The CFPB currently has a job posting for the position of Associate Director for Research, Markets, and Regulations.

Thomas Pahl, who was named CFPB Deputy Director earlier this month, has held the position of CFPB Policy Associate Director for Research, Markets, and Regulations since April 2018.  The Bureau’s press release announcing his appointment as Deputy Director did not specifically state whether Mr. Pahl would retain his Policy Associate Director position while serving as Deputy Director.

The most recent holder of the position of Associate Director for Research, Markets, and Regulations was David Silberman, who left the Bureau in February 2020 after having served as Associate Director since 2011.



On July 15, 2020, the CPFB filed a complaint in federal court against Townstone Financial, Inc. (Townstone) representing the first ever redlining complaint against a non-bank mortgage lender. The complaint is brought under the Equal Credit Opportunity Act (ECOA) and Consumer Financial Protection Act (CFPA), but not the Fair Housing Act (FHA). (The U.S. Department of Housing and Urban Development (HUD) and U.S. Department of Justice (DOJ), but not the CFPB, have authority to enforce the FHA.)

The complaint in general asserts that during the period of January 1, 2014 through December 31, 2017 (the “relevant period”), Townstone, which principally lent in the Chicago Metropolitan Statistical Area (MSA) during the relevant period, redlined majority and high-majority African-American neighborhoods in the Chicago MSA. The CFPB refers to majority and high-majority African-American neighborhoods as neighborhoods that are more than 50% and more than 80% Black or African-American, respectively.

The DOJ, HUD and CFPB have made redlining claims, and entered into settlements, with banks under the ECOA and the FHA. Despite the substantial differences between banks and non-banks, including without limitation that banks are subject to the Community Reinvestment Act and can make loans for retention in portfolio, the CFPB for years has been exploring the potential of bringing a redlining complaint against a non-bank mortgage lender. And yet the CFPB has never issued guidance regarding how it would assess a non-bank mortgage lender for redlining purposes.

The complaint makes a number of standard allegations for a redlining complaint, but also includes a unique element regarding public statements the CFPB asserts were made by Townstone’s principals that may have prompted the CFPB to select Townstone as the test case for a redlining claim against a non-bank mortgage lender. In terms of the standard allegations, the complaint asserts that during the relevant period Townstone:

  • Made no effort to market to African-Americans;
  • Did not specifically target any marketing toward African-Americans in the Chicago MSA;
  • Did not employ an African-American loan officer among its 17 loan officers;
  • Received few applications from African-Americans—1.4% of its total applications– as compared to 9.8% for other lenders;
  • Received almost no applications from applicants for properties located in African-American neighborhoods—five or six per year from high African-American neighborhoods, with half of those from White, Non-Hispanic applicants—and only between 1.4% and 2.3% of its applications came from applicants with regard to properties located in majority African-American neighborhoods; and
  • In contrast, peer lenders drew 7.6% to 8.2% of their applications from majority African-American neighborhoods, and 4.9% to 5.5% of their applications from high African-American neighborhoods.

In addition to these standard allegations, the CFPB also cites statements that it asserts Townstone’s principals made in radio shows and/or podcasts that would discourage African-American prospective applicants from applying to Townstone for mortgage loans, and would discourage prospective applicants living in African-American neighborhoods from applying to Townstone for mortgage loans. The CFPB asserts that during the relevant period Townstone conducted a weekly radio show and a weekly podcast. (By our calculation, if a radio show and podcast were each conducted nearly every week during the four-year relevant period, there would be approximately 400 total broadcasts.)

In the complaint, the CFPB addresses comments made in five broadcasts, including the following:

“Referring to a neighborhood grocery store with “people from all over the world” as a “jungle”—a word that may be used or understood to be a derogatory reference associated with African Americans, Black people, and foreigners—and saying that the grocery store was “scary” would discourage African-American prospective applicants from applying for mortgage loans from Townstone; would discourage prospective applicants living in African-American neighborhoods from applying to Townstone for mortgage loans; and would discourage prospective applicants living in other areas from applying to Townstone for mortgage loans for properties in African-American neighborhoods.”

The CFPB’s claim that redlining violates the ECOA raises the issue of whether such a claim can be brought under the ECOA. The federal government maintains the position the redlining violates both the FHA and ECOA. However, the ECOA focuses on the treatment of applicants, and a redlining claim addresses individuals who are not applicants. The CFPB notes in the complaint that Regulation B, the ECOA’s implementing regulation, provides that a creditor shall not make any oral or written statement, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application. But the ECOA itself does not set forth such a prohibition. Whether a redlining claim can be brought under the ECOA may well be an issue that awaits consideration by the Supreme Court. Additionally, as the alleged conduct dates back to January 1, 2014, the CFPB likely also includes an alleged CFPA violation in its complaint because the ECOA has a five-year statute of limitations but the CFPB can file a lawsuit for an alleged CFPA violation within three years after the date of the discovery of a violation. The CFPB asserts that the conduct of Townstone that the CFPB alleges violates the ECOA also violates the CFPA.

On July 16, 2020, the Consumer Financial Protection Bureau (CFPB) issued an updated 2020 Complaint Bulletin and again focused on complaints related to COVID-19.

The Complaint Bulletin reflects 2020 consumer complaint data through June 15, 2020, and focuses on complaints filed through May 31, 2020 that mention COVID-19 keywords. Of the 187,547 complaints received in 2020, 8,357 included a COVID-19 keyword. The highest number of complaints (1,575 or about 19%) concerned mortgage loans, with credit cards and credit or consumer reporting running a close second and third. A little over half of the complaints related to mortgage loans identified struggles to make payments as the primary issue. Mortgage-related complaints also cited that borrowers with loans in a COVID-19 forbearance were being advised that a lump sum payment would be required at the end of the forbearance, which is contrary to government guidance. As previously reported, the CFPB and Conference of State Bank Supervisors issued warnings to industry members about not following requirements for a COVID-19 forbearance or offering limited repayment options with regard to a forbearance.

Other issues cited by consumers include:

  • Credit card issuers who offered deferment programs did not implement the options as advertised, such as not waiving interest as advertised.
  • A significant drop in their credit scores based on the manner in which a student loan servicer reported their loans.
  • Being charged overdraft fees despite banks making public statements that the fees would be waived.
  • Short term, small dollar loan companies using aggressive collection tactics.

It would appear that counting only complaints that expressly mention a COVID-19 keyword may significantly understate the number of complaints that are in some way related to COVID-19. In the prior version of the Complaint Bulletin, the CFPB noted that the average monthly complaint volume in 2019 was 29,000, and that in March and April of 2020 the complaint volume set records in each month at 36,700 and 42,500, respectively. In the current Bulletin, the CFPB cites April and May 2020 volumes of 42,400 and 44,100 respectively.

On July 13, 2020, the Federal Trade Commission (FTC) held a workshop titled “Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule.” This workshop discussed the proposed amendments to the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. The GLBA Safeguards Rule has not been updated since it went into effect in 2003. The workshop explored the cost of information security for financial institutions, the availability of information security services for smaller financial institutions, and other issues raised in comments received in response to the FTC’s notice of proposed rulemaking.

During the workshop, FTC staff provided the following insights into the proposed amendments to the GLBA Safeguards Rule:

  • Designate one qualified individual to be responsible for overseeing the information security program. Although the term Chief Information Security Officer (CISO) is used in the proposed amendments, the FTC staff clarified that the qualified person does not necessarily need to carry the title of a CISO. The FTC staff noted that the necessary qualifications for the responsible individual will likely be dependent on the information security needs of each financial institution.
  • Base the information security program on a written risk assessment that must include certain criteria for determining risk and address how the information security program will address those risks. The FTC staff expressly stated that there is an expectation that risk assessments are to be done on a routine basis; financial institutions cannot complete a risk assessment one time and then never again.
  • Provide security awareness training to personnel. The FTC staff recommended that all employees receive basic security training, but information security personnel should receive more in-depth security training. The FTC staff noted that financial institutions may use a third party service provider to conduct these trainings.
  • Implement an information security program that includes access controls, developing information inventories, implementing secure development practices, conducting audits, implementing secure disposal requirements, developing change management procedures, and monitoring the activity of authorized users. The FTC staff emphasized that it is up to the financial institution to determine how to implement the various requirements and that each financial institution should be free to choose a solution that works best for each financial institution’s respective information security program.
  • Implement encryption and multifactor authentication. The FTC staff indicated their belief that financial institutions should have the flexibility to determine how to implement encryption and multifactor authentication. However, the FTC staff noted that in the event it is not feasible for a financial institution to implement encryption or multifactor authentication, the financial institution should come up with alternative controls that have been reviewed and approved by the qualified individual in charge of the financial institution’s information security program.
  • Financial institutions that maintain information about fewer than 5,000 consumers would be exempted from most of the written requirements. The FTC staff explained that the exception was written so that small financial institutions with small budgets that have access to tens of thousands of consumers’ data are still expected to implement security controls that are appropriate to the amount of data they are collecting, not necessarily to the size of their business.

The deadline to submit comments about the proposed amendments to the GLBA Safeguards Rule is August 12, 2020. Financial institutions that are subject to the GLBA Safeguards Rule should review their current information security program in light of the proposed amendments to determine how any changes may affect their information security programs.

With the U.S. Supreme Court having ruled in Seila Law that the CFPB’s leadership structure is unconstitutional, two circuit court cases involving the same constitutional challenge that were “on hold” pending the Supreme Court’s decision will now be moving forward.  The two cases are RD Legal Funding pending in the Second Circuit and All American Check Cashing pending in the Fifth Circuit.

RD Legal Funding.  The underlying case is an enforcement action filed jointly by the CFPB and the New York Attorney General in 2017 in a New York federal district court alleging federal UDAAP and state law claims.  The CFPB appealed to the Second Circuit from the district court’s June 2018 decision, as amended by a September 2018 order, in which it ruled that the CFPB’s structure is unconstitutional, struck the entire CFPA (Title X of Dodd-Frank), and dismissed the CFPB from the case.  The NYAG appealed from the district court’s dismissal of all of the NYAG’s federal and state law claims, and a subsequent order that dismissed the NYAG’s claims under Dodd-Frank Section 1042 “with prejudice.”  (Section 1042 authorizes state attorneys general to initiate lawsuits based on UDAAP violations.)

The CFPB had filed a notice of ratification by former Acting Director Mulvaney with the district court.  In its June 2018 decision, the district court stated that the CFPB’s ratification “does not address accurately the constitutional issue raised in this case, which concerns the structure and authority of the CFPB itself, not the authority of an agent to make decisions on the CFPB’s behalf.”

On July 10, 2020, the CFPB filed a declaration with the Second Circuit in which Director Kraninger stated that she has ratified the Bureau’s decisions to file the enforcement action against RD Legal and to appeal from the district court’s dismissal of the action.  In response, RD Legal filed a letter with the Second Circuit in which it stated that the CFPB has waived the ratification issue because it did not appeal the district court’s ruling on ratification.  Alternatively, it argued that the ratification is not effective because Director Kraninger cannot ratify an act that the CFPB could not do at the time such act was done and, in any event, she cannot ratify the enforcement action or appeal because the action would be time-barred and the time to appeal has lapsed.

The Second Circuit can be expected to follow Seila Law and affirm the district court’s ruling that the CFPB’s structure is unconstitutional.  However, also following Seila Law, the Second Circuit can be expected to reverse the district court’s ruling striking all of Title X and rule instead that the Dodd-Frank Act’s “for cause” removal provision should be severed.  Although the district court considered former Acting Director Mulvaney’s ratification and not Director Kraninger’s ratification, its rationale for rejecting former Acting Director Mulvaney’s ratification would apply equally to Director Kraninger’s ratification.  It therefore seems unlikely that the Second Circuit would remand that issue to the district court rather than issue a ruling on ratification.

All American Check Cashing.  The underlying case is an enforcement action filed by the CFPB against All American Check Cashing in 2016 in a Mississippi federal district for alleged violations of the CFPA’s UDAAP prohibition.  In March 2018, the district court denied All American’s motion for judgment on the pleadings based on the Bureau’s unconstitutionality and ruled that the CFPB’s structure is constitutional.  In opposing All American’s motion to certify the case for interlocutory appeal, the CFPB argued that a notice of ratification of the action by former Acting Director Mulvaney cured any constitutional defect and mooted the constitutional issue.  The district court did not rule on the CFPB’s ratification argument and in March 2018 granted All American’s motion for interlocutory appeal which the Fifth Circuit agreed to hear.

On March 3, 2020 (the same day that the Supreme Court heard oral argument in Seila Law), a Fifth Circuit panel ruled that the CFPB’s structure is constitutional.  On March 20, the Fifth Circuit, on its own motion, entered an order vacating the panel decision and granting rehearing en banc.  On June 30, the Fifth Circuit tentatively calendared the case for en banc oral argument during the week of September 21, 2020 and ordered the parties to file supplemental briefs.

Following Seila Law, the en banc Fifth Circuit can be expected to reverse the panel’s ruling that the CFPB’s structure is constitutional and sever the Dodd-Frank Act’s “for cause” removal provision.  Because it ruled that the CFPB’s structure is constitutional, the panel did not reach the CFPB’s ratification argument.  Assuming the CFPB files a declaration of ratification by Director Kraninger as it did in RD Legal, the en banc Fifth Circuit will have an opportunity to issue a ruling on ratification or could decide to remand that issue to the district court.

In Seila Law, the Supreme Court remanded the case to the Ninth Circuit to consider the CFPB’s argument that former Acting Director Mulvaney had ratified the civil investigative demand issued to Seila Law by the CFPB.  As a result, three circuit courts (the Second, Fifth and Ninth Circuits) could now issue rulings on the ratification issue.





The topics we discuss are: implications of the SCOTUS Seila Law decision on CFPB rules, past consent orders, ongoing enforcement, and the Texas lawsuit challenging the CFPB payday loan rule; DOJ/FTC auto dealer fair lending actions, status of disparate impact, and Google targeted advertising changes; the CFPB’s new advisory opinion program; timing of CFPB debt collection final rule; and OCC/FDIC final rules to undo Madden and plans to address “true lender.”

Click here to listen to the podcast.

The Federal Trade Commission (FTC) has launched a new online “dashboard” that makes certain data received from active duty servicemembers and veterans publicly available. The data come from the FTC’s Consumer Sentinel Network, which aggregates consumer complaints received directly from consumers, as well as data contributions received from others (including state attorneys general, the CFPB, and other government agencies, watchdog groups, and private companies).

The newly available dashboard allows a user to filter by status: (1) Active Duty Service Members; (2) Veterans and Military Retirees; or (3) All Military (plus families and reservists). The tool shows the number and type of reports, as well as information on aggregate and median reported losses (as dollar amounts).

A few points to note:

  • From 2015 through Q2 2020, reports show median fraud losses for veterans and retirees of $750, while the number for active duty military was $500;
  • For active duty service members, business opportunities/work-at-home plans, followed by romance scams, had the highest median reported loss amounts ($3,950 and $3,200, respectively), while for veterans and retirees the highest reported median losses involved non-timeshare real estate ($12,427);
  • Across all status categories, the most frequently reported scam type was government imposters, followed by unwanted telemarketing calls; and
  • Among identity theft reports, the top source of reports was new credit card accounts.

In total, this data set includes 680,094 reports, of which 292,942 are fraud reports. 45,240 reports indicated monetary loss, totaling $279.6 million. The dashboard will be updated with new data quarterly.

In filings submitted last week, the Consumer Financial Protection Bureau (the Bureau) both opposed and moved for summary judgment in PayPal, Inc. v. Consumer Financial Protection Bureau, asking the court to put an end to PayPal, Inc.’s lawsuit challenging the prepaid card rule (Rule), which took effect last year. The Rule set out certain fee disclosure requirements, credit-linking restrictions, and other consumer protections for “prepaid accounts.”

The lawsuit, which was filed in December 2019 in the D.C. federal district court, stems from the Bureau’s alleged “fundamental category error” ­ applying “digital wallets” (i.e., digital payment products, like PayPal and Venmo, which users can link to their traditional payment devices like credit/debit cards and bank accounts to make electronic peer-to-peer transfers of funds or purchases from third-party merchants) to the same standards as “general purpose reloadable cards” (i.e., plastic cards typically sold in stores that allow users to load funds without a bank account). In particular, PayPal argued digital wallets should not be subject to the Rule’s provisions (1) requiring “short form” fee disclosures, and (2) imposing a 30 day waiting period for linking payment devices.

In its summary judgment motion, PayPal argued that these provisions should be invalidated because they were issued without statutory authority under (and in violation of) the Electronic Funds Transfer Act (EFTA) and Truth in Lending Act (TILA). PayPal further asserted that in extending these provisions to digital wallets, the Bureau violated the Administrative Procedures Act (APA) by: (1) acting in an arbitrary and capricious manner by ignoring material differences between digital wallets and general purpose reloadable cards; (2) failing to perform a cost-benefit analysis, and (3) placing a content-based restriction on PayPal’s free speech rights, in violation of the First Amendment of the U.S. Constitution.

The Bureau urges the Court to reject these arguments, which it characterizes as “distort[ing] the governing statutory framework, the Bureau’s reasons for adopting the Rule, and the scope of the Rule itself.” The Bureau argues the disclosure requirements and mandatory waiting period are authorized by the EFTA and TILA, and were properly issued under the Bureau’s broad authority to prescribe rules to carry out the purposes of each statute, the Bureau’s interpretation of which is entitled to deference. It further asserts the provisions are separately authorized by the Bureau’s general authority under section 1032 of the Dodd-Frank Act, to “prescribe rules to ensure that the features of any consumer financial product or service … are fully, accurately, and effectively disclosed to consumers in a manner that permits consumers to understand the costs, benefits, and risks.”

The Bureau insists PayPal’s APA claim fails because it cannot show that the Bureau’s decision to include digital wallets within the Rule’s coverage was “arbitrary or capricious.” While acknowledging there are “some differences” between digital wallets and other prepaid accounts ­ including, without limitation, their tendency to charge fewer fees, and that “consumers [are] less likely to use them as a substitute for a checking account” ­ the Bureau found digital wallets to be “similar enough” in that both can be used “to load funds for use in conducting transactions.” The Bureau also points to its goals of providing clear regulations, and insists that PayPal’s arguments misconstrue the Rule’s underlying purpose of clarifying what protections apply to digital payments while avoiding “a patchwork regulatory regime that could leave consumers confused about what protections applied to which products.” The Bureau identifies these same factors, along with industry comments regarding the costs, confusion, and effect on innovation, as factors that it considered in addressing the benefits and costs of applying the Rule to digital wallets.

The Bureau also presses the Court to reject PayPal’s First Amendment claim, arguing that the disclosure requirements are not a content based restriction as they do not restrict companies from providing consumers with “clarifying information.” Instead, the Bureau states that the Rule only prohibits additions “to the short-form disclosure box itself,” leaving companies free to “provide additional information, including clarifying details about when certain fees may be lower or waived, anywhere else they wish, including immediately outside the disclosure box.” This distinction is dispositive, the Bureau says, because “[n]othing in the First Amendment bars disclosure regulations . . . [imposing] modest restriction on where commercial information may be placed.”

When the OCC issued its final Community Reinvestment Act (“CRA”) rule on May 20, 2020, the agency acted alone without waiting to achieve consensus with the FDIC, the agency with which the OCC had jointly issued its proposed rule. The FDIC declined to join the OCC’s CRA reform effort, despite seemingly being in lock-step with the OCC up until that point. As to the Federal Reserve Board (“FRB”), it had already bowed out of the CRA reform effort in 2019.

On the date the OCC issued its final rule, FDIC Chairman Jelena McWilliams issued a public statement indicating that “[w]hile the FDIC strongly supports the efforts to make the CRA rules clearer, more transparent, and less subjective, the agency is not prepared to finalize the CRA proposal at this time.” She went on to recognize the “herculean effort” community banks were making to help small businesses and families during the COVID-19 crisis, implying that the agency did not join the OCC in issuing the final rule because she did not want to add regulatory burden to FDIC-supervised banks during this challenging time. Chairman McWilliams did express support for the framework of the OCC’s CRA final rule, however, stating that she believed it would “greatly benefit” low- and moderate-income (“LMI”) communities and provide greater clarity to banks on CRA expectations.

In a later statement on June 26, 2020, Chairman McWilliams clarified that “the timing wasn’t right” for the FDIC to ask small community banks to meet new regulatory requirements and that her agency would wait until “peacetime” to finalize its CRA rule.

Because the FDIC was discussing the final rule with the OCC until shortly before the OCC issued it and appeared to agree on content but not timing of issuance of the final rule, we believe that it is likely that the FDIC will re-engage on CRA. That said, because of the criticism the OCC’s final rule has received, it is possible that the FDIC will assess that criticism before finalizing its rule. In any event, the FDIC could wait to act until the impacts of the COVID-19 pandemic are fully known and until after the presidential election in November.

With regard to the FRB, in testimony before the House Financial Services Committee on June 16, 2020, Fed Chairman Jerome Powell stated that his agency’s preliminary CRA reform work “won’t go to waste” because the FRB plans to move forward with its own proposal to update its CRA rules. He did not provide a time table for possible rulemaking activity, however. At this point, it seems likely that the FRB would defer any such efforts until after the presidential election.

For now, national banks must begin preparing to comply with the OCC’s final rule while state banks will continue to operate under the current rule until the FDIC determines whether it will adopt the OCC final rule and the FRB proceeds with its own proposed CRA reform. Currently, it seems possible that state member banks and non-member banks may operate under different CRA rules in the future. Although the FDIC is likely to adopt the OCC’s final rule for the reasons previously discussed, it is possible that each regulator will have its own CRA framework. While CRA modernization is called for, having two or three CRA regulatory frameworks creates uncertainty and may create competitive inequalities that could negatively impact the LMI customers the rule is designed to benefit. As noted in our most recent blog post, consumer advocacy and civil rights groups have argued that the OCC has now “fractured the interagency consensus around CRA enforcement,” and that appears to be true at this juncture.

This is the fourth in a series of five blog posts about the OCC’s CRA final rule. The first blog post described what changed from the OCC’s proposed rule to the final rule, and the second blog post explained differences among the OCC’s final rule, FDIC’s proposed rule and the FRB’s existing rule. Our third blog post described opposition to the OCC’s CRA final rule by consumer advocacy groups and Congress. Our next blog post will examine the impacts of CRA reform on community banks and how banks regulated by the FDIC and FRB should proceed in preparing for future CRA examinations.

The Illinois Department of Financial and Professional Regulation (IDFPR) published a notice of proposed rules implementing the Student Loan Servicing Act in the July 10, 2020 issue of the Illinois Register. Written comments will be accepted for 45 days.

The IDFPR initially proposed rules in November 2018 but withdrew them a year later because it wished “to reassess the rulemaking.” The current proposal is similar in scope, except that it has dropped the subpart on administrative hearings. A number of the remaining provisions have been refined since their prior publication:

  • Assessments (which are in addition to annual renewal fees) would be based on the proportion of Illinois borrowers serviced by each licensee (not the proportion of Illinois loans) (1010.120(f))
  • The requirement to provide a secure website and toll-free telephone service to handle borrower and cosigner communications regarding existing loans no longer extends to communications regarding applications for loans (1010.140)
  • The rules now contemplate both borrowers and cosigners (not just borrowers) in the requirements to provide electronic access to account information and promptly credit payments (1010.160(a)-(b))
  • Servicers are exempt from the three-year record retention requirement to the extent prohibited by their contracts with lenders (1010.180)

The proposed rules would continue to require licensees to: provide borrowers with information about alternative repayment and loan forgiveness options (1010.150), credit a cosigner’s payment only to the cosigned loan unless directed by the cosigner (1010.160(c)), maintain loan records (1010.170, .190), and file an independent financial audit report (1010.210). Like the November 2018 proposal, this proposal also contains a fee schedule (1010.120) and certain examination procedures (1010.220). While the fee schedule has not changed, the text of the proposed rule has been updated to reference and re-state the fees set forth in the statute.