Last Week, This Morning

September 23, 2024

Below you will find several key developments in the financial services industry, including related developments in information privacy and data security, from the past week. We add an "Amicus Brief(ly)1" comment to each item, where we briefly (see what we did there?) note for friends (and again?) of CounselorLibrary the important takeaways from the developments outlined in the email. Our legal reporters - CARLAW, HouseLaw, InstallmentLaw, PrivacyLaw, and BizFinLaw - provide more comprehensive, real-time updates of federal and state laws, regulations, litigation, and other industry items of interest. For a personal guided tour and free trial of any of these legal reporters, please contact Michael Willer at 614-855-0505 or mwiller@counselorlibrary.com.

Federal Agencies Extend Comment Period for RFI on Bank-Fintech Arrangements

The Federal Deposit Insurance Corporation, the Federal Reserve Board, and the Office of the Comptroller of the Currency extended until October 30, 2024, the comment period for their request for information on arrangements between banks and financial technology companies. The agencies published the RFI in the Federal Register on July 31, 2024. The RFI solicits input on the nature of bank-fintech arrangements, including their benefits and risks, effective risk management practices for these arrangements, and the implications of such arrangements, including whether enhancements to existing supervisory guidance may be helpful in addressing risks associated with these arrangements.

Amicus brief(ly): The agencies do not explain the reason for the extension of time on this RFI, but our instinct says that 60 days was just not enough time for advocates on any side of bank partnership arrangements to provide meaningful responses about the risks and benefits of those partnerships. The agencies are hoping to get information from their bank constituents as well as non-bank lending and banking service providers that work with banks to innovate and make services more accessible to consumers through a wider network than banks alone can provide. This RFI is an opportunity for providers to help regulators better understand the benefits of providing support for the bank partnership system, especially with respect to the risk mitigation efforts that banks and their non-bank partners have in place today to ensure compliance with federal and state laws.

CFPB Provides Guidance on Regulation E's Opt-In Requirement for Overdraft Services

On September 17, the Consumer Financial Protection Bureau issued Circular 2024-05 to provide guidance on the requirement under Regulation E, which implements the Electronic Fund Transfer Act, for financial institutions to obtain a consumer's affirmative consent before charging an overdraft fee in connection with an ATM or one-time debit card transaction. The CFPB states in the circular that "[a] bank or credit union can be in violation of the Electronic Fund Transfer Act and Regulation E if there is no proof that it obtained [a consumer's] affirmative consent to enrollment in covered overdraft services. The form of the records that demonstrate consumer consent to enrollment may vary according to the channel through which the consumer opts into covered overdraft services. Regulation E's overdraft provisions establish an opt-in regime, not an opt-out regime, where the default condition is that consumers are not enrolled in covered overdraft services. Financial institutions are prohibited from charging fees for such services until consumers affirmatively consent to enrollment. Violations of [Regulation E's opt-in requirement] can be proven in part by showing evidence that a consumer was charged an overdraft fee on a covered transaction where the available evidence does not adequately validate that the consumer opted in."

Amicus brief(ly): The CFPB provides some useful tips in this guidance, which reminds financial institutions that consumers have to opt in to overdraft protection services and that it is important for financial institutions to have records of those opt-ins. The opt-in provision of Reg. E goes back to 2010; before that, it was not uncommon for banks and credit unions to cover overdrafts for consumers and impose a fee each time the bank or credit union did so. Consumers do not have to opt in to overdraft coverage under Reg. E, but not doing so may lead to potentially uncomfortable and costly declines of payment transactions. Even without this guidance, banks and credit unions know the importance of recording consumer preferences in account records, but the issuance of this guidance is a useful reminder to revisit and audit policies and procedures to ensure that providers are executing these functions correctly. Finally, please remember that this guidance and the underlying provisions of Reg. E do not apply to overdraft coverage provided through an overdraft line of credit or other consumer agreement expressly designed to deal with potential overdrafts (the guidance does not mention this fact, but please see 12 C.F.R. § 1005.17(a)).

HUD Reaches Agreement With Bank to Resolve Redlining Allegations

On September 18, the U.S. Department of Housing and Urban Development announced that it reached a conciliation agreement with a New Jersey-based bank. HUD's investigation was conducted alongside the Department of Justice after a referral from the Office of the Comptroller of the Currency, the bank's regulator. The agreement resolves allegations in HUD's complaint that, from 2018 through at least 2022, the bank unlawfully discriminated on the bases of race, color, and national origin in violation of the Fair Housing Act by engaging in redlining when it allegedly restricted access to its credit and mortgage lending services in majority Black, Hispanic, and Asian census tracts in the New Brunswick, New Jersey, area. The complaint alleges that the bank acquired and subsequently closed branches and loan production offices in these neighborhoods and failed to maintain sufficient marketing efforts targeted toward residents of these neighborhoods. The bank neither admits nor denies the claims.

The conciliation agreement requires the bank to, among other things: (1) invest at least $14 million in a loan subsidy fund to increase access to credit for residents in the affected neighborhoods; (2) partner with one or more community-based or governmental organizations that provide services related to credit, financial education, homeownership, and/or foreclosure prevention; (3) invest in advertising, education, and outreach initiatives targeted toward residents in the affected neighborhoods; (4) maintain a full-service branch and a loan production office in the affected neighborhoods; and (5) hire at least two loan officers to solicit mortgage applications primarily in the affected neighborhoods and hire a Director of Community Lending.

Amicus brief(ly): The resolution of this Community Reinvestment Act action seems far more productive than the fine-plus-salacious-headline approach that typically announces the start or conclusion of federal actions against financial services providers in other contexts. That may be a function of the CRA's lack of a penalty provision. This conciliation agreement focuses on the investment by the subject bank in majority-minority communities that the CRA requires. There is a statement from the bank in the conciliation agreement that it "has treated all of its customers fairly and without regard to impermissible factors such as race, color, and national origin" and that the bank is settling the claims "solely for the purpose of avoiding contested litigation with HUD, and to instead devote its resources to providing fair and equal access to residential lending services in" the majority-minority communities in its footprint. That resolution achieves the community investment goals of the CRA without salacious headlines and penalties that do not necessarily flow to affected consumers.

CFPB Sues Credit Card Issuer for Alleged Deceptive Marketing and Improper Fees

On September 13, the Consumer Financial Protection Bureau filed a lawsuit against a credit card company and its owner and CEO, alleging deceptive and abusive acts and practices in violation of the Consumer Financial Protection Act and violations of the Truth in Lending Act and its implementing Regulation Z.

The CFPB alleges that the company and its CEO deceived customers into signing up for its membership program that included a credit card, with an unsecured open line of credit typically starting at $500 or $750, and included ancillary products, like a prescription card and roadside assistance. According to the allegations in the complaint, the company marketed the membership program as including a regular credit card, but in reality customers could only use the card to make purchases from the company's online store. The company charged delivery fees, shipping and handling fees, and processing fees on items purchased from its online store and required consumers to pay these fees with a separate credit or debit card. The complaint alleges that for some customers these fees totaled up to approximately 60% of the credit limit. The complaint also alleges that by charging more than 25% of the credit limit during the first year after account opening, the company violated TILA and Reg. Z. Finally, the complaint alleges that the company and its CEO committed deceptive and abusive acts and practices in violation of the CFPA by making it unreasonably difficult for customers to cancel enrollment in the membership program and to obtain refunds, despite promises that it would take "less than one minute" to receive a full refund.

The complaint seeks damages in the form of injunctive relief, monetary relief, and civil money penalties.

Amicus brief(ly): Deceptive advertising remains a common claim in CFPB complaints and settlements, and this is yet another complaint that alleges deceptive consumer marketing tactics. This matter follows an investigation that did not settle, so the company and owner must disagree with the allegations. The complaint, following a long line of deception cases that the CFPB has brought, underscores the critical importance of ensuring that implementation and fulfillment in connection with credit transactions track the product and promises made in marketing materials. Another twist in the complaint is the difficulty that customers had in canceling their memberships despite a promise that cancellation would take less than a minute and yield a full refund. Not keeping promises like that will generate complaints and potentially a regulatory reaction like this one from the CFPB. Check those marketing and training materials to avoid claims like the ones alleged in this complaint.

California Revises Method for Calculating Certain Assessment on Deferred Deposit Transaction Licensees

On September 14, California Governor Gavin Newsom signed Assembly Bill 3148, which amends a provision of the California Deferred Deposit Transaction Law regarding the assessment for costs and expenses for administration of the CDDTL. Current law requires each licensee under the CDDTL to pay to the Commissioner of Financial Protection and Innovation its pro rata share of all costs and expenses reasonably incurred in the administration of the CDDTL, as estimated by the commissioner, for the ensuing year and any deficit actually incurred or anticipated in the administration of the program in the year in which the assessment is made. Current law requires this assessment to be based on the number of locations.

The new law, instead of requiring the assessment to be based on the number of locations, requires the pro rata share to be the proportion that a licensee's total dollar amount of deferred deposit transactions made bears to the aggregate total dollar amount of deferred deposit transactions made by all licensees as shown by specified annual reports to the commissioner, except that the new law prohibits a licensee from being assessed or paying less than $500 per licensed location per year.

Amicus brief(ly): Some state regulators have used a volume-based administration fee system for years, but this update is not a welcome development for online licensed payday lenders in California. Instead of the existing rooftop-based licensing fee where licensees pay licensing administration fees based on the number of locations - a formula that made sense before the proliferation of online lending because it appears to correlate reasonably to the relative burden of exams and investigations (i.e., more locations, additional cost to run down compliance concerns, especially if the licensee's system is de-centralized) - this law now assesses fees based on the pro rata amount of the total annual deferred deposit transaction volume attributable to a licensee. The new model seeks to balance the burden of the administrative fees among licensees, recognizing that, in the past 10 or so years, the average annual volume of payday loan transactions has decreased by more than half, and the number of licensees has also diminished by more than 50%. Online lenders without physical locations in California or multiple branch offices will now bear a greater proportion of the administrative CDDTL costs in the new model that allocates fees based on the licensee's percentage of aggregate California transaction volume, not physical locations.


1 For the unfamiliar, an “Amicus Brief” is a legal brief submitted by an amicus curiae (friend of the court) in a case where the person or organization (the “friend”) submitting the brief is not a party to the case, but is allowed by the court to file the brief to share information or expertise that bears on the issues in the case.