A Vermont federal district court recently issued a decision ruling on the defendants’ motion to dismiss a class action involving allegations that an online tribal lending venture violated federal and state law because of alleged usurious interest rates and other allegedly unlawful features.  The decision discusses a wide array of procedural issues, including the enforceability of the arbitration provisions in the plaintiffs’  loan agreements.

Among the noteworthy substantive issues addressed in the decision are whether the Consumer Financial Protection Act (CFPA) created a private right of action and whether the loan agreements violated the Electronic Fund Transfer Act (EFTA) prohibition on conditioning credit on preauthorized electronic fund transfers (EFTs), such as ACH or debit card payments.  In dismissing the plaintiffs’ CFPA claim, the court agreed with the defendants that the CFPA does not provide a private cause of action.  The court noted that while the CFPA expressly authorizes enforcement actions by state attorneys general and state regulators, it is silent on private remedies.  The court observed that “legislative silence on such an issue is most frequently regarded by courts as an expression of legislative intent to exclude private remedies.”

Although the court granted the defendants’ motion to dismiss one plaintiff’s EFTA claim because it was asserted beyond the EFTA’s one-year statute of limitations, the court found that the other plaintiff had alleged facts that could support her EFTA claim.  The defendants’ loan agreement provided that funding of the loans through an electronic transfer “as soon as the next business day” was conditioned on the authorization of payments through recurring (preauthorized) ACH payments, whereas borrowers electing to pay by money order or certified check would have their loans funded by mail in “up to 7 to 10 days.”  The plaintiff argued that the choice between next-day funding with a recurring ACH election and delayed funding with a payment by mail election was a “false choice.”  The defendants argued there was no EFTA violation because ACH authorization was not the only way a borrower could obtain a loan.

The court determined that the EFTA issue was “fact-specific and not one which could be resolved on a motion to dismiss.”  The court observed that the plaintiff might be correct that the defendants “have so obstructed the choice of repayment by check with delay” that the option was a “false choice.”  It also commented that “given the nature of the loan itself-immediate cash at very high interest rates-it seems unlikely that Defendants ever funded a loan to any borrower with repayment by check.”  Nevertheless, the court ruled that “it remains for discovery and for fact-finding to determine if the loan agreement is drafted so as to skate around the restrictions of EFTA.”

To be sure, the EFTA strategy adopted by the defendants in this case was highly aggressive.  A range of less aggressive options remain available to creditors, including: (1) providing an election between EFT repayment and repayment by remotely created checks or credit cards; (2) charging a cost-related pricing differential between an EFT election and an election to repay some other way; and (3) freely allowing repayment by check or some other method but requiring the borrower to authorize a backup payment by EFT any time a payment is not otherwise received by the due date.  All of these methods—and others—require careful analysis and drafting, as well as solid legal and practical judgment concerning risks and benefits.




The CFPB has issued a compliance bulletin (Bulletin 2015-06) concerning the Electronic Fund Transfer Act (EFTA) and Regulation E requirements for obtaining a consumer’s authorization for preauthorized electronic fund transfers (EFT) and the CFPB’s compliance expectations.  The bulletin was accompanied by the CFPB’s publication of sample letters a consumer can use in connection with preauthorized EFTs, including to revoke his or her authorization.

In the bulletin, the CFPB observes that under the EFTA and Regulation E, a company can obtain the required consumer authorization for preauthorized EFTs in paper form or electronically.  The CFPB notes that Regulation E requires a company using electronic authorizations to comply with E-Sign Act requirements for electronic records and signatures.  The CFPB confirms that the EFTA and Regulation E allow a company to use oral recordings obtained over the phone to authorize preauthorized EFTs if the recordings comply with such E-Sign Act requirements.  It states that “[i]n at least one examination, Supervision has concluded that one or more entities did not violate EFTA or Regulation E merely because they obtained by telephone consumer authorizations that were signed or similarly authenticated by the consumer orally.”  According to the CFPB, a company can satisfy Regulation E if a customer authorizes preauthorized EFTs by entering a code into a telephone keypad or it “records and retains the consumer’s oral authorization, provided in both cases the consumer intends to sign the record as required by the E-Sign Act.”

The CFPB also discusses the Regulation E requirement for a company to provide a copy of an authorization for preauthorized EFTs to the consumer, commenting that “two of the most significant terms of an authorization are the timing and amount of the recurring transfers from the consumer’s account.”  It states that as an alternative to providing a copy of the authorization after its execution, a company can comply with Regulation E by using a confirmation form, such as by providing a consumer with two copies of an authorization form and asking the consumer to sign and return one copy and retain the second copy.  The CFPB cautions that a company does not comply with Regulation E by making a copy of the authorization available only upon request.

The CFPB notes that it expects “all entities obtaining consumer authorizations for preauthorized EFTs “to know and comply with” the Regulation E requirements to obtain the authorization before initiating preauthorized EFTs and provide a copy of the authorization to the consumer.  It states that “when practical” companies are encouraged to provide a copy of the authorization to the consumer before the first EFT is initiated.

Although the bulletin does not mention the Regulation E prohibition on conditioning on conditioning a loan on the borrower’s repayment through recurring preauthorized EFTs, several CFPB enforcement actions have involved alleged violations of that prohibition as well as the requirement for obtaining authorization for preauthorized EFTs.  In addition, various compliance issues relating to preauthorized EFTs have been noted by CFPB examiners.

To assist consumers “who may be getting the runaround” when seeking to stop preauthorized EFTs, the CFPB published four sample letters for consumers to use that address the following scenarios:

  • Revoking authorization given to a company or merchant for preauthorized EFTs
  • Providing notice to a bank or credit union that the consumer has revoked a company’s or merchant’s authorization for preauthorized EFTs
  • Issuing a “stop payment order” to a bank or credit union to stop payment of one or more preauthorized EFTs
  • Notifying a bank or credit union of an unauthorized debit from a consumer’s account

The CFPB also published a series of “consumer tips” about using preauthorized EFTs.  Such tips include that a consumer should verify that the company to which he or she is providing authorization is legitimate and credible, be “wary” of a company that “pressures repayment” by automatic payments, and monitor accounts for unauthorized payments or transfers.

On October 7, 2015, Ballard Spahr attorneys conducted a webinar “The Next EFTA Class Action Wave Has Started,” that focused on the wave of new class actions being filed in which companies are alleged to have failed to comply with the EFTA and Regulation E requirements for preauthorized EFTs.


The CFPB has announced that a meeting of its Community Bank Advisory Council is scheduled for September 30, 2015 in Washington, D.C.  Director Cordray will be in attendance and there will be a discussion of consumer challenges in payments.

In July 2015, the CFPB released a list of nine “Consumer Protection Principles” that were intended to express the CFPB’s “vision of consumer protection in new faster payments systems.”


The CFPB has released a list of nine “Consumer Protection Principles” that are intended to express the CFPB’s “vision of consumer protection in new faster payments systems.”  The CFPB has previously shown support for  the development of faster payment systems.  In his November 2014 remarks to the Clearing House, Director Cordray suggested that sooner, rather than later, the industry should invest the billions of dollars required to build a payment system with “faster and even real-time payments” where “the interests of consumers remain at the top of [bankers’] minds.”  In February 2015, CFPB Associate Director David Silberman sent a letter to NACHA indicating the CFPB’s support for same day ACH services.

In releasing the principles, the CFPB stated that it “wants to ensure that consumer protections are at the forefront as new and improved payment systems are developed.”  The CFPB’s principles deal with: (1) consumer controls over payments (such as allowing consumers to limit the time period for which an authorization is valid), (2) data protection, (3) fraud and error resolution procedures, (4) transparency in information about transaction status and disclosures about costs, risks, funds availability and security of  payments, (5) affordable cost and cost disclosure, (6) allowance of access through qualified intermediaries and non-depositories, such as mobile wallet providers and payment processors, (7) faster funds availability, (8) security protections and credential value limits, and (9) strong accountability mechanisms to curtail system misuse.

The CFPB’s “principles” may foreshadow another attempt by the CFPB to take an expansive approach to its jurisdiction.  Some payments firms, such as large banks that provide payments services, are subject to CFPB supervision and the CFPB also has the authority to enforce the Electronic Funds Transfer Act.  However, many payments firms are not subject to CFPB supervision, and the CFPB’s payments principles go beyond the requirements established by Congress in the EFTA and elsewhere.  Based on the CFPB’s history, we would not be surprised to see attempts to legislate through enforcement actions in this area.

In addition, someone will have to bear the substantial costs involved in building a faster payment system.  Given the low rates set for debit card interchange fees by the Durbin Amendment, many industry players will likely be uninterested in funding innovations whose costs they cannot recover.


While mortgage and student loan servicing violations cited by the CFPB in its Fall 2014 Supervisory Highlights have grabbed the headlines, the report also includes noteworthy observations regarding the violations found by the CFPB in debt collection, electronic fund transfers and consumer reporting. The report covers supervision work completed by the CFPB between March 2014 and June 2014.  As in prior supervisory reports, the CFPB continues to be imprecise as to the number of entities at which it found the various violations discussed, thereby obscuring the magnitude or pervasiveness of the purported problems and detracting from the transparency it has promised.

The violations found by the CFPB include the following:

Mortgage servicing.  The CFPB’s observations are based on targeted reviews it conducted for compliance with the new mortgage rules.  The CFPB found that “one or more servicers” did not have any policies and procedures relating to oversight of service providers as mandated by the new rules or had policies relating to service providers that did not satisfy specific regulatory requirements.  The CFPB also found violations relating to loan modifications.  “[I]in at least one examination,” CFPB examiners found that a servicer had failed to timely convert a substantial number of trial modifications to permanent modifications after successful completion of the trial modifications.  Observing that interest accrued during the delay at the original contract rate rather than the permanent modification’s lower rate, the CFPB indicates that “servicers” capitalized interest at the higher rate into the principal balance due under the modification and continued to report as delinquent borrowers who were delinquent at the beginning of their trial modifications.  The delays combined with the negative consequences attributable to the delays were found by the CFPB to constitute an unfair practice.

“At least one servicer” was found to have initially sent permanent modification agreements to borrowers that did not match the terms approved by its underwriting software and, after receiving signed agreements from such borrowers, sent the borrowers updated modifications with materially different terms.  Having characterized the initial agreements as “misrepresentations about the available terms,” CFPB examiners determined that “one or more servicers” engaged in a deceptive practice in connection with the modifications.  The CFPB’s examiners also identified a deceptive practice “at one or more servicers” based on the servicer having told consumers that it would not seek a short sale deficiency judgment but not specifically waiving the loan owner’s right to pursue a deficiency judgment in short sale approval agreements.

Student loan servicing.  The CFPB found that “one or more supervised entities” had engaged in an unfair practice by allocating partial payments proportionally, or pro rata, among all loans, thereby creating delinquencies on all of the borrower’s loans and then imposing a late fee charge on each loan.  “[O]ne or more supervised entities” were also found to have engaged in unfair or deceptive practices by charging late fees on full payments received during the grace period.

“[A] student loan servicer” was found to have engaged in a deceptive practice by inflating minimum payments on periodic statements and online account statements through the inclusion of accrued interest on loans that were still in deferment.  CFPB examiners found that “one or more student loan servicers” failed to provide consumers with information needed to deduct student loan interest payments on their tax returns, with “at least one examination” revealing that a servicer, without adequate disclosures, had engaged in a deceptive practice by requiring consumers to provide an additional certification regarding the loan’s use for higher education expenses to obtain 1098-E forms.  CFPB examiners found it was a deceptive practice for the servicer if the certification was not completed, to issue online account statements indicating that the borrower had paid no deductible interest when the borrower had in fact paid such interest.

Other CFPB findings were that (1) “one or more supervised entities” had engaged in deceptive practices by communicating to borrowers that student loans were never dischargeable in bankruptcy, and (2) “at least one examination” revealed that a servicer had engaged in an unfair practice by using an automated dialer to make calls to delinquent borrowers that was not programmed to account for borrowers’ locations, thereby causing borrowers to receive “inconvenient” calls in the early morning or late at night (presumably the servicer was not considered to be a debt collector but was calling borrowers at times that would have been deemed to be inconvenient under or otherwise prohibited by the Fair Debt Collection Practices Act ).

Debt collection.  CFPB examiners found “[i]n one or more examinations” that debt collectors had charged convenience fees to consumers who paid by credit or debit card and lived in states where (1) such fees were prohibited by state law, or (2) the law was silent regarding the legality of such fees and the agreements creating the debt did not expressly authorize such fees.  The FDCPA limits fees that can be charged by a debt collector to those expressly authorized by the agreement creating the debt or “permitted by law.”  The implication of the CFPB’s view that a debt collector violates the FDCPA by charging convenience fees when state law is silent and the agreement creating the debt does not expressly authorize such fees is that (notwithstanding case law to the contrary) a fee is not “permitted by law” within the meaning of the FDCPA when it is assessed pursuant to a subsequent contract.

“In at least one examination” CFPB examiners found that a debt collector violated the FDCPA by routinely threating consumers with litigation even though it only initiated litigation on a “small fraction” of the accounts it collected.  “During one or more examinations,” CFPB examiners found debt collector employees had violated the FDCPA by regularly identifying their employer without being expressly requested to do so as required by the FDCPA.  CFPB examiners “[i]n examining one or more financial institutions” found unfair practices relating to debt sales in the form of overstated APRs in the account documents provided to debt buyers and significant delays in forwarding to debt buyers post-sale payments received from consumers.

Electronic fund transfers.  CFPB examiners found violations of the Regulation E error resolution requirements, including by “one or more institutions” that, when receiving oral notice of an error from a consumer, did not initiate an investigation until the consumer returned a dispute confirmation form or told consumers complaining about unauthorized transactions that they must first contact the merchant before an investigation could begin.  “During one or more examinations,” CFPB examiners found a violation of  the Regulation E limits on consumer liability for unauthorized transfers by denying the claim of a consumer who was unable to explain how his PIN was compromised even though the consumer had provided details about the theft of his debit card and subsequent unauthorized PIN-based transfers.  CFPB examiners found that the standard error resolution notice used by “one or more of the financial institutions” examined failed to include a statement regarding the consumer’s right to obtain documentation relied on by the institution in investigating an error and that “at least one institution” used notice templates referring to the issuance of provisional credit regardless of whether such credit was issued.

Consumer reporting.  CFPB examiners found that “one or more” consumer reporting agencies (CRA) did not comply with the Fair Credit Reporting Act requirements regarding the information that must be included in a notice informing the consumer of the results of a reinvestigation triggered by a consumer’s dispute of the completeness or accuracy of his or her credit report information.  Other deficiencies observed by CFPB examiners were that the complaint procedures of “at least one or more nationwide CRA” failed to cover complaints received directly from consumers and “at least one specialty CRA” (1) provided inconsistent information to consumers about the ability to lodge disputes by telephone, and (2) maintained a weak consumer complaint program.

The CFPB’s report also includes a discussion of the CFPB’s use of resubmission standards in conducting Home Mortgage Disclosure Act data integrity reviews and recent CFPB public enforcement actions, supervisory guidance, and larger participant rulemaking.  Among those enforcement actions is the CFPB’s action against Flagstar Bank, which represented the CFPB’s first enforcement action related to its new mortgage servicing rules.

In an interesting coincidence, the comment period for the CFPB’s Request for Information (“RFI”) on mobile financial services closed the same day, September 10th, that Apple announced “Apple Pay”—a new mobile wallet included with the iPhone 6 that could shake up the mobile payments landscape.  The RFI, which we reported on earlier, speaks optimistically of potential cost savings for underbanked consumers while expressing concern about ensuring that consumers remain adequately protected.  Director Cordray repeated these twin messages in his prepared remarks to the Consumer Advisory Board on September 11th.  Director Cordray stated that “mobile devices . . . can make some transactions cheaper or faster or both.  But we need to make sure that the legal and regulatory framework can keep up effectively . . .”

The RFI and Director Cordray’s comments may be a trial balloon to test whether additional guidance, or even new regulation, is needed to specifically address mobile financial services.  Thus far, in addition to the RFI, the CFPB has only publicly addressed mobile financial services in the context of Project Catalyst and trial disclosures.

The American Bankers Association’s response to the RFI supported the goal of engaging the underbanked through the mobile channel, but questioned both whether mobile financial services will provide greater access to the underbanked and whether those services can be provided at a substantial discount.  The ABA pointed out that the top two reasons why people do not have bank accounts is that they “don’t have enough money” or “don’t need or want an account.”  The ABA also cited with approval the FDIC’s findings in an April 2014 whitepaper that providing access to mobile financial services alone may have limited success in getting the underbanked to use bank products.

On cost savings, the ABA stated that any savings to consumers from using mobile financial services would be “marginal.”  There are two reasons for this.  First, mobile banking, for example, is a channel that is an added service on top of all the other channels provided to consumers.  Second, there are unique compliance challenges with providing mobile financial services, which could cause banks to either not provide a product through a mobile channel or to charge more for the product.

We will be discussing these unique compliance challenges in greater detail in our webinar tomorrow.  Our webinar will also provide an overview of the mobile payments landscape, including a summary of the implications of Apple Pay.  The number of merchants, issuers, and consumers Apple will bring to the table through Apple Pay means that the new iPhone 6 has the potential to further accelerate the move toward mobile payments.  This in in turn could cause the CFPB and other regulators to move beyond RFIs and whitepapers in their efforts to ensure that consumers using mobile financial services are adequately protected.

We have previously written about Charvat v. Mutual First Federal Credit Union, the case in which the Eighth Circuit held last year that denial of a statutory right is a sufficient injury to confer standing, even if the injury is only “informational” and does not include “an additional economic or other injury.”  Last week, the U.S. Supreme Court denied the defendant’s petition for certiorari. 

Charvat raised the standing question in the context of the Electronic Funds Transfer Act.  The plaintiff had brought a purported class action against a bank seeking statutory damages for the bank’s alleged violation of the requirement that notice of an ATM fee must be posted on the machine.  The plaintiff did not allege that the bank had failed to provide the required on-screen notice of the ATM fee before he completed the transaction for which the ATM fee was charged.  The district court dismissed the complaint on the grounds that the alleged statutory violation did not establish an injury in fact sufficient to create Article III  standing.  On appeal, the Eighth Circuit reversed the district court and ruled that the plaintiff had Article III standing to seek statutory damages based on the alleged EFTA violation.   

A possible factor contributing to the Supreme Court’s decision not to hear the case might have been the elimination of the fee sticker requirement pursuant to an EFTA amendment signed into law by President Obama in December 2012.  (In March 2013, the CFPB issued a final rule amending Regulation E to remove the sticker requirement.)  

The Supreme Court came close  to deciding the standing question when, in 2011, it granted certiorari in First American Financial Corporation v. Edwards.  The question raised in that case was whether a plaintiff who could not show any actual injury from a violation of the Real Estate Settlement Procedures Act’s anti-kickback provision had Article III standing.  However, the case came to an anti-climactic conclusion in June 2012 when the Supreme Court issued a one-sentence per curiam order stating that “the writ of certiorari is dismissed as improvidently granted.”

Yet another opportunity for this important Article III standing issue to reach the Supreme Court may have been created by the Ninth Circuit’s February 2014 decision in Robins v. Spokeo, Inc.  In Robins, the Ninth Circuit ruled that a plaintiff had Article III standing to sue a website operator for violations of the Fair Credit Reporting Act regardless of whether he could show actual harm resulting from the alleged violations.  While it appears that the defendant did not seek a rehearing within the prescribed deadline, the defendant has 90 days from the February 4 judgment to file a petition for certiorari.

Last month, the CFPB filed its first lawsuit against companies involved in online payday lending.  The lawsuit against CashCall and several related companies that funded, purchased, serviced and collected online payday loans broke new ground by asserting UDAAP violations based on the defendants’ efforts to collect loans that were purportedly void in whole or in part under state law.  

Now, in what we think is an earth-shattering development, the U.S. Department of Justice has filed a lengthy complaint and consent order in a lawsuit against a small North Carolina bank that processed ACH transactions for payday lenders through an arrangement with an unidentified third-party payment processor.  The DOJ action against Four Oaks Bank & Trust Company is the first lawsuit (and settlement) under “Operation Choke Point,” a coordinated multiagency enforcement initiative targeting banks serving online payday lenders and other companies that have raised regulatory concerns. 

Based on allegations of inadequate diligence and control over the payment processor and its customers, the DOJ obtained $1.2 million in monetary relief and elaborate injunctive relief addressing the bank’s dealings with third-party payment processors and with Internet short-term (payday) lenders, credit repair organizations, mortgage assistance relief companies, telemarketers and Internet-based businesses (collectively, Target Companies). 

Under Operation Choke Point, in addition to or in lieu of bringing actions against Target Companies believed to be in violation of the law, the DOJ and its fellow agencies are pursuing relief against banks that provide services to such companies.  The Four Oaks lawsuit will certainly make it more difficult for unlawful Target Companies to prey on consumers.  It will also have a substantial impact on lawful Target Companies and their bank partners. 

Banks can be expected to increase their charges for ACH services to Target Companies and to engage in extensive due diligence over such companies as a result of the DOJ lawsuit and other actions against them by enforcement agencies and private litigants.  Target Companies should act now to prepare for the pricing changes and diligence requests they will inevitably receive. 

Target Companies with high ACH return rates could also find themselves the subjects of increased CFPB scrutiny.  In remarks to The Clearing House in November 2013, Director Cordray indicated that the CFPB believes it will “be better able to identify and enforce the law against illegitimate firms” if it can identify companies with high ACH return rates. 

For a detailed discussion of the Four Oaks lawsuit, see our legal alert.  On Tuesday, February 18, at 12:00 p.m. ET, Ballard Spahr will conduct a webinar on the lawsuit.  The registration form is available here.

The CFPB could soon be joining the efforts of other federal regulators and New York authorities to deny ACH network access to certain online payday lenders and other businesses deemed to present risks to consumers.  In remarks last week to The Clearing House Annual Conference, Director Cordray spoke about the need to protect consumers “who find unexpected debits on their bank statements, or are victimized by third parties who may take inappropriate advantage of the efficiency and trust on which [the electronic payment] systems are built.”  

He stated that the CFPB was interested in working with The Clearing House to improve the Bureau’s understanding “of how enhanced computer analytics and communications could be used to map patterns in the payment systems” and that finding such patterns could enable the CFPB to “identify outliers that are unusually frequent sources of irregular or failed claims for payment.”  Director Cordray indicated that the CFPB wants to “be better able to identify and enforce the law against illegitimate firms that are otherwise able to reduce their own costs by hitching a free ride on the payments system” and place itself in “a better position to consider changes in law or practice that may be needed. ” 

In his remarks, Director Cordray referenced the proposed rule changes recently issued by NACHA that are intended to improve the functioning of the ACH network.  We have prepared a legal alert discussing the NACHA proposal.  In addition, on January 7, 2014, from 12 p.m.to 1 p.m. ET, Ballard lawyers will conduct a webinar, “ACH Access Under Siege.”  The registration form is now available.