The CFPB, Fed, and OCC have published notices in the Federal Register announcing that they are increasing three exemption thresholds that are subject to annual inflation adjustments.  Effective January 1, 2022 through December 31, 2022, these exemption thresholds are increased as follows:

  • Smaller loans exempt from the appraisal requirement for “higher-priced mortgage loans,” increased from $27,200 to $28,500.
  • Consumer credit transactions exempt from the Truth in Lending Act/Regulation Z, increased from $58,300 to $61,000 (but loans secured by real property or personal property used or expected to be used as a consumer’s principal dwelling and private education loans are covered regardless of amount).
  • Consumer leases exempt from the Consumer Leasing Act/Regulation M, increased from $58,300 to $61,000.


The CFPB recently published a final rule regarding various annual adjustments it is required to make under provisions of Regulation Z (TILA) that implement the CARD Act, HOEPA, and the ability to repay/qualified mortgage provisions of Dodd-Frank.  The adjustments reflect changes in the Consumer Price Index in effect on June 1, 2021 and will take effect January 1, 2022.

CARD Act.  The CARD Act requires the CFPB to calculate annual adjustments of (1) the minimum interest charge threshold that triggers disclosure of the minimum interest charge in credit card applications, solicitations and account opening disclosures, and (2) the fee thresholds for the penalty fees safe harbor.  The calculation did not result in a change for 2022 to the current minimum interest charge threshold (which requires disclosure of any minimum interest charge above $1.00).  However, it did result in a change for 2022 to the first and subsequent violation safe harbor penalty fees.  Such fees were increased to $30 and $41, respectively.

HOEPA.  HOEPA requires the CFPB to annually adjust the total loan amount and fee thresholds that determine whether a transaction is a high cost mortgage.  In the final rule, for 2022, the CFPB increased the total loan amount threshold to $22,969, and the current points and fees threshold to $1,148.  As a result, in 2022, a transaction will be a high-cost mortgage (1) if the total loan amount is $22,969 or more and the points and fees exceed 5 percent of the total loan amount, or (2) if the total loan amount is less than $22,969 and the points and fees exceed the lesser of $1,148 or 8 percent of the total loan amount.

Ability to repay/QM rule.  Pursuant to its ability to repay/QM rule, the CFPB must annually adjust the points and fees limits that a loan cannot exceed to satisfy the requirements for a QM.  The CFPB must also annually adjust the related loan amount limits.  In the final rule, the CFPB increased these limits for 2022 to the following:

  • For a loan amount greater than or equal to $114,847, points and fees may not exceed 3 percent of the total loan amount
  • For a loan amount greater than or equal to $68,908 but less than $114,847, points and fees may not exceed $3,445
  • For a loan amount greater than or equal to $22,969 but less than $68,908, points and fees may not exceed 5 percent of the total loan amount
  • For a loan amount greater than or equal to $14,356 but less than $22,969, points and fees may not exceed $1,148
  • For a loan amount less than $14,356, points and fees may not exceed 8 percent of the total loan amount

The American Bankers Association, American Financial Services Association, California Financial Services Association, and Consumer Bankers Association have filed a joint amicus brief with the California Supreme Court in Pulliam v. HNL Automotive Inc., a case with significant implications for the amount of money a plaintiff can recover when proceeding against a dealer/seller under the FTC Holder Rule.

The question before the Supreme Court is whether the Holder Rule’s limit on a consumer’s recovery to the “amounts paid by the debtor” under the contract includes the consumer’s attorney’s fees.  Pulliam created a split among California’s appellate districts, with the Court of Appeal in Pulliam having concluded that the Holder Rule’s limit does not include attorney’s fee and Courts of Appeal in two other districts having issued decisions reaching the opposite conclusion.

Officially titled the “Trade Regulation Rule Concerning Preservation of Consumers’ Claims and Defenses,” the Holder Rule requires sellers that arrange for or offer credit to finance the purchase of consumer goods or services to include a specified “holder notice” in the credit contract.  The notice must state that any holder of the contract is subject to all claims and defenses the consumer could assert against the seller of the financed goods or services, and that the consumer’s “recovery [under the contract] shall not exceed amounts paid by the debtor [under the contract].”

In Pulliam, after purchasing a vehicle pursuant to a retail installment contract with the dealer, the plaintiff filed a lawsuit against the dealer and auto finance company to which the dealer had assigned the contract.  The plaintiff asserted various claims based on her discovery that the vehicle did  not have cruise control and other features shown in advertisements.  The jury found for the plaintiff on her claim of violation of the implied warranty of merchantability under California’s Song-Beverly Consumer Warranty Act and, in a judgment entered jointly and severally against the dealer and auto finance company, awarded her approximately $22,000 in damages.  On post-trial motions, the court awarded the plaintiff nearly $170,000 in attorney’s fees.

On appeal, the auto finance company argued that it was not liable for the plaintiff’s attorney’s fees under the Holder Rule.  As an initial matter, the Court of Appeal observed that the dictionary definition of “recovery” “focuses on damages, i.e. restoring money that was taken away from the plaintiff, and does not expressly address attorney’s fees.”  Based on its review of the Holder Rule’s legislative history, the court concluded that the Holder Rule’s limit on recovery applied to consequential damages and not attorney’s fees.

In their amicus brief, the trade groups argue in support of the defendant finance company that the Holder Rule’s recovery limit caps all monetary recovery, including attorney’s fees.  They make the following principal arguments:

  • The ordinary, common meaning of “recovery” encompasses all monetary sums awarded by a judgment, including any attorney’s fee award.
  • The Supreme Court should disregard policy arguments made by the plaintiff and Court of Appeal, such as that full recovery of attorney’s fees is needed to incentivize contract holders to settle early rather than prolong litigation and cause consumers to incur high litigation costs.  It is for the FTC, not the Court, to decide whether fee recovery will promote settlement.  Such policy arguments cannot overcome the Holder Rule’s plain language.
  • The Supreme Court should defer to the FTC’s conclusion set forth in its May 2019 notice that that if a holder’s liability for attorney’s fees is based on claims against the seller that are preserved by the Holder Rule Notice, then the amount the consumer can recover—including any recovery based on attorney’s fees—cannot exceed the amount the consumer paid under the contract.  (The notice announced the FTC’s decision to retain the Holder Rule without modification following a systemic review and the FTC provided its conclusion in response to comments received in connection with the review that addressed whether the Rule’s limitation on recovery to “amounts paid by the debtor” precludes consumers from recovering attorney’s fees above that cap.)
  • The California statute that would allow a plaintiff who prevails on a cause of action against a defendant pursuant to the Holder Rule to seek attorney’s fees is preempted as a matter of conflict and obstacle preemption.

Briefing in the case has been completed and the Court has advised counsel that it may set a date for oral argument.

CFPB Director Chopra used the release of two new reports about bank overdraft practices to warn banks—and responsible executives—that they could be at risk if the banks engage in overdraft practices deemed to violate Dodd-Frank’s “UDAAP” prohibition.  Prior to the issuance of the two new reports, the Bureau’s most recent report on overdrafts was issued in August 2017 under the leadership of former Director Cordray.  Two earlier reports were issued in June 2013 and July 2014, also under former Director Cordray.

Following a pattern established under former Director Cordray, the CFPB used relatively neutral language in its formal documents and more aggressive language in its press release, leaving the most alarming comments for the Director to personally deliver.  Thus, the press release advised that the CFPB will be “enhancing” its supervisory and enforcement scrutiny of banks that are heavily dependent on overdraft fees.  However, in a conference call with reporters, Director Chopra reportedly attacked big banks for “harvest[ing] billions in overdraft fees off Americans during the pandemic” and stated that bank overdraft practices reflect a “clear market failure.”  Ominously, in words that apply not just to bankers structuring overdraft programs but to all executives managing consumer financial services programs, he warned: “The CFPB will also seek to uncover the individuals who directed any illegal conduct.”

Significantly, neither the Director nor the recent CFPB reports identify specific overdraft practices of concern.  Rather, the Director seemingly objects to the aggregate dollar amounts banks have generated from overdraft fees.  However, a recent study commissioned by the Consumer Bankers Association (CBA) shows that overdraft fees have declined 40% in the past decade, a circumstance apparently unremarked by the CFPB.  And, in any event, high fees alone are not unlawful.

So far, the CFPB has been silent on whether the Bureau plans to engage in rulemaking on overdrafts.  However, Director Chopra has indicated that policy guidance may be forthcoming, and the Bureau’s Fall 2021 rulemaking agenda, which is expected to be released very soon, could reveal if the Bureau is considering rulemaking or intends to rely only on supervision and enforcement to address overdraft fees.

For a number of reasons and as detailed at greater length in a CBA white paper we helped author, we believe that formal rulemaking would serve as a far better approach than a return to “regulation by enforcement.”

  • The CFPB has had years to initiate rulemaking establishing clear standards for overdraft fees.  While the CFPB undoubtedly has the power to extract a costly settlement from a “poster-child” of its choice, enforcement in the absence of clear standards is fundamentally unfair.
  • Because of uncertainties about the facts and circumstances of the underlying conduct, consent orders cannot clearly communicate the Bureau’s regulatory expectations to industry.
  • Rulemaking would give the CFPB the opportunity to adopt uniform industry-wide rules.  These rules could (and should) be made equally applicable to large and small banks alike.  By levelling the playing field, the CFPB could ensure that banks willing to push the overdraft fee envelope do not gain a competitive advantage over their competitors with more conservative practices.
  • As the President and CEO of the CBA has observed, the nation’s banks have introduced new products and adopted best practices, even in the absence of regulation or aggressive agency enforcement regarding overdrafts.  These best practices, including real-time payment updates and account alerts, 24-hour grace periods and forgiveness of de minimus overdrafts, could serve as the basis for rulemaking but would be wholly inappropriate as requirements effectively mandated through enforcement orders.
  • The establishment of industry standards through consent orders and informal policy “guidance” (backed by the threat of draconian potential sanctions) deprives the Bureau of the benefits, and regulated parties of the protections, afforded by the notice and comment rulemaking mandated by the Administrative Procedure Act.

In addition to working with our bank clients over the years to ensure that their overdraft practices are as clear and fair as possible, we have helped them structure and document alternative products, such as overdraft lines of credit and deposit advances, which can serve financially stressed consumers better than overdrafts.  Years ago, the FDIC and OCC made it impracticable for banks to offer deposit advances, a development we roundly criticized, but the OCC, at least, subsequently realized that deposit advances can actually serve consumer needs.

The CFPB has now leveled a shot over the bow.  We expect to be kept busy in ensuing months working with our clients to further refine (and defend) their overdraft practices to develop overdraft alternatives and, in the event of rulemaking, to work collaboratively with the CFPB to ensure the best and fairest regulations possible.

As anticipated, the OCC, Federal Reserve Board, and FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”).  The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both U.S. banking organizations, as well as bank service providers.    

The Final Rule applies to “banking organizations” as defined in the Final Rule.  Covered banking organizations are required to provide notice to their relevant regulator in the event that a “Notification Incident” occurs.  A Notification Incident is a computer security event that results in actual harm to the confidentiality, integrity, or availability of information or an information system, when that occurrence has—or is reasonably likely to—materially disrupt or degrade:

  • a banking organization’s ability to carry out banking operations or deliver banking products and services to a material portion of its customer base;
  • business line(s), that upon failure would result in a material loss of revenue, profit, or franchise value; or
  • operations, including associated services, functions, and support, the failure or discontinuance of which would pose a threat to the financial stability of the United States.

The Final Rule specifically calls out ransomware and DDOS attacks as potential Notification Incident. Banking organizations that suffer a Notification Incident must provide notice to their respective regulator as soon as possible, but not later than 36 hours after the occurrence of the incident.  Despite the 36-hour notification window, covered banking organizations that offer “sector critical services” are encouraged to provide same day notification.  Finally, the required notice should be provided either by email, telephone, or any other similar methods later prescribed by regulators for providing notice.

The Final Rule also requires that bank service providers notify at least one bank-designated point of contact at each affected banking organization customer as soon as possible when the bank service provider determines that it has experienced a computer-security incident that has—or is likely to—materially disrupt or degrade covered services for more than four hours.  Banking organizations and service providers are required to work collaboratively to designate a method of communication that is feasible for both parties and reasonably designed to ensure that banking organizations actually receive the notice in a timely manner.  This requirement is designed to enable a banking organization to promptly respond to an incident, determine whether it must notify its primary federal regulator, and take any other measures that may be appropriate.

The Final Rule is likely to impact the operations of both banking organizations and bank service providers.  Banking entities should closely review the definitions in this Final Rule to determine whether they fall within its scope.  Moving forward, covered entities should expect to include relevant notification provisions in new and existing service contracts.  Covered entities will also want to ensure that they create internal policies and procedures for identifying when an incident requiring notification has occurred, and what steps must be taken by whom to provide notice to relevant parties in compliance with the Final Rule.


The CFPB has agreed to settle the lawsuit filed by the National Association of Consumer Advocates, U.S. Public Interest Research Group, and Professor Kathleen Engel challenging the legality of the Bureau’s Taskforce on Federal Consumer Financial Law.  The central allegation in the complaint was that the Taskforce failed to comply with the Federal Advisory Committee Act (FACA), a federal law that governs the creation, operation, and management of advisory committees to federal agencies.  The Taskforce released its report making recommendations on how to improve consumer protection in the financial marketplace in January 2021.

In the Stipulated Settlement Agreement, the parties stipulate that the Taskforce was subject to FACA and that the CFPB failed to comply with FACA’s requirements in establishing and operating the Taskforce.  The Settlement Agreement also provides that:

  • The Bureau will release to the plaintiffs, on a rolling basis, all Taskforce records “that would have been made public if the [Bureau] had complied with FACA’s requirements.”  The rollout will begin on January 17, 2022 and must be completed by March 22, 2022.  The Bureau will also make the records publicly available on its website.
  • The Bureau will amend the Taskforce’s two-volume report to add a disclaimer stating that the report was produced in violation of FACA and to add “a prominent warning label” in bold red font on the cover page of each volume stating that the report was produced in violation of FACA.  The disclaimer must include a description of the FACA requirements that the Bureau failed to satisfy.  It must also include the following statement:

Adhering to FACA’s requirements ‘ensure[s] that advisory committees are fairly constituted and properly monitored so that they will provide sound advice.’ (case citation omitted)  Because the Taskforce did not comply with FACA’s requirements, readers should not assume that the report provides ‘sound advice.’

  • The Bureau will move the Taskforce webpage which is currently located under the Rules and Policy Page to the Advisory Committees Page and add a disclaimer on the Taskforce webpage that the Taskforce was created in violation of FACA.  The Bureau will ensure that any links to the Taskforce on its website, including in prior press releases, are directed to the amended report. The current version of the report will be removed from the Bureau’s website.

Within minutes of its release in January 2021, the Taskforce’s report met with intense criticism from consumer advocacy groups.  In our blog post about the report, we commented that given the then imminent change in Administrations, there was considerable uncertainty as to what the ultimate impact of the Taskforce’s recommendations will be.  While the settlement does not fully expunge the report from the public record, it clearly will allow the CFPB’s current leadership to ignore the Taskforce’s recommendations when exercising the CFPB’s authorities.


Joined by two CBA representatives who previously served at the CFPB, we discuss the key arguments advanced in the white paper for why rulemaking and informal written guidance are more effective tools than enforcement for the Bureau to use to create new standards and expectations for industry and to carry out its consumer protection mission.  We also discuss how CBA plans to use the white paper to address industry concerns that may arise from the CFPB’s expected strong reliance on its enforcement authority under its current leadership.

Chris Willis, Co-Chair of Ballard Spahr’s Consumer Financial Services Group, hosts the conversation.

Click here to listen to the podcast.

Click here to read our blog post about and access the white paper.

In Bulletin 2021-36 Freddie Mac addresses cryptocurrency in the mortgage qualification process. Freddie Mac indicated that it is providing guidance “[d]ue to the high level of uncertainty associated with cryptocurrency.”

Freddie Mac advises that the Seller/Servicer Guide is updated to include the following guidance:

  • Income paid to the borrower in cryptocurrency may not be used to qualify for the mortgage.
  • For income types that require evidence of sufficient remaining assets to establish likely continuance (e.g., retirement account distributions, trust income and dividend and interest income, etc.), those assets may not be in the form of cryptocurrency.
  • Cryptocurrency may not be included in the calculation of assets as a basis for repayment of obligations.
  • Monthly payments on debts secured by cryptocurrency must be included in the borrower’s debt payment-to-income ratio and are not subject to the guide provisions regarding installment debts secured by financial assets.
  • Cryptocurrency must be exchanged for U.S. dollars if it will be needed for the mortgage transaction (i.e., any funds required to be paid by the borrower and borrower reserves).

Freddie Mac notes that it “will continue to monitor cryptocurrency developments and may update these requirements as appropriate in the future.”

The Federal Reserve Board, FDIC, and OCC (collectively, the “Agencies”) issued on November 23 a short Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps (“Joint Statement”), which announced – without further concrete detail – that they had assembled a “crypto asset roadmap” in order to provide greater clarity in 2022 to banks on the permissibility of certain crypto-asset activities.  Only the week before, the OCC’s Chief  issued Interpretive Letter #1179, which confirmed that a national bank or federal savings association could engage in certain cryptocurrency, distributed ledger and stablecoin activities – consistent with prior OCC letters – so long as a bank shows that it has sufficient controls in place, and first obtains written notice of “non-objection” by its supervisory office.  This post will discuss both publications.

There is great overlap between the bank activities referenced in the Joint Statement and Interpretive Letter #1179.  The 2022 clarity promised by the “roadmap” presumably will supersede, once issued, Interpretive Letter #1179, which appears to function as a general stop-gap until the 2022 publications hopefully provide more detail regarding exactly how banks can attain compliance.

Federal banking regulators have been busy in this space.  These pronouncements come closely on the heels of a Report on Stablecoins issued earlier in November by the Agencies and the U.S. President’s Working Group on Financial Markets, which delineated perceived risks associated with the increased use of stablecoins and highlighted three concerns: risks to rules governing anti-money laundering (“AML”) compliance, risks to market integrity, and general prudential risks.

A “Crypto Asset Roadmap” Promising Future Clarity

In the Joint Statement, the Agencies state that they “recognize that the merging crypto-asset sector presents potential opportunities and risks for banking organizations, their customers, and the overall financial system.”  Accordingly, “it is important that [the Agencies] provide coordinated and timely clarity where appropriate to promote safety and soundness, consumer protection, and compliance with applicable laws and regulations, including [AML] and illicit finance statute and rules.”  The Joint Statement therefore provides a “crypto asset roadmap” — the five bullet points set forth below — regarding topics for which the Agencies “plan to provide greater clarity [throughout 2022] on whether certain activities related to crypto-assets conducted by banking organizations are legally permissible, and expectations for safety and soundness, consumer protection, and compliance with existing laws and regulations[.]”  The five “roadmap” topics are:

  • Crypto-asset safekeeping and traditional custody services.
  • Ancillary custody services.
  • Facilitation of customer purchases and sales of crypto-assets.
  • Issuance and distribution of stablecoins.
  • Activities involving the holding of crypto-assets on balance sheet.

In other words: although the Joint Statement provides no concrete details, stay tuned for greater clarity throughout 2022 for banks regarding crypto-assets and related safety and soundness issues.  In theory, this potential regulatory clarity sounds promising – but of course, the devil is in the details, and the final product will need to judged according to its actual utility.  The Joint Statement also notes that the Agencies will evaluate bank capital and liquidity standards for crypto assets for activities involving U.S. banking organizations.

OCC Interpretive Clarification

The OCC’s Interpretive Letter #1179 refers back to three prior OCC Interpretive Letters:

  • OCC Interpretive Letter 1170, issued on July 22, 2020 and addressing whether banks may provide cryptocurrency custody services;
  • OCC Interpretive Letter 1172, issued on September 21, 2020 and addressing whether banks may hold dollar deposits serving as reserves backing stablecoin in certain circumstances; and
  • OCC Interpretive 1174, issued on January 4, 2021 and addressing (1) whether banks may act as nodes on an independent node verification network (e., distributed ledger) to verify customer payments, and (2) whether banks may engage in certain stablecoin activities to facilitate payment transactions on a distributed ledger.

All three of the above interpretive letters found that banks could perform the activity under consideration, if certain conditions were met.  Distilled, Interpretive Letter #1179 confirms that the activities described in the prior interpretive letters are “legally permissible for a bank to engage in, provided the bank can demonstrate, to the satisfaction of its supervisory office, that it has controls in place to conduct the activity in a safe and sound manner.”  Importantly, a national bank or federal savings association wishing to engage in any of the activities described above must notify in writing its supervisory regulator, and should not engage in such activities until it receives written notification of the supervisor’s “non-objection.”  As always, the adequacy of the bank’s risk management systems will be critical to this determination.  To obtain supervisory non-objection, a bank must demonstrate in writing that it understands any relevant compliance obligations, including under the Bank Secrecy Act, federal securities laws, the Commodity Exchange Act, and consumer protection laws.  Once a bank has received supervisory non-objection, the OCC will review these activities as part of its ordinary supervisor process.  It is unclear how fact regulators will act – or not – on requests for non-objection before the Agencies issue the clarity promised by “road map” sometime in 2022.

Interpretive Letter #1179 provides that banks already engaged in cryptocurrency, distributed ledger, or stablecoin activities as of the date of the letter do not need to obtain supervisory non-objection, assuming that they previously notified their supervisory offices and have adequate systems and controls in place to ensure that they are operating in a safe and sound manner.

The California Department of Financial Protection and Innovation (DFPI) is seeking comments on a proposed rulemaking under the California Consumer Financial Protection Law (CCFPL).  The proposal would implement the authority that the CCFPL gives the DFPI to require companies that provide financial products and services to California consumers to register with the DFPI and to require registered companies “to generate and provide records to facilitate oversight of registrants and detect risks to California consumers.”  Comments must be submitted by December 20, 2021.

The proposal would require businesses that provide the following financial products and services to register with the DFPI:

  • Debt settlement
  • Student debt relief
  • Education financing
  • Wage-based advances

With regard to education financing, there are no exceptions for open-end credit, loans secured by real property or a dwelling, or school payment plans or short term extensions of credit.  The DFPI states in its Invitation for Comments that the registration requirement would apply to providers of any form of credit where the credit’s purpose is to fund postsecondary education “regardless of whether the provider labels the credit a loan, retail installment contract, or income share agreement, and regardless of whether the credit recipient’s payment obligation is absolute, contingent, or fixed.”

The proposal prohibits a person, unless exempt, from offering or providing these products and services to a California resident without first registering with the DFPI.  It provides that registering with the DFPI “does not constitute a determination that other laws, including other licensing laws under the commissioner’s jurisdiction, do not apply” and that “granting registration to an applicant does not constitute a determination that the applicant’s acts, practices, or business model complies with any law or regulation.”

The proposal sets forth registration application procedures and designates the Nationwide Multistate Licensing System & Registry to handle all applications, registrant filings, and fee payments on behalf of the DFPI.  It also requires registrants to pay annual assessments and satisfy annual reporting requirements.