Add a bookmark to get started

23 August 20229 minute read

Consumer Finance Regulatory News and Trends

This regular publication by DLA Piper lawyers focuses on helping clients navigate the ever-changing consumer finance regulatory landscape.

Enforcement actions


CFPB and OCC announce $225 million fine against national bank over administration of state unemployment benefits during pandemic.  The Consumer Financial Protection Bureau (CFPB) and Office of the Comptroller of the Currency (OCC) announced a consent order with a national bank for alleged unfair, deceptive or abusive acts or practices (UDAAP) and Electronic Fund Transfer Act (EFTA) violations in connection with the administration of unemployment benefits.  According to the agencies, the bank (i) engaged in unfair practices and failed to conduct reasonable investigations by solely relying upon an automated fraud detection software and referring consumers who sought assistance to state unemployment agencies while knowing that the state could not provide services, (ii) engaged in abusive acts by retroactively applying the fraud detection software to reverse previous unemployment payments and (iii) engaged in unfair acts by requiring customers to report errors or fraud only through a telephone hotline with multiple-hours-long hold times and by not allowing online or in-person reports. Under the consent order, the fine was divided with $100 million being imposed by the CFPB and $125 million being imposed by the OCC. The bank was further ordered to undertake a consumer redress process that is estimated to result in hundreds of millions of dollars in redress to consumers.

CFPB announces $37.5 million settlement with national bank over fake account scandal.  The CFPB announced a consent order with a national bank for alleged UDAAP, Fair Credit Reporting Act (FCRA), Truth in Lending Act (TILA) and Trade in Services Agreement (TISA) violations.  The CFPB asserted that bank employees unlawfully accessed consumer credit reports and personal data to apply for and open unauthorized accounts, credit cards and lines of credit.  The CFPB also asserted that the bank was aware that pressure to meet sales goals was leading employees to open accounts without authorization and that the bank had inadequate internal controls to prevent the misconduct.  In addition to the $37.5 million fine, the consent order also requires the bank to adopt a redress plan to compensate consumers for all fees and costs incurred and submit a compliance plan for CFPB approval and oversight that includes new internal controls and policies.

CFPB announces $19 million settlement with auto lender for inaccurate credit reporting. The CFPB announced a consent order with a nonbank auto lender for alleged FCRA violations.  The CFPB alleged that the lender knew that the IT system it used to report data to credit reporting agencies was ineffective in accurately collecting payment data from the lender’s loan and lease portfolios, which resulted in the lender furnishing inaccurate information in over 8.7 million instances.  The consent order requires the lender pay a $6 million civil penalty and $13.2 million in consumer redress.

CFPB announces enforcement action against payday lender concerning repayment practices.  The CFPB filed a complaint in the US District Court for the Northern District of Texas against a payday and title loan company for alleged UDAAP violations.  The CFPB asserted distinct counts for unfair, deceptive and abusive practices based on the company’s practice of sending emails and other communications encouraging distressed borrowers to sign up for fee-based repayment programs and not disclosing the borrower’s right to free repayment plans under their contracts or applicable state law.  The CFPB also asserted that the company engaged in unfair practices by reinitiating attempted payment withdrawals from consumer accounts in excess of the authorized limits on withdrawal attempts.  The CFPB seeks disgorgement of over $240 million in fees received by the company, plus other fines and penalties.

CFPB announces $2.7 million settlement with fintech company for deceptive marketing practices.  The CFPB announced a consent order with a fintech company for alleged UDAAP violations.  The CFPB alleged that the company, which offered an automated savings tool, represented that it “never transfers more than you can afford” and provided a “no overdraft guarantee,” but instead regularly caused overdrafts, did not reimburse customers for overdraft fees pursuant to the marketed guarantee and retained interest on consumer funds notwithstanding marketing to customers that “we don’t keep your interest.”

FTC and 18 state attorney generals announce $10.9 million settlement with jewelry retailer over purchase financing scheme involving military members.  The Federal Trade Commission (FTC) and a multistate group of attorney generals announced a complaint and proposed stipulated order with a nationwide jewelry chain for alleged UDAP, Military Lending Act (MLA), TILA, EFTA and Holder Rule violations.  According to the agencies, the defendant (i) engaged in deceptive practices by telling servicemembers that utilizing the defendant’s installment contracts would result in higher credit scores and misrepresenting that the purchase of a separate service/replacement plan was required to obtain financing, (ii) failed to include mandatory advertising and financing contract disclosures required under federal and state laws, and (iii) violated the EFTA by initiating payment transfers inconsistent with the terms of the TILA payment schedule or without first obtaining valid preauthorization.  The stipulated order would also require the defendant to cease operations and dissolve after providing refunds to consumers.  This action is notable in being the first action by the FTC to enforce the MLA.

FTC announces $2.7 million judgment and permanent ban against operators of merchant cash advance and debt collection scheme. The FTC announced a stipulated order with the New York-based operators of a merchant cash advance and debt collection scheme for alleged UDAP and Fair Debt Collection Practices Act (FDCPA) violations.  According to the FTC, the companies misrepresented the scope of personal guarantees in loan agreements, unlawfully required borrowers to sign confessions of judgment, misrepresented the amounts of money to be disbursed under loan agreements and engaged in harassing and abusive collection practices, which included threats of physical violence and reputational destruction if consumers did not pay.  Under the stipulated order, the company will also be required to vacate any judgments against consumers and release any liens.

Regulatory developments


CFPB issues circular on enforcement actions related to consumer data security.  The CFPB issued a circular stating that “covered persons” and “service providers” subject to CFPB jurisdiction – broader in scope than the Gramm-Leach-Bliley Act (GLBA) Safeguard Rule – with “inadequate” data security measures can be liable for “unfair” practices under UDAAP, including in the absence of a breach.  The CFPB provided examples of potential inadequate practices that may result in liability, including lack of multi-factor authentication, failure to monitor for breaches at other entities where employees may be re-using logins and passwords, use of default enterprise logins or passwords, or failure to timely update software.  The CFPB also stated that “financial institutions are unlikely to successfully justify weak data security practices based on countervailing benefits to consumers or competition.”

CFPB issues advisory opinion on fees charged by debt collectors. The CFPB issued an advisory opinion stating that section 808(1) of the FDCPA prohibits debt collectors from collecting “pay-to-pay” or “convenience” fees unless such fees are expressly authorized by the loan agreement or otherwise expressly authorized by law.  The CFPB also clarified that debt collectors violate the FDCPA when using payment processors who charge unauthorized fees if the debt collector receives a kickback from the payment processor.

CFPB issues advisory opinion on consumer privacy obligations by creditor report users.  The CFPB issued an advisory opinion stating that (i) the permissible uses under section 604(a)(3) of the FCRA are consumer specific and (ii) a credit reporting agency may not provide consumer reports to a user unless the agency reasonably believes the information it would provide pertains to the specific consumer who is the subject of the request.  As the CFPB explained, the latter prohibits name-only matching procedures, providing credit reports of multiple people as “possible matches” and reliance upon disclaimers of insufficient matching procedures to excuse reasonable steps to ensure the information in a credit report pertains only to the specific consumer.

New York State DFS proposes new check cashing regulation. DFS promulgated a proposed check cashing regulation that would establish two tiers of fees.  First, for any check “issued by a federal or State government agency,” the maximum check cashing fee is capped at 1.5 percent. Second, for all other checks, the maximum allowable fee is 2.2 percent or $1, whichever is greater. Beginning in 2027, and every five years thereafter, licensees may request an increase to the maximum fees by filing a written application with the DFS supported by information regarding the licensee’s annual costs and profitability for the preceding five years. The DFS accepted public comment on the proposed regulation until August 15, 2022.

For more information about our consumer finance regulatory work, please contact Margo H.K. TankIsabelle OrdJeffrey L. HareAustin BrownAndrew GrantBraden Dotson; or Noah Schottenstein, Editor-in-Chief, Consumer Finance Regulatory News and Trends.