Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court approves payday settlement

    Courts

    On November 10, the U.S. District Court for the Southern District of Mississippi issued a final settlement order resolving allegations that a Mississippi-based payday lender violated the CFPA in connection with check cashing services and small dollar loans. As previously covered by InfoBytes, the CFPB filed a complaint against two Mississippi-based payday loan and check cashing companies for allegedly violating the CFPA’s prohibition on unfair, deceptive, or abusive acts or practices.

    In March 2018, a district court denied the payday lenders’ motion for judgment on the pleadings, rejecting the argument that the Bureau's structure unconstitutional and that the agency’s claims violate due process. The U.S. Court of Appeals for the Fifth Circuit agreed to hear an interlocutory appeal on the constitutionality question, and, prior to the U.S. Supreme Court’s ruling in Seila Law LLC v. CFPB, a divided panel held that the CFPB’s single-director structure is constitutional, finding no constitutional defect with allowing the director of the Bureau to only be fired for cause (covered by InfoBytes here). The order noted that the 5th Circuit voted sua sponte to rehear the case en banc and issued an opinion in which the majority vacated the district court’s opinion as contrary to Seila Law. The majority did not, however, direct the district court to enter judgment against the Bureau because, though the Supreme Court had found that the director’s for-cause removal provision was unconstitutional, it was severable from the statute establishing the Bureau (covered by a Buckley Special Alert). The majority determined that the “time has arrived for the district court to proceed” and stated it “place[s] no limitation on the matters that that court may consider, including, without limitation, any other constitutional challenges.”

    According to the settlement, the owner and president of the company must pay a civil money penalty of $899,350 to the Bureau “by reason of the [UDAAP violations] alleged in the Complaint.” However, the order further noted that the amount is remitted by $889,350 because he paid “that amount in fines to the Mississippi Department of Banking and Consumer Finance.” The district court also entered a separate order dismissing the lawsuit with prejudice.

    Courts State Issues CFPB CFPA Appellate Fifth Circuit Single-Director Structure UDAAP Enforcement Seila Law Payday Lending Settlement Funding Structure

  • CFPB sues payment processor over junk fees and dark patterns

    Federal Issues

    On October 18, the CFPB filed a complaint against a Texas-based payment processing service platform (primarily related to collecting and processing event fees) for allegedly violating the Consumer Financial Protection Act (CFPA) and the EFTA by engaging in deceptive and abusive acts and practices. The Bureau alleged that the defendant enrolled consumers in, and charged them, for discount club memberships without their consent that were largely unrelated to the event the consumers were signing up for. The complaint noted that although the defendant’s memberships had a 30-day free “negative option trial membership,” the memberships automatically begin charging the membership fees at the end of the trial period. The Bureau also alleged that the defendant deployed dark patterns, which “are hidden tricks or trapdoors that companies build into their websites to get consumers to inadvertently click links, sign up for subscriptions, or purchase products or services.” The Bureau further alleged that the defendant violated the EFTA and Regulation E by increasing consumers’ membership fees without sending the consumer written notice of the new amount and the date of the new payment at least 10 days before initiating the new payment, which also constitute violations of the CFPA. The Bureau is seeking permanent injunctive relief, damages, restitution, disgorgement, civil money penalties, and other relief.

    According to a statement by CFPB Director Rohit Chopra, the Bureau is “closely watching whether financial services firms are deploying digital dark patterns,” and is “looking at a range of ways to reduce unwanted junk fees.” He also added that the Bureau is “working to ensure our payments system is working safely and fairly” and that it “will continue to look at how payment platforms extract data and fees from their users.”

    Federal Issues CFPB Enforcement Junk Fees Dark Patterns CFPA EFTA UDAAP Consumer Finance Payment Processors

  • OCC releases bank supervision operating plan for FY 2023

    On October 6, the OCC’s Committee on Bank Supervision released its bank supervision operating plan for fiscal year 2023. The plan outlines the agency’s supervision priorities and highlights several supervisory focus areas including: (i) strategic and operational planning; (ii) operational resiliency; (iii) third-party oversight and risk management; (iv) credit risk management with a focus on new products, areas of highest growth, and portfolios representing concentrations; (v) allowances for credit losses (ACL), including instances where ACL processes use third-party modeling techniques; (vi) interest rate risk; (vii) liquidity risk management; (viii) consumer compliance management systems with a focus on how programs are disclosed in relation to UDAP and UDAAP statutes; (ix) Bank Secrecy Act/AML compliance; (x) fair lending risks; (xi) Community Reinvestment Act strategies and the potential for modernization rulemaking; (xii) new products and services in areas such as payments, fintech, and digital assets; and (xiii) climate-change risk management. The plan will be used by OCC staff to guide the development of supervisory strategies for individual national banks, federal savings associations, federal branches and agencies of foreign banking organizations, and certain identified third-party service providers subject to OCC examination.

    The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes has previously covered here.

    Bank Regulatory Federal Issues OCC Supervision Digital Assets Fintech Privacy, Cyber Risk & Data Security UDAP UDAAP Bank Secrecy Act Anti-Money Laundering Climate-Related Financial Risks Fair Lending Third-Party Risk Management Risk Management

  • Trade groups object to CFPB’s revised UDAAP exam manual

    Courts

    On September 28, seven banking industry groups sued the CFPB and Director Rohit Chopra claiming the agency exceeded its statutory authority when it released significant revisions to the UDAAP exam manual in March, which included making clear its view that any type of discrimination in connection with a consumer financial product or service could be an “unfair” practice. (Covered by a Buckley Special Alert.) At the time of issuance, the Bureau emphasized that its broad authority under UDAAP allows it to address discriminatory conduct in the offering of any financial product or service.

    Plaintiff trade groups argued in their complaint filed in the U.S. District Court for the Eastern District of Texas that the Bureau violated its authority outlined in the Dodd-Frank Act by claiming it can examine entities for alleged discriminatory conduct under its UDAAP authority. They contended that “the CFPB cannot regulate discrimination under its UDAAP authority at all because Congress declined to give the CFPB authority to enforce anti-discrimination principles except in specific circumstances,” and that, moreover, the Bureau’s “statutory authorities consistently treat ‘unfairness’ and ‘discrimination’ as distinct concepts.” While the trade groups said they “fully support the fair enforcement of nondiscrimination laws,” they emphasized that they “cannot stand by while a federal agency exceeds its statutory authority, creates regulatory uncertainty, and imposes costly burdens on the business community.”

    The trade groups' suit also claimed that the Bureau violated the Administrative Procedure Act by failing to go through the proper notice-and-comment process when amending the Supervision and Examination Manual. Calling the manual updates “arbitrary” and “capricious,” the trade groups claimed the changes failed to consider the Bureau’s prior position on UDAAP authority and “did not grapple with Congress’s decision to narrowly define the FTC’s unfairness authority to screen out the same kind of power that the CFPB is now claiming for itself.” The complaint also called into question the Bureau’s funding structure, arguing that because the structure violates the Appropriations Clause it should be declared unconstitutional and the exam manual updates set aside.

    A statement released by the U.S. Chamber of Commerce, one of the trade group plaintiffs bringing the law suit, says the Bureau “is operating beyond its statutory authority and in the process creating legal uncertainty that will result in fewer financial products available to consumers.” U.S. Chamber Executive Vice President and Chief Policy Officer Neil Bradley added that the “CFPB is pursuing an ideological agenda that goes well beyond what is authorized by law and the Chamber will not hesitate to hold them accountable.”

    Courts CFPB Examination Supervision UDAAP Dodd-Frank Discrimination Administrative Procedure Act

  • CFPB’s Supervisory Highlights targets student loan servicers

    Federal Issues

    On September 29, the CFPB released a special edition of its Supervisory Highlights focusing on recent examination findings related to practices by student loan servicers and schools that directly lend to students. Highlights of the supervisory findings include:

    • Transcript withholding. The Bureau found several instances where in-house lenders (i.e., where the schools themselves are the lender) are withholding transcripts as a debt collection practice. According to the Bureau, many post-secondary institutions choose to withhold official transcripts from borrowers as an attempt to collect education-related debts. The Supervisory Highlights states the position that the blanket withholding of transcripts to coerce borrowers into making payments is an “abusive” practice under the Consumer Financial Protection Act.
    • Supervision of federal student loan transfers. The Bureau identified certain consumer risks linked to the transfer of nine million borrower account records to different servicers after two student loan servicers ended their contracts with the Department of Education (DOE). The review, which was handled in partnership with the DOE and other state regulators, identified several concerns, such as (i) the information received during the transfer was insufficient to accurately service the loan; (ii) transferee and transferor servicers reported different numbers of total payments that count toward income-driven repayment forgiveness for some borrowers; (iii) information inaccurately stated the borrower’s next due date; (iv) certain accounts were placed into transfer-related forbearances following the transfer, instead of in more advantageous CARES Act forbearances; and (v) multiple servicers experienced significant operational challenges.
    • Payment relief programs. The Bureau found occurrences where federal student loan servicers allegedly engaged in unfair acts or practices when they improperly denied a borrower’s application for loan cancellation through Teacher Loan Forgiveness or Public Service Loan Forgiveness. The Bureau claimed that many servicers “illegally misrepresented borrowers’ eligibility dates and the number of payments the borrower needed to make to qualify for relief,” and “provided misinformation about borrowers’ entitlement to progress toward loan forgiveness during the pandemic payment suspension.” The Bureau said it will continue to monitor servicers’ practices to ensure borrowers receive the relief for which they are entitled, and directed servicers to address consumer harm caused by these actions.

    The Bureau issued a reminder that it will continue to supervise student loan servicers and lenders within its supervisory jurisdiction regardless of institution type. Student loan servicers, originators, and loan holders are advised to review the supervisory findings and take any necessary measures to ensure their operations address these risks.

    Federal Issues CFPB Supervision Examination Student Lending Student Loan Servicer Debt Collection UDAAP CFPA Consumer Finance CARES Act

  • California passes UDAAP legislation

    State Issues

    On September 15, the California governor signed AB 1904, which amends Section 1770 of the Civil Code relating to financial institutions and addresses certain provisions under the Consumers Legal Remedies Act. Among other things, the bill prohibits a covered person or a service provider from engaging in unlawful, unfair, deceptive, or abusive acts or practices regarding consumer financial products or services, such as, among other things: (i) misrepresenting the source, sponsorship, approval, or certification; (ii) using deceptive representations of geographic origin; (iii) representing that goods are original or new if they have deteriorated unreasonably or are altered; (iv) advertising goods or services with the intent not to sell them as advertised; and (v) making false or misleading statements of fact concerning reasons for, existence of, or amounts of, price reductions. The bill authorizes the California Department of Financial Protection and Innovation to bring a civil action for a violation of the law. The bill would also make unlawful the failure to include certain information, including a prescribed disclosure, in a solicitation by a covered person, or an entity acting on behalf of a covered person, to a consumer for a consumer financial product or service.

    State Issues State Legislation California UDAAP DFPI State Regulators

  • 10th Circuit: Payday lender must pay $38.4 million restitution order

    Courts

    On September 15, the U.S. Court of Appeals for the Tenth Circuit affirmed the CFPB’s administrative ruling against a Delaware-based online payday lender and its founder and CEO (respondents/petitioners) regarding a 2015 administrative enforcement action that alleged violations of the Consumer Financial Protection Act (CFPA), TILA, and EFTA. As previously covered by InfoBytes, in 2015, the CFPB announced an action against the respondents for alleged violations of TILA and the EFTA, and for engaging in unfair or deceptive acts or practices. Specifically, the CFPB alleged that, from May 2008 through December 2012, the online lender (i) continued to debit borrowers’ accounts using remotely created checks after consumers revoked the lender’s authorization to do so; (ii) required consumers to repay loans via pre-authorized electronic fund transfers; and (iii) deceived consumers about the cost of short-term loans by providing them with contracts that contained disclosures based on repaying the loan in one payment, while the default terms called for multiple rollovers and additional finance charges. The order required the respondents to pay $38.4 million as both legal and equitable restitution, along with $8.1 million in penalties for the company and $5.4 million in penalties for the CEO.

    According to the opinion, between 2018 and 2021, the U.S. Supreme Court issued four decisions, Lucia v. SEC (covered by InfoBytes here), Seila Law v. CFPB (covered by a Buckley Special Alert here), Liu v. SEC (covered by InfoBytes here), and Collins v. Yellen (covered by InfoBytes here), which “bore on the Bureau’s enforcement activity in this case,” by “decid[ing] fundamental issues such as the Bureau’s constitutional authority to act and the appointment of its administrative law judges (‘ALJ’).” The decisions led to intermittent delays and restarts in the Bureau’s case against the petitioners. For instance, the opinion noted that two different ALJs decided the present case years apart, with their recommendations separately appealed to the Bureau’s director. The CFPB’s director upheld the decision by the second ALJ and ordered the lender and its owner to pay the restitution, and a district court issued a final order upholding the award. The petitioners appealed.

    On appeal, the petitioners made three substantive arguments for dismissing the director’s final order. The petitioners argued that under Seila, the CFPB’s structure was unconstitutional and therefore the agency did not have authority to issue the order. The appellate court disagreed, stating that it is “to use a ‘scalpel rather than a bulldozer’ in remedying a constitutional defect,” and that “because the Director’s actions weren’t unconstitutional, we reject Petitioners’ argument to set aside the Bureau’s enforcement action in its entirety.”

    The petitioners also argued that the enforcement action violated their due-process rights by denying the CEO additional discovery concerning the statute of limitations. The petitioners claimed that they were entitled to a “new hearing” under Lucia, and that the second administrative hearing did not rise to the level of due process prescribed in that case. The appellate court determined that there was “no support for a bright-line rule against de novo review of a previous administrative hearing," nor did it see a reason for a more extensive hearing. Moreover, the petitioners “had a full opportunity to present their case in the first proceeding,” the 10th Circuit wrote. The appellate court further rejected the company’s argument regarding various evidentiary rulings, including permitting evidence about the company’s operational expenses, among other things. The appellate court also concluded that the CFPA’s statute of limitations commences when the Bureau either knows of a violation or, through reasonable diligence, would have discovered the violation. Therefore, the appellate court rejected the argument “that the receipt of consumer complaints triggered the statute of limitations.”

    The petitioners also challenged the remedies order, claiming they were not allowed “to present evidence of their good-faith reliance on counsel (as to restitution and civil penalties) and evidence of their expenses (as to the Director’s residual disgorgement order).” The appellate court rejected that challenge, holding that the director properly considered all factors, including good faith, and rejected the petitioners’ challenge to the ALJ’s recommended civil penalties.

    The 10th Circuit affirmed the district court’s order of a $38.4 million restitution award, rejecting the petitioners’ various challenges and affirming the director’s order.

    Courts Appellate Tenth Circuit CFPB TILA EFTA Disclosures CFPA UDAAP Enforcement U.S. Supreme Court Payday Lending

  • District Court orders college operator to comply with CFPB CID

    Courts

    On September 13, the U.S. District Court for the District of Utah ordered the operator of several defunct colleges to cooperate with a CFPB civil investigative demand (CID) for potential violations of the Consumer Financial Protection Act. In 2019, the Bureau issued a CID to the operator seeking information on its private student loan financing program, as well as litigation concerning the loan program dating back to 2012, to aid its investigation into whether the program constituted unfair, deceptive, or abusive acts or practices. The operator argued that the CID was unenforceable for several reasons, including that it was “unreasonably oppressive” and that the legality of its program had already been litigated in state action. The operator also argued that because the Bureau’s leadership structure rendered it unconstitutional, it lacked authority to enforce the CID. A magistrate judge’s recommendation narrowed the scope of the CID, but the operator continued to object, stating that a severe reduction in staff created a loss of “significant institutional knowledge” about the loan program. After the U.S. Supreme Court issued its ruling in Seila Law LLC v. CFPB (holding that the director’s for-cause removal provision was unconstitutional but severable from the statute establishing the Bureau, as covered by a Buckley Special Alert ), the Bureau’s director ratified the CID. The operator then raised new objections claiming the Bureau’s funding structure violates the U.S. Constitution’s separation of powers, and therefore the agency lacks valid authority to enforce the CID.

    The court rejected the operator’s argument, writing that dicta in the Supreme Court’s decision in Seila Law “suggests the Bureau’s funding structure is not an unconstitutional delegation of power from Congress to the Executive Branch.” According to the court, while the majority opinion in Seila Law made note of the CFPB’s funding structure, it treated it “merely as an aggravator” of the for-cause removal protection issues and “went as far as saying the Bureau’s constitutional infirmity would ‘disappear’ if ‘the Director were removable at will by the President.’”

    With respect to burdensomeness, the court said the operator has failed to show evidence establishing an unreasonable burden in its objections, and that, moreover, it “has had more than three years’ notice to preserve any information it thought may be relevant to the Bureau’s investigation.” The court further stressed that the CID does not become overly burdensome simply because the operator shuttered its campuses thereby allegedly relinquishing “institutional knowledge” concerning its own education loan program prior to complying with the CID. The court granted the operator a 90-day extension to comply with the CID.

    Courts Consumer Finance CFPB Student Lending CID Enforcement Dodd-Frank CFPA UDAAP

  • CFPB: Digital marketing providers/big tech liable for UDAAP violations

    Agency Rule-Making & Guidance

    On August 10, the CFPB issued an interpretive rule addressing when the CFPA’s UDAAP provisions cover digital marketing providers that commingle the targeting and delivery of advertisements to consumers with the provision of advertising “time or space.” Currently, traditional marketing firms are exempt from the CFPA provided they allow banks and other financial institutions “time and space” in traditional media outlets such as television and newspapers to advertise products. The Bureau stated, however, that digital marketers go beyond this approach when they harvest large amounts of information about consumers and use this data to shape their marketing content strategy.

    Under the interpretive rule, this exception does not apply to firms that are materially involved in the development of content strategy. Due to the different nature of the services provided, behavioral marketing and advertising for financial institutions could subject marketers to legal liability depending on how those practices are designed and implemented, the Bureau said. Because “[d]igital marketing providers are typically materially involved in the development of content strategy when they identify or select prospective customers or select or place content in order to encourage consumer engagement with advertising,” the Bureau explained that digital marketers “engaged in this type of ad targeting and delivery are not merely providing ad space and time,” and therefore do not qualify under the “time or space” exception. The interpretive rule noted, among other things, that while a covered person may specify certain parameters of the intended audience for a financial product, the digital marketers’ ads and delivery algorithms “identify the audience with the desired characteristics and determine whether and/or when specific consumers see an advertisement.”

    “When Big Tech firms use sophisticated behavioral targeting techniques to market financial products, they must adhere to federal consumer financial protection laws,” CFPB Director Rohit Chopra said in the announcement. “The CFPB, states, and other consumer protection enforcers can sue digital marketers to stop violations of consumer financial protection law: Service providers are liable for unfair, deceptive, or abusive acts or practices under the Consumer Financial Protection Act. When digital marketers act as service providers, they are liable for consumer protection law violations,” the Bureau added.

    Agency Rule-Making & Guidance Federal Issues CFPB Consumer Finance CFPA UDAAP Marketing

  • CFPB: Financial services companies must safeguard consumer data

    Agency Rule-Making & Guidance

    On August 11, the CFPB released Circular 2022-04 to reiterate that financial services companies may violate the CFPA’s prohibition on unfair acts or practices if they fail to safeguard consumer data. The Circular explained that, in addition to other federal laws governing data security for financial institutions, such as the Safeguards Rules issued under the Gramm-Leach-Bliley Act (which was updated in 2021 and covered by InfoBytes here), “covered persons” and “service providers” are required to comply with the prohibition on unfair acts or practices in the CFPA. Examples of when firms can be held liable for lax data security protocols are provided within the Circular, as are examples of widely implemented data security practices. The Bureau explained that inadequate data security measures may cause significant harm to a few consumers who become victims of targeted identity theft as a result, or may harm potentially millions of consumers if a large customer-base-wide data breach occurs. The Bureau reiterated that actual injury is not required to satisfy the unfairness prong in every case. “A significant risk of harm is also sufficient,” the Bureau said, noting that the “prong of unfairness is met even in the absence of a data breach. Practices that ‘are likely to cause’ substantial injury, including inadequate data security measures that have not yet resulted in a breach, nonetheless satisfy this prong of unfairness.”

    While the circular does not suggest that any of the outlined security practices are specifically required under the CFPA, it does provide examples of situations where the failure to implement certain data security measures might increase the risk of legal liability. Measures include: (i) using multi-factor authentication; (ii) ensuring adequate password management; and (iii) implementing timely software updates. “Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse,” CFPB Director Rohit Chopra said in the announcement. “While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.”

    Agency Rule-Making & Guidance Federal Issues Privacy, Cyber Risk & Data Security CFPB Consumer Protection Consumer Finance CFPA Nonbank UDAAP Unfair Safeguards Rule Gramm-Leach-Bliley

Pages

Upcoming Events