FTC has sent its annual letter to the CFPB reporting on the FTC’s activities related to compliance with the Equal Credit Opportunity Act and Regulation B.

The FTC has authority to enforce the ECOA and Reg. B as to nonbank providers within its jurisdiction.  However, like several of the FTC’s prior letters on its ECOA activities, the letter on 2019 activities does not describe any 2019 FTC ECOA enforcement activity and only contains information about the FTC’s research and policy development efforts and educational initiatives.

With respect to research and policy development, the initiatives described in the letter include the following:

  • Forum on small business financing to examine trends and consumer protection issues in this marketplace, which included a discussion of the ECOA’s applicability to small business loans.
  • Hearing on the FTC’s approach to consumer privacy, which included a discussion of the use of big data in automated decision making and how the ECOA should inform the use of data collected from consumers.
  • Workshop on accuracy in consumer reporting co-hosted with the CFPB to discuss issues affecting the accuracy of traditional credit reports and employment and tenant background screening.
  • The FTC’s Military Task Force continued to work on military consumer protection issues.
  • The FTC continues to be a member of the Interagency Task Force on Fair Lending along with the CFPB, DOJ, HUD, and the federal banking agencies.

With regard to the FTC’s consumer and business educational initiatives, the FTC states that in 2019, it “conducted efforts to provide education on important issues, including those related to credit transactions to which Regulation B applies or relates.”  By way of example, the FTC references blog posts about its small business forums.




The CFPB has issued a proposal that would require debt collectors to make specified disclosures when collecting time-barred debts (Disclosure Proposal).  The Disclosure Proposal supplements the Bureau’s proposed debt collection rule issued in May 2019 (May Proposal).  Comments on the Disclosure Proposal must be filed no later than 60 days after the date it is published in the Federal Register.  The Bureau has proposed that the Disclosure Proposal would have an effective date that is one year after a final rule is published in the Federal Register.

The May Proposal, in Section 1006.26(b), provides that “[a] debt collector must not bring or threaten to bring a legal action against a consumer to collect a debt that the debt collector knows or should know is a time-barred debt.”  The Disclosure Proposal adds Section 1006.26(c) containing a disclosure requirement for a debt collector “who knows or should know that a debt is time barred when the debt collector makes the initial communication [as defined in the May Proposal.]”  It requires such a collector “to clearly and conspicuously” make the following disclosures in the initial communication and validation notice:

  • “That the law limits how long the consumer can be sued for a debt and that, because of the age of the debt, the debt collector will not sue the consumer to collect it.”
  • “If, under applicable law, the debt collector’s right to bring a legal action against the consumer can be revived, the fact that revival can occur and the circumstances in which it can occur.”

The Disclosure Proposal also includes modified timing requirements for making these disclosure when (1) a debt becomes time-barred (i) after making the initial communication but before the validation notice has been sent, or (ii) after both making the initial communication and sending the validation notice, and (2) a debt collector who neither knows or should know that a debt is time-barred (i) when making the initial communication but knows or should know the debt is time-barred when sending the validation notice, or (ii) when making the initial communication or sending the validation notice but later knows or should know the debt is time-barred.

The Disclosure Proposal contains four model forms and requires that when the disclosures required by Section 1006.26(c) are on a validation notice, “the content, format, and placement of the disclosures… must be substantially similar to such disclosures on [the model forms].”  When the Section 1006.26(c) disclosures are “provided orally or in a written communication that is not a validation notice, the content of the [Section 1006.26(c)] disclosures must be substantially similar to such disclosures on [the model forms].”  The Disclosure Proposal includes a compliance safe harbor for debt collectors who use the model forms or their relevant content, as applicable.

Other noteworthy aspects of the Disclosure Proposal include the following:

  • A proposed comment would provide that to satisfy Section 1006.26(c) regarding debts that can be revived, a debt collector must determine which state’s law applies and the circumstances, if any, under which that law would permit revival.  The Bureau asks for comments “on the burden of requiring all debt collectors to determine, when collecting debt they know or should know is time barred, which State’s law applies and the circumstances, if any, under which that law would permit revival.”
  • A proposed comment would provide that when making Section 1006.26(c) disclosures on a validation notice that is substantially similar to a model form, a debt collector can make disclosures required by state or other applicable law on the reverse of the validation notice.

We will be sharing more of our reactions to the Disclosure Proposal in subsequent blog posts.  However, one immediate concern raised by the Disclosure Proposal is its potential impact even before it is finalized and becomes effective.  As the Bureau notes in the Disclosure Proposal’s background discussion, some courts have found that a debt collector who seeks payment on a time-barred debt and provides disclosures regarding the debt’s unenforceability has nevertheless violated the FDCPA because the disclosures were deemed misleading.  The Disclosure Proposal provides support for the argument that until it is finalized, there is no FDCPA requirement to provide a disclosure regarding time-barred debts despite decisions that have held to the contrary.  At the same time, however, there is also the possibility that before the Disclosure Proposal is finalized, the Bureau’s proposed model forms (together with its rationale for the proposal) will be used by plaintiff’s attorneys to support FDCPA and/or state UDAP or debt collection law attacks on disclosures for time-barred debts that differ substantially from those proposed by the Bureau.  Also, while the Bureau has stated that the Disclosure Proposal, like the May Proposal, is only intended to apply to debt collectors who are subject to the FDCPA, the model forms could create a similar risk for first party collections.



The CFPB announced that it will hold a symposium on consumer access to financial records and Section 1033 of the Dodd-Frank Act on February 26, 2020.  The event will be webcast on the Bureau’s website.

In November 2016, the CFPB issued a request for information (RFI) about market practices related to consumer access to financial information, and in October 2017, it released a set of “Consumer Protection Principles” for participants “in the developing market for services based on the consumer-authorized use of financial data.”

Section 1033 requires that “[s]ubject to rules prescribed by the Bureau, a covered person shall make available to a consumer, upon request, information in the control or possession of such person concerning the consumer financial product or service that the consumer obtained from such covered person, including information related to any transaction, or series of transactions, to the account including costs, charges, and usage data.”  The CFPB indicated that, in responding to the RFI, a number of stakeholders, primarily account data holders, questioned Section 1033’s applicability to consumer-authorized data access, as opposed to consumer’s direct access, and encouraged the CFPB not to engage in Section 1033 rulemaking.

The symposium will feature remarks by Director Kraninger and consist of the following three panels:

  • The first panel will assess the current landscape of holders of consumer data and the benefits and risks of consumer-authorized data access.  The panel will be moderated by Paul Watkins, Assistant Director in the Bureau’s Office of Innovation.  The panel members are:
    • Becky Heironimus, Managing Vice President of Customer Platforms, Data Ethics and Privacy, Capital One
    • John Pitts, Policy Lead, Plaid
    • Natalie Talpas, Senior Vice President, Product Group Manager, Digital, PNC
    • Christina Tetreault, Senior Policy Counsel, Consumer Reports
    • Nick Thomas, Co-founder and Chief Technology Officer, Finicity
  • The second panel will include a discussion of market developments in consumer-authorized data access.  The panel will be moderated by Will Wade-Gery, Senior Advisor in the Bureau’s Office of Innovation.  The panel members are:
    • Steven Boms, Executive Director, FDATA N.A.
    • Lila Fakhraie, Senior Vice President, Digital Banking APIs, Wells Fargo Bank
    • Jason Gross, Co-Founder & CEO, Petal
    • Melissa Koide, CEO, FinRegLab
    • James Reuter, CEO & President, First Bank Holding Company
  • The third panel will focus on the future state of the market, as well as considerations for policymakers on how to ensure consumer data is safeguarded while ensuring that consumers have continual access to their data.  The panel will be moderated by Thomas Devlin, Managing Counsel in the Bureau’s Research, Markets and Regulation Division.  The panel members are:
    • Jane Barratt, Chief Advocacy Officer, MX
    • Thomas P. Brown, Partner, Antitrust and Competition and Global Banking and Payment Systems Practices, Paul Hastings LLP
    • Brian Knight, Director of Innovation and Governance, Mercatus Center
    • Dan Murphy, Policy Manager, Financial Health Network
    • Natalie Williams, General Counsel, Responsible Banking and Data, JPMorgan Chase
    • Chi Chi Wu, Staff Attorney, National Consumer Law Center

The OCC and FDIC announced yesterday that they have extended the 60-day comment period for their joint proposal to revise their regulations implementing the Community Reinvestment Act that was published in the Federal Register on January 8, 2020.  As extended by 30 days, the comment period ends on April 8, 2020.

The California Reinvestment Coalition, which opposes the proposal, issued a statement responding to the agencies’ announcement in which it called the extension “a big win.”  The Coalition claimed that the extension “is a direct result of intense pressure from our members, allies and community groups nationally, as well as Congressional representatives, who recognized that more time is needed to review a proposal that will have profound impacts on communities of color.”


In this podcast, we look at key issues and provide practical pointers that sellers and buyers of charged-off debts should consider, including (1) seller due diligence to prepare for a sale, such as identifying and creating relevant policies and procedures and reviewing documentation for debts to be sold, (2) important contractual issues for buyers and sellers when negotiating sales agreements, such as debt repurchase rights, resales and assignments, buyer responsibility for its providers’ activities, and seller post-sale obligations regarding buyer information requests, and (3) seller monitoring of such requests.

Click here to listen to the podcast.

The CFPB has released the Winter 2020 edition of its Supervisory Highlights.  The report discusses the Bureau’s examinations in the areas of debt collection, mortgage servicing, payday lending, and student loan servicing that were completed between April 2019 and August 2019.

Key findings include the following:

Debt collection. One or more debt collectors were found to have violated the FDCPA requirements to (1) disclose in communications subsequent to the initial written communication that the communication is from a debt collector, and (2) send a written validation notice within five days of the initial communication.

Mortgage servicing. One or more servicers were found to have violated the Regulation X loss mitigation notice requirements to (1) notify borrowers in writing that a loss mitigation application is either complete or incomplete within five days of receiving the application; (2) provide a written notice stating the servicer’s determination of available loss mitigation options within 30 days of receiving a complete loss mitigation application; and (3) provide a written notice containing specified information when the servicer offers the borrower a short-term loss mitigation option based on an evaluation of an incomplete loss mitigation application.  With regard to the third violation, such violations took place when servicers automatically granted short-term payment forbearances based on phone conversations with borrowers in a disaster area who had experienced home damage or incurred a loss of income from the disaster.  The Bureau considered these phone conversations to be loss mitigation applications under Regulation X.  Because the violations were caused in part by the servicers’ efforts to handle a surge in applications due to natural disasters, CFPB examiners did not issue any matters requiring attention for the violations and servicers developed plans to enhance staffing capacity to respond to future disaster-related increases in loss mitigation applications.

Payday lending. CFPB examiners found:

  • One or more lenders engaged in unfair practices in violation of the Dodd-Frank UDAAP prohibition when the lenders failed to apply payments processed by the lenders to the borrowers’ loan balances, continued to assess interest as if the consumer had not made a payment, and incorrectly treated the borrowers as delinquent.  The lenders lacked systems to confirm that payments were applied to borrowers’ loan balances and borrowers who viewed their accounts online were provided incorrect information that did not reflect unapplied payments, resulting in borrowers paying more than they owed.
  • One or more lenders engaged in unfair practices in violation of the Dodd-Frank UDAAP prohibition by charging borrowers a fee as a condition of paying or settling a delinquent loan which was not authorized by the loan contract and which the loan contract stated would be paid by the lenders.  During the payment or settlement process, the fee was either incorrectly described as a court cost (which the contract would have required the borrower to pay) or not disclosed at all.  In addition to changing their compliance management systems, the lenders refunded the fee to borrowers.
  • One or more lenders disclosed inaccurate APRs in violation of Regulation Z as a result of reliance on employees to calculate APRs when the lenders’ loan origination systems were unavailable.
  • One or more lenders disclosed an inaccurate APR and finance charge in violation of Regulation Z as a result of not including in the APR and finance charge calculation a loan renewal fee charged to borrowers who were refinancing delinquent loans.  The fee was deemed to constitute both a change in terms because it was not stated in the outstanding loan agreement and a finance charge associated with the new loan that required new Regulation Z disclosures because the lenders conditioned the new loans on payment of the fee.  The fee was refunded to consumers.
  • One or more lenders violated the Regulation Z requirement to retain evidence of compliance for two years.
  • One or more lenders were found to have violated the Regulation B adverse action notice requirement by sending notices that stated one or more incorrect principal reasons for taking adverse action.  Such violations were attributed to coding system errors.

Student loan servicing. CFPB examiners found that one or more servicers engaged in unfair practices in violation of the Dodd-Frank UDAAP prohibition in connection with monthly payment calculations.  Servicers were found to have stated monthly payment amounts in periodic statements that exceeded those authorized by the consumers’ promissory notes, where either the servicers automatically debited incorrect amounts or borrowers not enrolled in auto debit made an inflated payment or were charged a late fee for failing to make the inflated payment by the due date.  These inaccurate calculations were the result of data mapping errors that occurred during the transfer of private loans between servicing systems.  Servicers have conducted reviews to identify and remediate affected consumers and implemented new processes to mitigate data mapping errors.



The U.S. Supreme Court entered an order last Friday that divides and enlarges the time for oral argument in Seila Law, which is scheduled for March 3.

Seila Law filed a motion asking the Supreme Court to increase the total time for oral argument from 60 to 70 minutes and the House of Representatives, which filed an amicus brief in support of the Ninth Circuit’s judgment, filed a motion asking to participate in the oral argument.

The Supreme Court’s order increases the total time for oral argument from 60 to 70 minutes and divides the time as follows: “20 minutes for the petitioner, 20 minutes for the Solicitor General, 20 minutes for the Court-appointed amicus curiae, and 10 minutes for the United States House of Representatives.”

Seila Law and the DOJ also filed briefs replying to Mr. Clement’s brief.  In his brief, Mr. Clement argued as an initial matter that the Court should conclude that the dispute over the Bureau’s constitutionality does not satisfy Article III jurisdiction requirements because Seila Law has not suffered an injury that is traceable to the constitutionality question.  He also argued that the dispute does not satisfy prudential considerations of ripeness.  Mr. Clement argued in the alternative that if the Supreme Court does reach the constitutionality question, it should hold that the Dodd-Frank Act’s “for cause” removal provision is constitutional.

In addition to renewing their arguments that the Bureau’s structure is unconstitutional, both Seila Law and the DOJ argue that the constitutionality question is properly before the Supreme Court and urge the Court to decide the question.



The Federal Financial Institutions Examination Council (FFIEC) recently issued the 2020 edition of the Guide to HMDA Reporting: Getting It Right! (2020 Guide).

As previously reported, in October 2019 the CFPB issued a Home Mortgage Disclosure Act (HMDA) final rule that:

  • Continues until January 1, 2022 the temporary volume threshold that triggers reporting of open-end, dwelling-secured lines of credit of at least 500 originated lines of credit in each of the prior two calendar years.
  • Incorporates into Regulation C the interpretative and procedural rule previously issued by the CFPB to implement the partial exemption from HMDA reporting for smaller volume bank and credit union lenders adopted in the Economic Recovery, Regulatory Relief, and Consumer Protection Act (Growth Act).

The 2020 Guide reflects these changes. The CFPB still needs to finalize the permanent threshold for reporting open-end, dwelling-secured lines of credit, as well as the threshold for reporting closed-end mortgage loans. According to the CFPB’s fall rulemaking agenda, final action on both thresholds is expected in March 2020.

On January 31, 2020, by a vote of 65 to 33, the Virginia House of Delegates passed a bill that would establish a 36% rate cap on certain consumer loans.  Since Democrats also hold a majority in the Virginia Senate, the Senate is expected to also pass the bill.

The bill amends Virginia’s general usury law and Consumer Finance Act and includes the following key provisions:

  • References to “payday loans” are changed to refer to “short-term loans” with the maximum amount of such loans increased from $500 to $2,500.  Such loans can have a minimum term of four months (subject to exceptions) and a maximum term of 24 months and interest and fees cannot exceed a 36 percent simple annual rate plus a monthly maintenance fee.  The monthly maintenance fee cannot exceed the lesser of 8% of the original loan amount or $25 (and cannot be added to the loan balance on which interest is charged).  Licensed lenders must make a reasonable attempt to verify a borrower’s income and may not collect fees and charges that exceed 50 percent of the original loan amount if such amount is equal to or less than $1,500 and 60 percent of the original loan amount if such amount is greater than $1,500.
  • Motor vehicle title loans can have a maximum amount of $2,500, a minimum term of six months (subject to exceptions) and a maximum term of 24 months, and interest and fees that do not exceed a 36 percent simple annual rate plus a monthly maintenance fee.  The monthly maintenance fee cannot exceed the lesser of 8% of the original loan amount or $15 (and cannot be added to the loan balance on which interest is charged).  Licensed lenders must make a reasonable attempt to verify a borrower’s income and  may not collect fees and charges that exceed 50 percent of the original loan amount if such amount is $1,500 or less and 60 percent of the original loan amount if such amount is greater than $1,500, and are prohibited from making a motor vehicle title loan to a borrower with an outstanding short-term loan.

We calculated the following APRs for short-term and motor vehicle title loans of various amounts financed and terms on which a 36% annual rate and the maximum allowed maintenance fee was charged:

  • Short-term loans:
    • $300 amount financed and 4-month term: 177.91% APR
    • $500 amount financed and 5-month term: 128.10% APR
    • $1,000 amount financed and 10-month term: 83.73% APR
  • Motor vehicle title loans:
    • $300 amount financed and 6-month term: 128.86% APR
    • $500 amount financed and 8-month term: 93.17% APR
    • $1,000 amount financed and 10-month term: 65.17% APR


On February 7, 2020, the California Attorney General’s (AG) Office released modifications to the proposed regulations to the California Consumer Privacy Act (CCPA).  The modifications incorporate amendments to the CCPA signed into law after the AG’s Office issued the proposed regulations in October 2019.  The modifications also reflect public comments made during the initial comment period, which concluded in December 2019.  Overall, the modifications provide helpful clarifications that should lessen compliance burdens for a number of industries.  Of note, the modified proposed regulations:

  1. Limit Definition of Personal Information.  The modified proposed regulations clarify that “personal information” does not include information that a business collected but cannot reasonably link to a consumer.  For example, “if a business collects the IP addresses of visitors to its website but does not link the IP address to any particular consumer or household, and could not reasonably link the IP address with a particular consumer or household” then the IP address would not be “personal information.”  This is a particularly important limitation for businesses that don’t have a direct relationship with California consumers but rather only collect personal information via the website.
  2. Define Reasonable Accessibility.  As initially proposed, the regulations included a new requirement that privacy policies and online notices be reasonably accessible, without offering any definition of the standards.  The modified proposed regulations state that reasonable accessibility means compliance with generally recognized industry standards, such as the Web Content Accessibility Guidelines, v2.1 – the prevailing standard used for ensuring compliance with the Americans with Disability Act (ADA) website accessibility requirements.
  3. Requiring JustinTime Notice for Unexpected Data Collection:  The modified proposed regulations state, “When a business collects personal information from a consumer’s mobile device for a purpose that the consumer would not reasonably expect, it shall provide a just-in-time notice containing a summary of the categories of personal information being collected and a link to the full notice at collection.  For example, if the business offers a flashlight application and the application collects geolocation information, the business shall provide a just-in-time notice, such as through a pop-up window when the consumer opens the application, which contains the information required by this subsection.”  This requirement aligns with Federal Trade Commission (FTC) guidelines and the 2020 Network Advertising Initiative (NAI) Code of Conduct.
  4. Removal of Webform Requirement.  The modifications remove a requirement set forth in the regulations as initially proposed that would have required businesses to provide two or more methods for consumers to submit consumer access requests, one of which was an interactive webform.  The modified proposed regulations permit businesses to meet this requirement by providing a toll-free number and a designated email address.
  5. Limiting Search Obligations in Response to Right to Know Requests.  The modified proposed regulations clarify that a business is not required to search for personal information in response to a right to know request where the business: does not maintain the personal information in a searchable or reasonably accessible form; the business maintains the personal information for legal or compliance purposes; the business does not sell or use the personal information for a commercial purpose; and the business describes to the consumer the categories of records that may contain personal information that the business did not search.  This limitation partly addresses the question of whether (and when) right to know requests include access to data held in hard to search, unstructured systems.
  6. OptOut buttons.  The modified proposed regulations include examples of compliant opt-out buttons.
  7. Streamlining Requirements for Data Brokers.  As initially proposed, the regulations would have required a company selling information it had collected indirectly to ensure that the first-party business had issued a “notice at collection” to the consumer.  The modifications remove this requirement provided these third parties register as data brokers and include a link to their privacy policy, which contains opt-out instructions.

There are other changes to the initial proposal that have the effect of limiting some of the other compliance burdens for businesses.  As expected, however, the modified proposed regulations do not provide additional clarity regarding the meaning of “sale/sell/selling” or define what “reasonable data security” means.

The AG’s Office will accept public comments on the modified proposed regulations until February 24, 2020.  The regulations are expected to be finalized in April or May 2020.