Podcast: Play in new window | Download

On the latest episode of The Bank Account, Jonathan and I discuss the CFPB’s request for comments regarding information about the small business lending market.

Section 1071 of the Dodd-Frank Act amended the Equal Credit Opportunity Act to require financial institutions to compile, maintain and report information concerning credit applications made by women-owned, minority-owned and small businesses.  In connection with this obligation, the Consumer Financial Protection Bureau is now seeking comments to identify, among other things, how to define small business lending, what business lending data is currently easily available, and what kinds of institutions should be obligated to make such reports.

Jonathan and I discuss the need for the depository industry to provide comments in response to this request.

CFPB watchers know that since 2013 customer complaints have been solicited and complaint data has been made available on the CFPB website. January is ubiquitous with New Year’s resolutions (perhaps you’ve already broken all of yours, but hopefully not). It is a great time to review the 2016 customer complaint data and see what the Plaintiffs’ Bar sees about your customers and your institution.

Undoubtedly, in due course, the CFPB has contacted your compliance and legal teams directly about these consumer complaints on an individualized basis. And undoubtedly, you have investigated the issue and provided responsive information to the CFPB and the consumer. Hopefully, each individual customer complaint matter is resolved and closed.

As a class action litigator, however, it is important to highlight that there is more here than just each individual complaint. We are living in an age of big data. The CFPB knows it. Your institution knows it. And, guess what, the Plaintiffs’ Bar knows it. The individual complaints posted to the CFPB database may be only the tip of the iceberg, or the issues may not have been fully resolved.

The CFPB recently issued its newest edition of Supervisory Highlights Mortgage Serving Special Edition, Issue 11 (June 2016).

From a litigator’s perspective, the Supervisory Highlights do more than summarize recent supervisory findings, they also shine a light on future examination and putative class action risks that are emerging. The CFPB is providing key insights into what it believes should be industry standards. Banks and mortgage servicers should read carefully both the specific findings summarized and slightly more subtle clues to evolving future CFPB requirements.  Here are three takeaways on the Highlights from a financial services class action litigator’s perspective:

1. ECOA & Special Servicing Populations Continue to be a Strong CFPB focus.

In section 2, “Our approach to mortgage servicing examinations,” the CFPB uses a fair amount of real estate to highlight ECOA requirements. In fact, the report states clearly “…Supervision will be conducting more comprehensive ECOA Targeted Reviews of mortgage servicers in 2016.” (See Supervisory Highlights, p.5).  The report specifically indicates that the ECOA Baseline Modules in the CFPB Supervision and Examination Manual will be a tool used by CFPB examination teams. Banks and servicers would do well, if you are not already, to consider the modules and how your data may be viewed. The CFPB specifically flags Module IV fair lending risks related to servicing including staff training, monitoring and “servicing those customers with Limited English Proficiency.” (See Supervisory Highlights, p.5, and ECOA Examination Modules). Among the module’s areas of inquiry are: whether personnel who are available for limited English speaking customers receive the same training and have the same authority as do other personnel, and the level(s) of discretion that servicing personnel may have in making loss mitigation decisions and referrals for customers with limited English (including controls to monitor such discretion usage).  The Highlights appear to signal that the CFPB will increase focus on these areas in the coming months. Banks and servicers may wish to re-evaluate their progress and operations capabilities in these areas. As always, the plaintiff’s consumer bar may be watching CFPB pronouncements and enforcement, and may initiate consumer class action(s) asserting such claims.

On June 2, 2016, the CFPB released its long-awaited proposed regulations for payday loans, vehicle title and certain high-cost installment loans.  Comments on the proposed rules must be received on or before September 14, 2016.

While most payday lenders would need to make significant changes to their products and practices under the proposed rules, the final rules could well be delayed though legal challenges in court.  The scope of the proposal is extraordinary, even requiring a new credit reporting system, that would need to be built, to facilitate the ability-to-repay requirements of the proposal.  The CFPB is relying on its authority under the Dodd-Frank UDAAP provisions to issue the rules, which is admittedly very broad, but even that might not be enough to support this ambitious proposal.

Nevertheless, because we cannot predict how courts would ultimately rule on the CFPB’s authority, it’s important to understand the proposed rules, prepare comments, and consider what business model changes might be needed.   This article therefore summarizes the key provisions of the proposal.

On October 30, 2015, the Department of Education issued regulations to impose requirements on the marketing and terms of deposit and prepaid accounts offered to students at educational institutions that participate in Federal student aid programs. According to the DOE, the regulations are intended to ensure that students have convenient access to their title IV, Higher Education Act program funds, do not incur unreasonable and uncommon account fees on their title IV funds, and are not led to believe that they must open a particular financial account to receive Federal student aid. Most of these new rules take effect on July 1, 2016.

On December 16, the CFPB published a Safe Student Account Toolkit “to help colleges evaluate whether to co-sponsor a prepaid or checking account with a financial institution.” The Toolkit includes a Scorecard that can be used by schools when selecting a third-party vendor for student accounts and an Administrator Handbook designed to help school administrators gather relevant information to review, compare and evaluate accounts offered by different financial institutions.

The CFPB’s Toolkit provides guidance on the new DOE regulations, but with a focus on those provisions that are designed to protect students. The CFPB can bring and has brought enforcement actions against colleges under federal consumer protection laws. Their issuing of the Toolkit should be understood as a warning that they also will be enforcing the consumer protection portions of the DOE rules, though perhaps under their unfair, deceptive and abusive practices statute.

On November 23, 2015, the CFPB issued a Bulletin alerting companies that they must obtain proper authorization from consumers before automatically debiting their accounts. The Bulletin relates to the Electronic Fund Transfer Act requirements for “preauthorized electronic fund transfers,” which are EFTs scheduled in advance to recur at substantially regular intervals. The preauthorized EFTs in the CFPB’s spotlight are those that debit a consumer’s account.

Regulation E of the EFTA provides that preauthorized EFTs from a consumer’s account must be authorized by a “writing signed or similarly authenticated by the consumer.” The authorization must be readily identifiable as such and have clear terms, and the person obtaining that authorization must provide a copy to the consumer. It’s important to keep in mind that these are two separate requirements. The Bulletin clarifies how a company can obtain the consumer’s authorization, and describes the critical elements of that authorization, but leaves unanswered certain questions about delivering a copy of the authorization to the consumer when it is obtained by telephone.

Content of the Authorization

As noted above, the consumer’s authorization must be readily identifiable as such and must have clear terms. The Bulletin states that companies sometimes provide consumers with notices of terms for preauthorized EFTs that fail to disclose “critical information.” The CFPB explains that the authorization must be clear as to the recurring nature of the transfers and the amount and timing of the payments agreed to. Of course the authorization also needs to identify the consumer and the account to be charged. Regardless of how the consumer’s authorization is obtained, which is discussed below, all of this information needs to be in the authorization and in the copy provided to the consumer.

Invoking memories of Apple’s famed 1984 Superbowl commercial, a group called the American Action Network aired an anti-CFPB spot during last night’s Republican presidential debate. If nothing else, the spot should encourage further discussion of the role and impact of the Consumer Financial Protection Bureau.

The spot certainly portrays the CFPB in an evil light that is sure to please many in the banking industry, but its broader impact is less certain. A well-written piece by the American Banker offers several reasons why the ad could backfire, not the least of which is the hyperbolic nature of (and shortcuts taken by) the spot.

And former FDIC Chair Sheila Bair seems to agree.

@ABWashBureau Not smart. This will solidify CFPB supporters and imply GOP is anti-consumer, which it isn't.

— Sheila Bair (@SheilaBair2013) November 10, 2015

On October 8, 2015, the CFPB announced new “Guidance About Marketing Services Agreements,” publishing a Compliance Bulletin on the subject of RESPA Compliance and Marketing Services Agreements.  The Bulletin is lacking in clear “guidance,” at least in the sense of outlining regulatory standards, but it does provide an unequivocal warning that marketing services agreements (MSAs) in the mortgage industry are much less likely to pass regulatory scrutiny than in the past.

The CFPB expresses “grave concerns” about the use of MSAs to evade the requirements of RESPA, and they note that certain mortgage industry participants have already stopped entering into MSAs given the RESPA compliance burdens.  To ensure that the industry is getting the message, they warn that careful consideration of the legal and compliance risks “would be in order” for all industry participants, especially in light of the increase in whistleblower complaints under RESPA.

Every MSA must comply with the RESPA Section 8 prohibition on the payment or receipt of any fee, kickback or other “thing of value” for the referral of mortgage loan or other “settlement services” business.  However, compensation for goods or facilities actually furnished or services actually performed is permissible under Section 8, at least so long as the compensation reflects the fair market value of the goods, facilities or services.  The industry has long attempted to rely on this exception for the payments for services actually performed as a means to avoid Section 8 violations.  This has usually worked in the past, but it’s going to be much harder to make this work in the future.

The CFPB has issued another enforcement action exceeding the half-billion dollar mark against a large bank for its add-on product offerings. Citibank and its subsidiaries were penalized for alleged deceptive marketing, unfair billing and deceptive debt collection involving its credit card add-on products and services. This marks the tenth public enforcement action that the CFPB has announced for practices associated with marketing or administering add-on products in its four-year history.

As part of the settlement Citi was ordered to pay $700 million in restitution to about 8.8 million consumers who were impacted by the add-on product offerings. The company also must pay the CFPB a $35 million civil penalty. Further, the Bank was required to end alleged unfair billing practices and submit a compliance plan to the CFPB before continuing to market any add-on products by telephone or point of sale, or attempting to retain add-on product customers by telephone.

In the 57-page order the CFPB refers to an add-on product as “any consumer financial product or service…offered to Cardholders as an optional addition to credit card accounts issued by [Citibank].” The CFPB put several of Citibank’s add-ons at issue, which were for consumer services such as such as debt cancellation or deferral products, credit monitoring or credit report retrieval services, and services to notify credit and debit card issuers when a consumer reports cards lost or stolen.

Digging a tunnel for a mile so that El Chapo could slip into the shaft through his shower and disappear from a high security Mexican prison is something you might expect a Hollywood screenwriter to come up with. Is it any more remarkable though than a cyber-criminal reaching all of the way around the world to try and slip into a bank’s or a customer of the bank’s computer system in order to initiate a wire transfer?

We live at a time when individuals and criminal gangs can reach across oceans and national boundaries to try and initiate unauthorized transfers of funds. Bankers understand that this is a hot topic and that the risk of cyber-fraud is what is currently keeping  regulators awake at night. While a great deal of attention is now being focused on how to keep cyber criminals out of the bank, recent attacks on various public and private institutions illustrates the complexity of denying malefactors access.

In such an environment, bankers look to various risk management strategies including insurance coverage in the event a breach occurs. The first question many banks raise is about their existing insurance coverage Are we already covered under any of the myriad of existing policies we are required to maintain? For example, what about our general liability coverage? While there may be some exceptions, the typical general liability insurance policy that banks have traditionally purchased oftentimes contains an exclusion for losses incurred by data breaches or intrusions to bank networks. If your existing policy does not currently contain such an exclusion it is highly likely that on your next renewal the exclusion will be included. Thus, it is important for bankers to not only understand what their existing policy does or does not cover but also where industry trends are headed.