of rights conferred or causes of action created by EFTA.” Examiners also identified several issues related to the Remittance Rule’s disclosure, timing, and recordkeeping requirements.
- Student Loan Servicing. Bureau examiners identified several unfair acts or practices connected to private student loan servicing, including that servicers failed to make advertised incentive payments (which caused consumers to not receive payments to which they were entitled), and failed to issue timely refund payments in accordance with loan modification payment schedules.
The report also highlights recent supervisory program developments and enforcement actions, including the Bureau’s recent decision to invoke a dormant authority to examine nonbanks (covered by InfoBytes here).
CFPB invokes dormant authority to examine nonbanks
On April 25, the CFPB announced it was invoking a “dormant authority” under the Dodd-Frank Act to conduct supervisory examinations of fintech firms and other nonbank financial services providers based upon a determination of risk. “This authority gives us critical agility to move as quickly as the market, allowing us to conduct examinations of financial companies posing risks to consumers and stop harm before it spreads,” CFPB Director Rohit Chopra explained. The Bureau has direct supervisory authority over banks and credit unions with more than $10 billion in assets, certain nonbanks regardless of size that offer or provide consumer financial products or services, and the service providers for such entities. With this announcement, the Bureau now plans to use a provision under Section 1024 of Dodd-Frank that allows it to examine nonbank financial entities, upon notice and an opportunity to respond, if it has “reasonable cause” to determine that consumer harm is possible.
In tandem with the announcement, the Bureau also issued a request for public comment on an updated version of a procedural rule that implements its statutory authority to supervise nonbanks “whose activities the CFPB has reasonable cause to determine pose risks to consumers,” including potentially unfair, deceptive, or abusive acts or practices. The statute requires that the Bureau “base such reasonable cause determinations on complaints collected by the CFPB, or on information from other sources,” which the Bureau stated may include “judicial opinions and administrative decisions, . . . whistleblower complaints, state partners, federal partners, or news reports.” “Given the rapid growth of consumer offerings by nonbanks, the CFPB is now utilizing a dormant authority to hold nonbanks to the same standards that banks are held to,” Chopra stated.
Among other things, the new rule establishes a disclosure mechanism intended to increase transparency of the Bureau’s risk-determination process. Specifically, the new rule will exempt final decisions and orders by the CFPB director from being considered confidential supervisory information, allowing the Bureau to publish the decisions on their website. Subject companies will be given an opportunity seven days after a final decision is issued to provide input on what information, if any, should be publicly released. According to the Bureau, there “is a public interest in transparency when it comes to these potentially significant rulings by the Director as head of the agency. Also, if a decision or order is publicly released, it would be available as a precedent in future proceedings.”
The procedural rule is effective upon publication in the Federal Register and has a 30-day comment period.
District Court compels college operator to testify in CFPB CID challenge
On April 20, a magistrate judge for the U.S. District Court for the District of Utah issued a report and recommendation in a CFPB action seeking to compel testimony from a private, non-profit operator of several colleges as part of its petition to enforce a 2019 civil investigative demand (CID). The CID seeks information about (i) the operator’s private student loan program to determine whether its private financing program violated federal consumer financial laws; and (ii) litigation involving the operator’s student loan program in which it has been a party in since 2012. The CID also sought testimony for what it said was an investigation into whether the operator had misled student borrowers about the offered loans or signed them up for loans without their knowledge or consent—a potential UDAAP violation. Former Bureau Director Kathleen Kraninger previously denied a petition to set aside the CID (and ultimately ratified its enforcement), but offered to narrow the CID’s scope to only require testimony regarding the first of these topics on the condition that the operator would testify as scheduled. The Bureau filed a petition to enforce the CID after the operator failed to comply. The operator challenged the Bureau’s single-director structure (which was addressed in rulings issued by the U.S. Supreme Court in Seila Law v. CFPB and Collins v. Yellen, covered by a Buckley Special Alert here and InfoBytes here), and argued, among other things, that the CID was “overly broad” and “burdensome.”
The magistrate judge rejected the majority of the operator’s arguments, which included constitutional arguments, lack of relevance, abuse of process, and that the demand is too indefinite, overly broad and burdensome. The magistrate judge concluded that enforcing the compromise offered by the Bureau back in 2019 would be an equitable solution and give the agency the necessary information without imposing undue burden, explaining that the defendant “has now had multiple years to prepare witnesses for deposition and should not be unduly burdened to answer questions regarding its own private-student-loan program.”
CFPB sues credit reporter and one of its executives
On April 12, the CFPB sued a credit reporting agency (CRA), two of its subsidiaries (collectively, “corporate defendants"), and a former senior executive for allegedly violating a 2017 enforcement order in connection with alleged deceptive practices related to their marketing and sale of credit scores, credit reports, and credit-monitoring products to consumers. The 2017 consent order required the corporate defendants to pay a $3 million civil penalty and more than $13.9 million in restitution to affected consumers as well as abide by certain conduct provisions (covered by InfoBytes here). The Bureau’s announcement called the corporate defendants “repeat offender[s]” who continued to engage in “digital dark patterns” that caused consumers seeking free credit scores to unknowingly sign up for a credit monitoring service with recurring monthly charges. According to the Bureau’s complaint, the corporate defendants, under the individual defendant’s direction, allegedly violated the 2017 consent order from the day it went into effect instead of implementing agreed-upon policy changes intended to stop consumers from unknowingly signing up for credit monitoring services that charge monthly payments. The Bureau claimed that the corporate defendants’ practices continued even after examiners raised concerns several times. With respect to the individual defendant, the Bureau contended that he had both the “authority and obligation” to ensure compliance with the 2017 consent order but did not do so. Instead, he allowed the corporate defendants to “defy the law and continue engaging in misleading marketing, even in the face of thousands of consumer complaints and refund requests.” The complaint alleges violations of the CFPA, EFTA/ Regulation E, and the FCRA/Regulation V, and seeks a permanent injunction, damages, civil penalties, consumer refunds, restitution, disgorgement and the CFPB’s costs.
CFPB Director Rohit Chopra issued a statement the same day warning the Bureau will continue to bring cases against repeat offenders. Dedicated units within the Bureau’s enforcement and supervision teams will focus on repeat offenders, Chopra stated, adding that the Bureau will also work with other federal and state law enforcement agencies when repeat violations occur. “Agency and court orders are not suggestions, and we are taking steps to ensure that firms under our jurisdiction do not engage in repeat offenses,” Chopra stressed. He also explained that the charges against the individual defendant are appropriate, as he allegedly, among other things, impeded measures to prevent unintended subscription enrollments and failed to comply with the 2017 consent order, which bound company executives and board members to its terms.
The CRA issued a press release following the announcement, stating that it considers the Bureau’s claims to be “meritless” and that as required by the consent order, the CRA “submitted to the CFPB for approval a plan detailing how it would comply with the order. The CFPB ignored the compliance plan, despite being obligated to respond and trigger deadlines for implementation. In the absence of any sort of guidance from the CFPB, [the CRA] took affirmative actions to implement the consent order.” Moreover, the CRA noted that “[r]ather than providing any supervisory guidance on this matter and advising [the CRA] of its concerns – like a responsible regulator would – the CFPB stayed silent and saved their claims for inclusion in a lawsuit, including naming a former executive in the complaint,” and that “CFPB’s current leadership refused to meet with us and were determined to litigate and seek headlines through press releases and tweets.”
CFPB’s UDAAP claims to proceed against mortgage lender
On March 31, the U.S. District Court for the District of Columbia mostly denied motions to dismiss filed by a mortgage lender and four executives (collectively, “defendants”) sued by the CFPB for allegedly engaging in unlawful mortgage lending practices. As previously covered by InfoBytes, the Bureau filed a complaint last year against the defendants alleging violations of several federal laws, including TILA and the CFPA. According to the Bureau, (i) unlicensed employees allegedly offered and negotiated mortgage terms; (ii) company policy regularly required consumers to submit documents for verification before receiving a loan estimate; (iii) employees denied consumers credit without issuing an adverse action notice; and (iv) defendants regularly made misrepresentations about, among other things, the availability and cost savings of FHA streamlined refinance loans.
The mortgage lender had argued in its motion to dismiss that neither TILA nor the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) required the lender to ensure that its individual employees were licensed under state law. In denying the motions to dismiss, the court disagreed with the lender’s position stating that in order for a mortgage originator to comply with TILA, it must also comply with Bureau requirements set out in Regulation Z, including a requirement that “obligates loan originator organizations to ensure that individual loan originators working for them are licensed or registered as required by state and federal laws.”
The court also concluded that the individual defendants must face claims for allegedly engaging in unfair or deceptive practices. The Bureau contended that the company’s chief compliance officer had warned the individual defendants that certain unlicensed employees were engaging in activities requiring licensure, and that the company’s owners approved the business model that permitted the underlying practices. According to the court, an individual “engages” in a UDAAP violation if the individual “participated directly in the practices or acts or had authority to control them” and “‘had or should have had knowledge or awareness’ of the misconduct.” The court rejected defendants’ arguments that it was improper to adopt this standard, and stated that “the fact that a separate theory of liability exists for substantially assisting a corporate defendant’s UDAAP violations has no bearing on how courts evaluate whether an individual defendant himself engaged in a UDAAP violation.”
While the court allowed the count to continue to the extent that it was based on allegations of unlicensed employees performing duties that would require licensure, it found that the complaint did not support an inference that the individual defendants knew that the employees were engaging in activities to make it appear that they were licensed. The court provided the Bureau an opportunity to replead the count to provide a stronger basis for such an inference.
CFPB settles with student loan servicer over unfair practices
On March 30, the CFPB announced a settlement with a student loan servicer to resolve allegations that the company engaged in deceptive acts with respect to borrowers with Federal Family Education Loan Program (FFELP) loans about their eligibility for Public Service Loan Forgiveness (PSLF), in violation of the Consumer Financial Protection Act, among other things. The CFPB alleged that the company engaged in unfair, deceptive, or abusive acts or practices by misrepresenting: (i) that FFELP borrowers could not receive PSLF; (ii) that FFELP borrowers were making payments towards PSLF before loan consolidation; and (iii) that certain jobs were not eligible for PSLF. The Bureau also alleged that the servicer “did not provide any information about how to become eligible for PSLF when borrowers inquired about the program or mentioned that they worked in a job that was likely a qualifying public-service job.”
Under the terms of the consent order, the servicer is required to: (i) notify all affected borrowers of the Department of Education’s limited PSLF waiver to provide affected consumers the opportunity to take advantage of the waiver before it ends on October 31; (ii) “develop and implement a call script for Customer Service Representatives that, at minimum, requires them to solicit information from all FFELP Consumers about whether a consumer’s employment may make them eligible for PSLF, and if so, to direct them to a Public Service Specialist, who will provide accurate and complete information about PSLF”; and (iii) pay a civil money penalty of $1 million to the Bureau.
According to a statement by CFPB Director Rohit Chopra, the Bureau “has long been concerned that others in the student loan servicing industry have derailed borrowers from making progress toward loan cancellation,” and “CFPB law enforcement work has identified these problems for years, finding failures at multiple servicers.”
DFPI releases report one year after enactment of CCFPL
On March 24, the California Department of Financial Protection and Innovation (DFPI) released a statutory report regarding measures the Department has taken since expanding its authority under the California Consumer Financial Protection Law (CCFPL). As previously covered by a Buckley Special Alert, the California Legislature passed Assembly Bill 1864, enacting the CCFPL, which, among other things: (i) established UDAAP authority for DFPI; (ii) authorized DFPI to impose penalties of $2,500 for “each act or omission” in violation of the law without a showing that the violation was willful, arguably representing an enhancement of the Department of Business Oversight’s enforcement powers in contrast to Dodd-Frank and existing California law; and (iii) provided that administration of the law will be funded through the fees generated by the new registration process as well as fines, penalties, settlements, or judgments. According to the report, over the past year DFPI has collected nearly $1 million in restitution for consumers, fielded hundreds of additional complaints related to the law, and launched more than 100 investigations. DFPI also created new divisions which expanded oversight and outreach, including the Consumer Financial Protection Division, Office of Financial Technology Innovation, Office of the Ombuds, and a Targeted Outreach Team responsible for working with historically underserved communities that include veterans, senior citizens, students, and immigrants. Other key takeaways from the report include, among other things, that DFPI (i) issued four invitations for comments to solicit stakeholder feedback on various aspects of implementation of the CCFPL and received 76 comment letters; (ii) opened 106 investigations that resulted in 49 public actions under the CCFPL; and (iii) established a research team to help identify emerging financial activities; scout for unlawful, unfair, deceptive, and abusive practices; and make policy recommendations based on consumer impact.
District Court enters $2.8 million judgment in CFPB student debt relief action
On March 22, the U.S. District Court for the Central District of California entered a stipulated final judgment and order against one of the defendants in an action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, alleging a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint asserted that the defendants violated the CFPA, the Telemarketing Sales Rule, and various state laws. Amended complaints (see here and here) also added new defendants and included claims for avoidance of fraudulent transfers under the Federal Debt Collection Procedures Act and California’s Uniform Voidable Transactions Act, among other things. A stipulated final judgment and order was entered against the named defendant in July (covered by InfoBytes here), which required the payment of more than $35 million in redress to affected consumers, a $1 civil money penalty to the Bureau, and $5,000 in civil money penalties to each of the three states. The court also previously entered final judgments against several of the defendants, as well as a default judgment and order against two other defendants and a settlement with two non-parties (covered by InfoBytes here, here, here, here, and here).
The final judgment issued against the settling defendant, who neither admitted nor denied the allegations except as specifically stated, permanently bans the defendant from participating in telemarking services or offering or selling debt-relief services, and prohibits it from misrepresenting benefits consumers may receive from a product or service. The defendant is also permanently restrained from violating applicable state laws, and may not disclose, use, or benefit from customer information obtained in connection with the offering or providing of the debt relief services. The settlement orders the defendant to pay more than $2.8 million in consumer redress, as well as a $1 civil money penalty to the Bureau and $5,000 to each of the three states.
Special Alert: CFPB revises UDAAP manual to include discriminatory practices
On March 16, the Consumer Financial Protection Bureau announced significant revisions to its Unfair, Deceptive, or Abusive Acts or Practices exam manual, in particular highlighting the CFPB’s view that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service. Congress has enacted several statutes that outlaw discrimination on specified prohibited bases, including the Equal Credit Opportunity Act (ECOA), which generally makes it unlawful to discriminate on a prohibited basis when extending credit and which the CFPB is authorized to enforce. With this announcement, the Bureau made clear its view that any type of discrimination in connection with a consumer financial product or service could be an “unfair” practice — and therefore the CFPB can bring discrimination claims related to non-credit financial products (and other agencies that have UDAP authority may follow in the CFPB’s lead).
CFPB guidance on automobile repossession warns on UDAAPs
On February 28, the CFPB released Bulletin 2022-4 regarding the repossession of vehicles and the potential for violations of Dodd-Frank’s prohibition on engaging in unfair, deceptive, or abusive acts or practices (collectively, “UDAAPs”) when repossessing vehicles. According to the Bulletin, “[t]he Bureau intends to hold loan holders and servicers accountable for UDAAPs related to the repossession of consumers’ vehicles.” To prevent UDAAPs, the Bureau noted that entities should, among other things: (i) review their policies and procedures regarding repossession and cancellation of repossession; (ii) ensure prompt communications between servicers and repossession service providers when a repossession is canceled and monitor compliance with cancellations; (iii) utilize monitoring of wrongful repossessions through routine oversight and audits of customer communications; and (iv) ensure corrective action programs are in place to address any violations and reimburse consumers for costs incurred as a result of unlawful repossessions. Additionally, the Bulletin suggests that entities should monitor service providers and any force-placed collateral protection insurance programs to verify that consumers are not charged for unnecessary force-placed insurance. According to the CFPB’s blog post released the same day, “the Bureau is closely watching the auto lending market. Auto loans are already the third largest consumer credit market in the United States at over $1.46 trillion outstanding, double the amount from ten years ago.”