(Ballard Spahr will hold a webinar on 9/21 at 3pm ET, “The Path Forward for Income Share Agreements.” Register online here.) 

The CFPB issued a consent order against an income share agreement (ISA) provider, Better Future Forward (BFF), in which it concluded that BFF’s ISAs are extensions of credit under the Consumer Financial Protection Act and Truth in Lending Act and are “private education loans” under TILA.  In doing so, the CFPB alleged that BFF:

  • Engaged in deceptive acts and practices by representing that its ISAs are not loans and do not create debt;
  • Violated Regulation Z by failing to disclose an amount financed, finance charge, and annual percentage rate, and by omitting certain private education loan disclosures, including related to the non-dischargeability of loans in bankruptcy; and
  • Violated TILA’s prohibition on charging prepayment penalties on private education loans by setting the ISA payment cap at 110% of the funding amount.

We will hold a webinar to share our thoughts on the consent order and other recent ISA developments on Tuesday, September 21 at 3:00 PM Eastern.  Please click here to register.  Additionally, Heather Klein will present an update on federal and state ISA issues for members of the National Council of Higher Education Resources on Thursday, September 9, at 12:00 PM Eastern.



During D.C.’s declared State of Public Health Emergency, several financial protections have been put in place, including some that severely limit, among other things, collection activities relating to consumer contracts, repossession, and legal actions on accounts.  On September 1, Mayor Muriel Bowser signed the most recent pair of emergency and temporary legislation to land on her desk, B24-0347 and B24-0348.  These bills include a number of provisions impacting collection activities that relate to both third-party debt collectors and creditors collecting their own debts.  Since a permanent version of these bills, B24-0357, remains in the Council, the bills signed by the Mayor on September 1 only temporarily amend various provisions of D.C. 28-3814, D.C.’s collections statute.

Before diving into the bills signed last week and the legislation that preceded it, it is important to understand D.C.’s somewhat unique legislative process.

In the District, during a public emergency, the Mayor and the D.C. Council can quickly pass an emergency amendment.  (Provided, of course, that the emergency amendment has at least majority support in the Council and is not vetoed by the Mayor.)  These emergency amendments require no second reading nor do they go through the required 30-day Congressional review.  Emergency amendments last for 90 days.  Typically, an emergency amendment and a temporary amendment of the same name are introduced at the same time.  Temporary amendments require two readings in the Council and, if passed by the Council, temporary amendments are sent to Congress for a 30-day Congressional review period.  If the temporary amendment makes it through the review period, it is considered enacted and has a 225-day lifespan.  (It is important to note that days in a Congressional review period are not calendar days or business days, but are instead days when both the Senate and the House are in session.)

The latest in the line of pandemic-related legislation enacting various collection restrictions introduced by D.C. Council Chairperson Phil Mendelson since the onset of the pandemic are the Coronavirus Support Emergency Amendment Act of 2021 (B24-0139) and the Coronavirus Support Temporary Amendment of 2021 (B24-0140).  These amendments prohibited debt collectors, “during a public health emergency and for 60 days after its conclusion,” from filing new collection lawsuits, garnishing wages, or repossessing vehicles. (Cf. Section 303, “Debt collection,” on page 31 of the emergency amendment, and page 24 of the temporary amendment, herein after “Section 303”).

B24-0139, the emergency act, was signed by Mayor Bowser on March 17, 2021 and expired on June 15.  B24-0140, the temporary act, was signed by Mayor Bowser on May 3, 2021.  It is effective from June 24, 2021 through February 4, 2022.  However, Section 303 prohibiting lawsuits, garnishments, and repossessions, was subject to sunset 60 days after the conclusion of a public health emergency.  The Mayor ended the public health emergency in D.C. on July 25, 2021.

Moving forward, the next pieces of pandemic-related consumer protection legislation were the Public Emergency Extension and Eviction and Utility Moratorium Phasing Emergency Amendment Act of 2021 (B24-0345) and the Public Temporary Extension and Eviction and Utility Moratorium Phasing Emergency Amendment Act of 2021 (B24-0346).  Per these amendments, housing providers may begin eviction proceedings for some tenants in the District.  (An eviction moratorium had been in place during D.C.’s State of Public Health Emergency.)  Prior to January 1, 2022, evictions are allowed in instances where the tenant’s continuing presence would create a threat to health and safety and in instances where the tenant has caused significant damage to the property.  Evictions for non-payment of rent can begin on October 12, 2021, provided the landlord has applied for emergency assistance on behalf of the tenant through D.C.’s Stronger Together by Assisting You (STAY) program, and notified the tenant in writing that an application has been submitted.  Eviction suits in general are scheduled to be fully allowed starting on January 1, 2022.

These amendments also repealed Section 303 in both the Coronavirus Support Emergency and Temporary Amendments.  B24-0345 was signed by Mayor Bowser on July 24, 2021, and expires on October 22, 2021.  B24-0346 was signed by Mayor Bowser on September 1, 2021, and is now in its 30-day Congressional review period.  However, as noted above, Section 303 was subject to sunset 60 days after the conclusion of a public health emergency.  Thus, had it not been repealed by B24-0345 and B24-0346, Section 303 would have  expired on September 23, 60 days after Mayor Bowser ended  the public health emergency.

The final two pieces of consumer protection legislation are the Protecting Consumers from Unjust Debt Collection Practices Emergency Amendment Act of 2021 (B24-0347) and the Protecting Consumers from Unjust Debt Collection Practices Temporary Amendment Act of 2021 (B24-0348).  Notably, these amendments incorporated prior Section 303 from B24-0140, which restricted debt collection activities “[d]uring a public health emergency and for 60 days after its conclusion.”  Both B24-0347 and B24-0348 were signed by Mayor Bowser on September 1, 2021.  B24-0347 has an effective date of September 23, 2021, and lasts for 90 days.  B24-0348 is currently in its 30-day Congressional review period, and, provided it encounters no objection, also has an effective date of September 23, 2021 and lasts for 225 days.  (In the meantime, there is a final bill version of Protecting Consumers from Unjust Debt Collection Practices Amendment Act of 2021 that remains in Council, B24-0357.  If it is signed and survives its 30-day Congressional review, it would be official law with no expiration date.)

Requirements for debt collectors and creditors in B24-0347 and -0348 (and which also appear in the still-pending permanent bill, -0357) include:

  • Prohibiting debt collectors from making more than 3 phone calls to a consumer in a 7 day period (unless the debtor requests additional calls)
  • Prohibiting communication of a consumer’s debts to his or her employer
  • Prohibiting communication of a consumer’s debts to family, friends, or neighbors (except through proper legal process)
  • Providing complete documentation related to the debt being collected
  • Providing a complete schedule or agreement for any payment plan

The emergency, temporary, and final amendments also allow for the awarding of damages and fees to a consumer if a debt collector violates any of the requirements.

New York Governor Kathy Hochul announced this week that she has nominated Adrienne Harris to serve as Superintendent of the state’s Department of Financial Services.  If confirmed by the New York Senate, Ms. Harris would succeed Linda Lacewell whose last day at the DFS was August 24.

Ms. Harris previously served as a Senior Advisor in the Treasury Department during the Obama Administration.  Following her time at the Treasury Department, Ms. Harris joined The White House, where she was appointed as Special Assistant to the President for Economic Policy, as part of the National Economic Council.  Since leaving the White House in January 2017, Ms. Harris has served as General Counsel and Chief Business Officer for a title insurance and settlement services company.  She also currently serves as a Professor and Faculty Co-Director at the Gerald R. Ford School of Public Policy’s Center on Finance, Law and Policy at the University of Michigan, as well as a Senior Advisor at the Brunswick Group in Washington D.C. where she advises multinational corporations on mergers and acquisitions, stakeholder communications and management, future-proofing and policy intelligence.


We discuss a range of practical issues related to the rule’s rapidly-approaching effective date, including: the prospects for further CFPB rulemaking or guidance; the aspects of the rule that should be prioritized by third-party collectors and debt buyers; the rule’s impact on creditors (for internal collections and third-party collector/debt buyer oversight), state law considerations, and steps being taken to mitigate risk; and greatest risks for third-party collectors and creditors once the rule is effective.

Chris Willis, Co-Chair of Ballard Spahr’s Consumer Financial Services Group, hosts the conversation, joined by Stefanie Jackman and John Culhane, partners in the Group.

Click here to listen to the podcast.

The CFPB has issued a notice of proposed rulemaking (NPRM) to implement Section 1071 of the Dodd-Frank Act.  Section 1071 amended the ECOA to require financial institutions to collect and report certain data in connection with credit applications made by women- or minority-owned businesses and small businesses.  Comments on the NPRM will be due no later than 90 days after the date it is published in the Federal Register.

We will be reviewing the CFPB’s 918-page release and share our thoughts in subsequent blog posts.  The full text of the NPRM was accompanied by a summary prepared by the Bureau.  Based on the summary, key aspects of the NPRM include the following:

  • Financial Institutions Covered.  The definition of “financial institution” in Section 1071(h) covers any entity that engages in financial activity and includes both depository institutions and non-depository institutions such as online lenders, platform lenders, lenders involved in equipment and vehicle financing, and commercial finance companies.  In September 2020, the CFPB released an outline of the proposals it was considering in anticipation of convening a panel pursuant to the Small Business Regulatory Enforcement Fairness Act (SBREFA Outline).  In the SBREFA Outline, the CFPB indicated that it was considering different standards for exempting financial institutions from Section 1071 data collection and reporting requirements, consisting of a size-based exemption for depository institutions, an activity-based exemption for all financial institutions, and combined size- and activity-based exemptions.  In the NPRM, the CFPB is proposing an activity-based exemption for all financial institutions that would exempt financial institutions that originate less than 25 “covered credit transactions” to “small businesses” in each of the two preceding calendar years.
  • “Small Business” Definition.  Section 1071(h) defines a “small business” applicant as having the same meaning as a “small business concern” in the Small Business Act.  In the SBREFA Outline, the Bureau indicated that it was considering defining a “small business” by cross-referencing the SBA’s general “small business concern” definition but adopting a simplified size standard for purposes of its Section 1071 rule that used one of three alternative approaches.  One of such alternatives was a size standard of gross annual revenue in the prior year of less than $1 million or $5 million.  In the NPRM, the Bureau is proposing to define a “small business” as one that had $5 million or less in gross annual revenue for its preceding fiscal year.  (Consistent with the SBREFA Outline, the Bureau is not proposing to require that financial institutions collect and report data regarding applications for women-owned and minority-owned businesses that are not a “small business.”)
  • “Application” Definition.  Section 1071 does not define the term “application.”  In the SBREFA Outline, the Bureau indicated that it was considering defining an “application” in a way that was largely consistent with Regulation B (which defines an “application” as “an oral or written request for an extension of credit that is made in accordance with procedures used by a creditor for the type of credit requested”) but would exclude certain circumstances such as inquiries and prequalifications even if they would be considered an “application” under Regulation B.  In the NPRM, the Bureau is proposing to adopt the Regulation B definition of an “application” but exclude (1) reevaluation requests, extension requests, or renewal requests on an existing business account, unless the request seeks additional credit, and (2) inquiries and prequalification requests.
  • Credit Transaction Coverage.  Section 1071 requires financial institutions to collect and report information regarding applications for business “credit.”  In the SBREFA Outline, the Bureau indicated that it was considering a proposal under which a covered transaction under Section 1071 would be one that meets the ECOA definition of “credit” and was not excluded under the Bureau’s Section 1071 rule.  Among the excluded transactions were trade credit, factoring, and merchant cash advances.  In the NPRM, the Bureau is proposing to define a “covered credit transaction” as one that meets the definition of business credit under Regulation B.  In addition to loans, lines of credit, and credit cards, “covered transaction” would include merchant cash advances.  The products that would not be covered credit transactions even if they meet the Regulation B definition are trade credit and public utilities credit, securities credit, and incidental credit as defined in Regulation B.
  • Data Points.  The NPRM includes the data points that a financial institution would be required to collect and report.  Pursuant to Section 1071(e), a financial institution must collect and report “the race, sex, and ethnicity of the principal owners of the business.”  In the SBREFA outline, the Bureau indicated that it was not considering proposing the use of visual observation or surnames by institutions to determine the race, sex, and ethnicity of a business’s principal owners and instead would propose that such information be based solely on a principal owner’s self-reporting.  In the NPRM, the Bureau is proposing that if an applicant does not provide any ethnicity, rate, or sex information for at least one principal owner, the financial institution must collect at least one principal owner’s race and ethnicity (but not sex) via visual observation and/or surname if the financial institution meets in person with any principal owners (including meetings via electronic media with an enabled video component.)
  • Implementation.  In the SBREFA Outline, the Bureau indicated that it was considering allowing financial institutions approximately two calendar years for implementation following the Bureau’s issuance of a final Section 1071 rule.  In the NPRM, the Bureau is proposing that a final rule would become effective 90 days after publication in the Federal Register but compliance would not be required until approximately 18 months after publication.

More than eight months after the close of briefing, the Texas federal district court has finally ruled in the challenge by two industry trade groups to the CFPB’s Payments Rule.  The court’s award of summary judgment to the CFPB on the constitutional challenges to the Rule was predictable.  We are disappointed that the court failed to find the Rule’s treatment of debit cards to be arbitrary and capricious but pleased that it sided with the trade groups in granting the industry an additional 286 days to come into compliance with the Rule.

The court’s “analysis” of the debit card argument was confined to a single sentence.  According to the court: “The Bureau established the rational connection between the facts found and the choice made when it chose to include debit- and prepaid-card payments in the Payment Provisions.”  In reaching this conclusion, the court did not explain the necessary “rational connection between the facts shown”—the Bureau’s recognition that debit card payments almost never give rise to bank NSF fees—and “the choice made” by the Bureau nevertheless to subject debit card payments to the Rule’s restrictions.  This failure should provide strong grounds for appeal unless the parties can reach a compromise.

In fact, we believe that a “win-win” compromise is available here: We propose that the trade groups eschew an appeal of the decision (and delays beyond 286 days in implementation of the Rule) in exchange for the Bureau’s clarification that, for dual-message “signature” debit cards, where electronic authorization messages are followed by initiation messages immediately after approval, a declined authorization message is not a “failed payment transfer.”  Such a clarification would (1) markedly reduce the Rule’s compliance burdens; (2) lead to widespread industry adoption of debit cards as the primary payment mechanism on credit transactions (despite their greater cost compared to ACH transfers); and (3) produce a tremendous reduction in failed payment transfers and NSF fees—precisely the result the CFPB claimed to seek in the Payments Rule.

Stay tuned!

The OCC, FDIC, and Federal Reserve Board have issued a guide that is intended to assist community banks in conducting due diligence when considering relationships with financial technology (fintech) companies (Guide).

The issuance of the Guide follows the agencies’ July 2021 release of proposed interagency guidance for banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The proposal sets forth principles for managing risk in each stage of a third-party relationship life cycle, including conducting due diligence.  In the introduction to the Guide, the agencies indicate that the Guide draws from their existing guidance and is consistent with the proposed interagency guidance.

The agencies also note in the Guide’s introduction that while the Guide is written from a community bank perspective, the fundamental concepts discussed may be useful for banks of varying sizes and for other types of third-party relationships.  Banks are instructed to reference relevant guidance from the agencies that is listed in a footnote.

In the Guide’s introduction, the agencies indicate that because the Guide does not anticipate all types of third-party relationships and risk, a community bank can tailor how it uses information in the Guide based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service or activity offered by the fintech company.  They also advise community banks that the scope and depth of due diligence will depend on the risk to the bank from the nature and criticality of the prospective activity to be performed by the fintech company.

The Guide discusses a series of topics to be considered by a community bank when conducting due diligence on a fintech company and provides potential sources of information and illustrative examples for each topic.  These topics consist of a fintech’s:

  • Business experience, business strategies and plans, and the qualifications and backgrounds of directors and principals
  • Financial condition and competitive market environment and client base
  • Legal and regulatory compliance
  • Risk management policies, processes, and controls
  • Information security program and information systems
  • Business continuity planning, incident response plan, and reliance on subcontractors

The publication of the Guide is another indication of the increased attention that regulators seem to be paying of late to the area of third-party relationship risk management.  Whether this increased attention and guidance will translate to a heavier emphasis on such topics in the course of regulatory examinations remains to be seen.




At the end of last month, former New York Governor Cuomo signed into law a bill that amends the state’s Banking Law to require banks to follow certain check processing practices.  The amendments become effective on January 1, 2022.

The new law applies to “consumer checking accounts” offered by “banking institutions.” “Consumer checking accounts” are defined as “accounts established by natural persons primarily for personal, family or household purposes.”  Although the legislative history indicates that the new requirements are intended to apply only to New York-chartered banking organizations, the new law does not contain a definition of the term “banking institution.”  The new law directs the Department of Financial Services to issue regulations necessary to  implement the new requirements and such regulations could clarify the scope of the term “banking institution.”

The new law imposes the following requirements on a “banking institution”:

  • Checks must be paid either (i) in the order in which they are received or (ii) from smallest to largest dollar amount for each business day’s transactions.
  • If the bank dishonors a check for insufficient funds but then receives checks in smaller amounts that could be covered by the existing account balance, the bank must honor such smaller checks to the extent funds are available to do so.
  • A bank must provide a written disclosure to a consumer at the time an account is opened and prior to any change in such policy that indicates the order in which checks will be drawn.

We note that the new law only applies to checks and does not cover electronic payments that do not involve checks, such as ATM, POS, and ACH transactions.  In addition, the order of payment mandated by the new law could be contrary to the desires of many consumers.  For example, consumers would typically want larger dollar checks (such as those used to make mortgage payments or to make payments on auto financing) to be processed before smaller dollar checks.

On September 13, 2021, from 12:00 p.m. to 1:00 p.m., Ballard Spahr will hold a webinar: “Still in the Crosshairs: An Update on Bank Overdraft Practices.”  For more information and to register, click here.


With Colorado’s private education lender registration scheduled to take effect on September 1st, the Colorado Department of Law has just announced that they intend to bring a new group within their jurisdiction: private postsecondary schools that use income share agreements (ISAs) to help finance students’ education.  Schools regulated by the Division of Private Occupational Schools received notice of this interpretation on Friday.

The Department of Law did not spell out its rationale, though they undoubtedly were influenced by California’s recent consent order bringing educational ISA servicers under the California Student Loan Servicing Law.  It’s unclear whether the Department will now seek to regulate (i) other ISA funders, holders, and assignees under the Student Loan Equity Act, (which enacted the private education lender registration) and (ii) ISA servicers under the Colorado Student Loan Servicing Act.

Under the Student Loan Equity Act, a private education lender includes (1) persons engaged in the business of making or extending private education loans, (2) holders of such loans, and (3) “creditors,” broadly defined as the person who makes or arranges a private education loan and to whom the loan is initially payable, or the assignee of a creditor’s right to payment.  Persons that “offer or make” private education loans to Colorado residents are required to register.  The law defines a “private education loan” similarly to federal law but slightly more broadly, in that any postsecondary education expenses may be financed by such a loan (not just those pegged to the “cost of attendance” under the federal Higher Education Act).  Colorado also does not except open-end credit from constituting a private education loan.

A number of depository institutions are completely exempt from the Student Loan Equity Act: state and federally chartered banks, credit unions, and Utah industrial banks.  A number of entities are exempt from registration only: retail sellers, lessors, and their assignees who have filed notification under the Uniform Consumer Credit Code; licensed supervised lenders; licensed collection agencies; and licensed student loan servicers.  Public and private nonprofit postsecondary educational institutions have a lower cost of registration ($300) than other institutions ($1,500).

Registrants must share a copy of their consumer agreement and volume and default rate information, which will be published online by the Department.  Among other things, the Student Loan Equity Act (i) provides certain protections specifically for loans with cosigners; (ii) expands disability discharge requirements and protections so that a borrower or cosigner may be released from repayment obligations if permanently disabled and so that a lender is prohibited from monitoring the disability status of the borrower after any such discharge ; (iii) requires additional disclosures in connection with any refinancing of an existing education loan; (iv) prohibits “robo-signing” of documents used in collection lawsuits; (v) requires specific evidence of loan origination and chain of ownership of the debt before a loan creditor or collection agency may commence legal proceedings; (vi) prohibits auto-defaults, in which a loan is declared immediately due and payable upon the death or bankruptcy of a cosigner even when there has been no default in payments; (vii) provides legal recourse for borrowers who are harmed by predatory acts and practices of a lender, creditor, or collection agency; and (viii) directs licensing fees and civil penalties to a student loan ombudsperson and student loan servicer fund.




The California Department of Financial Protection and Innovation (DFPI) recently issued an Invitation for Comments on the Proposed Second Rulemaking under the Debt Collection Licensing Act.  The Invitation for Comments seeks further information on topics relating to the scope of certain definitional terms, the types of information required on annual reports, and surety bond amounts.

In key part, the DFPI seeks comments on whether clarification is needed for certain terms, such as, “engage in the business of debt collection,” “in the ordinary course of business” and “regularly” [engage in debt collection], and whether clarity is needed regarding exempt entities or transactions from the Act.  The DFPI also requests comments on whether additional information should be required in annual reports to be submitted by licensees and whether higher surety bond amounts should be required, among other points.

Note that in the initial Notice of Rulemaking, the DFPI expressed that it anticipates that the final rules, if adopted, will become effective on or around November 19, 2021, which is intended to allow applicants to apply for a license before January 1, 2022.

Comments should be submitted to the DFPI by October 5, 2021.