Alston & Bird Consumer Finance Blog

Consumer Financial Protection Bureau (CFPB)

CFPB Issues Bulletin About Auto Repossession, Congressional Republicans Respond

A&B Abstract: The Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) recently released a Bulletin addressing the repossession of vehicles and alerting market participants to what it views as those market participants’ legal obligations under federal law governing unfair, deceptive, or abusive acts or practices (“UDAAP”).  That same day, the CFPB also published an inflammatory Press Release, claiming creditors were engaged in activities causing consumers to “wake up to see their car stolen.”  Shortly thereafter, a number of Republican Congressmembers responded to the Bulletin and Press Release with a Letter expressing concern that the Bureau’s post mischaracterized the activities of vehicle finance companies.  The Letter requested information and data supporting the CFPB’s contentions that the identified issues are occurring in the current marketplace.

Discussion of Bulletin:

On February 28, 2022, the CFPB published a compliance Bulletin and issued a Press Release expressing concerns over certain auto repossession activities.  While the Bulletin was generally neutral in tone, the Press Release accused creditors and servicers of stealing consumer’s vehicles.  Interestingly, both the Bulletin and Press Release also incorrectly stated that the collection of personal property storage fees by repossession agents was “illegal.”  While the CFPB has certainly taken the position that doing so constitutes an unfair practice under its UDAAP authority, the charging of such fees and the amounts allowed to be charged are expressly authorized under applicable state law where such activities have historically occurred.

Regardless of how one may feel about repossessions, the references in both documents various publications and findings dating back to 2016 provide insight into how the Bureau approached repossession investigations and examinations in the past, which is useful for industry to take into account.  The CFPB begins the Bulletin by noting the “extremely strong demand” and rising prices for used automobiles.  The Bureau then expresses concern that these market conditions could create incentives for more risky auto repossession practices which may violate the law.  By way of example, the Bulletin addresses findings from prior – and one might suggest quite dated – examinations and enforcement actions, where servicers are alleged to have acted improperly.

The types of activities identified by the CFPB, both in the Bulletin and Press Release as problematic were characterized as illegally seizing cars, sloppy record keeping, unreliable balance inquiries, and “ransoming” a consumer’s personal property that was in the vehicle at the time of repossession.    Conduct cited by the CPFB as improper includes the charging of fees before and after repossession, and specifically the collection of allegedly “illegal” personal property storage fees demanded by repossession agents before they would return that personal property to the borrower.  Noteworthy is the fact that this allegedly “illegal” conduct is expressly permitted under many state’s laws, though the amount that may be charged is typically limited by those same state laws.  The Bureau also raised the issue of conducting vehicle repossessions despite the presence of a bankruptcy stay and misrepresentations of the amount owed by the borrower leading to an underpayment and subsequent repossession.

In addressing issues of sloppy recordkeeping uncovered in examinations, the Bulletin focused on servicers who incorrectly coded consumers as delinquent leading to undue repossessions, referring back to certain 2017 and 2018 Supervisory Highlights – items published approximately 5 and 4 years ago respectively.  In other  instances cited in the Bulletin, servicers allegedly failed to cancel repossession orders for consumers that made payments to bring their account current, and repossession agents failed to confirm that a repossession order was still active prior to repossessing a vehicle.  Finally, the CFPB noted that it had found instances in which a borrower’s payments were not applied to the outstanding debt in the manner represented to consumers by the servicers, thereby causing some borrowers to be deemed further delinquent.

To avoid UDAAP violations, the Bulletin suggests that market participants should (1) review their policies regarding repossession, (2) communicate promptly with repossession service providers when a repossession is cancelled and monitor compliance with those orders, (3) exercise routine oversite by monitoring undue repossessions and auditing portfolios, and (4) act swiftly to correct any undue repossessions and reimburse consumers for associated costs.  The Bulletin also recommends entities should ensure consumers are not charged for unnecessary force-placed insurance.

Response from Congressional Republicans:

On March 10, 2022, eleven Republican members of the House Financial Services Committee sent a Letter to CFPB Director Rohit Chopra expressing their concerns with the inflammatory comments made in the Press Release and the dated nature of the information contained within the Bulletin.  The Letter starts by questioning the CFPB’s rhetoric, stating that it was a “gross mischaracterization” for the Bureau to equate repossession of a vehicle with theft.  Then the Letter points out that “there are over 2.2 million car repossessions” annually in the United States, and argues that the examples raised by the CFPB were not representative of the entire industry.  Next, the Letter requested that the Bureau provide data to support the contention that “high car prices increase risk of improper repossession by lenders, servicers, and investors.”  Lastly, the members of Congress touted the essential role that auto financing companies play in helping Americans get to or complete their work.

Guidance to Businesses:

The issuance of such a Bulletin, and even the Press Release itself, suggests the CFPB will be heavily scrutinizing repossession activity during future examinations.  These documents further suggest the potential for future enforcement actions where servicers have failed to meet the standards expected of them by the CFPB.  Auto loan servicers should review their policies and procedures to ensure repossession practices comply with all applicable laws and that procedures are in place to identify and prevent unwarranted repossessions.

CFPB’s SBREFA Outline on Automated Valuation Models Rekindles Debate over Disparate Impact Liability under the ECOA

Section 1473(q) of the Dodd-Frank Act (now codified at 12 U.S.C. § 3354(q)) amended the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“FIRREA”) to instruct the CFPB, Fed, OCC, FDIC, NCUA, and FHFA (collectively, the “agencies”) to jointly develop regulations for quality control standards for automated valuation models (“AVMs”), defined as “any computerized model used by mortgage originators and secondary market issuers to determine the collateral worth of a mortgage secured by a consumer’s principal dwelling.” As part of the rulemaking process, the Small Business Regulatory Enforcement Fairness Act of 1996 (“SBREFA”) requires the CFPB to convene a Small Business Review Panel to consider whether the rule could have a significant economic impact on a substantial number of small entities. Accordingly, on February 23, 2022, the CFPB released an outline of proposals and alternatives under consideration by the agencies to seek informed feedback and recommendations from small businesses likely to be subject to the rule.

As amended, subparts (1) – (4) of FIRREA Section 1125(a) mandate that the agencies establish four specific quality control standards for AVMs. FIRREA Section 1125(a)(5) also affords the agencies discretion to adopt standards designed to “account for any other such factor that the agencies…determine to be appropriate.” As such, the CFPB’s SBREFA outline proposes creating a fifth such discretionary quality control standard “designed to protect against unlawful discrimination.”

In support of its proposal, the CFPB asserts that algorithmic systems such as AVMs are subject to Federal nondiscrimination laws, including the Equal Credit Opportunity Act (“ECOA”), because a lender evaluating an applicant’s collateral could use an AVM “in a way that would treat an applicant differently on a prohibited basis or result in unlawful discrimination against an applicant on a prohibited basis.” The CFPB then notes that it recognizes three different methods of proving discrimination under the ECOA and its implementing regulation (“Regulation B”): (1) overt discrimination; (2) disparate treatment; and (3) disparate impact. It is worth mentioning that overt discrimination has been viewed by federal regulators such as DOJ and the FDIC as a blatant type of disparate treatment that does not require an inference or presumption based on circumstantial evidence. However, it appears that the CFPB considers these theories to be distinct from one another.

The third method of proving discrimination articulated by the CFPB, disparate impact, has been a controversial theory of liability because it imposes liability on a creditor even where the creditor had no intent to discriminate against an applicant. Rather, the theory presumes that the creditor has treated applicants fairly and consistently in accordance with some facially neutral policy or procedure of the creditor. Of course, the disparate impact theory gained traction in the subprime lending cases post-2008 and then loomed large in the CFPB’s enforcement actions against indirect auto lenders, the latter of which were scrutinized by Congress in its decision to rescind the CFPB’s indirect auto lending guidance using the Congressional Review Act. In fact, it remains a legal question whether disparate impact claims are cognizable under the ECOA since the United States Supreme Court (“Supreme Court”) has never considered the issue, though civil rights advocates point to the Supreme Court’s willingness in the 2015 Inclusive Communities case to recognize the theory for discrimination claims brought under the Fair Housing Act (“FHA”).

Thus, should the agencies adopt a final rule that relies upon disparate impact under the ECOA as a legal basis to justify imposing a quality control standard on AVMs (or muddies the waters by relying upon both the ECOA and the FHA without distinction), it is possible that the rule could be challenged under the Administrative Procedures Act as not in accordance with the law. Alternatively, if the CFPB were to bring an enforcement action against a creditor for allegedly violating either the final rule’s quality control standard or ECOA itself on the basis of disparate impact, the creditor could defend itself by arguing among other things that disparate impact claims are not cognizable under the ECOA. Indeed, the ECOA lacks any “results-oriented” language like the “otherwise make available” language of the FHA or the “otherwise adversely affect” language of the Age Discrimination in Employment Act, which the Supreme Court, in decisions issued a decade apart, relied on in recognizing disparate impact liability.

Even if the plain language of the ECOA could not support a disparate impact claim, the CFPB might argue that the statute’s anti-discrimination provision is ambiguous (by asserting, for instance, that the word “discriminate” could be interpreted to encompass both intent-based and effects-based actions), in which case the CFPB may expect the reviewing court to grant its interpretation Chevron deference. See Chevron, U.S.A. v. Natural Resources Defense Council, Inc. 476 U.S. 837 (1984). But this argument also might prove difficult because Chevron deference is appropriate only when it appears that Congress has “delegated authority to the agency generally to make rules carrying the force of law, and … the agency interpretation claiming deference was promulgated in the exercise of such authority.” See Public Citizen, Inc. v. U.S. Dept. of Health and Human Services, 332 F.3d 654, 659 (D.C. Cir. 2003) (quoting U.S. v. Mead Corp., 533 U.S. 218 (2001)). In examining Regulation B, which was originally issued by the Fed and subsequently readopted by the CFPB, the only references to the concept of disparate impact appear in 12 C.F.R. § 1002.6(a) and Official Interpretation 6(a)-2. However, these provisions merely summarize the ECOA’s legislative history and Supreme Court precedent under Title VII of the Civil Rights Act, and even then, acknowledge only that the ECOA “may” prohibit acts that are discriminatory in effect. The CFPB has articulated its belief that disparate impact is cognizable under the ECOA elsewhere, including in a compliance bulletin and its examination manual, but those materials carry no force of law under the CFPB’s own recently-adopted rule. Thus, a reviewing court could conclude that the mere recitation of legislative history and of a judicial doctrine developed under an unrelated statute was not an actual exercise of rulemaking authority under the ECOA, and therefore that the agencies’ interpretation of the ECOA as expressed in Regulation B is not entitled to Chevron deference. In that circumstance, the reviewing court would be free to resolve any purported ambiguity in the ECOA according to its own construction, affording respect to the agencies’ position only to the extent it is persuasive. And should either of these issues – disparate impact under the ECOA or the availability of Chevron deference – ultimately be appealed to the Supreme Court, there may well be four justices willing to grant certiorari to consider them.

The uncertain outcome of any challenge to the CFPB’s use of disparate impact in a rulemaking or in enforcing the ECOA, given the stakes involved, suggests that the CFPB may seek to resolve matters via settlement rather than risking litigation in federal court. However, only time will tell whether the CFPB is spoiling for a fight.

Update regarding the BrightSpeed payment processor case

On January 18, after approximately fourteen months of settlement negotiations, the CFPB announced that it secured a settlement agreement with BrightSpeed Solutions, Inc., a third-party payment processor that had ceased operations nearly three years ago. As we reported in greater detail in a prior post, the CFPB asserted jurisdiction to bring its complaint against BrightSpeed by alleging that the company was a “covered person.” Under the Dodd-Frank, a covered person must offer or provide a “consumer financial product or service.” In the context of payment processing, the Dodd-Frank Act requires that such services be provided “to a consumer.” BrightSpeed, however, provided payment processing services only to merchants, not to consumers (the merchants were not alleged by the CFPB to be covered persons, meaning BrightSpeed was not a “service provider” for purposes of CFPB jurisdiction). In its answer to the CFPB’s complaint, BrightSpeed argued that the CFPB exceeded its statutory authority, its claims were barred by the statute of limitations, and it was using BrightSpeed’s financial distress as leverage against the company’s position.

If unnamed merchants defrauded consumers into purchasing unnecessary software in tech-support scams, as the CFPB alleged in its complaint, the merchants should be held to account by the FTC or state attorneys general (the CFPB, for instance, instructs consumers to report tech-support scams directly to the FTC). However, the CFPB’s claimed jurisdiction in this case would establish the precedent that it can bring enforcement actions against any payment processor for providing services to merchants, whether or not those merchants are providing financial products or services (its two prior attempts to establish such a precedent in the Intercept and Universal Debt Solutions cases failed). Moreover, such actions could be used to indirectly regulate merchant and retailer activity in a way specifically prohibited by Congress in the Dodd-Frank Act, similar to the way in which the CFPB once used enforcement actions against indirect auto lenders as a means of regulating dealer compensation practices.

The proposed stipulated judgment and order filed jointly by the CFPB and BrightSpeed with U.S. District Court for the Northern District of Illinois specifically requests that Judge John J. Tharp Jr. find that the CFPB’s “[c]omplaint alleges claims upon which relief may be granted” and “[e]ntry of this order is in the public interest.” The parties separately noticed that they will present their proposed order to Judge Tharp on the morning of Thursday, January 20, at 9:00 a.m.

Update Regarding the CFPB’s Buy Now, Pay Later Orders

In a prior post, we reported that the language used in orders recently issued by the CFPB to leading Buy Now, Pay Later (“BNPL”) providers suggested that the CFPB intends to use the information it collects to build enforcement cases rather than monitor market developments. We also reported that if this is the case, it is a departure from historic precedent and can be considered an end-run around the procedural safeguards established by Congress in Section 1052 of the Dodd-Frank Act to ensure that due process is afforded to financial institutions that become the target of CFPB enforcement investigations.

The CFPB’s intentions were apparently confirmed in a January 5 article in Axios about the BNPL orders, which quotes the CFPB’s small dollar, marketplace and installment lending program manager as saying:

It is certainly possible that we could as a result of the data collection take enforcement action.

Assuming this quote is accurate, recipients of CFPB 1022(c)(4) market monitoring orders should be well aware that any information provided to the agency may be used for enforcement purposes.

Is the CFPB using its market monitoring orders to build enforcement cases?

As we previously noted, on October 21, the CFPB issued orders to six large technology firms seeking information about their payment product business plans (the “October 21 Orders”). According to the Bureau, the purpose of orders was to “shed light on the business practices of the largest technology companies in the world.” The CFPB’s use of its market monitoring authority under Section 1022(c)(4) of the Dodd-Frank Act for this amorphous purpose was a break from established precedent. Historically, the CFPB issued 1022(c)(4) orders to support its efforts to issue specific rulemakings or Congressionally-mandated research reports. (See, e.g., Appendix B of the CFPB’s 2018 Sources and Uses of Data report).

On December 16, the CFPB again broke with historic precedent when it issued a new set of 1022(c)(4) orders, this time to five Buy Now, Pay Later (“BNPL”) providers (the “December 16 Orders”). Much has already been written about the information demanded by the CFPB in the orders, and about the institutions subject to the orders. However, less attention has been paid to what the CFPB might do with the information it receives.

Traditionally, the CFPB has maintained a firewall between its market monitoring function and its enforcement function, in recognition of the distinction established by Congress in the Dodd-Frank Act. Section 1022(c)(4) of the Dodd-Frank Act authorizes the CFPB to monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services. Congress specified that information obtained by the CFPB using this general power may only be made public (if at all) through aggregated reports or other formats designed to protect the confidentiality of the information. Accordingly, Congress provided few procedural safeguards to financial institutions subject to such collections. Section 1052 of the Dodd-Frank Act establishes the specific enforcement powers of the CFPB and provides that the CFPB may collect information by means of civil investigative demands (CIDs) for the purpose of ascertaining whether a financial institution has violated Federal consumer financial law. Congress provided several procedural safeguards for the targets of CFPB enforcement investigations, including requirements for the service and contents of CIDs, the collection of oral testimony, and the receipt of petitions to modify or set aside the CIDs.

In announcing its October 21 Orders, the CFPB publicly released a sample order representing the actual orders sent to the six technology firms. The language used in the sample order maintained the firewall between its market monitoring and enforcement activities, stating in relevant part:

This is a market-monitoring order issued under Section 1022(c)(1) & (4) of the Dodd-Frank Act… It is not a supervisory order …, nor is it being issued under section 1052 of the Dodd-Frank Act.

By contrast, the sample order released in connection with CFPB’s announcement of the December 16 Orders to the five BNPL providers lacks the language acknowledging that the order is not being issued under Section 1052, and only states in relevant part:

This is a market-monitoring order issued under Section 1022(c)(1) & (4) of the Dodd-Frank Act… It is not a supervisory order.

Also, the December 16 sample order contains new language not present in the October 21 sample order, stating:

The Bureau reserves the right to use the information for any purpose permitted by law.

Read together, these two changes suggest that the CFPB intends to remove the firewall between its market monitoring and enforcement functions and could use the information collected from the BNPL providers pursuant to the December 16 Orders to build enforcement cases. If so, this development could be considered an attempted end-run around the procedural safeguards established by Congress in Section 1052 of the Dodd-Frank Act. The CFPB can, if it wishes, provide express procedural safeguards within the orders that are equivalent to the types provided in Section 1052 or by agencies like the FTC in similar circumstances, but it has elected not to do so at this time. Recipients of future 1022(c)(4) orders should be mindful of this development in their responses to the CFPB.