InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB finalizes rule to change its supervision designation procedures for nonbanks
On April 16, the CFPB issued a procedural rule to change how the Bureau will designate nonbanks for supervision. Under the CFPA, the CFPB was authorized to supervise a nonbank covered person if the Bureau had reasonable cause to determine if the nonbank covered person was engaged in financial services-related conduct that posed a risk to consumers. In 2013, the CFPB issued a rule providing procedures to govern supervisory designation proceedings under this authority; in 2022, the CFPB published a final rule amending the procedural rule to allow it to publicize its resolution of any contested designation proceeding (covered by InfoBytes here). In late February 2024, the CFPB transitioned to a new organizational structure for its supervision and enforcement work, and this rule will reflect the technical changes of the new structure in the context of supervisory designation proceedings.
According to the Bureau, there were small differences between two separate provisions under the 2013 rule that allowed nonbanks to consent to the CFPB’s exercise of supervisory authority. The new procedural rule will combine these provisions and clarify a few points of distinction from the two original provisions, including (i) a consent agreement does not constitute an admission; and (ii) supervision durations following consent agreements can be negotiated on a case-by-case basis, instead of applying a default duration of two years.
Regarding the Supervision Director’s notice of reasonable cause, the rule will expand the possible methods of delivery to include other methods that are “reasonably calculated to give notice.” Additionally, the rule states that the initiating official may withdraw a notice, and that they may file a written reply to the notice recipient’s response, neither of which was not contemplated under the previous rule. The Bureau said these changes could allow for more transparency in the decision-making process.
Concerning a supplemental oral response, the Bureau noted under the previous rule, a respondent nonbank entity presented supplemental oral responses to the Associate Director for Supervision, Enforcement, and Lending. In light of the elimination of the Associate Director position pursuant to a recent reorganization that split the Division of Supervision, Enforcement, and Fair Lending into a Division of Enforcement and a Division of Supervision, the rule provided that the Director of the Bureau will assume the Associate Director’s adjudicative roles and supervision-related functions. Therefore, the Director will be responsible for issuing a decision and order subjecting an entity to the Bureau’s supervision or terminating a proceeding.
The rule further stipulated that (i) an additional time limit for mail and delivery services are no longer warranted, since email would be “generally instantaneous”; (ii) there will be a 13,000-word limit for the proceeding filings; (iii) any changes to time or word limits can be decided between the initiating official and the respondent with a notice to the Director and will be subject to change by the Director.
Regarding the confidentiality of proceedings, the rule maintained a process for the CFPB to decide whether to publicly release final decisions and orders, including orders entered as a result of respondent failing to file a response and therefore defaulting. The Bureau did note, however, consent agreements entered into between the initiating official and the respondent will not be subject to public release under the rule.
The rule also established an issue exhaustion requirement, requiring respondents to raise arguments they have in their written response to the Bureau to avoid waiving the argument in future proceedings. The Bureau will invite public comments which must be submitted 30 days after publication in the Federal Register, although the rule will be exempt from the notice-and-comment rulemaking requirements under the APA as a rule of agency organization, procedure, or practice. The rule will be effective upon publication to the Federal Register, and it will apply to proceedings pending on the effective date, unless the Director determined that it will be “not practicable.”
CFPB and European Commission convene for future oversight of consumer finance products
On April 11, the CFPB Director, Rohit Chopra, and the Commissioner for Justice and Consumer Protection of the European Commission, Didier Reynders, issued a joint statement announcing their intent to begin an informal dialogue between the CFPB and the European Commission on consumer financial protection issues. The agencies have already convened three staff-level meetings on the following topics: (1) BNPL and over-indebtedness, where the U.S. shared the FCRA framework and the European Commission discussed the differences in the BNPL industry’s evolution in their respective jurisdictions; (2) digital payment access and fraud, where they discussed fraud, the issue of nonbanks in payments, Big Tech’s involvement in consumer finance, and digital access for the unbanked; and (3) artificial intelligence, where the European Commission shared four pieces of legislation or regulations and two recent court judgments. The joint statement iterated their inputs: “Our staff have shared expertise, best practices, and lessons learned on an important set of issues. Jointly analyzing the expansion of Big Tech’s financial services offerings, and the attendant risks to consumer privacy and competition, has been highly productive.”
CFPB reports on consumer reporting companies' compliance violations
On April 8, the CFPB released its Supervisory Highlights on consumer reporting companies (CRC) and furnishers from April to December 2023. With respect to CRCs, the CFPB found deficiencies related to (i) placing identity theft blocks on consumer reports, (ii) blocking adverse items identified by a consumer as the result of human trafficking, and (iii) the accuracy of information in consumer reports.
For identity theft, the CFPB noted that some CRCs automatically declined to implement identity theft blocks based on overly broad, disqualifying criteria that did not support a reasonable determination, in violation of the FCRA. CRCs also failed to properly notify these customers that they declined these identity blocks.
Regulation V required CRCs to block adverse items of information identified by a consumer from human trafficking. While CRCs must block these items within four business days of such request, the CFPB found CRCs either failed to timely block these items or that CRCs blocked some, but not all such items.
In failing to ensure the maximum possible accuracy of consumer reports, the CFPB found that CRCs (i) inadequately monitored dispute metrics that may suggest a furnisher would not a reliable source of information about consumers, and (ii) failed to implement procedures to ensure the accuracy of information provided by unreliable furnishers and continued to include such information in reports.
With respect to furnishers, the CFPB similarly found deficiencies in accuracy, dispute investigation, and identity theft requirements. Specifically, CFPB examiners found that furnishers reported incomplete or inaccurate information for several months or even years after determining the information was incomplete or inaccurate. Additionally, furnishers that received direct disputes both continued to report such information and failed to notify CRCs of the disputed information. The report also noted that furnishers who received proper identity theft reports continued to furnish information regarding the consumer before confirming the accuracy of the information with the consumer.
CFPB focuses on in-game video game market and its consumer protection issues
On April 4, the CFPB released a report titled “Banking in video games and virtual worlds” that examined the gaming industry and the consumer financial systems that affect it. The Bureau’s report identified three key findings: (i) a network of financial products and services has entered the gaming industry to leverage and support the transfer of gaming assets and currency; (ii) the increased value of these assets has led to an increase of hacking attempts, account theft, scams, and unauthorized transactions; and (iii) the consumer data collected by gaming companies was bought, sold, and traded between companies, which can pose a risk to gaming customers. As a result, the CFPB will intend to monitor these issues in gaming and other such non-traditional markets to ensure companies comply with federal consumer financial protection laws.
The report noted that the proliferation of gaming and the evolution of the industry to offering in-game purchases and gaming assets has created the need for an infrastructure to enable fiat currency to flow into and out of games and virtual worlds. This can include transactions within the game, trading virtual items with other players, buying products on secondary markets, converting gaming assets to traditional currency, withdrawals of that currency, and/or using third parties to convert and withdraw the currency. As a result, companies have established financial products and services that increasingly resemble traditional financial products, like loans, payment processing, and money transmission.
In addition to the gaming economy creating a relatively new and unregulated financial marketplace, the Bureau identified additional risks similar to those found in the traditional market surrounding fraud, identity theft, money laundering, and privacy. For example, the report noted that these highly valuable gaming assets have made player accounts vulnerable to phishing and hacking attempts as well as unauthorized transactions. However, efforts by the FTC or CFPB to address complaints related to this activity have been met with a “buyer beware” approach by gaming companies.
Further, gaming companies collect a significant amount of data on players as a way to personalize the experience. However, the companies use this data to monetize gameplay to entice more spending as well as buy, sell and trade this data. The report noted that (i) the use of personal data can result in highly individualized pricing and (ii) the storage and transfer of consumer data poses privacy risks for gamers. In light of these various issues, the CFPB plans to work with other agencies to monitor both these non-traditional financial products and services as well as the companies that collect and sell sensitive consumer data.
CFPB Director speaks on new and proposed rules for data brokers
On April 2, the Director of the CFPB, Rohit Chopra, delivered a speech at the White House Office of Science and Technology Policy highlighting President Biden’s recent Executive Order (EO) to Protect Americans’ Sensitive Personal Data and how the CFPB will plan to develop rules to regulate “data brokers” under FCRA. As previously covered by InfoBytes, the EO ordered several agencies, including the CFPB, to better protect Americans’ data. Chopra highlighted how the EO not only covered data breaches but also regulated “data brokers” that ingest and sell data. According to the EO, “Commercial data brokers… can sell [data] to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.”
Consistent with the EO, the CFPB will plan to propose rules this year that will regulate “data brokers,” as per its authority under FCRA. Specifically, the proposed rules would include data brokers within the definition of “consumer reporting agency”; further, a company’s sale of consumer payment or income data would be considered a “consumer report” subject to requirements, like accuracy, customer disputes, and other provisions prohibiting misuse of the data.
CFPB reports on the relationship between discount points and interest rates
On April 5, the CFPB issued a report on the relationship between trends in discount points and interest rates. The report used HMDA data between Q1 of 2019 and Q3 of 2023 when interest rates were at “record-highs” and before the Federal Reserve announced its intention to lower interest rates. The CFPB found that (i) the majority of borrowers paid discount points, (ii) more borrowers paid discount points as interest rates increased, and (iii) borrowers with low credit scores were even more likely to pay discount points. Delving deeper into the data, 87 percent of borrowers with cash-out refinances paid discount points (up from 61 percent in 2021), and borrowers with cash-out refinance loans paid twice the number of discount points compared to other borrowers (with a median of 2.1 points per loan). Additionally, almost 77 percent of FHA borrowers with a credit score below 640 paid discount points compared to 65 percent of all FHA borrowers. Considering these trends, the CFPB will plan to monitor the use of discount points and weigh the advantages against the potential risks to borrowers.
CFPB, FTC submit amicus brief in FCRA case
On March 29, the CFPB and the FTC filed an amicus brief in the U.S. Court of Appeals for the Eleventh Circuit, arguing that the FCRA mandated consumer reporting agencies (CRAs) when a consumer challenged the “completeness or accuracy of any item or information” in their file, must perform a “reasonable reinvestigation.”
In the underlying case, a consumer claimed she identified multiple inaccuracies in her credit report held by the defendant CRA, including issues with her name, address, and Social Security number. She allegedly contacted the defendant three times to dispute these errors, but the defendant directed her to resolve the issues with the misinformation sources and did not conduct its own reinvestigation as the consumer believed was required by the FCRA.
The consumer then filed a lawsuit against the defendant CRA for not performing the reinvestigation. The district court acknowledged that the defendant should have completed the reinvestigation under the FCRA but nonetheless concluded that the defendant did not violate the statute because it did not reasonably interpret that the FCRA did not require a reinvestigation.
The case will now be under the appeal process and the CFPB and FTC have submitted a joint amicus brief arguing that the FCRA required a CRA to reinvestigate a consumer’s dispute about personal identifying information, and that the district court correctly determined that a reinvestigation was required. The brief also argued that the district nonetheless erred in concluding that the defendant did not negligently or willfully violate the FCRA because the defendant’s interpretation of the FCRA was not “objectively reasonable.”
FTC to hold an informal hearing on its proposed “junk fee” rules
On March 27, the FTC published a notice in the Federal Register informing the public of its decision to hold an informal hearing on its proposed rule prohibiting “junk fees.” As previously covered by InfoBytes, the FTC released a notice of proposed rulemaking (“NPRM”) titled “Rule on Unfair or Deceptive Fees” and extended the comment period last October. In the NPRM, the FTC presented the opportunity for any party to present their positions orally. The FTC announced that 17 commenters requested to partake in the informal hearing by presenting oral statements and an administrative law judge for the FTC will serve as the presiding officer. The informal hearing will be presented virtually on April 24 at 10:00 a.m. Eastern time. The hearing will be presented live to the public on the FTC’s website, and a recording will be placed in the rulemaking record.
State AGs sue to block Biden's SAVE Plan for student loan forgiveness
On April 1, 10 state attorneys general filed a lawsuit in the U.S. District Court for the District of Kansas against President Biden, the Secretary of Education, and the Department of Education seeking to block the enactment of the SAVE Plan. As previously covered by InfoBytes, the SAVE Plan was an income-driven repayment plan, intended to calculate payments based on a borrower’s income and family size, rather than the loan balance, and forgave balances after several years since repayment. According to the complaint, the government released a rule for the new SAVE Plan intended to eliminate at least $156 billion in student debt as the second step in a three-part loan forgiveness initiative. The first step involved an attempt to cancel $430 billion in student loans under the HEROES Act, which the U.S. Supreme Court ruled unconstitutional in Biden v. Nebraska.
The SAVE Plan assumed $430 billion in loans would be forgiven beforehand, but after the Supreme Court's decision, the defendants allegedly did not revise the cost estimate in anticipation of overturning the case. This oversight led to a significant underestimation of the SAVE Plan's true cost; plaintiffs alleged.
Plaintiffs further claimed that the SAVE Plan was written before the Supreme Court's ruling in Biden v. Nebraska and thus included outdated statements of confidence in the defendants' authority to pursue debt relief. The rule would take effect on July 1, but defendants allegedly have already started forgiving loans for some individuals before this date. The complaint alleged that on February 21, the Department of Education forgave the debt of 153,000 borrowers, which the state attorneys general claimed violated Biden v. Nebraska.
Plaintiffs brought claims under the Administrative Procedure Act, contending that the Department of Education exceeded its authority under the Higher Education Act of 1965 by issuing the rule and that the rule would be arbitrary and capricious since defendants failed to account for the full cost of the rule.
CFPB warns remittance transfer providers against falsely advertising the costs and speed of transfers
On March 27, the CFPB issued a circular cautioning remittance transfer providers against falsely advertising the costs or speed of sending transfers to avoid violating the CFPA’s prohibition on deceptive acts or practices. The CFPB would administer and enforce the Remittance Rule under the EFTA, but the Bureau noted that remittance providers also can be liable under the CFP Act for deceptive marketing practices, regardless of whether they comply with the Remittance Rule’s disclosure requirements. Through the circular, the CFPB warned against falsely marketing “no fee” or “free” services if the remittance transfer provider actually charges a fee, noting that “[w]ith respect to digital wallets or other similar products, it can be deceptive to market a transfer as ‘free’ if the provider imposes costs to convert funds into a different currency or withdraw funds,” and that “[i]t may also be deceptive to market international money transfers as ‘free’; if the provider is imposing costs on consumers through the exchange rate spread.” The Bureau also warned against “burying” promotional conditions in fine print, and falsely advertising how long a transfer will take especially if transfers may take longer to reach recipients. The circular would apply to traditional international money transfer providers, as well as “digital wallets” that send money internationally from the U.S. and would be part of the Bureau’s initiative to “rein in” alleged “junk fees.”