InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
5th Circuit reverses District Court’s decision to transfer credit card late fee case
On April 5, the U.S. Court of Appeals for the Fifth Circuit held that the U.S. District Court for the Northern District of Texas lacked jurisdiction to transfer a case challenging a CFPB rulemaking to the U.S. District Court for the District of Columbia. The 5th Circuit’s decision did not examine whether the transfer order was proper, but rather whether the court had jurisdiction to enter it. As previously covered by InfoBytes, the U.S. District Court for the Northern District of Texas granted the CFPB a change of venue on March 28 because only one of the six plaintiffs resided in Fort Worth. The 5th Circuit found that the lower court erred by granting the CFPB’s motion to change venues instead of ruling on the plaintiffs’ motion for preliminary injunction. The plaintiffs filed a writ of mandamus and argued the lower court “abused its discretion” by transferring the case while the plaintiffs’ appeal was outstanding, and that the lower court did not have jurisdiction to order the transfer. The 5th Circuit agreed and ruled that once a party appeals a district court’s decision, the district court “has zero jurisdiction to do anything” to change the case. The 5th Circuit granted the plaintiffs’ petition of mandamus, vacated the district court’s transfer order, and ordered the district court to reopen the case.
This case has been brought by multiple trade organizations to challenge the CFPB’s attempt to alter the structure and amount of credit card late fees through its alleged authority under the CARD Act, as covered by InfoBytes here.
CFPB reports on consumer reporting companies' compliance violations
On April 8, the CFPB released its Supervisory Highlights on consumer reporting companies (CRC) and furnishers from April to December 2023. With respect to CRCs, the CFPB found deficiencies related to (i) placing identity theft blocks on consumer reports, (ii) blocking adverse items identified by a consumer as the result of human trafficking, and (iii) the accuracy of information in consumer reports.
For identity theft, the CFPB noted that some CRCs automatically declined to implement identity theft blocks based on overly broad, disqualifying criteria that did not support a reasonable determination, in violation of the FCRA. CRCs also failed to properly notify these customers that they declined these identity blocks.
Regulation V required CRCs to block adverse items of information identified by a consumer from human trafficking. While CRCs must block these items within four business days of such request, the CFPB found CRCs either failed to timely block these items or that CRCs blocked some, but not all such items.
In failing to ensure the maximum possible accuracy of consumer reports, the CFPB found that CRCs (i) inadequately monitored dispute metrics that may suggest a furnisher would not a reliable source of information about consumers, and (ii) failed to implement procedures to ensure the accuracy of information provided by unreliable furnishers and continued to include such information in reports.
With respect to furnishers, the CFPB similarly found deficiencies in accuracy, dispute investigation, and identity theft requirements. Specifically, CFPB examiners found that furnishers reported incomplete or inaccurate information for several months or even years after determining the information was incomplete or inaccurate. Additionally, furnishers that received direct disputes both continued to report such information and failed to notify CRCs of the disputed information. The report also noted that furnishers who received proper identity theft reports continued to furnish information regarding the consumer before confirming the accuracy of the information with the consumer.
CFPB focuses on in-game video game market and its consumer protection issues
On April 4, the CFPB released a report titled “Banking in video games and virtual worlds” that examined the gaming industry and the consumer financial systems that affect it. The Bureau’s report identified three key findings: (i) a network of financial products and services has entered the gaming industry to leverage and support the transfer of gaming assets and currency; (ii) the increased value of these assets has led to an increase of hacking attempts, account theft, scams, and unauthorized transactions; and (iii) the consumer data collected by gaming companies was bought, sold, and traded between companies, which can pose a risk to gaming customers. As a result, the CFPB will intend to monitor these issues in gaming and other such non-traditional markets to ensure companies comply with federal consumer financial protection laws.
The report noted that the proliferation of gaming and the evolution of the industry to offering in-game purchases and gaming assets has created the need for an infrastructure to enable fiat currency to flow into and out of games and virtual worlds. This can include transactions within the game, trading virtual items with other players, buying products on secondary markets, converting gaming assets to traditional currency, withdrawals of that currency, and/or using third parties to convert and withdraw the currency. As a result, companies have established financial products and services that increasingly resemble traditional financial products, like loans, payment processing, and money transmission.
In addition to the gaming economy creating a relatively new and unregulated financial marketplace, the Bureau identified additional risks similar to those found in the traditional market surrounding fraud, identity theft, money laundering, and privacy. For example, the report noted that these highly valuable gaming assets have made player accounts vulnerable to phishing and hacking attempts as well as unauthorized transactions. However, efforts by the FTC or CFPB to address complaints related to this activity have been met with a “buyer beware” approach by gaming companies.
Further, gaming companies collect a significant amount of data on players as a way to personalize the experience. However, the companies use this data to monetize gameplay to entice more spending as well as buy, sell and trade this data. The report noted that (i) the use of personal data can result in highly individualized pricing and (ii) the storage and transfer of consumer data poses privacy risks for gamers. In light of these various issues, the CFPB plans to work with other agencies to monitor both these non-traditional financial products and services as well as the companies that collect and sell sensitive consumer data.
Seventeen State Attorneys General comment on CFPB overdraft proposal
State attorneys general (AGs) from 17 states recently sent a letter to the CFPB endorsing its proposed rule to amend TILA. The 17 states included New York as principal, California, Colorado, Connecticut, Delaware, the District of Columbia, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, North Carolina, Oregon, Pennsylvania, and Washington. As previously covered by InfoBytes, the proposed amendments would treat overdraft credits as loans, which would make them subject to consumer protections.
The AGs argued that the historical basis for excluding overdraft fees from TILA protections would be obsolete due to how the fees are assessed, the high fee amount, and the large number of overdraft transactions. The AGs wrote that closing the loophole would protect consumers by providing customers with disclosures so they can better understand the cost and enable them to comparison shop. The AGs supported a benchmark fee of $3, which is the lowest fee amount proposed by the CFPB, and argued that even a $6 fee would “undercount the volume of transactions generating a fee post-enactment” of the proposed rule. Finally, the AGs urged the CFPB to extend the proposed rule to both “very large financial institutions” (those with more than $10 billion in assets) and small financial institutions.
CFPB Director speaks on new and proposed rules for data brokers
On April 2, the Director of the CFPB, Rohit Chopra, delivered a speech at the White House Office of Science and Technology Policy highlighting President Biden’s recent Executive Order (EO) to Protect Americans’ Sensitive Personal Data and how the CFPB will plan to develop rules to regulate “data brokers” under FCRA. As previously covered by InfoBytes, the EO ordered several agencies, including the CFPB, to better protect Americans’ data. Chopra highlighted how the EO not only covered data breaches but also regulated “data brokers” that ingest and sell data. According to the EO, “Commercial data brokers… can sell [data] to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.”
Consistent with the EO, the CFPB will plan to propose rules this year that will regulate “data brokers,” as per its authority under FCRA. Specifically, the proposed rules would include data brokers within the definition of “consumer reporting agency”; further, a company’s sale of consumer payment or income data would be considered a “consumer report” subject to requirements, like accuracy, customer disputes, and other provisions prohibiting misuse of the data.
CFPB reports on the relationship between discount points and interest rates
On April 5, the CFPB issued a report on the relationship between trends in discount points and interest rates. The report used HMDA data between Q1 of 2019 and Q3 of 2023 when interest rates were at “record-highs” and before the Federal Reserve announced its intention to lower interest rates. The CFPB found that (i) the majority of borrowers paid discount points, (ii) more borrowers paid discount points as interest rates increased, and (iii) borrowers with low credit scores were even more likely to pay discount points. Delving deeper into the data, 87 percent of borrowers with cash-out refinances paid discount points (up from 61 percent in 2021), and borrowers with cash-out refinance loans paid twice the number of discount points compared to other borrowers (with a median of 2.1 points per loan). Additionally, almost 77 percent of FHA borrowers with a credit score below 640 paid discount points compared to 65 percent of all FHA borrowers. Considering these trends, the CFPB will plan to monitor the use of discount points and weigh the advantages against the potential risks to borrowers.
District Court rules against CFPB on Prepaid Rule disclosure requirement
On March 28, the U.S. District Court for the District of Columbia (D.D.C.) ruled in favor of a fintech digital wallet provider by granting its motion for summary judgment, denying the CFPB’s cross-motion, and vacating the CFPB’s Prepaid Rule’s short-form disclosure requirements for digital wallets. The suit focused on the applicability of the Prepaid Rule’s short-form disclosure requirements to digital wallet products. The plaintiff sued the CFPB, arguing the CFPB’s Prepaid Rule was arbitrary and capricious because, unlike for general-purpose reloadable (GPR) products, the CFPB failed to provide a “well-founded, non-speculative reason for subjecting digital wallets” to the Prepaid Rule’s short-form disclosure regime.
The CFPB’s Prepaid Rule mandated that pre-acquisition fee disclosures, which were intended to apply to GPR cards, be required for digital wallets––i.e., digital wallet providers would be required to provide consumers with a pre-acquisition fee disclosure in a formatted “short form.” While the judge agreed that this makes sense as applied to GPR products, digital wallet products were fundamentally different from GPRs and were not primarily “used to access funds or to function as a substitute checking account.” While the CFPB’s Advanced Notice of Proposed Rulemaking, did not initially include digital wallets, in the final Prepaid Rule, the CFPB included digital wallets for three reasons: (1) the CFPB reasoned that the Prepaid Rule should apply to digital wallets since digital wallets can carry funds (just like GPRs), and the fee structure “may not hold true in the future”; (2) the CFPB argued that the Prepaid Rule filled a regulatory gap for digital wallets; and (3) the CFPB claimed it “cast a wide net” on purpose to avoid a “patchwork regime.”
In response, the plaintiff argued that the disclosure requirement was arbitrary and capricious due to the Bureau having no rational justification for including digital wallets in the Prepaid Rule. Further, it was arbitrary and capricious because the CFPB did not comply with its role under Dodd-Frank by assessing the costs and benefits of the Rule. Finally, the plaintiff argued that the short-form disclosure regime violated the First Amendment.
While declining to rule on First Amendment issues, the court held that the CFPB lacked a “rational justification” for subjecting digital wallets to the Prepaid Rule’s short-form disclosure requirement, agreeing that the CFPB’s requirement was arbitrary and capricious, and that it had no basis for including digital wallets because they were materially different products. The judge also found the CFPB’s cost-benefit analysis (as mandated by Dodd-Frank) was deficient, as the “general” cost-benefit analysis did not fit for digital wallets.
District Court grants full remedies to CFPB, State AGs
On March 31, the U.S. District Court for the Western District of Virginia entered an order granting the plaintiff state attorneys general and CFPB’s requested remedies in full against a defendant accused of violating consumer protection laws in administering “immigration bonds” for indigent consumers facing deportation. As previously covered by InfoBytes, in 2021 the CFPB, and the Massachusetts, New York, and Virginia State Attorneys General filed a 17-count complaint against the defendant, a subsidiary of a bond service for non-English speaking U.S. Immigration and Customs Enforcement (ICE) detainees. The complaint accused the defendant of misrepresenting the cost of immigration bond services and deceiving migrants into continuing to pay monthly fees by making false threats of deportation for failure to pay. Last May, the court entered default judgment against defendants (covered by InfoBytes here). In the court’s most recent order, it granted the plaintiff’s request for injunctive relief, stating that the CFPB met the standard for injunctive relief under the CFPA, and it would “undoubtedly serve the public interest.” The court also noted that the plaintiffs’ claims supported injunctive relief under state laws as well. The order also included (i) $230.9 million in restitution to the CFPB; (ii) a $111 million civil money penalty to the CFPB; (iii) a $7.1 million civil money penalty to Virginia; (iv) a $3.4 million civil money penalty to Massachusetts; and (v) a $13.89 million civil money penalty to New York.
CFPB, FTC submit amicus brief in FCRA case
On March 29, the CFPB and the FTC filed an amicus brief in the U.S. Court of Appeals for the Eleventh Circuit, arguing that the FCRA mandated consumer reporting agencies (CRAs) when a consumer challenged the “completeness or accuracy of any item or information” in their file, must perform a “reasonable reinvestigation.”
In the underlying case, a consumer claimed she identified multiple inaccuracies in her credit report held by the defendant CRA, including issues with her name, address, and Social Security number. She allegedly contacted the defendant three times to dispute these errors, but the defendant directed her to resolve the issues with the misinformation sources and did not conduct its own reinvestigation as the consumer believed was required by the FCRA.
The consumer then filed a lawsuit against the defendant CRA for not performing the reinvestigation. The district court acknowledged that the defendant should have completed the reinvestigation under the FCRA but nonetheless concluded that the defendant did not violate the statute because it did not reasonably interpret that the FCRA did not require a reinvestigation.
The case will now be under the appeal process and the CFPB and FTC have submitted a joint amicus brief arguing that the FCRA required a CRA to reinvestigate a consumer’s dispute about personal identifying information, and that the district court correctly determined that a reinvestigation was required. The brief also argued that the district nonetheless erred in concluding that the defendant did not negligently or willfully violate the FCRA because the defendant’s interpretation of the FCRA was not “objectively reasonable.”
CFPB sends letters of support for New York’s pending unfair and abusive conduct prohibition
On March 19, the CFPB published a blog post providing input on New York State’s proposed prohibition on unfair and abusive acts, urging passage of A 7138 and S 795, companion bills that are titled the “Consumer and Small business Protection Act” (the “Acts”). The blog post followed the CFPB’s delivery of letters in support of the Act to Governor Hochul, state senators, and state assembly members.
The Acts would expand Section 349 of New York’s general business law to prohibit unfair or abusive acts or practices, in addition to the existing prohibition on deceptive acts or practices. The Acts would also give the New York attorney general authority to bring an action for unfair, unlawful, deceptive, or abusive acts or practices, “regardless of whether or not the underlying violation is directed at individuals or businesses, is consumer-oriented, or involves the offering of goods, services, or property for personal, family or household purposes,” and would give “any person who has been injured by reason of any violation of this section” authority to bring “an action to recover one thousand dollars and his or her actual damages, if any, or both such actions, … regardless of whether or not the underlying violation is consumer-oriented, has a public impact or involves the offering of goods, services or property for personal, family or household purposes.”
The Acts defined an act or practice as unfair “when it causes or is likely to cause substantial injury, the injury is not reasonably avoidable, and the injury is not outweighed by countervailing benefits.” They provided that an “act or practice is deceptive when the act or practice misleads or is likely to mislead a person and the person’s interpretation is reasonable under the circumstances,” and that an act or practice is abusive when “it materially interferes with the ability of a person to understand a term or condition of a product or service,” or “takes unreasonable advantage of: (A) a person’s lack of understanding of the material risks, costs, or conditions of a product or service; (B) a person’s inability to protect his or her interests in selecting or using a product or service; or (C) a person’s reasonable reliance on a person covered by this section to act in his or her interests.” The Bureau’s letters to the state governor and legislature noted that the “reasonable reliance” component of the Acts is “critical,” and like the federal prohibition that “recognizes that people often reasonably expect that certain businesses will help them make difficult financial decisions, and there is potential for betrayal or exploitation of that trust.” The CFPB also mentioned that it has brought numerous actions based on that particular component.
The Acts provided that “standing to bring an action under this section, including but not limited to organizational standing and third-party standing, shall be liberally construed and shall be available to the fullest extent otherwise permitted by law.” Further, “[a]ny individual or non-profit organization entitled to bring an action” under the Acts “may, if the prohibited act or practice has caused damage to others similarly situated, bring an action on behalf of himself or herself and such others to recover actual, statutory and/or punitive damages or obtain other relief as provided for in” the Acts. A nonprofit also may bring an action on behalf of itself, its members, or members of the public that have been injured by a violation of the Acts. Nonprofits may seek the same remedies and damages as individuals.