Jon Hill of Law360 was among a group of reporters to whom Director Chopra recently gave a series of interviews in which he provided significant insights into his views on a range of topics.  We review recent CFPB and other agency developments that provide context for Mr. Chopra’s comments, discuss what his comments reveal about his approach to use of CFPB authorities, and highlight the important takeaways for banks and other companies.  Topics covered include entry of big tech into financial services, Section 1033 rulemaking, application of UDAAP to discrimination, the Military Lending Act, bank/nonbank partnerships, buy-now-pay-later, payday lending, overdraft/NSF fees, and artificial intelligence/machine learning.

Alan Kaplinsky, Ballard Spahr Senior Counsel, hosts the conversation joined by Michael Gordon and Ronald Vaske, partners in the firm’s Consumer Financial Services Group, and Mindy Harris, Brian Turetsky, and Rinaldo Martinez, Of Counsel to the Group.

To listen to the episode, click here.

A group of 12 Republican Senators have sent a letter to CFPB Director Rohit Chopra in which they urge him “to reverse course and stop using inappropriate tactics to harm financial institutions’ reputations and customer relationships in order to advance your liberal policy preferences.”

In their letter, the Senators assert that “rather than operating as a tough, but fair and sensible regulator, the CFPB is again pursing a radical and highly-politicized agenda unbounded by statutory limits.”  As examples of “uncontrolled and unwarranted” CFPB actions, the Senators point to the following:

  • The CFPB’s use of “name-and-shame tactics to pressure companies into eliminating [overdraft fees].”  The lawmakers’ point to the chart published by the CFPB in February 2022 that listed the top 20 banks by revenue from overdraft fees and statements made by Director Chopra in his July 2022 media interviews indicating that he was “gratified to see where the market has been shifting” while warning that the CFPB would be “increasing our supervisory scrutiny of the institutions that are most dependent on [overdraft fees] as part of their deposit account revenue.”  The Senators state that “[i]t is hard to view [this] statement as anything other than a threat that banks who do not bow to the CFPB’s pressure campaign could expect the agency to target them for increased supervision.”
  • The CFPB’s change in its risk-based supervision rule to allow the CFPB to publicly disclose a decision to subject a nonbank to risk-based supervision.  The Senators observe that the rule change “did not give a nonbank the same discretion to defend itself and instead requires a nonbank to keep confidential information relating to the CFPB’s decision, including facts that could call into question the Director’s decision or raise procedural concerns with it.”  The Senators state that since the CFPB has never used this authority, the rule change “appears to serve as a threat to nonbanks…whose practices are legal but not in line with your liberal policy views.”
  • The CFPB’s change in its rule on adjudication proceedings to allow the Director, at any time, to direct that any matter be submitted to him or her for review.  The Senators assert that this change allows Director Chopra to “authorize CFPB staff to bring an enforcement case based on a novel legal theory and then you can personally rule that it is a valid theory.”
  • A mass email sent by the CFPB to the customers of a bank that is the subject of a CFPB enforcement action about accounts alleged to be opened without customers’ consent.  The Senators assert that the mass email “was not a legitimate investigative or litigation tool, but rather a means to damage the bank’s customer relationships.”

We recently urged Director Chopra to discontinue the CFPB’s current practice of using a potpourri of methods that lack transparency and predictability to interpret federal consumer financial laws.  In our open letter, we called on Director Chopra to instead restart use of the official staff commentaries that are subject to input from stakeholders and provide certainty that they will be binding.

We are surprised that in their letter, the Senators did not criticize the CFPB’s updates to its Supervision and Examination Manual that instruct examiners to consider discrimination in connection with non-credit products and services as an unfair act or practice.  For the reasons we have discussed, we believe the CFPB’s UDAAP interpretation is legally flawed.  Moreover, given the complexity of the questions the CFPB’s expansion of UDAAP raises, we believe this type of a drastic change should be done through a rulemaking and not through an amendment to an examination manual.

The results of a recent poll on buy-now-pay-later (BNPL) conducted on behalf of the Financial Technology Association (FTA) indicate that BNPL products are viewed favorably by a strong majority of adults who have used BNPL.  The poll was conducted through online interviews of a sample of 2210 adults and the data were weighted to approximate a target sample of adults based on gender, age, race, educational attainment, and region.  

Key findings included the following:

  •  Trust in BNPL is significantly driven by those who have used BNPL, with users not only having a high favorability but also trusting BNPL dramatically more than those who have never used it.  This is partly due to the finding that more than three quarters (75%) of those who used BNPL, across demographics, reported having a positive experience.
  • BNPL has a positive force on the financial future of its users.  43% of those have used BNPL reported that they felt their finances would be better off in one year while only 26% of those who had not used BNPL reported the same.
  • BNPL is seen as having clear and understandable terms and conditions of service among nearly all its users.  More than nine in ten (94%) users of BNPL, across demographics, found that they could easily understand the terms and services.
  • Using multiple BNPL products has made it easier for consumers to pay for their purchases.  BNPL has helped consumers pay for items such as retail, technology, and household appliances.  To this extent, adults, specifically younger and non-white adults, feel that BNPL would be helpful to them in managing their finances and purchases.

In January 2022, after sending orders to five companies that offer BNPL products directing them to provide information to the Bureau, the CFPB published a notice in the Federal Register seeking public comment to inform its inquiry into BNPL products.  The examples given by the CFPB of the kinds of issues on which it sought comments included consumers’ experience with BNPL products and the benefits and risks to consumers from BNPL products.  The results of the FTA’s poll speak favorably to BNPL on both consumers’ experience and the benefits to consumers.

On September 9, 2022, the California Department of Financial Protection & Innovation (the “DFPI”) released a Notice of Proposed Rulemaking Action that proposes to adopt regulations implementing the Student Loan Servicing Act (section 28100, et seq.) and the Student Loans: Borrower Rights Law (Civil Code section 1788.100, et seq.).  The comment period for the proposed regulations will close on October 28, 2022.  Along with the Notice, the DFPI issued an Initial Statement of Reasons and the text of the proposed regulations.

In its release, the DFPI notes that the “proposed rules clarify that education financing products, including but not limited to income share agreements and installment contracts, are student loans and that servicers of such education financing products are covered by the Act and must be licensed.  The proposed rules define terms and documents specific to education financing products.  The proposed rules also amend some existing rules, based on the DFPI’s years of experience licensing student loan servicers and conducting regulatory examinations.”

Of note, the regulations would define “income share agreement” or “ISA” to mean “an agreement between a student and a school or an income share provider under which the student agrees to pay a fixed percentage of the student’s future income for the payment term, in exchange for waiving or covering the cost of some or all of the student’s tuition.”  Further, ISAs would be classified as “education financing products” which include “all private student loans which are not traditional student loans,” and any such products would be subject to the Act.

The magistrate judge assigned to hold a settlement conference in All American Check Cashing has issued an order stating that the matter did not settle at the settlement conference conducted on September 7.  The order also states that the court will notice a telephonic conference to continue settlement discussions.

The case was remanded to the district court by the en banc Fifth Circuit, which ruled that the CFPB’s enforcement action against All American Check Cashing could proceed despite the unconstitutionality of the CFPB’s single-director-removable-only-for-cause-structure at the time the enforcement action was filed.  However, in a concurring opinion, five judges expressed their agreement with All American Check Cashing’s argument that the unconstitutionality of the CFPB’s funding mechanism required dismissal of the enforcement action.  In remanding the case, the Fifth Circuit stated that “[w]e place no limitation on the matters that the court may consider, including, without limitation, any other constitutional challenges, and we express no view on the actions it should take in accordance with this opinion or otherwise.”

Following the remand, the CFPB and All American Check Cashing filed a joint motion asking the district court to set a briefing schedule.  The district court, however, denied the motion and instead ordered that the case go to private mediation or a settlement conference before a magistrate judge, with the parties to decide which route they preferred.  The parties thereafter agreed to a settlement conference before a magistrate judge.

The order issued by the magistrate judge also notes that after the Fifth Circuit accepted the interlocutory appeal, the district court terminated two pending motions: the CFPB’s motion for summary judgment and All American Check Cashing’s motion to exclude certain expert testimony.  The order states that because Community Financial Services Association v. CFPB “presents similar issues to those raised in the present case,” the parties must wait to re-file any motions until the Fifth Circuit issues a decision in the CFSA case.  (CFSA’s lawsuit challenges the payment provisions in the CFPB’s 2017 final payday/auto title/high-rate installment loan rule.)  A Fifth Circuit panel heard oral argument in the CFSA case on May 9, 2022.  

The trade groups’ primary argument on appeal continues to be that the 2017 Rule was void ab initio because the CFPA’s unconstitutional removal restriction means that the Bureau did not have the authority to promulgate the 2017 Rule.  However, the trade groups submitted the concurring opinion in All American Check Cashing as supplemental authority to the Fifth Circuit panel hearing their appeal and argued that the panel should adopt the reasoning of the concurring opinion and invalidate the 2017 Rule.

On August 31, 2022, the California Senate voted to approve House Assembly Bill 156, and sent the bill to Governor Newsom for consideration and potential signature.  If it becomes law, the bill would amend the existing California Debt Collection Act (the “DCLA”) in three ways.

First, the bill would amend provisions of Cal. Fin. Code § 100000.5(a) to “allow any debt collector that submits an application [for a license] before January 1, 2023, to operate pending the approval or denial of the application.”  The existing grace period provided by the DCLA had previously only covered applications that were submitted prior to January 1, 2022.

Second, an amendment to Cal. Fin. Code § 100000.5(b) would provide the California Department of Financial Protect & Innovation (the “DFPI”) the authority to issue conditional licenses to applicants (valid for a period up to ninety days) pending the receipt and review of fingerprint images and related information.  As the legislative counsel’s digest accompanying the bill’s text states: “[t]he DCLA requires the Department of Justice to transmit fingerprint images and related information received from the DFPI to the Federal Bureau of Investigation for the purpose of obtaining a federal criminal history records check and requires the Department of Justice to review the information returned from the Federal Bureau of Investigation and compile and disseminate a response to the commissioner.”  The ability to issue conditional licenses during this time would provide the DFPI with flexibility during this portion of the application process.

Third, the bill would amend sections of Cal. Fin. Code § 100013 to provide the DFPI with discretion as to whether or not to deem an application abandoned in a situation where an applicant fails to submit responsive information within 60 days from a written request for information by the DFPI.  Currently, the DCLA mandates that any such application be abandoned.

There is no express timeline for the Governor to sign House Assembly Bill 156 into law.  All new applications for a license under the DCLA or for branch registrations are handled via the Nationwide Multistate Licensing System and Registry.

A New York federal district court has issued an order allowing a putative class action to proceed against Trustco Bank, finding that the plaintiff had stated a claim for breach of contract based on the bank’s assessment of non-sufficient funds (NSF) fees.  The complaint in Jenkins v. Trustco Bank alleges that Trustco’s assessment of multiple NSF fees on the same transaction constituted 1) a breach of the covenant of good faith and fair dealing, 2) unjust enrichment, 3) a deceptive act or practice under New York General Business Law § 349, and 4) a breach of contract.  The court granted Trustco’s motion to dismiss on all but the breach of contract claim.

The order is significant because it is the second class action suit against Trustco this year that the New York federal district court has allowed to proceed on a breach of contract theory.  The other suit, Lamoureux v. Trustco Bank, also concerns the bank’s NSF and overdraft fee practices.  The court in Jenkins noted that plaintiffs in both suits “alleged the same breach to an identical contract” and that the bank relied on the same portions of the contract for its defense in each case.  The court then adopted the reasoning and finding from Lamoureux that the bank’s contractual language about NSF fees is ambiguous, allowing the claim to survive the motion to dismiss.

At issue in both suits is the bank’s practice of treating each instance that a payment is re-presented as a new item subject to NSF or overdraft fees.  Trustco maintains that, under its contract, each subsequent attempt by a merchant to re-present a payment that failed to go through the first time may be handled and treated as a separate “item.”  The plaintiffs argue that multiple attempts to process the same transaction must be treated as a single “item” as the term is used in the contract.  In finding that each interpretation was reasonable, the court in Lamoureux observed that the language in Trustco’s account agreement was similar to the terms used by other banks that several other courts had deemed ambiguous.

Both Jenkins and Lamoureux are awaiting further proceedings.  We will continue to monitor each for significant developments as they move forward.

Last month, the FDIC issued new supervisory guidance on multiple NSF fees arising from the re-presentment of the same unpaid transaction.  These cases are examples of the class action lawsuits that financial institutions have faced alleging breach of contract and other claims, some of which have resulted in substantial settlements, based on the failure to adequately disclose re-presentment NSF fee practices.  We have handled and are presently defending several of these types of class actions.  While neither the OCC, the FRB, nor the CFPB have taken a formal public position on the issue of re-presentment NSF fees, these agencies have already made overdraft practices a focus of concern and we expect them to follow the FDIC’s position on re-presentment NSF fees. 

Overdraft and NSF fees also continue to be a focus of state regulators, with the New York State Department of Financial Services and the Division of Banks of the Massachusetts Office of Consumer Affairs and Business Regulation having issued guidance to their supervised institutions about overdraft and NSF fees.

On September 7, 2022, newly-appointed Vice Chair for Supervision at the Federal Reserve (the “Fed”), Michael S. Barr, gave a speech outlining his near-term goals and the “holistic approach” he intends to take to achieve them.  Building on the efforts made over the previous 12 years since the Global Financial Crisis to strengthen the banking system and oversight, Barr emphasized his top goals include making the financial system safer and fairer.  While more specifics regarding Barr’s agenda will be forthcoming in the coming weeks and months, his speech signals a change in regulatory policy which could have a significant impact on banks, bank holding companies, and the companies that partner with them.

To achieve the safety and soundness of banks and stability of the financial system, Barr intends to focus on mitigating evolving risks through regulatory capital reform, resolution planning for large banks, and revisiting the criteria used by the Fed to analyze and approve large bank mergers.  Regarding capital reform, Barr outlined the underlying principles to be used when recalibrating the capital requirements, such as a risk-focused framework and tiered requirements, but declined to provide specifics until “later this fall.”  Barr also intends to work with the FDIC to review the resolution plans of globally systemically important banks and other large banks to ensure appropriate steps are being taken to limit the costs to society of potential failure.  Finally, Barr’s goal of safety and stability includes renewed scrutiny of large bank mergers; Fed staff will be tasked with assessing how the Fed is currently performing merger analysis and where improvements can be made.

Barr also commented briefly on two of his other priorities: partnering with other regulatory agencies and Congress to address the risks that stablecoins (and other unregulated forms of private money) pose to the financial system and the financial risks posed by climate change.  Regarding climate change, Barr indicated the Fed’s narrow focus is on its supervisory responsibilities and role in promoting safety and soundness.  The Fed intends to pilot a mico-prudential scenario analysis exercise with several large banks to determine how best to build an approach to climate modeling.

In addition to his focus on “making the financial system safer,” Barr also stressed his intent to focus on fairness and identified 3 elements necessary to make the financial system fairer: (1) financial capability (e.g., transparency in the cost of services); (2) financial access (e.g., promoting access to affordable banking services to low- and moderate-income consumers); and (3) consumer protection (e.g., supervision and regulation).  Barr also noted that innovative financial products, such as crypto and digital payment products, should be welcomed as tools for increasing access and lowering costs for banking services but the risks related to such innovations must be tempered by sound regulation and prudent safeguards to ensure the safety of the banking system and customers.  Finally, Barr reiterated the Fed’s commitment to CRA reform and continuing the efforts led by the previous Vice Chair to strengthen and modernize CRA regulations.

While Barr’s statements may have less of an impact on smaller banks than on the globally significant financial institutions and large banks, his comments around capital reform suggest evolving views among the Fed and other regulators on the evaluation of risk, and the consideration of new types of risk, which could have a significant impact on all banks and bank holding companies.  Third parties that partner with banks to provide products and services, including alternative lenders and fintech companies, may also be impacted.

Vice Chair Barr took office on July 19, 2022 for a four-year term.

The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception.  As a result, when the the California Privacy Rights Act (CPRA) goes into effect on January 1, 2023, employee and B2B data will be treated the same as consumer data. 

Specifically, with the expiration of these exemptions, covered businesses will be obligated to provide their California employees, contractors, job applicants, and business contacts with the full array of disclosures and rights available to California consumers under the CPRA.  Extending CPRA rights to employees in particular is likely to pose a significant policy and operational lift for many businesses.

For example, in addition to the disclosures already required under the CCPA, employers will now have to provide employees with the rights of access, correction, portability, and deletion of their personal information.  Given the nature of the information that businesses may hold about their employees—including internal performance reviews, work evaluations, and human resources or disciplinary reports—effectuating these rights may be logistically difficult in a way that standard consumer requests are not.  Businesses will have to review the scope of these rights carefully to identify what information may be subject to employee review and what information may fall under an exemption. 

The sunsetting of these exemptions is likely to have a particularly large impact on businesses without direct-to-consumer sales and companies in federally regulated industries (such as financial institutions), as those types of businesses often had relatively little data subject to the CCPA. 

With only four months until 2023, businesses have already been focusing significant efforts on complying with the CPRA and the four other privacy laws going into effect next year.  The lapsing of the CPRA’s B2B and employee exemptions will make these months feel even shorter.

Since the beginning of Michael Hsu’s tenure as Acting Comptroller of the Currency, bank/fintech partnerships have been a focus of OCC concern.  Although bank lending partnerships with fintechs continue to receive OCC attention, recent remarks by OCC officials indicate that OCC scrutiny is now also directed at partnerships outside of the lending arena.

In remarks yesterday to The Clearing House and Bank Policy Institute Annual Conference, Acting Comptroller Hsu discussed the growth “of banking-as-a-service (BaaS),” meaning arrangements in which a nonbank offers banking services to its customers as a way of adding value to its products and services.  He observed that “[d]igitalization has put a premium on online and mobile engagement, customer acquisitions, customization, big data, fraud detection, artificial intelligence, machine learning, and cloud management” and that “these activities require expertise and economies of scale that most banks do not have.”  Noting that BaaS is not an issue limited to large banks, he commented that banks and fintechs, “in an effort to provide a ‘seamless’ customer experience, are teaming up in ways that make it more difficult for customers, and regulators, and the industry to distinguish between where the bank stops and the tech firm starts.”

Mr. Hsu expressed significant concern about the safety and soundness implications of these developments.  He discussed the supervisory concerns raised in bank technology examinations, stating that a majority are related to “fundamental elements of risk management, e.g. board oversight, governance, and internal controls” and that common issues involve insufficient information security controls, change management issues particularly with emerging products and services, and IT operational resilience.”  Mr. Hsu also raised concerns about unknown risks or “nasty surprises” arising out of bank-fintech arrangements.  He indicated that to mitigate this risk, the OCC is currently working on a process to subdivide bank-fintech arrangements into cohorts with similar safety and soundness risk profiles and attributes.  This approach is expected to enable a clearer focus by the OCC on risks and risk management expectations.

According to a Law360 report, another OCC official who spoke at the Annual Conference also expressed concerns about bank/fintech partnerships. Kevin Greenfield, OCC Deputy Comptroller for Operational Risk, is reported to have warned banks that they can be liable for customer harm arising out of fintech partnerships, such as violations of consumer protection laws and unfair and deceptive practices.  He advised banks to closely monitor risk and compliance in these partnerships.  With regard to lending partnerships, Mr. Greenfield is quoted as having stated that a bank’s responsibility for compliance with consumer protection laws “doesn’t go away if [customers] click on a fintech app or if they walk into the bank branch to get that loan” and that “[i]f it’s [the bank’s] charter that’s providing that loan, [the bank needs to] understand what the risks are and how that’s operating, because, ultimately, it’s going to get traced back to [the bank] that provided the credit.”

We find it noteworthy that neither Mr. Hsu or Mr. Greenfield mentioned concerns about a bank using its charter to avoid state interest rate limits applicable to a nonbank partner.