CFPB Seeks Public Input on Consumer Credit Card Market

On January 24, the Consumer Financial Protection Bureau (CFPB) issued a request for information seeking public feedback on how the consumer credit market is functioning.

The CFPB’s request for information is part of a comprehensive review of the entire industry, as required by the Credit Card Accountability Responsibility and Disclosure Act (CARD Act), to help determine whether regulatory adjustments are needed. The review, which takes place every two years, involves seeking public feedback and submitting market-monitoring orders to major credit card issuers. Its findings will be published in a report to Congress later in 2023.

Overall, the CFPB is interested in learning more about people’s experience with credit card products. For instance, the request seeks information on a variety of issues, including the following:

• Terms of credit card agreements and the practices of credit card issuers.
• Effectiveness of disclosure of terms, fees, and other expenses of credit card plans.
• Adequacy of protections against unfair or deceptive acts or practices relating to credit card plans.
• Cost and availability of consumer credit cards.
• Safety and soundness of credit card issuers.
• Use of risk-based pricing for consumer credit cards.
• Consumer credit card product innovation.

In addition, the CFPB has issued market-monitoring orders to a group of credit card issuers, seeking information such as the practices of these issuers relating to applications and approvals, debt collection, and digital account servicing.

OCC Revises Civil Money Penalty Manual

The U.S. Office of the Comptroller of the Currency (OCC) announced revisions to its civil money penalty (CMP) manual on November 29, 2022. This may have important implications for smaller banks that have entered into partnerships with fintech companies. The updated manual will go into effect on January 1, 2023.

Generally, the OCC revises the matrix it uses to quantify the degree of severity of violations, unsafe or unsound practices, and breaches of fiduciary duty. Used as guidance when assessing CMPs, the matrix considers three statutory factors and 13 assessment factors set forth in an interagency policy from the Federal Financial Institutions Examination Council (FFIEC). According to the OCC, the revised matrix will allow for sufficient differentiation among varying levels of misconduct or by institution size, as well as provide a stronger incentive for banks to fully address underlying deficiencies.

The three revisions to the matrix include: (1) revising the mitigating factors of self-identification, remediation or corrective action, and restitution; (2) increasing the scoring weight of mitigating factors; and (3) revising the table titled “Suggested Action Based on Total Matrix Score and Total Assets of Bank.”

Notably, the “Suggested Action” table now states that there may be cases in which an institution’s total assets are not an appropriate proxy for determining CMPs. For instance, the table cautions that “the asset size of trust banks and federal branches of foreign banks often do not reflect the size of the financial resources of these institutions or the impact of the conduct at issue,” as well as that “there may be cases when the relevant conduct reflects transaction volume on par with that of a much larger institution.” Accordingly, under such circumstances, the table notes that it may be appropriate to consider suggested CMPs for an institution in a higher total asset category.

This may have significant implications for smaller banks. Traditionally, such banks would not have the same transaction volume as that of larger banks, and as a result, would receive lower fines. However, as these smaller banks increasingly enter partnerships with fintech companies to provide loans, payment processing, and other financial services, they may find themselves subject to larger fines in line with the new guidance in the “Suggested Action” table—not to mention that the revised table generally increased fines across the board as well.

New York Governor Kathy Hochul Signs Legislation Package to Protect Credit and Gift Card Holders

On December 10, Governor Kathy Hochul of New York signed legislation (S.3467-B/A.4629-C) that prohibits certain fees and limits expiration dates on gift cards and gift certificates.

The new law aims to protect consumers by prohibiting all fees on gift cards and prohibiting gift cards that decline in value over time. The bill specifically prohibits the imposition of any “activation fees, retroactive fees, redemption fees, service fees, dormancy fees, latency fees, administrative fees, handling fees, access fees, periodic fees, renewal fees, re-loading fees, or any other fee of any kind.” However, one exception permits a gift card or gift certificate that is redeemable at multiple, unaffiliated merchants to charge a one-time activation fee, not to exceed $9.00.

In addition, the bill prohibits expiration dates on gift cards and gift certificates that occur earlier than nine years from the date of issuance. By comparison, the federal Credit Card Accountability Responsibility and Disclosure Act (CARD) of 2009 prohibits expiration dates prior to five years after issuance. The bill also allows for the recipient of a gift card or gift certificate to opt to receive cash when the remaining balance is less than $5.00.

The new law was passed as part of a package of legislation that also included new protections for credit card holders, such as creating a grace period for the use of reward points after the closing of an account.

CFPB Proposes Registry to Detect Repeat Offenders

The Consumer Financial Protection Bureau (CFPB or the Bureau) issued a proposed rule on December 12, subject to a 60-day public comment window, that would require certain nonbank financial firms under public orders to register with the Bureau. According to the CFPB, the proposed rule would help identify and mitigate risks to consumers and ensure that supervised companies perform their obligations.

The proposed rule would require certain nonbank covered entities that are under final public orders in connection with the offering or provision of a consumer financial product or service to report the existence of such orders to a Bureau registry. Additionally, the proposed rule would require larger, supervised nonbanks to submit annual written statements regarding compliance with each underlying order. The statements would have to be signed by an attesting executive who has knowledge of the entity’s relevant systems and procedures for achieving compliance and control over the entity’s compliance efforts.

As part of registering, entities would be required to provide basic identifying information about the company and the order, which the Bureau would publish on its website and potentially in other mediums. All final public written orders and judgments (including consent and stipulated orders and judgments) obtained or issued by the Bureau or any government agency (federal, state, or local) for violation of certain consumer protection laws would be included under the proposed rule. Insured depository institutions, insured credit unions, related persons, states, certain other entities, and natural persons would be excluded from the registration requirement.

According to the CFPB, the proposed rule would benefit consumers and the public by allowing the Bureau to effectively monitor potential risks arising from both individual instances and broader patterns of recidivism. For instance, persons subject to one or more orders may pose greater risks to consumers than others, and the existence of multiple orders may indicate broader problems at a particular entity (e.g., lack of sufficient controls). Furthermore, the existence of enforcement activity in multiple jurisdictions among certain products or services could indicate areas of heightened consumer risk that warrant further attention. The absence of enforcement activity, by contrast, could indicate less risk or could be evidence of less attention and the need to increase monitoring activities.

Weekly Fintech Focus

• On November 16, 2022, the U.S. Department of the Treasury (USDT) released a new report titled “Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets.” The report calls for enhanced oversight of the consumer financial activities of non-bank firms (particularly bank-fintech relationships) and offers several recommendations that aim to address concerns relating to consumer protection and market integrity.
• On November 15-16, 2022, Acting Comptroller of the Currency Michael J. Hsu testified before the U.S. Senate Committee on Banking, Housing, and Urban Affairs and the U.S. House Financial Services Committee to discuss the Office of the Comptroller of the Currency’s (OCC) regulatory priorities. These priorities include guarding against complacency by banks, reducing inequality in banking, adapting to digitalization, and managing climate-related financial risks.
• On November 16, 2022, the Consumer Financial Protection Bureau (CFPB) released a new “Supervisory Highlights” report on legal violations identified during the agency’s supervisory examinations in the first half of 2022. In particular, the report includes findings that relate to junk fees, which have increasingly come under scrutiny by the Biden administration and the CFPB.
• On November 30, 2022, the CFPB filed an amicus brief with the U.S. Court of Appeals for the Fourth Circuit, arguing that Regulation Z’s prohibition on offsets (i.e., forbidding lenders from unilaterally withdrawing money from consumers’ deposit accounts to cover debts incurred through credit card plans) extends to borrowers who have home-equity lines of credit that can be accessed by a credit card.
• On December 1, 2022, the CFPB took action against a financial services company that allegedly deceived consumers into thinking they were depositing funds into a guaranteed return savings product within a commercial bank, but which funds were actually placed in risky investment vehicles and crypto-assets by the company’s founder.

New Treasury Report Shows Fintech Industry Requires Additional Oversight To Close Gaps, Prevent Abuses, and Protect Consumers

On November 16, 2022, the U.S. Department of the Treasury (USDT), in consultation with the White House Competition Council, released a new report titled “Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets.”

Notably, the report calls for enhanced oversight of the consumer financial activities of non-bank firms (particularly bank-fintech relationships) and offers several recommendations that aim to address concerns relating to consumer protection and market integrity. The report joins a chorus of other recent announcements that make similar calls for such enhanced supervision. The report’s recommendations are discussed in more detail below.

Enable Competition in Responsible Consumer Credit Underwriting. According to the report, federal banking regulators should support responsible consumer credit underwriting approaches designed to increase credit visibility, reduce bias, and prudently expand access to credit to consumers. In particular, the report calls on banking regulators to:

• Leverage the existing supervisory framework for model risk management to provide additional clarity and consistency with respect to the use of alternative data and complex algorithms in credit underwriting systems (including by banks acting as lenders through bank-fintech partnerships).
• Engage with supervised institutions that seek to implement new credit underwriting approaches through pilot programs.
• Assess current credit underwriting, fair lending, and consumer lending guidance to identify potential gaps, including information that would be useful to develop risk management processes for underwriting approaches that use alternative data or complex algorithms.
• Clarify or supplement existing supervisory frameworks to help ensure model risk management processes sufficiently guard against outcomes that are unsafe or unsound, or that violate consumer protection laws.
• Coordinate with other federal agencies regarding principles or practices for identifying and mitigating violations of fair lending statutes due to the use of alternative data.

Enable Effective Oversight of Bank-Fintech Relationships. The new report further recommends that federal banking regulators should implement and apply a clear and consistent supervisory framework for bank-fintech relationships to address competition, consumer protection, and safety and soundness concerns.

To that end, banking regulators should first finalize the interagency guidance on risk management of third-party relationships (TPRM Guidance), which they proposed in July 2021.

Next, the report calls for the contractual arrangements underlying bank-fintech relationships to support a robust, risk-based approach to reviewing a bank’s activities. In particular, banking regulators should encourage banks to negotiate effective oversight provisions in their contracts with fintech companies that align with the bank’s internal oversight and risk management of its consumer banking activities, including those performed on behalf of the bank by fintech companies.

• For example, through its contract with a fintech company, a bank could require the company to adhere to certain compliance and risk management practices, including those applicable to the bank but not otherwise applicable to the company. These contracts could also provide a bank with access to information necessary to assess whether certain activities comply with regulations and risk management policies to which the bank’s consumer banking activities are subject.

Encourage Competition in Responsible Small-Dollar Lending. The report also recommends that federal banking regulators and other agencies should be consistent in supervisory practices related to small-dollar lending programs.

First, bank-fintech lending relationships that use the privileges of a bank should be subject to regulatory standards for responsible consumer lending programs. In particular, banking regulators should:

• Take action to apply the Interagency Lending Principles for Offering Responsible Small-Dollar Loans (SD Lending Guidance) more consistently across similarly situated banks.

• Review and revise supervisory practices with respect to the SD Lending Guidance to address (1) coverage for larger loans (i.e., $10,000 or more), and (2) the ways in which the SD Lending Guidance applies to a bank-fintech lending relationship, including the activities performed by a fintech firm or other third-party.
• Continue to provide banks with sufficient specificity on how they can provide small-dollar loan and related products while operating in compliance with applicable law and regulations.

Second, non-bank lenders providing alternative forms of consumer credit also should be subject to appropriate regulation and supervision. In particular, the Consumer Financial Protection Bureau (CFPB) should:

• Continue to investigate and monitor developments related to small-dollar installment loan products (e.g., Buy Now, Pay Later (BNPL)) and consider what guidance may be appropriate and possible for the agency to provide.
• Review its authorities to consider if and how the agency might provide direct supervision of larger non-bank consumer lenders, including BNPL and installment loan providers.
• Revisit its 2020 advisory opinion regarding earned wage access programs and review whether such programs that meet the advisory opinion’s requirements should not be considered credit products subject to the requirements under the Truth in Lending Act (TILA) and Regulation Z.

Enabling Secure Data Sharing. Finally, the report recommends that federal regulators should help promote a more unified approach to oversight of consumer-authorized data sharing. On the one hand, banking regulators should make clarifications to the final TPRM Guidance to address a bank’s obligation to protect consumer-authorized data from misuse. On the other hand, the CFPB should finalize its ongoing Section 1033 rulemaking, as well as review its authorities to consider if and how the agency might supervise data aggregators.

Acting Comptroller of the Currency Discusses Regulatory Priorities on Capitol Hill

On November 15-16, 2022, Acting Comptroller of the Currency Michael J. Hsu testified before the U.S. Senate Committee on Banking, Housing, and Urban Affairs and the U.S. House Financial Services Committee to discuss the Office of the Comptroller of the Currency’s (OCC) regulatory priorities. These priorities include guarding against complacency by banks, reducing inequality in banking, adapting to digitalization, and managing climate-related financial risks.

With respect to adapting to digitalization, Hsu’s written testimony states that “financial technology generally, and fintech and big technology companies specifically, will warrant much more of our attention going forward.”

In particular, his written testimony notes how OCC (1) has adjusted its bank information technology examinations so they now include assessments of ransomware, artificial intelligence (AI), cloud computing, and distributed technology; (2) is focused on ensuring banks have an effective risk management framework in place for bank-fintech partnerships; and (3) is working closely with its interagency peers to minimize opportunities for regulatory arbitrage and races to the bottom.

In his remarks, Hsu draws attention to the OCC’s recent announcement that it will establish an Office of Financial Technology in early 2023, stating that the office will “enable us to engage more substantively with non-bank technology firms and to better supervise bank-fintech partnerships so that we can help ensure that consumers of banking services are treated fairly, as well as help maintain a level playing field as the industry evolves.”

CFPB Supervisory Examinations Find Credit Reporting Failures, Junk Fees, and Mishandling of COVID-19 Protections

On November 16, 2022, the Consumer Financial Protection Bureau (CFPB) released a new “Supervisory Highlights” report on legal violations identified during the agency’s supervisory examinations in the first half of 2022.

In general, supervisory examinations review whether companies are complying with federal consumer protection laws. If the CFPB uncovers problems, it shares its findings with companies to help them remediate any violations. Usually, companies take action to fix identified problems, but for more serious violations, or when companies fail to take action, the CFPB may open an investigation for potential enforcement action.

The new report details findings across consumer financial products and services, including auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, mortgage servicing, and payday lending.

In particular, the report includes findings regarding junk fees, which have increasingly come under scrutiny by the current administration, including the CFPB.

• According to the report, examiners identified instances where auto loan servicers failed to ensure consumers received refunds for unearned fees related to add-on products. These unearned fees arose where consumers had paid off their auto loans early but had been charged by auto dealers and finance companies for all payments for add-on products as a lump sum at origination.
• Separately, the report notes that examiners found that mortgage servicers engaged in abusive acts or practices by charging sizable phone payment fees of which consumers were unaware. The report states that services charged consumers $15 fees to make payments by phone but that, during calls with consumers, customer service representatives did not disclose the existence or amount of such fees. The report also states that general disclosures that consumers “may” incur a fee for phone payments did not sufficiently inform consumers of the material costs.
• In addition, the report notes that examiners found that mortgage servicers engaged in unfair acts or practices when they charged consumers fees during forbearance plans pursuant to the Coronavirus Aid, Relief, and Economic Security (CARES) Act.

In response to these findings, the report states that servicers are developing remediation plans to reimburse or compensate consumers. More generally, the report states that the CFPB will increase its focus on repeat offenders, particularly those who violate agency or court orders, and that as part of this focus, it has created a “Repeat Offender Unit.”

Other findings of note include those that relate to consumer reporting and credit card account management.

• With respect to consumer reporting, the report states that examiners found deficiencies in credit reporting companies’ (CRC) compliance with dispute investigation requirements under the Fair Credit Reporting Act (FCRA), as well as furnisher compliance with accuracy and dispute investigation requirements under the FCRA and Regulation V. For example, examiners found that CRCs failed to report the outcome of complaint reviews to the CFPB, while furnishers inaccurately reported information despite actual knowledge of errors and failed to send updated or corrected information after determining that information they reported to CRCs was incomplete or inaccurate.
• With respect to credit card account management, the report states that examiners identified violations of Regulation Z, particularly its provisions relating to billing error resolution and rate reevaluations. In addition, the report notes that entities have engaged in deceptive and unfair marketing, sale, and servicing of credit card add-on products. For example, according to the CFPB, entities misled consumers when claiming that they were eligible for certain products when they were not, as well as when claiming they could cancel product coverage simply by calling a number but instead requiring additional steps to cancel, among others.

CFPB Files Amicus Brief in the Fourth Circuit Regarding Protections for Consumers With Credit Card and Savings or Checking Accounts With the Same Bank.

On November 30, 2022, the Consumer Financial Protection Bureau (CFPB) filed an amicus brief with the U.S. Court of Appeals for the Fourth Circuit, arguing that Regulation Z’s prohibition on offsets (i.e., forbidding lenders from unilaterally withdrawing money from consumers’ deposit accounts to cover debts incurred through credit card plans) extends to borrowers who have home-equity lines of credit that can be accessed by a credit card.

Here, Plaintiff was a Maryland homeowner who opened a home-equity line of credit (HELOC). Under the HELOC agreement, Plaintiff’s bank issued him a credit card, which he used to access this line of credit. Plaintiff also opened two deposit accounts at the same bank. The bank withdrew nearly $1,400 from one of Plaintiff’s deposit accounts to pay amounts due on his HELOC; later, the bank withdrew nearly $1,600 from Plaintiff’s other deposit account to cover further amounts due on his HELOC. Plaintiff contended that he never authorized these transfers and filed suit alleging that the bank violated the offset provision by taking funds from his deposit accounts to pay off his HELOC account.

The district court below held that Plaintiff’s HELOC was not a covered “credit card plan” under Regulation Z’s offset provision,[1] because Regulation Z exempts HELOCs from the definition of a different term (i.e., “credit card account under an open-end (not home-secured) consumer credit plan”). Plaintiff appealed.

According to the CFPB, the district court’s analysis of the offset provision is atextual, as well as inconsistent with the regulatory history and context.

• First, with respect to the regulation’s text, the CFPB argued that, most plainly, “credit card plan” (which appears in the offset provision) and “credit card account under an open-end (not home-secured) consumer credit plan” (which is a term Regulation Z defines to exclude HELOCs) are different phrases, and thus, convey different meanings. The CFPB states that the former refers broadly to a credit card plan, while the latter refers to credit card accounts under a subset of credit plans—open-end, not home-secured ones. According to the CFPB, the district court conflated these two terms and violated basis principles of textual interpretation. (In the Defendant-bank’s view, porting in the latter term’s definition was necessary to give the term “credit card plan” some meaning beyond the defined term “credit card”).
• Second, with respect to the regulation’s history, the CFPB argued that the term “credit card plan” dates to the introduction of the offset provision in the 1970s, while the term “credit card account under an open-end (not home-secured) consumer credit plan” was added a decade ago to implement an unrelated amendment to the regulation (and at that time, it was clarified that the new term of art did not alter unrelated portions of the regulation). Thus, the district court’s conflation of the two regulatory terms runs counter to the CFPB’s own understanding of how broadly the latter term reached, according to the agency.
• Lastly, with respect to context, the CFPB argued that other provisions of Regulation Z confirm that the two terms at issue are not the same. In particular, the CFPB noted that the district court’s narrowing of the offset prohibition (i.e., to exclude HELOCs) conflicts directly with the CFPB’s commentary on that same provision.

Although the majority of the CFPB’s brief focuses on the scope of the offset provision, it also discusses an exemption for HELOCs in Regulation X. With respect to that exemption, the CFPB agreed with the district court below that Regulation X properly exempts HELOCs from certain statutory requirements for how mortgage loan servicers must respond to requests for information and error correction. (Plaintiff had written to his bank objecting to the offset and requesting a full accounting, to which the bank responded more than 60 days after receiving it. Plaintiff alleged that the bank violated these statutory requirements with an untimely and inadequate response, but the district court pointed to the exemption for HELOCs).

CFPB Takes $19 Million Action Against Loan Doctor and Edgar Radjabli for Offering Fake High-Yield Bank Accounts

On December 1, 2022, the Consumer Financial Protection Bureau (CFPB) took action against a financial services company that allegedly deceived consumers into thinking they were depositing funds into a guaranteed return savings product within a commercial bank, but which funds were actually placed in risky investment vehicles and crypto-assets by the company’s founder.

According to the CFPB, the company made several false, misleading, and inaccurate marketing representations in advertising its savings product. Specifically, the CFPB alleges that the company falsely represented that:

• Customer deposits would originate loans for healthcare professionals, when in fact deposits were never used in such a manner.
• Customer deposits would be held in an Federal Deposit Insurance Corporation (FDIC)-insured account, or backed by a “cash alternative” or “cash equivalent,” when in fact these deposits were placed in a hedge fund controlled by the company’s founder and in crypto-assets, as well as invested in actively traded securities or loaned to investors.
• Customers deposited funds into accounts like traditional savings accounts with guaranteed returns, but the funds were instead invested in volatile securities and other investments, as the company was not a commercial bank.
• Accounts paid interest at rates between 5% and 6.25% in years prior to 2019, when in fact such accounts were not taking deposits until August 2019.

If approved by the court, the proposed settlement would require the company and its founder to refund approximately $19 million to approximately 400 depositors, permanently stop engaging or assisting others in any deposit-taking activities, and pay a civil money penalty to the CFPB in the amount of $391,530 (though $241,530 would be remitted because the defendants paid that amount in penalties to the U.S. Securities and Exchange Commission (SEC) due to a similar action brought by that agency).

---

Weekly Fintech Focus

• On November 3, 2022, the Federal Trade Commission (FTC) announced that an internet phone service provider has agreed to a proposed court order that aims to stop it from imposing junk fees and creating obstacles to those who try to cancel its services.
• On October 31, 2022, the Consumer Financial Protection Bureau (CFPB) announced that it will reopen the public comment period relating to its market monitoring efforts of six large technology companies that operate payment services. The agency also plans to expand its monitoring efforts by asking additional questions that seek input on these companies’ acceptable use policies and their use of fines, liquidated damages provisions, and other penalties.
• On October 27, 2022, the Office of the Comptroller of the Currency (OCC) announced that it will establish an Office of Financial Technology to support the agency’s expertise and ability to adapt to a changing banking landscape.

FTC Action Against Internet Phone Service Provider Results in $100 Million to Customers Trapped by Illegal Dark Patterns and Junk Fees When Trying To Cancel Service

On November 3, 2022, the Federal Trade Commission (FTC) announced that an internet phone service provider has agreed to a proposed court order that aims to stop it from imposing junk fees and creating obstacles to those who try to cancel its services.

According to the FTC, the provider enabled customers to easily sign up for its plans but used dark patterns that made cancellation substantially more difficult, which ultimately harmed consumers. In particular, the FTC’s complaint alleges that the provider: (1) eliminated cancellation options, (2) made the cancellation process difficult, (3) surprised customers with expensive junk fees when they tried to cancel, and (4) continued to charge customers even after they had canceled.

The FTC’s complaint also highlights specific practices that it alleged to be harmful to consumers, such as: (1) forcing customers into one cancellation method (e.g., only by speaking to a live “retention agent” on the phone), (2) making it difficult to find the appropriate phone number on the company’s website, (3) not transferring customers to that number in a consistent manner, (4) reducing the hours the phone line was available, and (5) failing to provide promised callbacks.

As a result of the FTC’s action, the provider agreed to a proposed court order that requires it to:  (1) obtain consumers’ express, informed consent prior to charging them; (2) put in place simplified cancellation processes that are easy to find, easy to use, and will be available through the same method the consumer used to enroll; (3) stop using dark patterns to frustrate consumers’ cancellation efforts; (4) be upfront with customers about any negative option subscription plans; and 5) turn over $100 million to the FTC to be used to provide refunds to consumers.

CFPB Seeks Further Public Input on Big Tech Payment Platforms

On October 31, 2022, the Consumer Financial Protection Bureau (CFPB) announced that it will reopen the public comment period relating to its market monitoring efforts of six large technology companies that operate payment services. The agency also plans to expand its monitoring efforts by asking additional questions that seek input on these companies’ acceptable use policies and their use of fines, liquidated damages provisions, and other penalties.

While faster payment systems offer many benefits to consumers, according to the CFPB, the scale and market power of large technology companies raise concerns about potential new risks to consumers and to broader competition in the marketplace. As a result, the CFPB aims to broaden its understanding of these risks and potential policy solutions.

In particular, the CFPB will add two questions:

1. What fees, fines, or other penalties do large technology companies assess on users of their payment platforms, including for:
   1. Purported violations of the technology companies’ acceptable use policies; or
   1. Any other conduct?
2. Do the acceptable use policies for technology companies’ payment platforms include provisions that can restrict access to their platforms? If so, under what circumstances can the technology companies restrict access to their platforms?

In October 2021, the CFPB ordered these same technology companies to provide information about their business practices, including their data collection and use, their policies for removing individuals or businesses from their platforms, and their policies and practices for adhering to key consumer protections. Following its 2021 order, the agency released a report in August 2022 that outlined consumer risks stemming from financial services companies’ ability to aggregate and monetize consumer financial data.

OCC Announces Office of Financial Technology

On October 27, 2022, the Office of the Comptroller of the Currency (OCC) announced that it will establish an Office of Financial Technology to support the agency’s expertise and ability to adapt to a changing banking landscape.

Against the backdrop of a growing number of bank-fintech partnerships, Acting Comptroller of the Currency Michael J. Hsu stated that the OCC needs “to have a deep understanding of financial technology and the financial technology landscape” so that it can ensure “the federal banking system is safe, sound, and fair today and well into the future.”

The new office, to be established early next year, will build on and incorporate the Office of Innovation. The new office will be led by a chief financial technology officer, who will be a deputy comptroller reporting to the senior deputy comptroller for bank supervision policy. The office will provide strategic leadership, vision, and perspective for the OCC’s financial technology activities and related supervision.

The new office announcement follows other recent OCC announcements that similarly emphasize the agency’s increasing focus on fintech companies. In early October, for instance, the OCC released its Bank Supervision Operating Plan, which stated that the agency plans to heighten supervision of relationships between banks and fintech companies.

---

Weekly Fintech Focus

• The Consumer Financial Protection Bureau (CFPB) issued a circular and compliance bulletin providing guidance on two junk fee practices—surprise overdraft fees and surprise depositor fees—that it concluded are likely unfair, and therefore unlawful, under the Consumer Financial Protection Act (CFPA).
• The director of the CFPB announced that the agency plans to launch a rule-making process that will provide for personal financial data rights, seeking to move toward a more decentralized and neutral consumer financial market structure.
• According to news reports, the Federal Trade Commission (FTC) is investigating whether Visa and Mastercard are restricting debit-card routing competition, particularly through the way in which they use security tokens for online payments.

CFPB Issues Guidance To Help Banks Avoid Charging Illegal Junk Fees on Deposit Accounts

On October 26, 2022, the Consumer Financial Protection Bureau (CFPB) issued guidance on two junk fee practices­—surprise overdraft fees and surprise depositor fees—that it concluded are likely unfair, and therefore unlawful, under the Consumer Financial Protection Act (CFPA).

Surprise overdraft fees. The first practice involves overdraft fees assessed by financial institutions on transactions that a consumer would not reasonably anticipate. While the CFPB notes that unanticipated overdraft fees may arise in a variety of circumstances, the agency focuses on one example in particular: overdraft fees assessed when consumers have enough money in their account to cover a debit charge at the time a bank authorizes it, but due to intervening settlements or other complex processes, the consumes balance is insufficient at the time of settlement (sometimes referred to as “authorize positive, settle negative” or “APSN” transactions).

• According to the CFPB’s circular, unanticipated overdraft fees inflict a substantial injury on consumers, considering that these fees may total up to $36 and be assessed more than once.
• In addition, the CFPB’s circular finds that consumers cannot reasonably avoid these unanticipated overdraft fees for a variety of reasons. For instance, financial institutions use complex policies to assess these fees that are often not clear to consumers (e.g., timing gaps between authorization and settlement, using one kind of balance over another when calculating fees, and ordering transactions in certain ways prior to processing). Furthermore, the circular notes that consumers increasingly make use of mobile banking tools, which could lead them to think the balance shown accurately reflects the balance available to conduct transactions. Under these circumstances, the CFPB’s circular concludes that it is difficult for consumers to reasonably anticipate when a transaction may give rise to an overdraft fee (and thereby avoid said fee).
• Finally, the CFPB’s circular finds that the injury from these unanticipated overdraft fees is likely not outweighed by countervailing benefits to consumers or competition. In particular, the CFPB does not find it plausible that the ability to generate revenue through such fees allows for lower account or maintenance fees that would outweigh the substantial injury, and the agency notes that economic research suggests shifting costs from front-end prices to back-end fees risks harming competition.

Surprise depositor fees. The second practice involves indiscriminately charging depositor fees to every person who deposits a check that bounces, which the CFPB similarly concludes is likely unfair. As a matter of prosecutorial discretion, the CFPB does not intend to seek monetary relief for potential unfair practices regarding surprise depositor fees assessed prior to November 1, 2023.

• According to the CFPB’s bulletin, these fees also inflict a substantial injury on consumers, and in many instances, consumers likely would not be able to reasonably avoid them (considering that consumers depositing checks would normally be unaware of and have little control over whether check originators have funds in their account). The CFPB notes, however, that it is unlikely an institution will violate the prohibition on unfair acts or practices if the method by which fees are imposed is tailored to only charge consumers who could reasonably avoid injury—for example, by only charging consumers a fee if they repeatedly deposit bad checks from the same originator, or when checks are unsigned.
• The CFPB bulletin also advises institutions that it may be difficult to show that the injury from blanket policies of charging surprise depositor fees is outweighed by countervailing benefits to consumers or competition. Benefits to depository institutions are not necessarily benefits to consumers; and the fees are not well-tailored to recoup costs from consumers who are responsible for the costs imposed on depository institutions for expected losses. The CFPB bulletin acknowledges that deterring consumers from depositing checks that will be returned may benefit them and the public interest but underscores that this can only be accomplished through the collection of targeted (rather than indiscriminate) fees. As to benefits to competition, the CFPB bulletin highlights arguments similar to those raised with respect to unanticipated overdraft fees, i.e., that these add-on fees may have a distortionary market effect that makes it more difficult to compete on transparent prices.

The CFPB’s circular and bulletin are the most recent announcements regarding the agency’s junk fee initiative, which is one of many efforts across the federal government focused on this issue. More broadly, the Biden-Harris administration seeks to reduce or eliminate junk fees across a range of industries, such as banking services, cable and internet bills, and airlines and concert tickets.

CFPB Director Says Draft Financial Data Rights Rule Coming

On October 25, the director of the Consumer Financial Protection Bureau (CFPB) said that the agency plans to launch a rulemaking process that will provide for personal financial data rights by activating an authority under Section 1033 of the Consumer Financial Protection Act (CFPA).

While not explicitly embracing an open banking or open finance rule, the CFPB director stated that the proposed rule will seek to obligate financial institutions to share consumer data upon consumer request, empower people to break up with banks that provide bad service, and unleash more market competition.

The CFPB director highlighted three areas in which the agency expects to focus its upcoming rulemaking:

1. Data sharing. The CFPB expects to propose requirements that financial institutions offering deposit accounts, credit cards, digital wallets, prepaid cards, and other transactions accounts set up secure methods for data sharing (such as application programming interfaces (API)). Through data sharing, the CFPB seeks to facilitate new approaches to underwriting, payment services, personal financial management, income verification, account switching, and comparison shopping. While the agency is starting with these particular transaction accounts, it expects to cover more products in the future.
2. Data use limitations. In addition, the CFPB expects to look at ways to stop incumbent institutions from improperly restricting access when consumers seek to control and share their data. In particular, the CFPB plans to develop requirements to limit misuse and abuse of financial data (including frauds and scams), as well as to ensure that when consumers share their data for a specific use, that use is the only one for which the data will be used. Contending that “Gramm-Leach-Bliley Act privacy rules don’t give consumers meaningful control over how their data is being used,” the CFPB director stated that the agency expects to look at alternatives to the notice-and-opt-out regime.
3. Safeguards against monopolization. Finally, the CFPB expects to explore safeguards to prevent excessive control or monopolization by one or a handful of firms. Emphasizing that it is “critical that no one owns critical infrastructure,” the CFPB director stated that a “decentralized, open ecosystem will yield the most benefits for creators and consumers alike.”

Moving forward, the CFPB will publicly release a discussion guide on which small firms can weigh in as part of the agency’s obligation to convene a panel of small businesses before issuing a proposed rule. Through this process, the CFPB anticipates hearing from small banks and financial companies that provide and ingest data, as well as from intermediary data brokers who facilitate data transfers. In the first quarter of 2023, the CFPB will publish a report on the input it receives, which will inform the proposed rule it plans to issue later in 2023. The agency hopes to finalize the rule in 2024.

FTC Examining Whether Payment Networks’ Security Tokens Prevent Online Debit Card Payments From Being Processed to Other Networks

On October 17, 2022, the Wall Street Journal (WSJ) reported that the Federal Trade Commission (FTC) is investigating whether Visa and Mastercard are restricting debit card routing competition, particularly through the way in which they use security tokens for online payments.

Generally, when an individual stores a card in a digital wallet, the card number is replaced with a security token, usually provided by the card’s network (e.g., Visa or Mastercard). When a purchase is made, the security token, rather than the card’s actual number, is sent to a payment network. Visa and Mastercard have pushed to increase tokenization, noting that tokens help protect cards from fraud.

When a card number is tokenized, however, only the payment network that tokenized the card can understand the token and reassociate it with an actual card. This makes it easy for security tokens to process those payment networks that provided the security token in the first place. Alternatively, a payment network could unscramble its token so that a transaction can be handled by another network.

According to the WSJ, the FTC is looking into whether Visa and Mastercard have been limiting the information they send when enabling online payments to go over different networks. This alleged practice may increase the chance that the card’s issuing bank will reject the transaction when it is handled by the different network. The FTC is also looking into whether Visa and Mastercard are restricting competition when consumers store their debit card information on a merchant’s website or app, as tokens are often used in these circumstances as well.

For the last few years, the FTC has been probing whether Visa and Mastercard block merchants from routing payments over other debit card networks. The WSJ reported, however, that the FTC’s current probe into the payment networks’ security tokens may be linked to recent action from the Federal Reserve, which clarified that banks must enable at least two networks on all debit card transactions, including online payments.

---

Consumer Protection Agencies Target Junk Fees and Dark Patterns for Enforcement Action and Rulemaking

The Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) are cracking down on the assessment of junk fees and the use of dark patterns, which harm consumers. Recently, the CFPB sued an online event registration company for its use of dark patterns and duping customers into signing up for unwanted subscription services. Soon the FTC will seek public comment on the harm to consumers caused by junk fees.

On October 18, 2022, the Consumer Financial Protection Bureau (CFPB) sued the online event registration company ACTIVE Network, alleging that it used dark patterns to get consumers to inadvertently click links, sign up for subscriptions, and purchase products and services.

Dark patterns refer to hidden tricks built into websites that can be used to mislead consumers, disguise ads, make it difficult to cancel subscriptions or recurring charges, and bury junk fees.

According to the agency, ACTIVE inserted a webpage into its online event registration and payment process with a highlighted call to action (CTA) button (usually labeled “Accept”) that many consumers clicked thinking they were accepting charges to participate in an event, but which instead enrolled them in a trial membership that automatically converted into a paid subscription with an $89.95 annual fee. The agency also alleged that ACTIVE increased its discount club’s annual membership fee without sending written notice of the new payment at least 10 days before charging consumers. The CFPB claimed that ACTIVE has generated more than $300 million in fees from about 3 million memberships since 2011.

The CFPB is suing to require ACTIVE to change its unlawful enrollment practice, reimburse consumers, and pay a penalty. Iowa and Vermont separately sanctioned ACTIVE for violating state consumer finance protection laws, with both actions resulting in settlements.

In addition to the CFPB, the Federal Trade Commission (FTC) also plans to take action on junk fees, announcing on October 20 that it will explore a new rule to crack down on unnecessary, unavoidable, or surprise fees that inflate costs while adding little to no value.

According to the FTC, companies charge junk fees in a variety of contexts, such as including hidden fees to which consumers did not consent, misrepresenting services as optional or upgrades as mandatory, and charging for products or services with little to no value. Like the CFPB, the FTC also notes that companies often impose such fees on captive consumers by deploying digital dark patterns and other tricks to hide or mask them. The agency is concerned that these fees are common in many sectors of the U.S. economy.

The FTC will seek public comment on the harm such fees cause consumers and the unfair and deceptive tactics companies employ to harvest them to determine whether a new rule would better protect consumers. In particular, the FTC seeks comment on junk fees that involve unnecessary charges for worthless, free, or fake products or services; unavoidable charges imposed on captive consumers; and surprise charges that secretly push up the purchase price.

CFPB Takes Action to Address Junk Data in Credit Reports

The Consumer Financial Protection Bureau (CFPB) is asking consumer reporting agencies to screen consumers’ credit reports and remove junk data. Junk data can lead to consumers’ being denied credit. It is paramount that consumer reporting agencies take reasonable care to ensure the information contained in a consumer’s credit report is accurate.

On October 20, 2022, the Consumer Financial Protection Bureau (CFPB) issued new guidance to consumer reporting companies regarding their obligation to screen for and eliminate junk data from consumers’ credit reports.

Junk data can take many forms, some of which include credit reports that reflect a child’s having a mortgage or a person’s incurring debt years before their birth. The CFPB noted that obviously false junk data can lead to consumers’ being denied credit, housing, or employment, or paying more for credit. It also noted that children in foster care may be especially susceptible to these real-world  consequences because of the high rate of identity theft affecting that population.

The CFPB’s guidance underscored consumer reporting companies’ legal obligation to follow reasonable procedures that assure maximum possible accuracy of information. This includes policies and procedures that enable these companies to screen for and eliminate junk data, particularly in cases of inconsistent account information (i.e., where two or more pieces of information cannot all be true) and information that cannot be accurate (i.e., where information reflects obvious impossibilities). The agency’s guidance also stressed that consumer reporting companies should further identify and prevent the reporting of illegitimate credit transactions for minors.

According to the CFPB, complaints concerning incorrect information on consumer reports have represented the largest share of credit or consumer reporting complaints it has received for at least the last six years.

The CFPB stated that its guidance is one in a series of actions being taken by the agency to ensure consumer reporting companies comply with consumer financial protection law.

Fifth Circuit Says CFPB’s Structure Is Unconstitutional

The Fifth Circuit ruled that the Consumer Financial Protection Bureau’s (CFPB) funding violates the U.S. Constitution’s requirement that Congress appropriate the budgets of federal agencies, calling into question the CFPB’s rulemaking since the agency’s inception. Should the ruling stand, Congress will need to approve the CFPB’s funding.

In a case brought by a payday lending group, a three-judge panel of the U.S. Court of Appeals for the Fifth Circuit ruled that the way in which the Consumer Financial Protection Bureau (CFPB) is financed “violates the Constitution’s structural separation of powers.”

The Fifth Circuit reasoned that because the CFPB receives its funding from the Federal Reserve, which is itself outside the appropriations process, and because this funding is not subject to Congressional review by statute, the agency’s funding is “double-insulated on the front end from Congress’ appropriations power” and “Congress relinquished its jurisdiction . . . on the back end.” Thus, “[w]herever the line between a constitutionally and unconstitutionally funded agency may be,” the Fifth Circuit concluded, “this unprecedented arrangement crosses it.”

Commentators have noted, however, that the CFPB is not unique as an agency that does not receive its annual funding determined by Congress, pointing to other agencies that also are funded in other ways, such as the Federal Reserve and the Federal Deposit Insurance Corporation (FDIC).

Going forward, the ruling appears to call into question the validity of CFPB rules in the Fifth Circuit. Should it stand, the CFPB would need annual budget approval by Congress.

---

Weekly Fintech Focus

• FTC explains that merchants using BNPL services are also subject to consumer protection obligations.
• CFPB ends its no-action letter and compliance sandbox policies.
• CFPB sues an online lender for Military Lending Act violations related to the lender’s membership fees.

Continue Reading Fintech Legal Report—Week of September 30, 2022