Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events


Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • CFPB Succession: Senators express concern over CFPB’s investigation into data breach; Otting praises Mulvaney; & more

    Federal Issues

    On February 7, a bipartisan group of 32 senators wrote to the CFPB expressing concerns over reports that the Bureau may have halted an investigation into a large credit reporting agency’s significant data breach. The letter requests specific information related to agency’s oversight over the issue, such as, (i) whether the CFPB has stopped an on-going investigation into the data breach and if so, why; (ii) whether the CFPB intends to conduct on-site exams of the credit reporting agency at issue; and (iii) if an investigation is on-going, details related to the steps taken in that investigation. Additionally, on February 6, during a House Financial Services Committee hearing on the Financial Stability Oversight Council (FSOC), Representative David Scott, D-Ga., addressed rumors that the CFPB has scaled back its investigation of a large credit reporting agency’s significant data breach. In response to Scott, Treasury Secretary Steven Mnuchin noted that, while he has not done so yet, he intends to discuss the matter with acting Director Mulvaney and at FSOC. According to reports, a spokesperson for the Bureau noted that Mulvaney takes data security issues “very seriously” but that the Bureau does not comment on open enforcement or supervisory matters. It has also been reported that the CFPB may be deferring to the FTC’s on-going investigation.

    Comptroller of the Currency, Joseph Otting, issued a statement on February 6 after meeting with Mulvaney about ways the CFPB and the OCC can work together to pursue each agency’s mission. Otting praised Mulvaney’s leadership of the agency and noted that the recent announcements regarding HMDA compliance and the payday rule reconsideration have “helped to reduce the burden on the banking system.” (Previously covered by InfoBytes here and here).

    On the same day, the CFPB announced that Kirsten Sutton Mork was selected as the new chief of staff for the agency. Mork had been serving as staff director of the House Financial Services Committee under Chairman Jeb Hensarling, R-Texas. Leandra English previously held the role of chief of staff, prior to her appointment as deputy director in late November. English’s litigation against the appointment of Mulvaney as acting director continues with the U.S. Court of Appeals for the D.C. Circuit and oral arguments have been set for April 12.   

    Federal Issues CFPB Succession Credit Rating Agencies Enforcement CFPB HMDA Payday Lending

    Share page with AddThis
  • Credit Reporting Agencies Must Comply With Emergency Regulations

    Privacy, Cyber Risk & Data Security

    On Tuesday, New York State adopted emergency regulations intended to “provide consumers with the means to protect themselves against identity theft” and assist those consumers who have fallen victim to such theft.  The New York Department of State’s Division of Consumer Protection (the Division), which has the authority to promulgate rules and regulations related to consumer protection activities of all state agencies, announced the adoption of regulations as part of its Identify Theft Prevention and Mitigation Program (the Program). In a press release issued December 12 by the office of New York Governor Andrew M. Cuomo, the regulations will require consumer credit reporting agencies to comply with the following, among other things:

    • provide responses within 10 days to information requests made by the Division when investigating, mediating, or mitigating a consumer’s identity theft complaint;
    • identify dedicated points of contact to assist the Division’s effective administering of the program;
    • make available to the Division a list and description of all business affiliations and contractual relationships that provide identity theft and credit monitoring-related products or services; and
    • clearly disclose all fees associated with offered products and services marketed to prevent identity theft, and inform consumers of trial and cancellation provisions.

    Consumer credit reporting agencies will be required to comply with these regulations, effective immediately. A to-be-announced public comment period will occur prior to the regulations’ final adoption.

    As previously covered by InfoBytes, New York Department of Financial Services (NYDFS) has taken several steps to address cybersecurity concerns, including a September 18 announcement that the state would expand cybersecurity standards to cover credit reporting agencies. Under the proposed regulation, credit reporting agencies would be subject to compliance examinations, would be required to initially register with NYDFS, and would be required to comply with cybersecurity regulations starting on April 4, 2018, in accordance with a phased-in compliance schedule.

    Privacy/Cyber Risk & Data Security State Issues Data Breach Credit Rating Agencies NYDFS

    Share page with AddThis
  • Hawaii Enacts Law to Prohibit Release of Credit Information of Children, Others

    State Issues

    On July 5, Hawaii Governor David Y. Igge signed into law H.B. 651, which was devised to protect children and certain other individuals from identity theft and credit fraud. The law applies to “protected consumers,” defined as minors under the age of 16 years, incapacitated persons, and individuals with appointed guardians or conservators.

    Based on research suggesting that minors may be targeted for identity theft due to their clean credit reports, the legislation permits representatives of protected consumers to place and remove security freezes on protected consumers’ credit files. Because one impediment to requesting such a freeze is the lack of an existing credit file, the legislation also requires consumer credit reporting agencies (CRAs) to create records for the protected consumers. A CRA may not release the protected person’s file when it is in a security freeze until the representative requests a removal of the freeze. In order to request a security freeze or a freeze removal, a protected person’s representative must provide proper identification and evidence of authority to the CRA. Additionally, with a few exceptions, the CRA may charge a fee not to exceed five dollars for each freeze or removal of a freeze to a protected person’s credit file.

    The law will go into effect on January 1, 2018.

    State Issues Credit Rating Agencies Debt Collection Fraud Privacy/Cyber Risk & Data Security State Legislation Consumer Reporting Agency

    Share page with AddThis
  • CFPB Releases Study on Credit Visible Consumers

    Consumer Finance

    On June 7, the CFPB published analysis of how consumers transition out of credit invisibility. “Credit invisibility” refers to an individual who lacks a credit record at any of the three nationwide credit reporting agencies. The report, entitled CFPB Data Point: Becoming Credit Visible, highlights the results of its latest study of the credit reporting industry, finding that consumers in low-income areas are more likely to gain credit visibility in negative ways such as through an account in collection or some form of public record. In a previous study, the CFPB estimated approximately 26 million Americans were credit invisible with an additional 19 million consumers having “unscorable” credit files—i.e. files that contain insufficient or too brief credit history. (See previous InfoBytes coverage here.) Without such a record, lenders find it more difficult to assess a consumer’s creditworthiness, resulting in credit invisible individuals having a harder time accessing credit.

    The report notes that credit invisibility can present a “Catch-22” scenario, whereby a consumer needs credit history to get access to credit but cannot establish a credit history without first being extended credit. However, the report concludes that because 91 percent of consumers acquire a credit record before turning 30, it is possible to avoid a “Catch-22” situation.

    The Bureau highlighted the following key findings:

    • Most consumers – almost 80 percent – become credit visible before age 25, but Consumers in low- and moderate-income neighborhoods are likely to be older when they establish a credit history.
    • Members of all age groups and income levels most commonly use credit cards to establish credit history, with student loans ranking second.
    • Approximately 1-in-4 consumers first establish credit history through an account either held by another responsible party—i.e. becoming an “authorized user”—or with a co-borrower. This trend is more common among higher-income groups.
    • Consumers in lower-income neighborhoods, however, are more likely to establish a credit history through “non-loan items,” which usually convey negative information (e.g., third-party collections, delinquent utility bills, child support payments, etc.).
    • In recent years, more consumers create a credit history using a credit card, except within the under 25 age group. The report attributed the trend in the under 25 age group to a number of factors including increased student loans and the restrictions of the Credit Card Accountability Responsibility and Disclosure Act, which made credit cards less available to young consumers.

    Consumer Finance CFPB Credit Rating Agencies Credit Scores

    Share page with AddThis
  • FTC Halts Scheme to Enroll Consumers in Credit Monitoring Service


    On January 10, the FTC filed a complaint against an online company that owns three “free credit report” websites as well as three individuals connected to the company with claims that they illegally lured consumers to their websites. The scheme, as alleged in the complaint, made use of Craigslist ads promoting non-existent or unauthorized apartments and houses for rent as the means of encouraging consumers to request additional information, which would then prompt them to click on a link to one of the three websites owned by the company to get a “free” credit check. The consumers allegedly were then enrolled in a credit monitoring service, supposedly without their knowledge or consent. The company has purportedly accrued millions of dollars using this method. On January 11, the U.S. District Court for the Northern District of Illinois entered a temporary restraining order against the defendants.

    Courts Consumer Finance FTC Credit Rating Agencies

    Share page with AddThis
  • Decisions Regarding Fed Monetary Policy

    Federal Issues

    In a press release published on November 2, the Fed announced its decision to: (i) leave unchanged the interest rate paid on required and excess reserve balances at 0.50 percent; and (ii) take no action to change the discount rate (the primary credit rate), which remains at 1.00 percent. This decision came in response to a monetary policy statement released earlier Wednesday by the Federal Open Market Committee (FOMC), following its vote to “maintain the target range for the federal funds rate at 1/4 to 1/2 percent” for the seventh consecutive meeting. More information regarding open market operations may be found on the Federal Reserve Bank of New York's website.

    Federal Issues Banking Federal Reserve Credit Rating Agencies Federal Reserve Bank of New York

    Share page with AddThis
  • CFPB Issues Consent Order to a National Bank Over Student Loan Servicing Practices

    Consumer Finance

    On August 22, the CFPB issued a consent order to a national bank to resolve allegations that its student loan servicing practices were unfair and deceptive in violation of the Dodd-Frank Act and that its payment aggregation practices violated the Fair Credit Reporting Act. The CFPB alleged that the bank failed to disclose key aspects related to its payment allocation process, including that partial payments would be distributed across all loans, even if a payment was sufficient to satisfy the minimum payment required for an individual loan. According to the consent order, the bank’s “allocation of a Partial Payment proportionally to all loans in the account sometimes caused consumers’ payments to satisfy fewer, if any, of the loan amounts due in the account than if the Partial Payment had been allocated in a manner that satisfied as many of the loan amounts as possible.” According to the CFPB, the bank’s failure to properly disclose its method for payment allocation resulted in consumers incurring improper late fees, which, if left unpaid for more than 30 days at the end of the month, were reported as delinquent to consumer reporting agencies. The CFPB further alleged that the bank’s payment processors used a late fee monitoring report that had a system coding error that improperly charged consumers late fees if a payment was made on the last day of a grace period, or if consumers chose to make partial payments instead of one payment. The CFPB contended that the bank failed to update, correct, or remove negative information that was inaccurately reported to credit reporting agencies. Pursuant to the consent order, the bank must (i) pay $410,000 in consumer redress; (ii) pay a civil penalty of $3.6 million; (iii) improve its student loan servicing practices to ensure that consumers’ partial payments are distributed in such a way that the amount due is satisfied for as many loans as possible, unless the consumer requests otherwise; (iv) enhance its disclosure statements; and (v) remove or correct errors on consumers’ credit reports.

    CFPB Dodd-Frank FCRA Student Lending Enforcement Credit Rating Agencies UDAAP

    Share page with AddThis
  • CFPB's Latest Monthly Complaint Snapshot Highlights Issues Related to Credit Reporting

    Consumer Finance

    On May 24, the CFPB released its latest consumer complaint report. This month’s report highlights complaints related to credit reporting, noting that such complaints made up approximately 143,700 of the 882,800 total complaints that the CFPB has handled as of May 1. The report found, among other things, that: (i) credit reporting remains among the top three products complained about by consumers, with more than 4,500 complaints submitted in April alone; (ii) the three largest U.S. credit reporting companies are also the top three companies offering credit reporting services, accounting for 95% of the credit reporting complaints submitted between December 2015 and February 2016; and (iii) during that same time period, consumers also submitted more than 2,000 complaints involving specialty consumer reporting companies that provide reports in particular areas, including background and employment screening, checking account screening, rental screening, and insurance screening. According to the report, the most common types of credit reporting complaints have included the following: (i) inaccurate information appearing on credit reports, particularly information related to debt collection items and information resulting from identity theft; (ii) difficulty in correcting inaccuracies, including long delays, negative customer service experiences, and failed attempts to have inaccuracies removed; and (iii) the inability to access credit reports online due to overly burdensome identity authentication questions.

    CFPB Consumer Complaints Credit Rating Agencies

    Share page with AddThis
  • Seventh Circuit Finds No Enforceable Arbitration Agreement Case Involving Chicago-Based Credit Reporting Company

    Consumer Finance

    Recently, the U.S. Court of Appeals for the Seventh Circuit issued an opinion affirming a district court’s denial of a credit reporting company’s motion to compel arbitration in a putative class action. The Seventh Circuit considered whether a particular online process was sufficient to form a contract between the company and its customer. Sgourros v. TransUnion Corp., No. 15-1371 (7th Cir. Mar. 25, 2016). The plaintiff in the case purchased a credit score report from the company that he alleged was inaccurate — it was 100 points higher than a lender’s report — and therefore he alleged that the report was useless. The plaintiff sued the company under various state and federal consumer protection laws. The company sought to compel arbitration, arguing that the plaintiff had agreed to the terms of a service agreement that included a mandatory arbitration clause because he clicked on various acceptance buttons in the online ordering process.

    In this regard, the company took the position that the plaintiff had agreed to the terms of the service agreement by clicking the “I Accept & Continue to Step 3” button. The federal district court disagreed, concluding that no contract had been formed, and the Seventh Circuit affirmed. In reviewing the matter, the appellate court found that the online presentation process was insufficient to form a contract, because the web pages did not include a clear statement that the purchase was subject to the terms and conditions of the service agreement. The court observed that no such statement appeared either in the displayed text of the agreement visible within the scroll box, or in the statement displayed below the scroll box. The company argued that there was additional language in the service agreement stating that the purchase was governed by the service agreement, and the plaintiff should be bound by that language. However, the court held that since the additional language was not readily visible unless the plaintiff scrolled the agreement or opened the printable version, it was insufficient to put him on notice that the service agreement applied to the purchase. The court also observed:

    Illinois contract law requires that a website provide a user reasonable notice that his use of the site or click on a button constitutes assent to an agreement. This is not hard to accomplish, as the enormous volume of commerce on the Internet attests. A website might be able to bind users to a service agreement by placing the agreement, or a scroll box containing the agreement, or a clearly labeled hyperlink to the agreement, next to an “I Accept” button that unambiguously pertains to that agreement. There are undoubtedly other ways as well to accomplish the goal.

    Accordingly, the Seventh Circuit found that no enforceable agreement to arbitrate arose between the company and the plaintiff and remanded the case to the District Court for further proceedings on the merits.

    Arbitration Credit Scores Credit Rating Agencies

    Share page with AddThis
  • CFPB Provides Consumers with Information on Obtaining Credit Reports

    Consumer Finance

    On January 27, the CFPB announced that it published its 2016 list of consumer reporting companies. The list includes contact information for the three largest nationwide reporting companies and various specialty reporting companies concentrating on specific geographic market areas and consumer segments. In addition, the list provides consumers with (i) tips on determining which specialty credit reports may be important to review depending upon the particular circumstances, such as applying for a job or a new bank account; (ii) information regarding how companies confirm the identity of the consumer requesting a copy of his or her credit report; and (iii) information on which companies also provide free credit scores. The CFPB also reminds consumers of their legal rights to (i) obtain the information in their credit reports, per the FCRA; and (ii) dispute inaccuracies contained in the report.

    CFPB FCRA Credit Scores Credit Rating Agencies

    Share page with AddThis