On October 30, 2015, the Department of Education issued regulations to impose requirements on the marketing and terms of deposit and prepaid accounts offered to students at educational institutions that participate in Federal student aid programs. According to the DOE, the regulations are intended to ensure that students have convenient access to their title IV, Higher Education Act program funds, do not incur unreasonable and uncommon account fees on their title IV funds, and are not led to believe that they must open a particular financial account to receive Federal student aid. Most of these new rules take effect on July 1, 2016.

On December 16, the CFPB published a Safe Student Account Toolkit “to help colleges evaluate whether to co-sponsor a prepaid or checking account with a financial institution.” The Toolkit includes a Scorecard that can be used by schools when selecting a third-party vendor for student accounts and an Administrator Handbook designed to help school administrators gather relevant information to review, compare and evaluate accounts offered by different financial institutions.

The CFPB’s Toolkit provides guidance on the new DOE regulations, but with a focus on those provisions that are designed to protect students. The CFPB can bring and has brought enforcement actions against colleges under federal consumer protection laws. Their issuing of the Toolkit should be understood as a warning that they also will be enforcing the consumer protection portions of the DOE rules, though perhaps under their unfair, deceptive and abusive practices statute.

On November 23, 2015, the CFPB issued a Bulletin alerting companies that they must obtain proper authorization from consumers before automatically debiting their accounts. The Bulletin relates to the Electronic Fund Transfer Act requirements for “preauthorized electronic fund transfers,” which are EFTs scheduled in advance to recur at substantially regular intervals. The preauthorized EFTs in the CFPB’s spotlight are those that debit a consumer’s account.

Regulation E of the EFTA provides that preauthorized EFTs from a consumer’s account must be authorized by a “writing signed or similarly authenticated by the consumer.” The authorization must be readily identifiable as such and have clear terms, and the person obtaining that authorization must provide a copy to the consumer. It’s important to keep in mind that these are two separate requirements. The Bulletin clarifies how a company can obtain the consumer’s authorization, and describes the critical elements of that authorization, but leaves unanswered certain questions about delivering a copy of the authorization to the consumer when it is obtained by telephone.

Content of the Authorization

As noted above, the consumer’s authorization must be readily identifiable as such and must have clear terms. The Bulletin states that companies sometimes provide consumers with notices of terms for preauthorized EFTs that fail to disclose “critical information.” The CFPB explains that the authorization must be clear as to the recurring nature of the transfers and the amount and timing of the payments agreed to. Of course the authorization also needs to identify the consumer and the account to be charged. Regardless of how the consumer’s authorization is obtained, which is discussed below, all of this information needs to be in the authorization and in the copy provided to the consumer.

Invoking memories of Apple’s famed 1984 Superbowl commercial, a group called the American Action Network aired an anti-CFPB spot during last night’s Republican presidential debate. If nothing else, the spot should encourage further discussion of the role and impact of the Consumer Financial Protection Bureau.

The spot certainly portrays the CFPB in an evil light that is sure to please many in the banking industry, but its broader impact is less certain. A well-written piece by the American Banker offers several reasons why the ad could backfire, not the least of which is the hyperbolic nature of (and shortcuts taken by) the spot.

And former FDIC Chair Sheila Bair seems to agree.

@ABWashBureau Not smart. This will solidify CFPB supporters and imply GOP is anti-consumer, which it isn't.

— Sheila Bair (@SheilaBair2013) November 10, 2015

On October 8, 2015, the CFPB announced new “Guidance About Marketing Services Agreements,” publishing a Compliance Bulletin on the subject of RESPA Compliance and Marketing Services Agreements.  The Bulletin is lacking in clear “guidance,” at least in the sense of outlining regulatory standards, but it does provide an unequivocal warning that marketing services agreements (MSAs) in the mortgage industry are much less likely to pass regulatory scrutiny than in the past.

The CFPB expresses “grave concerns” about the use of MSAs to evade the requirements of RESPA, and they note that certain mortgage industry participants have already stopped entering into MSAs given the RESPA compliance burdens.  To ensure that the industry is getting the message, they warn that careful consideration of the legal and compliance risks “would be in order” for all industry participants, especially in light of the increase in whistleblower complaints under RESPA.

Every MSA must comply with the RESPA Section 8 prohibition on the payment or receipt of any fee, kickback or other “thing of value” for the referral of mortgage loan or other “settlement services” business.  However, compensation for goods or facilities actually furnished or services actually performed is permissible under Section 8, at least so long as the compensation reflects the fair market value of the goods, facilities or services.  The industry has long attempted to rely on this exception for the payments for services actually performed as a means to avoid Section 8 violations.  This has usually worked in the past, but it’s going to be much harder to make this work in the future.

The CFPB has issued another enforcement action exceeding the half-billion dollar mark against a large bank for its add-on product offerings. Citibank and its subsidiaries were penalized for alleged deceptive marketing, unfair billing and deceptive debt collection involving its credit card add-on products and services. This marks the tenth public enforcement action that the CFPB has announced for practices associated with marketing or administering add-on products in its four-year history.

As part of the settlement Citi was ordered to pay $700 million in restitution to about 8.8 million consumers who were impacted by the add-on product offerings. The company also must pay the CFPB a $35 million civil penalty. Further, the Bank was required to end alleged unfair billing practices and submit a compliance plan to the CFPB before continuing to market any add-on products by telephone or point of sale, or attempting to retain add-on product customers by telephone.

In the 57-page order the CFPB refers to an add-on product as “any consumer financial product or service…offered to Cardholders as an optional addition to credit card accounts issued by [Citibank].” The CFPB put several of Citibank’s add-ons at issue, which were for consumer services such as such as debt cancellation or deferral products, credit monitoring or credit report retrieval services, and services to notify credit and debit card issuers when a consumer reports cards lost or stolen.

Digging a tunnel for a mile so that El Chapo could slip into the shaft through his shower and disappear from a high security Mexican prison is something you might expect a Hollywood screenwriter to come up with. Is it any more remarkable though than a cyber-criminal reaching all of the way around the world to try and slip into a bank’s or a customer of the bank’s computer system in order to initiate a wire transfer?

We live at a time when individuals and criminal gangs can reach across oceans and national boundaries to try and initiate unauthorized transfers of funds. Bankers understand that this is a hot topic and that the risk of cyber-fraud is what is currently keeping  regulators awake at night. While a great deal of attention is now being focused on how to keep cyber criminals out of the bank, recent attacks on various public and private institutions illustrates the complexity of denying malefactors access.

In such an environment, bankers look to various risk management strategies including insurance coverage in the event a breach occurs. The first question many banks raise is about their existing insurance coverage Are we already covered under any of the myriad of existing policies we are required to maintain? For example, what about our general liability coverage? While there may be some exceptions, the typical general liability insurance policy that banks have traditionally purchased oftentimes contains an exclusion for losses incurred by data breaches or intrusions to bank networks. If your existing policy does not currently contain such an exclusion it is highly likely that on your next renewal the exclusion will be included. Thus, it is important for bankers to not only understand what their existing policy does or does not cover but also where industry trends are headed.

Litigators often talk to clients about the power of judges and juries. The first Decision of Director issued by CFPB’s Richard Cordray should give counselors and clients alike pause. Pause first because of the ultimate outcome ($109 million disgorgement) and interpretations of RESPA offered. And pause second (perhaps more importantly) because of the focused perspectives announced by the Director and their potential to activate others. With all due respect to the Director and the administrative appeal process, the Director clearly is taking advantage of this opportunity to make known his beliefs. Like a jury or a judge he is meting out justice the way he sees fit. What is fascinating, just like polling a jury after the verdict, is looking for the perspectives which drove the result. The Decision presents yet another glimpse of the Director who now shapes not just CFPB supervision and examination, but also may shape going forward the theories asserted by the plaintiffs’ class action bar.

Many are digesting the Decision and Order (2014-CFPB-0002, June 4, 2015). Here, I will not quote chapter and verse, nor will I analyze the overarching regulatory construct of the administrative appeals process which enabled the Decision. Those whose legal work touches financial services institutions should review the Decision themselves. It is the first. It is public. And it has impact. Each of us can draw our own conclusions. Some will see a righteous vision of justice and others may see, at best, the unintended consequences of concentrated partisan power.

Food for thought: We all may want to consider the impact the Decision could have on how financial institutions ought to assess their business operations and how such institutions may be able to justify those operations and defend themselves in court or before an administrative tribunal.

In a recent press release, the CFPB announced a public inquiry into student loan servicing.  The CFPB is seeking information about: “industry practices that create repayment challenges, hurdles for distressed borrowers and economic incentives that may affect the quality of service.”  According to the CFPB, student loans account for the nation’s second largest consumer debt market.  The agency states there are more than 40 million federal and private student loan borrowers and those consumers owe more than $1.2 trillion.  About $240 billion in such loans are either in default or forebearance.

The CFPB is acting because of numerous borrower complaints about their loan servicers.  Complaints include billing problems associated with payment posting, prepayments and partial payments.  Borrowers have stated that payments have been processed in ways that make their borrowing more expensive.  Servicers are also accused of losing records and slow response times to fix errors.  The CFPB thinks student loan servicers fail to provide adequate customer service because they are typically paid a flat fee for each loan so they have no incentive to maintain high standards of serving.

Unlike credit card and mortgage servicers, no comprehensive system for overseeing the student loan servicing industry currently exists, according to the CFPB.  Given the CFPB’s penchant for promulgating more and more regulations, we believe this heightened scrutiny by the CFPB will lead to numerous new regulations affecting the student loan servicing industry.

In two recent posts on BryanCavePayments.com, Bryan Cave attorneys have addressed new developments related to the CFPB’s efforts to regulate payday lenders through their banking relationships as well as statements from New York’s top banking regulators suggesting that bank executives should be held personally liable for anti-money laundering violations.

On April 1st (but unfortunately not part of any April Fools joke), John Reveal published a post on the CFPB’s efforts against payday lenders.

In May 2014, the Department of Justice (DOJ) and the FDIC were criticized by the U.S. House of Representatives’ Committee on Oversight and Government Reform in May 2014 Report for using the DOJ’s “Operation Choke Point” to force banks out of providing services to payday lenders and other “lawful and legitimate merchants”. The Committee’s report noted, among other things, that the DOJ was inappropriately demanding, without legal authority, that “bankers act as the moral arbiters and policemen of the commercial world”.

Now the CFPB has announced that it is considering rules that would end “payday debt traps”.  At least the CFPB is following standard regulatory processes in doing so rather than trying to regulate payday lenders by punishing their bankers.  The CFPB’s announcement, published March 26, 2015 (available here), outlines its proposals in preparation for convening a Small Business Review Panel to gather feedback from small lenders, which the CFPB refers to as “the next step in the rulemaking process”.

The CFPB’s proposal considers payday loans, deposit advance products, vehicle title loans, and certain other loans, and includes separate proposals for loans with maturities of 45 days or less, and for longer-term loans.  Broadly speaking, the CFPB is considering two different approaches – prevention and protection – that lenders could choose from.

You can read the rest of John’s post here.

You might have seen it this March in the New York Times: an article about American troops having their vehicles repossessed by auto lenders while on active duty, and the troops being unable to fight repossession in court because of mandatory arbitration clauses  in their lending contracts.

The poignant story on vets and car repossession is just one piece in the ongoing discussion about what actions the CFPB will take regarding provisions in consumer contracts limiting the consumer to arbitration in the event of a future dispute, referred to as “pre-dispute arbitration clauses.” Under Section 1028 of Dodd-Frank, the CFPB was required to conduct a study on use of arbitration clauses in connection with offering consumer financial products and services. If, through study, the CFPB finds that prohibiting or limiting the clauses in agreements between market participants it regulates and consumers “is in the public interest and for the protection of consumers,” it can impose regulations to that effect. Further, Section 1414 of Dodd-Frank already prohibits pre-dispute arbitration clauses in mortgage contracts.

With the CFPB recently releasing its final, 728-page arbitration study finding that arbitration agreements “limit relief for consumers,” indications are that the CFPB will conduct some rulemaking to curtail, or at least significantly limit, them in the consumer financial product market, and likely over industry objections. The study, which began in April 2012 and was followed by a preliminary report released in December 2013 before the final report was published, involved analysis of data from consumer contracts and the courts regarding the resolution of consumer disputes.