Past and present Democratic Representatives and Senators filed an amicus brief in support of the motion for a temporary restraining order filed by Leandra English to block Mick Mulvaney from exercising the authority of CFPB Acting Director.  The court granted the lawmakers’ motion for leave to file the brief before its denial of Ms. English’s TRO motion.

Republican Attorneys General from eight states filed a motion seeking leave to file an amicus brief in support of President Trump and Mick Mulvaney, the named defendants in Ms. English’s lawsuit.  The eight states are Texas, West Virginia, Alabama, Arkansas, Georgia, Louisiana, Oklahoma, and South Carolina.  The motion included a copy of their proposed amicus brief as an exhibit.  Following its denial of Ms. English’s TRO motion, the court entered an order denying the AGs’ motion as moot but “without prejudice to re-filing for leave to file a brief with respect to the merits or any additional motions for injunctive relief.”

In their amicus brief, the Democratic lawmakers argue that the CFPA provision that states the Deputy Director “shall serve as Acting Director in the absence or unavailability of the Director” supplants the Federal Vacancies Reform Act (FVRA) and provides the sole means for temporarily filling a vacancy in the position of CFPB Director until Senate confirmation of a new Director.  They assert that such a reading of the CFPA provision is consistent with the CFPA’s structure and legislative history.

The Republican AGs, in their proposed amicus brief, argue that the CFPA cannot override the President’s appointment authority under the FVRA without raising separation of powers concerns under Article II of the U.S. Constitution.  They assert that, to avoid such constitutional issue, the court should hold that the President has the authority under the FVRA to appoint the CFPB Acting Director.  (In his oral ruling denying Ms. English’s TRO motion, Judge Kelly suggested constitutional separation of powers concerns might arise if the President was prevented from exercising his FVRA authority.)

 

While an official announcement has not yet appeared on the CFPB’s website, it has been widely reported that Kristen Donoghue will be appointed the CFPB’s new Assistant Director of Enforcement, effective November 17, 2017.  She will replace Anthony Alexis.

Ms. Donoghue has served as a CFPB enforcement attorney since the CFPB’s establishment in 2011, and most recently served as the CFPB’s Principal Deputy Enforcement Director.  Her appointment is not expected to result in any significant changes to the CFPB’s enforcement approach since she is reported to have been a significant contributor to the CFPB’s current enforcement policies and priorities.

In addition, she will report to the Associate Director for Supervision, Enforcement & Lending, a position that is currently held by Christopher D’Angelo.  Mr. D’Angelo has also been at the CFPB since 2011 and served as Director Cordray’s Chief of Staff before becoming Associate Director.

Ms. Donoghue spoke last year in Chicago at the Practicing Law Institute (PLI) Annual Consumer Financial Services Institute (which I co-chaired).  She was a member of  “The CFPB Speaks” panel (which I moderated).  We expect her to speak on the same panel at the 2018 Annual Institute at one or more locations.

 

The Office of Inspector General (OIG) for the CFPB and Fed has issued a report that found the CFPB can improve its practices related to examination workpaper documentation.  This report follows another OIG report issued last month that found the CFPB could improve the effectiveness of its Examiner Commissioning and On-the-Job Training Programs.

The report provides the results of an evaluation conducted by the OIG to assess the CFPB’s guidance and practices, including training and quality reviews, to promote effective and consistent examination workpaper documentation.  The OIG reviewed documentation in each of the CFPB’s four regions for compliance with the CFPB’s Supervision and Examination Manual and other policies applicable to examinations.

The OIG’s findings included the following:

  • The CFPB’s approach was to grant examination employees in each region open access to examination workpaper documentation and supporting material.  That approach resulted in certain employees having access to materials with confidential supervisory information and personally identifiable information when they did not appear to have a business need to know such information, thereby creating an opportunity for insider abuse.
  • A lack of information disposal guidelines limited the CFPB’s ability to protect sensitive information and a lack of a consistent process for limiting access rights limited the effectiveness of self-reporting of potential information security incidents.
  • Documentation of supervisory review of workpapers by the Examiner in Charge and Field Manager did not fully comply with Examination Manual standards.  As a result, the CFPB could not be assured that all workpapers that support findings and conclusions had been reviewed and approved, which could affect the credibility of examination results.
  • The CFPB did not have formal training for examiners on workpaper practices.
  • The CFPB had not established an ongoing quality control review process for examination workpapers to evaluate whether workpapers met the requirements in the Examination Manual.

The report includes the OIG’s recommendations for addressing its findings and the CFPB’s responses to the recommendations.

 

The Office of Inspector General (OIG) for the CFPB and Fed has issued a report on the results of its evaluation of the effectiveness of the CFPB’s Examiner Commissioning Program (ECP) and On-the-Job Training (OJT) Program.  In conducting the evaluation, the OIG assessed the design, implementation, and execution of the two programs. The OIG found that the effectiveness of both programs could be improved.

The CFPB implemented the ECP in October 2014 and, according to the report, has described the ECP as “critical” for its supervision program and the professional development of its examiners.  Although the OIG found that the CFPB had taken some steps to enhance the ECP, it identified several shortcomings.  The OIG found the following:

  • Due to management’s workforce needs and advancement incentives, some examiners appeared to proceed through certain components of the ECP before being fully prepared. In addition, certain controls established by the CFPB to manage examiners’ progression through the ECP might be ineffective.
  • Some examiners did not appear to receive adequate training and developmental opportunities or exposure to certain CFPB internal processes before proceeding to certain components of the ECP.
  • The CFPB did not have a formal method to evaluate and update the ECP.
  • The CFPB did not consistently communicate ECP requirements to prospective employees, including the starting point for the 5-year requirement for completing the ECP.

The CFPB’s OJT program is intended to be a standardized program that ensures examiners are trained uniformly across all regions.  In the program, an OJT trainer is expected to work with an examiner on an examination, provide mentoring, discuss the  CFPB’s Supervision and Examination Manual, and oversee the examiner’s completion of assigned modules. The OIG found that CFPB regions had not consistently implemented the OJT program and examiners may not have understood the requirements, expectations, and purpose of the OJT.

The report makes a series of recommendations for addressing the OIG’s findings and enhancing the effectiveness of the ECP and OJT program.  In the CFPB’s response to the OIG’s draft report, which is included with the report, the CFPB states that it agrees with the OIG’s recommendations and outlines its plans for implementing the recommendations.

 

The CFPB has issued a new compliance bulletin (2017-11) to provide guidance on pay-by-phone fees.  The guidance includes examples of conduct relating to pay-by-phone practices identified by the CFPB in its supervision and enforcement activities that may violate or risk violating the Dodd-Frank UDAAP prohibition or the FDCPA.

The enforcement actions cited in the guidance involving alleged UDAAP violations arising from pay-by-phone practices date from 2015 and, while recent CFPB supervisory highlights have discussed potential FDCPA violations arising from “convenience fees” charged by debt collectors to process payments by phone, recent supervisory highlights have not discussed potential UDAAP violations arising from pay-by-phone practices.  As a result, the CFPB’s issuance of the guidance suggests that it intends to give pay-by-by phone practices closer scrutiny in examinations and in enforcement actions.  We have been reviewing and suggesting revisions to many clients regarding their pay-by-phone practices since the CFPB began focusing on this area in examinations.  It is important for creditors and debt collectors to be mindful that such practices may also create a risk of state law violations.

Examples provided of conduct that may violate the UDAAP prohibition include:

  • Failing to disclose the prices of all available pay-by-phone services when different options carry materially different fees.  According to the CFPB, while many companies disclose in periodic billing statements or elsewhere that a transaction fee may apply to various payment methods, they do not disclose the fee amounts and instead depend on phone representatives to do so.  The CFPB observes that phone representatives risk engaging in an unfair practice by only revealing higher-cost options or failing to inform consumers of material price differences between available options.
  • Misrepresenting the available payment options or that a fee is required to pay by phone.  The CFPB observes that some companies charge a fee for expedited phone payments but also offer no-fee phone payment options that post a payment after a processing delay.  According to the CFPB, some of such companies offer their fee-based expedited payment option as their default pay-by-phone option, with the result that consumers could be misled to believe that a fee is always required to pay by phone and cause consumers to be charged for expedited payment even if such consumers did not need to post a payment on the same day.
  • Failing to disclose that a pay-by-phone fee would be added to a payment.  According to the CFPB, a company may risk engaging in a deceptive act or practice by failing to disclose that a pay-by-phone fee will be charged in addition to a consumer’s otherwise applicable payment amount and indicating that only the otherwise applicable payment amount will be charged.  In the CFPB’s view, such conduct may create the misimpression that no pay-by-phone fee is charged.
  • Failing to adequately monitor employees or oversee service providers. The CFPB observes that although a company may have policies and procedures requiring phone representatives to disclose all available pay-by-phone options and fees, deviations from call scripts may cause phone representatives to misrepresent available options and fees.  According to the CFPB, companies can reduce the risk of misrepresentations through adequate monitoring and references its November 2016 compliance bulletin (2016-03) on production incentives.  The CFPB suggests that companies should consider the impact of incentives for employees and service providers may have on compliance risks relating to potential UDAAP violations.

Examples of conduct that may violate the FDCPA:

  • The CFPB notes the FDCPA prohibition on the collection of any amount by a debt collector unless such amount is expressly authorized by the agreement creating the debt or permitted by law.  The CFPB states that its examiners found that one or more mortgage servicers meeting the FDCPA “debt collector” definition violated the FDCPA by charging fees for taking mortgage payments by phone to borrowers whose mortgage instruments did not expressly authorize such fees and who resided in states where applicable law did not expressly permit collection of such fees.

The guidance indicates that the CFPB expects companies to review their practices on charging pay-by-phone fees for potential risks of UDAAP or FDCPA violations and provides suggestions for companies to consider in assessing whether their practices present a risk of constituting a UDAAP or FDCPA violation.  It also advises companies to consider whether production incentive programs create incentives to steer consumers to certain payment options or avoid disclosures.  According to the CFPB, such incentives could enhance the potential risk of UDAAPs if they reward employees or service providers based on consumers using a higher-cost pay-by-phone option or based on the number of daily calls completed.

 

The Office of the Comptroller of the Currency has issued a new bulletin (2017-21) containing fourteen frequently asked questions to supplement OCC Bulletin 2013-29 entitled “Third-Party Relationships: Risk Management Guidance.”   The 2013 bulletin provided updated guidance for managing operational, compliance, reputation, strategic, and credit risk presented by third-party business relationships of national banks and federal savings associations.

In the new bulletin, the OCC observes that many banks have recently developed relationships with financial technology (fintech) companies in which the fintech companies perform or deliver services on behalf of a bank or banks and therefore meet the 2013 bulletin’s definition of a third-party relationship.  The OCC states that, as a result, it would expect bank management to include such fintech companies in the bank’s third-party risk management process.  The FAQs include the following specifically addressed to fintech companies:

  • Is a fintech company arrangement considered a critical activity?
  • Can a bank engage with a start-up fintech company with limited financial information?
  • How can a bank offer products or services to underbanked or underserved segments of the population through a third-party relationship with a fintech company?

The FAQs also specifically address bank arrangements with marketplace lenders, in particular the question “What should a bank consider when entering into a marketplace lending arrangement with nonbank entities?”  The OCC’s guidance includes the following:

  • For compliance risk management, banks should not originate or support marketplace lenders that do not have adequate compliance management processes and should monitor the marketplace lenders to ensure that they appropriately implement applicable consumer protection laws, regulations, and guidance.
  • When banks enter into marketplace lending or servicing arrangements, because the banks’ customers may associate the marketplace lenders’ products with those of the banks, reputation risk can arise if the products underperform or harm customers.
  • Operational risk can increase quickly if the banks and the marketplace lenders do not include appropriate limits and controls in their operational processes, such as contractually agreed-to loan volume limits and proper underwriting.
  • To address the risks created by marketplace lending arrangements, a bank’s due diligence of marketplace lenders should include consulting with the bank’s appropriate business units, such as credit, compliance, finance, audit, operations, accounting, legal, and information technology.
  • Contracts or other governing documents should set forth the terms of service-level agreements and contractual obligations, and significant contractual changes should prompt reevaluation of bank policies, processes, and risk management practices.

The CFPB recently announced that it has begun to examine service providers on a regular, systematic basis, particularly those supporting the mortgage industry.  Previously, the CFPB has only examined some service providers on an ad hoc basis.  The change represents a significant expansion of the CFPB’s use of its supervisory authority and will substantially increase the number and types of entities facing CFPB examinations.  On June 13, 2017, from 12 p.m. to 1 p.m. ET, Ballard Spahr attorneys will hold a webinar, “The CFPB’s Expansion of its Supervisory Program to Service Providers – What You Need to Know.”  More information and a link to register is available here.

 

 

 

At the Auto Finance Risk and Compliance Summit held this week, Calvin Hagins, CFPB Deputy Assistant Director for Originations, stated that the CFPB is increasingly asking lenders about ancillary product programs during examinations, particularly about the percentage of consumers buying these products.

In June 2015, when the CFPB released its larger participant rule for nonbank auto finance companies, it also issued auto finance examination procedures in which ancillary products, like GAP insurance and extended service contracts, received heavy attention.  We commented that by giving so much attention to these products, the CFPB was signaling its intention to give lots of scrutiny to these products in the auto finance market.  Mr. Hagins’s comments confirm that the CFPB is in fact looking closely at these products in exams.

Speaking at the Summit as a member of a regulatory panel, Mr. Hagins indicated that companies should expect to get questions from CFPB examiners about ancillary products.  He indicated that the CFPB specifically looks at how the product is offered to the consumer, when in the contracting process is it offered, how disclosures are being provided to the consumer, and the acceptance rate.  As an example, he indicated that a 95% acceptance rate would cause CFPB examiners to raise questions about how the rate was achieved.

At the Summit, Colin Hector, an FTC attorney, indicated that the FTC is also interested in ancillary products, particularly whether there is a potential for consumer deception in how they are sold.  He commented that, in its enforcement work, the FTC has focused on ancillary product sales that occur at the end of the sales process when consumers may be led to believe they must purchase the products to obtain financing and the seller has increased leverage because the consumer is more invested in completing the transaction.

 

At the program held on April 7 entitled “The State of Consumer Protection Initiatives” at the American Bar Association Business Law Section Consumer Financial Services Committee 2017 Spring Meeting, Peggy Twohig, the CFPB’s Assistant Director for Supervision Policy, announced that the CFPB has begun to examine service providers on a regular, systematic basis, particularly those supporting the mortgage industry.  Since its inception, the CFPB has had the authority to supervise service providers.  However, in the past, the CFPB has only examined some service providers on an ad hoc basis.  The change represents a significant expansion of the CFPB’s use of its supervisory authority and will substantially increase the number and types of entities facing CFPB examinations.  We will conduct a webinar on this important subject on June 13, 2017.  Click here to register.

A “service provider” is generally defined in Section 1002(26)(A) of Dodd-Frank as “any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service, including a person that:

(i)   Participates in designing, operating, or maintaining the consumer financial product or service; or
(ii)  Processes transactions relating to the consumer financial product or service….”

Sections 1024(e) and 1025(d) of Dodd-Frank authorize the CFPB to supervise a service provider to a bank or non-bank already supervised by the CFPB – namely, depository institutions with more than $10 billion in assets and the following types of non-banks:

  1. Mortgage originators, brokers or servicers;
  2. Payday lenders;
  3. Private student lenders; and
  4. A “larger participant of a market for other consumer financial products or services” as defined by a CFPB rule. The CFPB so far has issued rules covering larger participants in the following industries:  auto finance, debt collection, student loan servicing, consumer reporting, and international money transfers.  (At an earlier program held at the ABA meeting, Ms. Twohig stated that CFPB’s next larger participant rule will deal with consumer installment lending and auto title loans.)

Not only is this expansion of the CFPB’s supervision program important to service providers, it is important for banks and non-banks already supervised by the CFPB because the CFPB’s position is that they can be vicariously liable for violations of law committed by their service providers.

Earlier today, at the Practicing Law Institute’s (“PLI”) 22nd Annual Consumer Financial Services Institute in New York City, Alan Kaplinsky (who is co-chairing the event) moderated a panel entitled “The CFPB Speaks,” that featured three senior CFPB lawyers: Anthony (“Tony”) Alexis (Assistant Director for Enforcement), Diane Thompson (Deputy Assistant Director, Office of Regulations), and Peggy Twohig (Assistant Director for Supervision Policy).  Ballard Spahr attorney James Kim, a former senior CFPB enforcement lawyer who now represents industry, was also a panel member.

In response to questions posed by Alan and audience members, the CFPB lawyers discussed regulatory, supervisory and enforcement developments and upcoming initiatives.  Particularly noteworthy comments were:

  • Ms. Twohig stressed the importance of an entity’s response to a PARR letter – a notice of Potential Action and Request for Response – in the supervisory process.  She commented that there have been instances where the CFPB has decided not to cite a company for a violation based on its response to a PARR letter.
  • Mr. Alexis and Ms. Twohig discussed the CFPB’s process for deciding whether the CFPB will use a supervisory or an enforcement action to address violations found in an examination.  Ms. Twohig indicated that the decision whether to refer a matter to enforcement is made by an Action Review Committee (ARC), which considers various factors such as the severity of the violation, the entity’s cooperation with the CFPB, and policy factors that include the need for the CFPB to send a public message of deterrence.  Mr. Alexis indicated that if a matter is referred to enforcement, the Enforcement Division will consider similar factors as well as input from witnesses obtained through CIDs.  Enforcement will then decide whether to proceed with an enforcement action, return the matter for supervisory resolution (which Mr. Alexis called a “reverse ARC” process), or drop the case.  Mr. Alexis acknowledged that a supervisory resolution through an MOU or similar agreement is the only vehicle available to the CFPB to enter into a non-public settlement.  Accordingly, if a company is not subject to CFPB supervision, a settlement can only be entered into through a public consent order.
  • Mr. Alexis indicated that the constitutional challenge to the CFPB’s use of an administrative judge in the PHH case has not caused the CFPB to direct more enforcement matters to lawsuits filed in federal district court rather than administrative proceedings.  He noted that the CFPB’s decision of which forum to use is frequently driven by the facts involved in a matter, with a district court lawsuit more likely to be filed when the CFPB is in need of more discovery to support its case.  He also indicated that the panel’s rejection in PHH of the CFPB’s position that it is not bound by statutes of limitation in administrative enforcement actions has not changed the CFPB’s approach to enforcement matters.
  • Mr. Alexis indicated that he saw no need to advocate for the CFPB’s adoption of a matrix for assessing civil money penalties similar to those used by the prudential regulators because the factors are laid out in Dodd-Frank.
  • Ms. Thompson declined to estimate when the CFPB is likely to issue a final arbitration rule or a final payday/small dollar loan rule, stating that it was “too speculative” for her to do so and that the CFPB was continuing to consider the unprecedented number of comments received on both rules.  She also indicated that the CFPB was in the early stages of developing a proposed rule to implement Dodd-Frank Section 1071.  (Section 1071 amended the ECOA to require financial institutions to collect and maintain certain data in connection with credit applications made by women- or minority-owned businesses and small businesses.  Such data include the race, sex, and ethnicity of the principal owners of the business.)  According to Ms. Thompson, the CFPB is attempting to address the absence of good sources of data on small business lending.
  • Ms. Twohig indicated that the CFPB’s next larger participant rule will deal with consumer installment lending and auto title loans and that the CFPB is continuing to consider creating a registration system for non-bank lenders to assist the CFPB in identifying market participants.  She also indicated that to address the widespread use of compliance technology solutions by entities it supervises, the CFPB has stood up the National Information Systems Supervision Program (NISSP).  Through the NISSP, the CFPB uses specialized managers to inform and focus supervisory reviews of entities’ compliance-related information systems, some of which are designed in-house but many of which rely upon third parties to develop and maintain.
  • Ms. Twohig defended the CFPB’s proposed rule that would amend the CFPB’s information disclosure rules to allow it to share confidential supervisory information with any federal or state agency (including state attorneys general) regardless of whether the agency has jurisdiction over the company whose CSI is shared as long as the CSI is “relevant” to the agency’s authority.
  • Mr. Alexis stated that the CFPB’s decision to assert that the non-bank, and not the tribal-affiliated lender, was the “true lender” in the pending CashCall case was fact specific and dependent on how that case unfolded.  Mr. Alexis said that the CFPB would consider using the “true lender” theory and the predominant economic interest test in other cases if it is appropriate.  Mr. Kim remarked that the CFPB’s application of the “true lender” theory requires states to cooperate by alleging that the non-banks, who service or collect on the loans, are violating state usury and licensing laws.

 

 

The CFPB has issued a new compliance bulletin (2016-03) on incentive programs.  The issuance of the bulletin reflects the CFPB’s increased focus on such programs.

To assist clients in preparing for greater regulatory scrutiny, Ballard Spahr attorneys will conduct a webinar on December 14, 2016, from 12 p.m. to 1 p.m. ET: “Controlling Employee Conduct: Designing Compensation Incentives and Monitoring Systems to Promote Compliance and Prevent Misconduct.”  More information about the webinar and a link to register is available here.

In the bulletin, the CFPB acknowledges that incentives for employees and service providers to meet sales and other business goals are common and can benefit companies and consumers.  However, drawing on “guidance the CFPB has already given in other contexts” and “examples from the CFPB’s supervisory and enforcement experience in which incentives contributed to substantial consumer harm,” the bulletin highlights the consumer risks that incentive programs can create.  The bulletin provides examples of problems that can arise from sales goals, sales benchmarks, compensation tied to the terms and conditions of transactions, paying more compensation for some types of transactions than for others that were or could have been offered to meet consumer needs, and unrealistic quotas to sign up consumers for financial services.

The CFPB discusses the enhanced risks created by incentive programs in CFPB enforcement matters, such as cases involving credit card add-on products and overdraft opt-in practices.  In the section of the bulletin entitled “The CFPB’s Expectations,” the CFPB details steps a supervised entity should take to ensure that its compliance management system is effective in preventing incentive programs from leading to legal violations.  Such steps involve board of directors and management oversight, policies and procedures, training, monitoring, corrective action, consumer complaint management, and independent compliance audits.