Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB releases 2022 rural or underserved counties lists

    Agency Rule-Making & Guidance

    Recently, the CFPB released its annual lists of rural counties and rural or underserved counties for lenders to use when determining qualified exemptions to certain TILA regulatory requirements. In connection with these releases, the Bureau also directed lenders to use its web-based Rural or Underserved Areas Tool to assess whether a rural or underserved area qualifies for a safe harbor under Regulation Z.

    Agency Rule-Making & Guidance CFPB Underserved TILA Regulation Z

    Share page with AddThis
  • CFPB issues guidance on medical debt covered by the NSA

    Federal Issues

    On January 13, the CFPB released a new Bulletin to remind debt collectors and credit reporting agencies (CRAs) of their legal obligations under the FDCPA and the FCRA when collecting, furnishing information about, and reporting medical debts covered by the No Surprises Act (NSA). Effective for plan years beginning on or after January 1, 2022, the NSA establishes new federal protections against surprise medical bills arising out of certain out-of-network emergency care. The CFPB notes that medical debt often poses special risks to consumers as consumers are “rarely informed of the costs of medical treatment in advance” and are “generally ill suited to the task of identifying [medical] billing errors.” Specifically, the Bulletin reminds debt collectors of the FDCPA prohibition against “false representation of the ‘character, amount, or legal status of any debt’” and the use of any “unfair or unconscionable means to collect or attempt to collect any debt.” According to the Bulletin, these would include “misrepresenting that a consumer must pay a debt stemming from a charge that exceeds the amount permitted by the [NSA].” The Bulletin also reminded debt collectors, as furnishers of information to CRAs, and the CRAs themselves of their obligations under the FCRA to assure the accuracy of information furnished or included in a consumer report, as well as to “conduct reasonable and timely investigations of consumer disputes to verify the accuracy of furnished information.” The Bulletin clarified that the accuracy and dispute obligations imposed by the FCRA “apply with respect to debts stemming from charges that exceed the amount permitted” by the NSA. The Bulletin further offered several examples of acts or practices that may be violative of the FDCPA and/or the FCRA in connection with medical debt covered by the NSA. According to the Bulletin, the CFPB “will hold debt collectors accountable for failing to comply with the FDCPA and Regulation F, and it will hold CRAs and furnishers accountable for failing to comply with the FCRA and Regulation V.” The Bureau also noted that it “will continue to work with the U.S. Department of Health and Human Services and other partners to address medical debt abuses.”

    Federal Issues CFPB FCRA FDCPA Regulation V Credit Reporting Agency No Surprises Act Debt Collection

    Share page with AddThis
  • FCC proposes new reporting on telecom data breaches

    Federal Issues

    On January 12, the FCC announced that it shared, among the FCC staff, a notice of proposed rulemaking (NPRM) to strengthen the rules for notifying consumers and federal law enforcement of breaches of customer proprietary network information. According to the FCC, the NPRM “would better align the Commission’s rules with recent developments in federal and state data breach laws covering other sectors,” and “further advances the FCC’s efforts to ensure its rules keep pace with evolving cybersecurity threats and to protect consumers in the face of today’s challenges.” The NPRM outlines certain updates to current FCC rules that address telecommunications carriers’ breach notification requirements, including: (i) “[e]liminating the current seven business day mandatory waiting period for notifying customers of a breach”; (ii) “[e]xpanding customer protections by requiring notification of inadvertent breaches”; and (iii) “[r]equiring carriers to notify the Commission of all reportable breaches in addition to the FBI and U.S. Secret Service.” The NPRM solicits feedback regarding whether the FCC should require customer breach notices to include specific categories of information “to help ensure they contain actionable information useful to the consumer.” According to FCC Chairwoman Jessica Rosenworcel, current laws “need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected consumers.”

    Federal Issues Privacy/Cyber Risk & Data Security FCC Data Breach Agency Rule-Making & Guidance

    Share page with AddThis
  • CFPB reports on NCRA’s complaint responsiveness

    Federal Issues

    On January 5, the CFPB released a report, pursuant to Section 611(e)(5) of the FCRA, on information gathered by the Bureau on certain consumer complaints transmitted by the Bureau to the three largest nationwide consumer reporting agencies (NCRAs). According to the report, the CFPB received over 800,000 credit or consumer reporting complaints between January 2020 to September 2021, and of the complaints, over 700,000 were submitted about the same three NCRAs discussed in the report. According to the Bureau, complaints submitted about the NCRAs accounted for over 50 percent of all complaints received by the Bureau in 2020 and over 60 percent in 2021. The Bureau’s analysis revealed that consumers submitted more complaints in each complaint session and are increasingly returning to the Bureau’s complaint process, with a significant amount of complaints regarding inaccurate information on their credit and consumer reports. The CFPB found that the NCRAs reported relief in less than 2 percent of complaints, which is down from approximately 25 percent of complaints in 2019. Additionally, consumers most frequently complained that the inaccurate information belongs to other individuals, and consumers often described being victims of identity theft. The Bureau, in addition to pointing out how the NCRAs are “fail[ing] to meet [their] statutory obligations” under the FCRA, also noted that medical debts are an “unnavigable quagmire” and needs to be addressed. It reported that the NCRAs “do not take available steps to distinguish between complaints authorized by the consumer and those not authorized by the consumer.” The Bureau also mentioned issues that consumers face when attempting to dispute information on their credit reports, such as, among other things: (i) unsuccessfully disputing information in a timely manner; (ii) frequently expending resources to correct inaccuracies; and (iii) and finding themselves caught between furnishers and NCRAs when attempting to resolve disputes. Other highlights of the report include noting that the NCRA rely “heavily” on utilizing template responses to complaints, despite having 60 days to respond, and that two of the NCRAs mentioned in the report do not give “substantive responses to consumers’ complaints if they suspected that a third-party was involved in submitting a complaint.”

    Federal Issues CFPB Consumer Finance Consumer Reporting Agency Credit Furnishing FCRA

    Share page with AddThis
  • SEC issues multiple whistleblower awards


    On January 10, the SEC announced that it awarded whistleblowers nearly $4 million for providing information and assistance in two separate investigations. According to the first redacted order, the whistleblower, who reported internally prior to reporting to the SEC, provided significant new information during an existing investigation that alerted the SEC to misconduct occurring overseas and permitted SEC staff to develop an efficient investigative plan to discover the full extent of the violations. The whistleblower received approximately $2.6 million. In the second redacted order, the SEC issued approximately $1.5 million to joint whistleblowers for providing substantial ongoing assistance throughout the investigation, such as by consulting telephonically with SEC staff and providing information about key witnesses, which led to the success of the investigation.

    Earlier on January 6, the SEC announced that it awarded a whistleblower nearly $13 million for providing information and assistance that led to an investigation and successful SEC enforcement action. According to the redacted order, the whistleblower voluntarily provided original information to the Commission by meeting in person and helping SEC staff understand the mechanics of the fraudulent scheme, which enabled the Commission to stop an ongoing fraud, minimize investor losses, and return tens of millions of dollars to harmed investors.

    The SEC has awarded approximately $1.2 billion to 241 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Enforcement Investigations

    Share page with AddThis
  • OFAC sanctions Nicaraguan officials connected to Ortega-Murillo regime

    Financial Crimes

    On January 10, the U.S. Treasury Department’s Office of Foreign Assets Control announced sanctions pursuant to Executive Order 13851 against six Nicaraguan government officials. The sanctions, taken in conjunction with EU sanctions adopted the same date, relate to Nicaraguan President Daniel Ortega and Vice President Rosario Murillo’s regime’s ongoing “subjugation of democracy through effectuating sham elections, silencing peaceful opposition, and holding hundreds of people as political prisoners.” Complementing OFAC’s actions, the State Department “impose[d] visa restrictions on individuals complicit in undermining democracy in Nicaragua, including mayors, prosecutors, and university administrators, as well as police, prison, and military officials.” As a result of the sanctions, all property and interests in property of the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more in the aggregate by one or more of such persons are also blocked.”

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations SDN List EU Department of State

    Share page with AddThis
  • OFAC published FAQs on Belarus, Ukraine-/Russia-related, and Venezuela-related sanctions programs

    Financial Crimes

    On January 7, the U.S. Treasury Department’s Office of Foreign Assets Control published a new FAQ 956 regarding Belarus, Ukraine-/Russia-related, and Venezuela-related sanctions programs, which prohibit U.S. persons from dealing in certain new debts (such as bonds, loans, drafts, loan guarantees, or letters of credit) of certain identified persons in these countries. The FAQ provides additional guidance on how OFAC views modifications to pre-existing loans, contracts, or other agreements to replace LIBOR as the reference rate. According to the FAQ, “[l]oans, contracts, or other agreements that use LIBOR as a reference rate that are modified to replace such benchmark reference rate will not be treated as new debt for OFAC sanctions purposes, so long as no other material terms of the loan, contract, or agreement are modified.”

    Financial Crimes OFAC LIBOR Department of Treasury OFAC Sanctions Belarus Ukraine Russia Of Interest to Non-US Persons

    Share page with AddThis
  • DFPI enters into a settlement with a rent-to-own furniture provider

    State Issues

    On January 10, the California Department of Financial Protection and Innovation (DFPI) announced a settlement with a Los Angeles-based rent-to-own furniture provider for allegedly failing to comply with the Karnette Rental-Purchase Act (Karnette Act) in connection with its subscription agreements. This settlement constitutes the first action against a rent-to-own firm for violating the California Consumer Financial Protection Law (CCFPL). According to the settlement, in addition to charging excessive late fees, the company failed to: (i) disclose whether the property subject to the rental-purchase agreement is new or used; (ii) clearly and conspicuously provide the Karnette Act’s mandated contractual disclosures; and (iii) adhere to the Karnette Act’s prescribed formula for calculating the maximum cash price, among other things. As part of the settlement, the company must desist and refrain from violating the CCFPL, refund customers late fee overcharges, offer its rent-to-own products and services in compliance with the Karnette Act and applicable consumer laws, and report on its activities semi-annually to the DFPI. According to DFPI Commissioner Clothilde V. Hewlett, the consent order “reminds California businesses and consumers that the DFPI will be exercising its expanded authority under the new law.”

    State Issues DFPI State Regulators California Settlement CCFPL Rent-to-Own Enforcement

    Share page with AddThis
  • District Court denies plaintiff’s motion to remand FDCPA


    On December 22, the U.S. District Court for the Northern District of California denied a plaintiff’s motion to remand, ruling that a default judgment allegedly obtained fraudulently in an underlying collection lawsuit qualifies as a concrete injury in fact to the plaintiff in an FDCPA suit. According to the order, the plaintiff sued the defendants, a process server and its employee, for fraudulently certifying that service of process had been made to the plaintiff in a state debt collection action and obtaining a default judgment against the plaintiff as a result, which the plaintiff described as engaging in the practice of “sewer service.” The plaintiff sued the defendants in state court and the action was removed to federal court by the defendants. The plaintiff filed a motion to remand for lack of standing, claiming that his complaint “does not sufficiently allege a concrete harm to confer [Article III] standing to Plaintiff” because the complaint “solely asserts a bare procedural violation of the [FDCPA].” While “Article III requires plaintiff to show ‘(i) that he suffered an injury in fact that is concrete, particularized, and actual or imminent; (ii) that the injury was likely caused by the defendant; and (iii) that the injury would likely be redressed by judicial relief,’” the court noted that the plaintiff’s argument “focuses only on the ‘concreteness’ of the ‘injury in fact.’” Applying the U.S. Court of Appeals for the Ninth Circuit’s two-step framework for determining whether a statutory violation is a “concrete” harm, and considering the U.S. Supreme Court’s decision in TransUnion LLC v. Ramirez decision (covered by InfoBytes here), the court found that the plaintiff’s complaint sufficiently alleged a “concrete” injury in fact for alleged violations of the FDCPA arising from alleged sewer service.

    Specifically, the court indicated that the 9th Circuit’s first step requires the court “‘[t]o identify the interests protected by the FDCPA’ by examining the ‘[h]istorical practice’ and the ‘legislative judgment’ underlying the provisions at issue’” and determine whether “the FDCPA ‘provisions at issue were established to protect the plaintiff’s concrete interests.’” Although the defendants failed to identify any historical or common-law practices, the court found that legislative history of the FDCPA indicates that Congress enacted the statute to protect consumers from abusive collection practices, which include engaging in sewer service. The court further cited to district courts’ decisions concluding that “the ‘FDCPA codifies Plaintiff's concrete interest in being free from abusive debt collection practices.’” Turning to step two of the 9th Circuit’s framework, the court considered whether the sewer service allegations present a material risk of harm that had materialized and “actually harm[ed] Plaintiff’s interests under the FDCPA.” The court found that the “Complaint sufficiently allege[d] that the risk of harm to Plaintiff’s concrete interests materialized” because the “Complaint plead[ed] that the fraudulent proof of service specifically targeted Plaintiff, advanced the state debt collection action against Plaintiff to a stage where default judgment was pending, and caused Plaintiff to obtain legal representation to defend Plaintiff in the state debt collection action [which] do more than present a ‘risk of harm’ to Plaintiff’s interests under step two.” On this basis, the court denied the plaintiff’s motion to remand the action.

    Courts FDCPA California Debt Collection Ninth Circuit Appellate U.S. Supreme Court

    Share page with AddThis
  • CFPB updates Mortgage Origination Examination Procedures

    Agency Rule-Making & Guidance

    On December 22, the CFPB updated its Mortgage Origination Examination Procedures to reflect amendments to Regulation Z’s Qualified Mortgage (QM) provisions. The Mortgage Origination Examination Procedures address various elements of the mortgage origination process and provide guidance for examinations of mortgage brokers and mortgage lenders. As previously covered by InfoBytes, last April the Bureau issued a final rule extending the mandatory compliance date of the General QM final rule to October 1, 2022. By extending the mandatory compliance date, lenders will now have the option of complying with either the revised General QM definition or the original DTI-based General QM definition on applications received on or after March 1, but prior to October 1, 2022. 

    Agency Rule-Making & Guidance Federal Issues CFPB Mortgages Mortgage Origination Examination Qualified Mortgage Regulation Z

    Share page with AddThis