Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On July 14, the CFPB announced a consent order against a national bank to resolve allegations that the bank engaged in unfair and abusive acts or practices with respect to unemployment insurance benefit recipients who filed notices of error concerning alleged unauthorized electronic fund transfers (EFTs). The CFPB alleged that the bank violated the CFPA by, among other things: (i) determining that “no error had occurred and [by] freezing cardholder accounts based solely on the results of [the bank’s] automated Fraud Filter”; (ii) “retroactively applying its automated Fraud Filter to reverse permanent credits for unemployment insurance benefit prepaid debit cardholders whose notices of error [the bank] had previously investigated and paid”; and (iii) “impeding unemployment insurance benefit prepaid debit cardholders’ efforts to file notices of error and seek liability protection from unauthorized EFTs.” The CFPB also claimed that the bank violated the EFTA and Regulation E by “fail[ing] to conduct reasonable investigations” of cardholders’ notices of error. Under the terms of the Bureau’s consent order, the bank is required to provide redress to harmed consumers, review and reform its unemployment insurance benefit prepaid debit card program, and pay a $100 million civil penalty to the Bureau.
The same day, the OCC announced a consent order and a $125 million civil money penalty against the bank for alleged unsafe or unsound practices related to the same prepaid card program. According to the OCC, the bank, among other things: (i) “fail[ed] to establish effective risk management” over its unemployment card program”; and (ii) “beginning in 2020, denied or delayed many consumers’ access to unemployment benefits when consumers filed or attempted to file [unemployment insurance benefits] unauthorized transaction claims.” The OCC’s civil money penalty and remediation requirement is in addition to the CFPB’s civil money penalty.
California authorizes prepaid accounts to accept publicly administered funds provided no overdraft fees
On October 5, the California governor signed SB 497, which, among other things, amends the definition of a “qualifying account” use for the purposes of depositing certain publicly administered funds. The amendment eliminates prepaid card accounts from the definition of “qualifying account,” and instead authorizes “a prepaid account or a demand deposit or savings account offered by or through an entity other than an insured depository financial institution, as specified, that is not attached to an automatic credit or overdraft feature, unless the credit or overdraft feature has no fee, charge, or cost, or it complies with the requirements for consumer credit under the federal Truth in Lending Act.” Specifically, persons or entities that are not insured depository financial institutions but who offer, maintain, or manage non-“qualifying accounts” are prohibited from soliciting, accepting, or facilitating the direct deposit of the publicly administered funds into the accounts.
On August 16, the CFPB filed its opening brief in the agency’s appeal of a district court’s December 2020 decision, which granted a payment company’s motion for summary judgment and vacated two provisions of the Bureau’s Prepaid Account Rule: (i) the short-form disclosure requirement “to the extent it provides mandatory disclosure clauses”; and (ii) the 30-day credit linking restriction. As previously covered by InfoBytes, the Bureau claimed that it had authority to enforce the mandates under federal regulations, including the EFTA, TILA, and Dodd-Frank, but the district court disagreed, concluding, among other things, that the Bureau acted outside of its statutory authority with respect to the mandatory disclosure clauses of the short-form requirement in 12 CFR section 1005.18(b) by presuming that “Congress delegated power to the Bureau to issue mandatory disclosure clauses just because Congress did not specifically prohibit them from doing so.” In striking the mandatory 30-day credit linking restriction under 12 CFR section 1026.61(c)(1)(iii), the district court determined that “the Bureau once again reads too much into its general rulemaking authority,” and that neither TILA nor Dodd-Frank vest the Bureau with the authority to promulgate substantive regulations on when consumers can access and use credit linked to prepaid accounts. Moreover, the court deemed the regulatory provision to be a “substantive regulation banning a consumer’s access to and use of credit” under the disguise of a disclosure, and thus invalid.
In its appeal, the Bureau urged the U.S. Court of Appeals for the D.C. Circuit to overturn the district court’s ruling, arguing that both the EFTA and Dodd-Frank authorize the Bureau to promulgate rules governing disclosures for prepaid accounts. “The model-clause provision simply ensures that institutions will always have a surefire way of complying with the statute, even when the Bureau’s regulations do not specify how information should be disclosed,” the CFPB said, stressing that “[n]either that provision nor anything else forecloses—let alone unambiguously forecloses—rules requiring disclosures to present specified content in a specified format so that consumers are better able to find, understand, and compare products’ terms.” The decision to adopt such rules, the Bureau added, is entitled to deference. According to the Bureau, the Prepaid Account Rule “does not make any specific disclosure clauses mandatory,” and companies are permitted to use the provided sample disclosure wording or use their own “substantially similar” wording. Additionally, the Bureau argued, among other things, that “[b]y mandating optional model clauses while remaining silent about content and formatting requirements, Congress did not ‘circumscribe the [agency’s] discretion’ to adopt such requirements.” Instead, the Bureau contended, “whether to adopt content and formatting requirements is left ‘to agency discretion.’” Moreover, the disputed requirements “fit comfortably” within its power to regulate disclosure standards under EFTA and Dodd-Frank, the Bureau argued, adding that the law “authorizes the Bureau to ‘prescribe rules to ensure that the features of any consumer financial product or service … are fully, accurately, and effectively disclosed to consumers.’”
On June 1, the U.S. District Court for the Northern District of California issued a preliminary injunction enjoining a national bank from certain actions in administering prepaid debit cards to class member recipients of Employment Development Department unemployment or disability benefits. Under the terms of the preliminary injunction, the bank is prohibited from “considering the results of [its] initial automated fraud claims filter” when investigating or resolving any alleged unauthorized transaction error claims, or from closing claims or denying credit before conducting an investigation, pursuant to EFTA and Regulation E. Class members are also entitled to a written explanation of investigative findings before the bank can deny or close a claim. Additionally, the bank is, among other things, (i) prohibited from considering the results of its claim fraud filter as justification for freezing the card account of any class member; (ii) required to reopen any claims that were closed or denied “based solely” on results of its claim fraud filter if those claims have not already been paid or previously reopened and investigated; (iii) required to provide written notice to class members with blocked accounts explaining that their accounts will be unblocked if they authenticate their identity; and (iv) establish a process for handing class member claims.
On March 31, the CFPB rescinded, effective April 1, the following policy statements, which provided temporary regulatory flexibility measures to help financial institutions work with consumers affected by the Covid-19 pandemic:
- A March 26, 2020, statement addressing the Bureau’s commitment to taking into account staffing and related resource challenges facing financial institutions related to supervision and enforcement activities.
- A March 26, 2020, statement postponing quarterly HMDA reporting requirements. (Covered by InfoBytes here.)
- A March 26, 2020, statement postponing annual data submission requirements related to credit card and prepaid accounts required under TILA, Regulation Z and Regulation E. (Covered by InfoBytes here.)
- An April 1, 2020, statement on credit reporting agencies and furnishers’ credit reporting obligations under the Fair Credit Reporting Act and Regulation V during the Covid-19 pandemic. The Bureau notes that the rescission “leaves intact the section entitled “Furnishing Consumer Information Impacted by COVID-19” which articulates the CFPB’s support for furnishers’ voluntary efforts to provide payment relief and that the CFPB does not intend to cite in examinations or take enforcement actions against those who furnish information to consumer reporting agencies that accurately reflect the payment relief measures they are employing.” (Covered by InfoBytes here.)
- An April 27, 2020, statement affirming that the Bureau would not take supervisory or enforcement action against land developers subject to the Interstate Land Sales Full Disclosure Act and Regulation J for delays in filing financial statements and annual reports of activity. (Covered by InfoBytes here.)
- A May 13, 2020, statement providing supervision and enforcement flexibility for creditors to resolve billing errors during the pandemic. (Covered by InfoBytes here.)
- A June 3, 2020, statement providing temporary flexibility for credit card issuers regarding electronic provision of certain disclosures during the Covid-19 pandemic in accordance with the E-Sign Act and Regulation Z. (Covered by InfoBytes here.)
The rescission also withdraws the Bureau as a signatory to the April 7, 2020, Interagency Statement on Loan Modifications and Reporting for Financial Institutions Working with Customers Affected by the Coronavirus (covered by InfoBytes here), and the April 14, 2020, Interagency Statement on Appraisals and Evaluations for Real Estate Related Financial Transactions Affected by the Coronavirus (covered by InfoBytes here).
Additionally, the Bureau issued Bulletin 2021-01 announcing changes to how it communicates supervisory expectations to institutions. Bulletin 2021-01 replaces Bulletin 2018-01 (covered by InfoBytes here), which previously created two categories of findings conveying supervisory expectations: Matters Requiring Attention (MRAs) and Supervisory Recommendations (SRs). Under the revised Bulletin, the Bureau notes that examiners “will continue to rely on [MRAs] to convey supervisory expectations” but will no longer issue formal written SRs, as the agency believes that MRAs will more effectively convey its supervisory expectations. The Bulletin further states that “Bureau examiners may issue MRAs with or without a related supervisory finding that a supervised entity has violated a Federal consumer financial law.”
On December 30, the U.S. District Court for the District of Columbia granted a payment company’s motion for summary judgment against the CFPB, vacating two provisions of the agency’s Prepaid Account Rule: (i) the short-form disclosure requirement “to the extent it provides mandatory disclosure clauses”; and (ii) the 30-day credit linking restriction. As previously covered by InfoBytes, the company filed a lawsuit against the Bureau alleging, among other things, that the Bureau’s Prepaid Account Rule exceeds the agency’s statutory authority “because Congress only authorized the Bureau to adopt model, optional disclosure clauses—not mandatory disclosure clauses like the short-form disclosure requirement.” The Bureau countered that it had authority to enforce the mandates under federal regulations, including the Electronic Fund Transfer Act (EFTA), TILA, and Dodd-Frank, arguing that the “EFTA and [Dodd-Frank] authorize the Bureau to issue—or at least do not foreclose it from issuing—rules mandating the form of a disclosure.” The Bureau also claimed that its general rulemaking power under either TILA or Dodd-Frank provides authority for the 30-day credit-linking restriction.
With respect to the mandatory disclosure clauses of the short-form requirement in 12 CFR section 1005.18(b), the court concluded, among other things, that the Bureau acted outside of its statutory authority. The court stated that “Congress underscored the need for flexibility by requiring the Bureau to ‘take account of variations in the services and charges under different electronic fund transfer systems’ and ‘issue alternative model clauses’ for different account terms where appropriate” and it could not “presume—as the Bureau does—that Congress delegated power to the Bureau to issue mandatory disclosure clauses just because Congress did not specifically prohibit them from doing so.”
In striking the mandatory 30-day credit linking restriction under 12 CFR section 1026.61(c)(1)(iii), the court determined that “the Bureau once again reads too much into its general rulemaking authority.” First, the court determined that neither TILA nor Dodd-Frank vest the Bureau with the authority to promulgate substantive regulations on when consumers can access and use credit linked to prepaid accounts. Second, the court deemed the regulatory provision to be a “substantive regulation banning a consumer’s access to and use of credit” under the disguise of a disclosure, and thus invalid.
On March 26, the CFPB announced several regulatory flexibility measures to help financial companies work with consumers affected by Covid-19. Specifically, the measures postpone certain industry data collections on Bureau-related rules. These include:
- HMDA. Quarterly information reporting by certain mortgage lenders as required under HMDA and Regulation C will not be expected during this time. However, entities should continue collecting and recording HMDA data in anticipation of making annual submissions. Entities will be provided information by the Bureau on when and how to commence new quarterly HMDA data submissions. (See statement here.)
- TILA. During this time, annual submissions required under TILA, Regulation Z, and Regulation E “concerning agreements between credit card issuers and institutions of higher education; quarterly submission of consumer credit card agreements; collection of certain credit card price and availability information; and submission of prepaid account agreements and related information” will not be expected. (See statement here.)
- Section 1071. A survey seeking information from financial institutions on the cost of compliance in connection with pending rulemaking on Section 1071 of the Dodd-Frank Act has been postponed. As previously covered by InfoBytes, under the terms of a stipulated settlement resolving a 2019 lawsuit that sought an order compelling the Bureau to issue a final rule implementing Section 1071, the Bureau agreed to outline a proposal for collecting data and studying discrimination in small-business lending.
- PACE Financing. A survey of firms providing Property Assessed Clean Energy (PACE) financing to consumers for the purposes of implementing Section 307 of the Economic Growth, Regulatory Relief, and Consumer Protection Act has been postponed.
- Supervision and Enforcement. The Bureau’s policy statement provides “that it does not intend to cite in an examination or initiate an enforcement action against any entity for failure to submit to the Bureau” specified information related to credit card and prepaid accounts. However, the Bureau’s announcement advises entities to “maintain records sufficient to allow them to make delayed submissions pursuant to Bureau guidance.” With respect to operational challenges facing institutions due to Covid-19, the Bureau states that it will work with institutions when scheduling examinations and other supervisory activities to minimize disruption and burden. “[W]hen conducting examinations and other supervisory activities and in determining whether to take enforcement action, the Bureau will consider the circumstances that entities may face as a result of the [Covid-19] pandemic and will be sensitive to good-faith efforts demonstrably designed to assist consumers,” the announcement states.
On December 11, a payments company filed a lawsuit against the CFPB in the U.S. District Court for the District of Columbia alleging that the Bureau’s Prepaid Account Rule (Rule), which took effect April 1 and provides protections for prepaid account consumers, exceeds the agency’s statutory authority and is “arbitrary and capricious” under the Administrative Procedures Act (APA). The company further asserts that the Rule violates its First Amendment rights by requiring it to make confusing disclosures that contain categories not relevant to the company’s products. According to the complaint, the Rule mandates that the company send “short form” fee disclosures to customers that include references to fees for ATM balance inquiries, customer service, electronic withdrawal, international transactions, and other categories, and “prohibits [the company] from including explanatory phrases within the disclosure box to describe the nature of these fee categories.” These disclosures, the company asserts, have confused many customers who mistakenly believe the company charges fees to access funds stored as a balance with the company, to make a purchase with a merchant, or to send money to friends or family in the U.S. The company also claims that the Bureau erroneously lumped it into the same category as providers of general purpose reloadable cards (GPR cards), and argues that the Rule ignores how prepaid cards fundamentally differ from digital wallets, which has resulted in several unintended consequences.
The company asserts that the Rule is unlawful and invalid under the APA and the Constitution for three principal reasons:
- The Rule contravenes the Bureau’s statutory authority by (i) establishing a mandatory and misleading disclosure regime that is not authorized by federal law; and (ii) “impos[ing] a 30-day ban on consumers linking certain credit cards to their prepaid account—a prohibition the law nowhere authorizes the Bureau to impose.”
- Even if the Bureau possesses the statutory authority it claims to have, the rulemaking process was “fundamentally flawed” due to its one-size-fits-all Rule that misunderstands the different characteristics of digital wallets compared to GPR cards. By treating digital wallets as if they are GPR cards, the Rule violates the APA’s reasoned decision-making requirement. Additionally, the Rule is marked by “an insufficient cost-benefit analysis that failed to properly weigh the limited benefits consumers might derive from the Rule against the costs” stemming from the Rule’s changes.
- The Rule violates the First Amendment by failing to satisfy the heightened standard that a law or regulation “directly advances a substantial government interest” because it requires the company to makes certain disclosures that are irrelevant to its digital wallet product. Moreover, the Rule’s disclosure obligations “functionally impair the speech in which [the company] might otherwise engage” by mandating that it provide confusing and misleading disclosures about the nature of its offerings.
The complaint asks that the Rule be vacated and declared arbitrary, an abuse of discretion, not in accordance with the law, and unconstitutional, and additionally seeks injunctive relief, attorneys’ fees and costs.
On March 7, the FDIC announced that a Delaware-based bank agreed to settle allegations of unfair and deceptive practices in violation of Section 5 of the Federal Trade Commission Act for assessing transaction fees in excess of what the bank previously had disclosed. The FDIC also found that the bank’s practices violated the Electronic Funds Transfer Act, the Truth in Savings Act, and the Electronic Signatures in Global and National Commerce Act. According to the FDIC, from December 2010 through November 2014, the bank overcharged transaction fees to consumers who used prepaid and certain reloadable debit cards to make point-of-sale, signature-based transactions that did not require the use of a personal identification number. The transaction fees allegedly exceeded what the bank had disclosed to consumers. Under the terms of the settlement order, the bank will, among other things, (i) establish a $1.3 million restitution fund for eligible consumers; (ii) prepare a comprehensive restitution plan and retain an independent auditor to determine compliance with that plan; and (iii) provide the FDIC with quarterly written progress reports detailing its compliance with the settlement order. The settlement also requires the bank to pay a civil money penalty of $2 million.
OMB has released the CFPB’s Fall 2017 rulemaking agenda. Although this is the first update to the agenda since Richard Cordray left the agency in November 2017, delays in the publication of rulemaking agendas are common so the updated agenda may not reflect the views of new CFPB leadership. The updated agenda does not appear on the Bureau’s website. Further:
- HMDA & ECOA Amendments: The updated agenda states that the Bureau planned to determine by December 2018 whether to make permanent adjustments to the threshold for reporting open-end lines of credit. However, as discussed in greater detail here, the CFPB stated on December 21 that it intended to engage in a broader rulemaking to (i) re-examine the criteria determining whether institutions are required to report data; (ii) adjust the requirements related to reporting certain types of transactions; and (iii) re-evaluate the required reporting of additional information beyond the data points required by the Dodd-Frank Act.
- Prepaid Cards: The updated agenda states that the CFPB expected to finalize amendments to its rule on prepaid cards in November 2017, but no final amendments have been issued. Instead, on December 21, the CFPB announced its intent to adopt final amendments “soon after the new year” and stated that it expects to extend the April 1, 2018 effective date to allow more time for implementation.
- Debt Collection: The updated agenda states that the CFPB expects to issue a proposed rule in February 2018 “concerning FDCPA collectors’ communications practices and consumer disclosures.” However, on December 14, OMB announced that the CFPB had withdrawn its planned survey regarding debt collection disclosures because “Bureau leadership would like to reconsider the information collection in connection with its review of the ongoing related rulemaking.”
See previous InfoBytes coverage on the HMDA, Prepaid, and Debt Collection rulemaking updates.
Other noteworthy aspects of the updated agenda include:
- Regulation Reviews: The updated agenda reiterates the Bureau’s intent to review the regulations inherited from other agencies and “clarify ambiguities, address developments in the marketplace, and modernize or streamline regulatory provisions.” The updated agenda lists “pre-rule activities” as continuing through February 2018, rather than September 2017 under the prior agenda.
- “Larger Participants” in Installment Lending: Consistent with the prior agenda, the CFPB states that it is preparing a proposed rule to define the “larger participants” in the personal loan market (including consumer installment loans and vehicle title loans) that will be subject to Bureau examinations. The updated agenda also states that the Bureau is still considering “whether rules to require registration of these or other non-depository lenders would facilitate supervision, as has been suggested to the Bureau by both consumer advocates and industry groups.” However, while the prior agenda indicated that a proposal was expected in September 2017, the new agenda lists May 2018.
- Overdrafts: The updated agenda states only that the CFPB is “continuing to engage in additional research and consumer testing initiatives relating to the opt-in process” for overdraft protection and that “pre-rule activities” will continue through this month. Under the prior agenda, pre-rule activities were scheduled to continue through June 2017.
- Small Business Lending: The agenda indicates that the long-delayed implementation of the small business data reporting provisions of the Dodd-Frank Act will be delayed even longer. The last agenda listed “pre-rule activities” as continuing through June 2017, stating that the CFPB “is focusing on outreach and research to develop its understanding of the players, products, and practices in the small business lending market and of the potential ways to implement section 1071.” The new agenda states that these activities will continue until May 2018, after which the Bureau “expects to begin developing proposed regulations concerning the data to be collected, potential ways to minimize burdens on lenders, and appropriate procedures and privacy protections needed for information-gathering and public disclosure.”
- TRID/Know Before You Owe Amendments: The updated agenda lists April 2018 as the expected release date for finalization of the July 2017 proposed rule addressing the “black hole” issue, which is discussed in a Buckley Sandler Special Alert. The prior agenda listed March 2018.
- Mortgage Servicing Amendments: In October 2017, the CFPB issued proposed amendments to the mortgage periodic statement requirements to further address circumstances in which servicers transition between modified and unmodified statements in connection with a consumer’s bankruptcy case. The updated agenda does not provide an expected release date for final amendments.
- Credit Card Agreement Submission: The agenda continues to state that the Bureau is considering rules to modernize its database of credit card agreements to reduce the submission burden on issuers and to make the database more useful for consumers and the general public. The agenda lists “pre-rule activities” as continuing through February 2018. Under the prior agenda, pre-rule activities were scheduled to continue through October 2017.
- Kathryn L. Ryan to host the affiliate members meeting at AARMR’s 2022 Annual Regulatory Conference & Training
- Kathryn L. Ryan and Jedd R. Bellman to discuss “Risk and compliance management: Are you covered?” at a Mortgage Bankers Association webinar
- Melissa Klimkiewicz and Daniel A. Bellovin to discuss “Things to know about flood insurance” at a NAFCU webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Max Bonici will moderate a panel on “Enforcement risk and other regulatory and compliance issues related to crypto and digital assets” at the American Bar Association’s 2022 Annual Meeting
- John R. Coleman to provide a “CFPB Update” at MBA’s 2022 Regulatory Compliance Conference
- Amanda R. Lawrence to discuss “The shifting data privacy and data protection landscape” at MBA’s 2022 Regulatory Compliance Conference
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar