September 16, 2024
Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.
On September 11, the Consumer Financial Protection Bureau issued a consent order against a national bank, resolving allegations that the bank furnished information to consumer reporting agencies in violation of the Fair Credit Reporting Act and the Consumer Financial Protection Act.
Specifically, the CFPB alleged that the bank furnished inaccurate or incomplete information to CRAs about consumers' credit card accounts. According to the CFPB's allegations, the bank and a third-party debt collector entered into an agreement under which the bank assigned the company the right to collect on a portfolio of charged-off credit card accounts. The debt collector sent the bank a monthly file showing the payments made by consumers, but the bank allegedly failed to enter that data into its system. As a result, according to the allegations, consumers' payments were not reflected when the bank furnished information to the CRAs concerning those accounts, including in instances in which consumers had settled or paid their accounts in full. The CFPB also alleged that the bank inaccurately reported the date of first delinquency ("DOFD") when it charged off certain credit card accounts by using the charge-off date as the DOFD, which allegedly made a delinquency on a consumer's account look as though it had occurred more recently than it had, in fact, occurred. According to the CFPB's allegations, this could result in the delinquent information staying on the consumer's report longer than it should. In addition, it is alleged that the bank inaccurately calculated the commencement of the delinquency for purposes of the DOFD based on the cycle date of the account (when a new billing cycle begins) rather than the account due date, when a customer's monthly payment is due. The CFPB also alleged that the bank inaccurately furnished the account status of certain credit card accounts that had been voluntarily closed as current and open, rather than paid or closed with zero-dollar balances, as well as inaccurately furnished the date accounts were closed.
Next, the CFPB alleged that the bank furnished inaccurate or incomplete information to CRAs about the bankruptcy status of consumers' credit card accounts. First, the bank allegedly furnished the accounts without indicating the status of the accounts in bankruptcy, such as petition filed, discharged, dismissed, or withdrawn, and failed to promptly correct the account information after it identified the issue. Second, the bank allegedly failed to accurately furnish the correct bankruptcy chapter for certain accounts that had been discharged through bankruptcy. Third, the CFPB alleged that data concerning certain credit card accounts in a discharged status was furnished repeatedly for several months, rather than only in the month in which the discharge occurred, thereby indicating to creditors or other users of the furnished information that a bankruptcy discharge occurred more recently than it, in fact, occurred.
The bank also allegedly furnished information to CRAs about deposit accounts that it knew or suspected were fraudulent and then allegedly failed to promptly correct inaccuracies in the deposit account information it furnished.
Finally, the CFPB alleged that the bank did not have sufficient processes in place to investigate consumers' disputes, failed to conduct reasonable and timely investigations of consumers' disputes, and failed to properly notify consumers after deeming a dispute frivolous or irrelevant.
The bank did not admit any of the allegations. The consent order requires the bank to pay $7.76 million in redress to affected consumers and a $20 million penalty to the CFPB's victims relief fund.
|
On September 9, the Federal Housing Finance Agency released an online tool - the Mortgage Loan and Natural Disaster Dashboard - that provides financial institutions and other stakeholders with information on which areas of the country are most likely to incur greater damages from various types of natural disasters, such as hurricanes, flooding, and wildfires, and which of those areas have concentrations of properties financed with loans acquired by Fannie Mae, Freddie Mac, and the Federal Home Loan Banks. FHFA Director Sandra L. Thompson states in the agency's press release that "[p]roviding geographic information on disasters as well as concentrated exposures of loans acquired by our regulated entities can help policymakers and the industry develop solutions to better safeguard those communities from the impact of future catastrophes."
The dashboard uses data from three publicly available sources: (1) the FHFA's Public Use Database, which provides a geographic breakdown of loans acquired by FHFA's regulated entities; (2) the Federal Emergency Management Agency's National Risk Index, which identifies communities most at risk for 18 types of natural hazards; and (3) the FHFA's Duty to Serve Eligibility Data, which identifies rural areas that are characterized by a high concentration of poverty and substandard housing conditions.
|
The California Privacy Protection Agency recently issued an advisory on how businesses can avoid using "dark patterns" when designing and implementing methods for obtaining consumers' consent to use their personal information or for consumers to opt out of the sale or sharing of their personal information. The California Consumer Privacy Act and its implementing regulations use the term "dark patterns" to refer generally to user interfaces that have the substantial effect of subverting or impairing a consumer's autonomy, decision-making, or choice when asserting their privacy rights or providing consent. In the advisory, the enforcement division of the CPPA reminds businesses that, to avoid dark patterns, they should "carefully review and assess their user interfaces to ensure that they are offering symmetrical choices and using language that is easy for consumers to understand when offering privacy choices. This includes user interfaces that businesses deploy through service providers, such as consent management platforms." The advisory describes a symmetrical choice as one in which the path to exercise a more privacy-protective option is not longer, more difficult, or more time consuming than the path to exercise a less privacy-protective option. The advisory illustrates the principle of symmetrical privacy choices by providing examples found in the CCPA's regulations.
|
On September 12, the Consumer Financial Protection Bureau filed a proposed stipulated judgment and order against a national student loan servicer and its corporate owner, as well as another subsidiary of the owner that principally engages in debt collection, to resolve allegations that the defendants violated the Consumer Financial Protection Act, the Fair Credit Reporting Act, and the Fair Debt Collection Practices Act. The servicer had been the servicer for federal and private student loans for more than 12 million borrowers.
The CFPB's complaint, filed on January 18, 2017, alleged that the student loan servicer and its corporate owner engaged in deceptive acts and practices in violation the CFPA by: (1) steering borrowers experiencing long-term financial hardship into forbearance instead of advising them about, and enrolling them in, income-driven repayment plans, which, according to the CFPB, is a less costly option for borrowers; (2) failing to adequately notify borrowers who enrolled in income-driven repayment plans about the requirement to annually recertify their income and family size as required under the plan; (3) misleading borrowers about the consequences of submitting an incorrect or incomplete application to recertify their income and family size under an income-driven repayment plan; (4) misleading private student loan borrowers about requirements to release their co-signer from the loan; and (5) making numerous payment processing errors, including by misallocating and misapplying borrower payments.
In addition, the CFPB alleged that the student loan servicer and its corporate owner violated the FCRA's implementing Regulation V by failing to establish and implement reasonable written policies and procedures to furnish accurate information to credit reporting agencies regarding borrowers who had received a discharge on their federal loans due to a total and permanent disability.
Finally, the CFPB alleged that the debt collector and its corporate owner engaged in deceptive acts and practices in violation of the CFPA and Fair Debt Collection Practices Act by misleading borrowers about the effect of loan rehabilitation on their credit reports and the collection fees that would be forgiven in the federal loan rehabilitation program.
The proposed stipulated judgment and order, if entered by the court, would require the defendants to pay $100 million in consumer redress and a $20 million penalty to the CFPB's victims relief fund. The order would also, among other requirements, permanently ban the servicer from servicing federal Direct Loans, prohibit the servicer from conducting consumer-facing servicing activities for Federal Family Education Loan Program loans, and permanently ban the servicer from acquiring additional FFELP loans.
|