In a recent blog post, Alan Kaplinsky and Scott Pearson wrote about the remarks made by CFPB Director Richard Cordray and Comptroller of the Currency Thomas Curry at the LendIt USA conference in New York City earlier this month.  In the blog post, we expressed our strong disagreement with Comptroller Curry’s refusal to author an interpretive opinion to address the disruption in the lending markets caused by the Second Circuit’s Madden decision and promised to share our reasons at a later date for why we think that the OCC should go even further and propose a rule to address Madden 

Alan has now written an article published in BankThink, American Banker’s “platform for informed opinion about the ideas, trends and events reshaping financial services,” that urges the OCC to issue a rule to address Madden.  In Madden, the Second Circuit ruled that a company that purchases loans from a national bank could not charge the same rate of interest on the loan that Section 85 of the National Bank Act allows the national bank to charge.  As Alan demonstrates in his article, there is clear OCC and U.S. Supreme Court precedent for the OCC to issue an interpretive opinion or regulation interpreting Section 85 to address an issue that is being litigated and the Supreme Court has indicated that it can properly do so.  As he also demonstrates, the need for an OCC rule is not eliminated by the OCC’s proposal to create a national bank charter for financial technology companies.





Earlier this week, we attended the LendIt USA conference in New York City, a leading annual fintech conference, at which both CFPB Director Richard Cordray and Comptroller of the Currency Thomas Curry spoke.

Director Cordray began his remarks by returning to his familiar “level playing field” theme, observing that “[e]venhanded oversight of all providers” regardless of size “is a basic rule of the road for effective regulation of the financial marketplace” and that “[n]obody gets a free pass to exploit regulatory arbitrage; everyone must be held to the same standards of compliance with the law.”  He then discussed the CFPB’s two most recent requests for information.

The first RFI, issued in November 2016, seeks information about market practices related to consumer access to financial information.  Director Cordray reported that the CFPB has received about 70 “extensive and thoughtful” comments from financial institutions, data aggregators, companies that use aggregated data, trade associations, consumer groups, and individuals.  He observed that “[c]ertain perspectives presented in the comments are not surprising,” with banks and other financial companies raising concerns about consumer data security and aggregators and users of the data recommending less fettered access and greater freedom to store and use collected data.  He commented that the CFPB is “keenly aware of the serious issues around privacy and security, for consumers and providers alike,”  and noted two “pressing” issues facing the CFPB:  how to satisfy the demands of consumers without exposing the providers that maintain consumer data to undue costs and risks and how to prevent consumers from subjecting themselves to undue risks, including the possibility that their data could be misused.  Echoing comments he made in October 2016, Director Cordray also stated that the CFPB “remain[s] concerned about reports of some institutions that may be limiting or restricting access unduly.”

The second RFI discussed by Director Cordray was the RFI issued last month seeking information about the use of alternative data and modeling techniques in the credit process.  He indicated that the CFPB’s goal in issuing the RFI is “to learn more about issues raised by new technologies and new uses of data” and, in particular, to obtain information “about the potential benefits and risks of using, applying, and analyzing unconventional sources of information to predict people’s creditworthiness.”  He reviewed the main inquiries posed by the RFI, with emphasis on the CFPB’s interest in learning how the use of alternative data might impact so-called “credit invisibles,” meaning consumers with no credit history or credit histories that are too limited to generate a reliable credit score, and the application of fair lending laws to alternative data.

In addition to not providing any meaningful new insights into the CFPB’s views on fintech issues, perhaps the most disappointing aspect of Director Cordray’s remarks was his touting of the CFPB’s no-action letter (NAL) policy in his discussion of Project Catalyst,  the CFPB’s initiative launched in November 2012 for facilitating innovation in consumer-friendly financial products and services.  The CFPB’s NAL policy, which was finalized in February 2016, stated that the CFPB would publish NALs, along with a version or summary of the request, on its website.  Since we could find no NALs on the CFPB’s website, we assume no NALs have been issued.

Indeed, even if any NALs have been issued, they would be of marginal value to the recipients.  As we observed when the NAL policy was finalized, the NAL policy provides no immunity against private litigation or enforcement actions by other federal and state government agencies.  (In fact, the CFPB stated in the policy that an NAL can be revoked or modified at any time.)  To make matters worse, an NAL will receive no deference from the courts and may only cover one or more of the “enumerated consumer laws” and not UDAAP which is often of the greatest concern to banks and companies because of the lack of clarity as to what constitutes an “unfair,” “deceptive” or “abusive” act or practice.  Perhaps the reason no NALs have been issued is that none have been requested because of their marginal value as well as the potential for publication of an NAL to give competitors access to important confidential strategic information.

Comptroller Curry’s remarks focused primarily on the OCC’s fintech charter proposal, which he defended against a number of attacks from state regulators, consumer advocates, as well as industry opponents.  Comptroller Curry said that the OCC definitely has authority to grant special purpose charters without new legislation.  Companies obtaining these charters should not expect “light touch” supervision, as the OCC will supervise them in the same manner that it supervises full-service banks.  Furthermore, the OCC will not grant charters to companies engaging in practices considered to be predatory or abusive.

Comptroller Curry also said that there will be “appropriately calibrated” capital and liquidity standards, as well as financial inclusion requirements for obtaining a charter.  Details on the requirements will be outlined in a forthcoming supplement to the OCC’s licensing manual.  He added that national banks are subject to state law to a much greater extent under Dodd-Frank than previously was the case, so concerns about excessive preemption are misplaced.  Comptroller Curry said that companies will benefit from the OCC’s high standards and “rigorous supervision,” as it adds value to the companies.

Unlike Director Cordray, Comptroller Curry took questions from the audience, including questions from us.  Although he did not indicate whether there has been any contact between the White House and the OCC concerning policy, he said that the OCC intended to comply with the spirit of the recent executive orders concerning deregulation, although it is not required to follow them as an independent agency.  He noted that the OCC already had completed a recent decennial review of its rules as required by the Economic Growth and Regulatory Paperwork Reduction Act of 1996.  Asked whether the OCC would issue an interpretive opinion concerning the Madden v. Midland Funding case consistent with its amicus brief, Comptroller Curry said that it would not, since the agency cannot overrule the Second Circuit.

We strongly disagree with Comptroller Curry’s refusal to author an interpretive opinion which certainly would be helpful outside the Second Circuit (and maybe even within the Second Circuit since the OCC had not weighed in on Madden until it reached the Supreme Court).  For reasons that we will articulate in the future, we think that the OCC should propose to issue a regulation codifying the “valid when made” doctrine.

On March 21, 2017, from 12:00 pm to 1:00 pm ET, Ballard Spahr will hold a webinar, “Alternative Credit – Opportunities, Risks and the CFPB’s Request for Data.”  More information and a link to register is available here.





The CFPB announced that it has entered into a consent order with First National Bank of Omaha to settle charges that the bank engaged in unfair or deceptive acts or practices in connection with the marketing and sale of credit card add-on products and the billing of consumers for such products.  The consent order requires the bank to pay at least $27.75 million to provide restitution to approximately 257,000 consumers. The restitution will include the full amount paid for the products, plus any associated late fees, over-limit fees, and finance charges.  In addition, the bank must pay a $4.5 million civil money penalty to the CFPB.

The CFPB’s announcement stated that its enforcement action was conducted in coordination with the Office of the Comptroller of the Currency (OCC), which entered into a separate consent order with the bank.  According to the CFPB, its enforcement action represents “the eighth action the Bureau has taken in coordination with another regulator to address illegal practices with respect to credit card add-on products and the 12th action the Bureau has taken in total to address these practices.”

The CFPB’s consent order states that from approximately 2002 until August 2013, the bank marketed debt cancellation products to its credit card holders and, from approximately December 1997 to September 2012, it marketed credit monitoring/identity theft protection products to its cardholders.  According to the consent order, the bank engaged in deceptive or unfair acts or practices in violation of the Consumer Financial Protection Act (which violations the bank does not admit or deny) that included the following:

  • Misrepresenting the length of the card activation process to cause consumers to listen to solicitations for debt cancellation products and misrepresenting the existence of a purchase transaction when obtaining consumer consent
  • Misrepresenting the terms, exclusions and benefits of the debt cancellation products through conduct that included failing to inform cardholders or correct confusion on the part of cardholders who had disclosed information suggesting they would be ineligible for some product benefits (such as that they were retired, self-employed or employed for less than 30 hours a week)
  • Misrepresenting the ease of cancelling debt cancellation products by conduct that included instructing representatives to attempt to rebut cardholder cancellation requests, thereby causing consumers to be unable to cancel without making multiple demands for cancellation
  • Administering the debt cancellation products in a way that obstructed cardholders from obtaining benefits, such as by imposing various restrictions, eligibility requirements, and administrative hurdles (for example, denying benefits to a cardholder who was employed for less than 30 hours a week or self-employed and defining a “pre-existing condition” to include any condition diagnosed or appearing for up to six months after enrollment)
  • Billing cardholders for credit monitoring products when the product benefits were not provided, such as where the bank did not obtain the cardholder’s authorization for his or her credit reports to be released by the credit reporting company or where the credit reporting company did not process an authorization because it could not match the cardholder’s identification information to its records.

In addition to the payment of restitution and a civil money penalty, the consent order prohibits the bank from marketing any debt cancellation or credit monitoring/identity theft products until it submits an “Add-on Compliance Plan” to the CFPB and receives “a determination of non-objection.”  The consent order details the items that must be included in the compliance plan.  It also requires the bank to submit a written policy governing the management of service providers “with respect to the offering of consumer financial products and services” to the CFPB for a determination of non-objection and develop a written, enterprise-wide “Unfair, Deceptive, and Abusive Acts or Practices risk management program for any consumer financial products or services” offered by the bank or through service providers.  While the CFPB has required banks to have UDAAP policies in other consent orders in enforcement actions involving credit card add-on products, those policies appear to have been limited to the sale of such products and did not appear to cover any consumer financial products and services offered by the bank.

The OCC’s consent order with the bank settles charges that bank’s billing practices for the credit monitoring/identity theft protection products violated Section 5 of the FTC Act.  The OCC’s consent order requires the bank to pay a $3 million civil money penalty and make restitution to customers who paid for identity theft protection they did not receive.  In its announcement of the consent order, the OCC stated that restitution payments made by the bank pursuant to the OCC’s order “will also satisfy identical obligations required by the CFPB action.”

While the CFPB has not yet held a public event devoted to FinTech or financial innovation, the Office of the Comptroller of the Currency (OCC) recently held a Forum On Supporting Financial Innovation in the Federal Banking System to discuss the agency’s approach to FinTech and other innovative products. The forum follows up on the OCC’s white paper with a similar name.

The all-day forum included a keynote address by the Comptroller of the Currency, Thomas J. Curry, and a series of panel discussions involving representatives from the OCC, large and small banks, a marketplace lender, consumer advocates, and various consultants.

We believe there are three key takeaways from the event.

First, the OCC seems to recognize that many consumers and small businesses have difficulty obtaining credit, and that efforts to protect borrowers through regulation can actually harm borrowers by reducing credit availability. This appears to be one reason why the OCC wants to encourage financial innovations. It also sees FinTech as an opportunity to improve the speed and accuracy of transactions, as well as the integrity of records. Mr. Curry stated that he would like FinTech firms to feel comfortable engaging with the OCC about their new financial technologies, given the OCC’s expertise in the field.

Second, what the OCC supports is “responsible” innovation. Multiple OCC representatives in their remarks stated that the OCC has “made a commitment” to supporting innovation, but every one of them simultaneously made clear that the agency will not “relinquish its responsibilities” or “abandon its core principles” in doing so. OCC representatives indicated that while the OCC would encourage pilot programs, for example, it is wary of providing safe harbors for such programs due to the potential for consumer harm. (We note that the OCC’s reluctance to provide safe harbors dovetails with the CFPB’s policy of providing only limited “no-action” letters, which are largely toothless: they can be modified or withdrawn by the CFPB at any time, are not binding on the CFPB in the future, and provide no immunity against private litigation or enforcement actions by other state and federal agencies.) It remains to be seen where the balance will be struck between attempting to protect borrowers and supporting new technologies and business methods that expand the availability of credit and improve the customer experience.

Finally, we noted some comments of concern regarding national bank charters and the possibility of creating a new type of charter for FinTech companies. Multiple speakers emphasized the “sanctity of the charter” and related agency expectations, expressing disapproval of banks acting as “rent-a-charters,” “booking agents,” or “flow-throughs,” which “have to stop.” If a new type of charter is created for FinTech companies, which seems unlikely, the OCC appears intent on making sure that there is nothing “light” about the regulatory expectations that would accompany such charters.

In his April 2016 appearance before the Senate Banking Committee, Director Cordray made clear that FinTech companies are on the CFPB’s radar screen.  In particular, he indicated that while FinTech companies should not have an advantage in the marketplace over banks because they are not complying with same rules, the CFPB would seek to enforce the laws without stifling innovation.

On June 23, 2016, the OCC will hold a forum in Washington, D.C. on “Supporting Responsible Innovation in the Federal Banking System.”  The forum will bring together representatives from banks, financial technology companies, and community and consumer groups to discuss developments, opportunities, and challenges related to financial innovation.  Topics will include risk management and strategic planning, financial inclusion, consumer protection, supervisory expectations, and regulatory concerns.  Registration is free.

In March 2016, the OCC released a white paper: “Supporting Responsible Innovation in the Federal Banking System: An OCC Perspective.”  The white paper recognizes that many innovations in financial services, such as those related to mobile wallets, distributed ledger technology, and marketplace lending, are taking place outside of the banking industry, often in lightly-regulated  FinTech companies.  In order to understand these new technologies, render timely decisions on matters requiring regulatory approval, and issue guidance about the OCC’s supervisory expectations, the OCC seeks to develop a framework for evaluating products, services, and processes that encourages responsible innovation.  The white paper discusses the OCC’s eight guiding principles for responsible financial innovation.  For more on the white paper, see our legal alert.



The Office of the Comptroller of the Currency has released revised TILA and RESPA chapters of its examination manual for consumer compliance exams.  The revised chapters incorporate the detailed procedural and substantive requirements of the CFPB’s TILA/RESPA integrated disclosures (TRID) rule, which is set to go into effect on August 1, 2015.  The OCC’s publication of the chapters follows a similar release from the CFPB in April 2015.

The OCC’s versions of the TILA and RESPA chapters appear nearly the same as the CFPB’s, except for minor formatting adjustments and technical changes.  While this likely reflects the agencies’ coordination of examination procedures through the Federal Financial Institutions Examination Council, it offers little insight into how, and to what extent, exam priorities may differ for depository institutions, as compared to their non-bank counterparts in the mortgage space.

The other three federal banking agencies—the Federal Reserve, the FDIC, and the NCUA—have yet to update their examination manuals to include the TRID requirements.  For the time being, creditors under their supervisory jurisdiction should be able to rely on the versions published to date by the CFPB and the OCC.

As we have been reporting, the CFPB has made the Servicemembers Civil Relief Act (SCRA) a major focus and instructs its examiners to look at SCRA compliance during examinations.  The OCC has also stepped up its focus on SCRA compliance during examinations of national banks and federal savings associations, according to recent remarks by an OCC official at the 2014 Association of Military Banks of America Workshop. 

In her remarks, Grovetta Gardineer, Deputy Comptroller for Compliance Policy, indicated that the OCC’s stepped up SCRA focus responds to the significant risk associated with an institution’s failure to comply with SCRA requirements.  Ms. Gardineer stated that because of that risk, the OCC now requires its examiners “to include evaluation of SCRA compliance during every supervisory cycle.” 

In its Bulletin 2014-37 on Consumer Debt Sales issued earlier this month, the OCC included SCRA accounts as a type of account that banks should refrain from selling.

We found much to criticize when the CFPB issued its White Paper this past April on payday and deposit advance loans.  However, we remain hopeful that the CFPB will make good on its commitment that any rule-making on these matters will be evidence-based. 

Unfortunately, the OCC and FDIC have not taken that approach.  Instead, the two agencies have carried out their threat in their proposed guidance to kill deposit advance loans by issuing final guidance that may make it impossible for banks they supervise to continue offering these products on a large-scale basis, if at all.  We have prepared a legal alert discussing the final guidance.


As suggested by prior blog posts, I am no fan of the direction the CFPB, OCC and FDIC seem to be going with respect to payday and deposit advance loans. These agencies have all signaled a willingness to prohibit these loans without regard to Dodd-Frank’s definitions of the terms “unfair” and “abusive” and without applying the cost-benefit analysis required by the statutory language. My concerns are articulated in some detail in a comment letter I submitted to the OCC and FDIC yesterday on my own initiative. The apparent regulatory approach— which involves the substitution of visceral reactions in place of rigorous analysis—has disturbing implications that go well beyond the impact on payday loans and deposit advances.

Last Thursday, the Office of the Comptroller of the Currency and Federal Deposit Insurance Corporation proposed guidance on deposit advance loans.  The Federal Reserve Board declined to join the OCC and FDIC and instead provided a general warning that such loans need to be thoughtfully structured and lawfully provided.  Comments on the OCC and FDIC proposals must be submitted no later than 30 days after their publication in the Federal Register.

The OCC and FDIC claim that they support efforts of banks to satisfy consumer need for
small-dollar credit.  However, the limits in the proposed guidance (including a prohibition against making more than a single deposit advance loan to a consumer in any two-month period) could have the effect of banning the deposit advance product.  

The OCC and FDIC want banks to have written underwriting policies for deposit advance loans that include the following limitations: 

•             For the bank to be able to evaluate a customer’s deposit advance eligibility, the customer must have had a deposit account with the bank for at least six months.

•             Customers with any delinquent or adversely classified credits should be ineligible.

•             The bank should analyze the customer’s financial capability, giving consideration to the customer’s ability to repay a loan without needing to borrow repeatedly from any source, including re-borrowing, to meet necessary expenses.

•             Each deposit advance loan should be repaid in full before a subsequent loan is made and banks should not offer more than one loan per monthly statement cycle.  There should be a cooling-off period of at least one monthly statement after repayment of a loan before another loan is made.

•             A customer’s deposit advance credit limit should not be increased without a full underwriting assessment and any increase should not be automatic but should be initiated by a customer’s request.

•             The bank should reevaluate the customer’s eligibility and capacity for the product no less often than every six months and identify risks that could negatively affect the customer’s eligibility, such as repeated overdrafts. 

The OCC and FDIC proposal came a day after the CFPB released its white paper on payday and deposit advance loans.  That white paper contained considerable information about deposit advance loans.  The CFPB suggested that there was a strong positive correlation between the incidence of overdrafts and deposit advance loans.  However, it did not suggest that deposit advance loans cause overdrafts and did not report whether consumers taking deposit advance loans incurred more overdrafts in months when they used the product than in months when they were unable to obtain such loans due to bank-imposed cooling-off periods.  One possible, if not likely, explanation for the correlation between the numbers of overdrafts and deposit advance loans is that consumers in danger of overdrafting their accounts have greater need of deposit advance loans.  

As suggested in my prior post, nothing in the CFPB white paper (much less the OCC or FDIC discussion of deposit advance loans) justifies a rule that is tantamount to prohibiting deposit advance loans.  Rather, the CFPB, OCC and FDIC seem willing to assume that heavy reliance on high-cost loans necessarily results in consumer injury.  

In addition, while the CFPB’s white paper contains a promise of regulation, at least the CFPB has said that it does not intend to act until “further analysis of the short-term, high-cost loan market is complete.”  In particular, the CFPB said in the white paper that it plans to “analyze the effectiveness of limitations, such as cooling-off periods, in curbing sustained use and other harms.”  We find it surprising that OCC and FDIC chose not to wait until the CFPB completed that analysis before proposing a cooling-off period and other limits on deposit advance loans. 

Bottom line:  Opponents of advance deposit loans (including the CFPB, OCC and FDIC) have so far failed to make the case on the merits that these loans injure consumers.