Alston & Bird Consumer Finance Blog

Consumer Financial Protection Bureau (CFPB)

The QM Patch Is Down for the Count

Whether they realize it or not, absent a last-minute intervention from the Federal Housing Finance Agency (FHFA), effective July 1, 2021, creditors will no longer be able to originate qualified mortgage loans using the “QM Patch.” The reason for this dramatic event is that on April 8, 2021, Fannie Mae and Freddie Mac announced in separate pronouncements that effective for loans with application dates after June 30, 2021 (for Fannie Mae; for Freddie Mac, applications received on or after July 1, 2021), the loans must conform with the revised qualified mortgage (QM) loan rules—and cannot be QM Patch loans.

Because the FHFA is terminating the QM Patch, loans underwritten to the QM Patch after July 1, 2021 will no longer be eligible for sale to the government-sponsored enterprises (GSEs), and in effect, the QM Patch disappears after that date. This development contradicts the Consumer Financial Protection Bureau’s (CFPB) final rulemaking delaying the mandatory effective date of the revised QM rules until October 1, 2022. Under that CFPB rulemaking, during the period between March 1, 2021 and October 1, 2022, the CFPB intends for creditors to have the option of originating QM loans either under the legacy QM rules, including the QM Patch, or the revised QM rules.

In a client advisory, Steve Ornstein parses how the death of the QM Patch will affect creditors seeking to originate residential mortgage loans under Fannie Mae, Freddie Mac, or Consumer Financial Protection Bureau regulations.

The Hunstein Case: Upending Servicing and Debt Collection?

A&B Abstract:

The U.S. Court of Appeals for the Eleventh Circuit, covering Alabama, Florida, and Georgia, recently decided in Hunstein v. Preferred Collection and Management, Inc., that a debt collector’s communication with its third-party vendor violated section 1692c(b) of the Fair Debt Collection Practices Act (“FDCPA”), which prohibits a debt collector for communicating, in connection with the collection of any debt, with an unauthorized third party.

The FDCPA and Regulation F

 In 1977, Congress enacted the FDCPA to eliminate abusive debt collection practices by debt collectors.  Section 1692c(b) of the FDCPA generally provides that, except with respect to seeking location information:

without the prior consent of the consumer given directly to the debt collector, or the express permission of a court of competent jurisdiction, or as reasonably necessary to effectuate a postjudgment judicial remedy, a debt collector may not communicate, in connection with the collection of any debt, with any person other than the consumer, his attorney, a consumer reporting agency if otherwise permitted by law, the creditor, the attorney of the creditor, or the attorney of the debt collector.

The FDCPA defines “communication” to mean “the conveying of information regarding a debt directly or indirectly to any person through any medium.”

For decades the FDCPA was enforced by the Federal Trade Commission (“FTC”).  However, prior to the Dodd-Frank Act, no federal regulator had rulemaking authority under the FDCPA.  The Dodd-Frank Act empowered the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) with rulemaking authority with respect to the collection of debts by debt collectors, as defined by the FDCPA.  Prior to finalizing Regulation F, the CFPB conducted market outreach to better understand how debt collectors attempt to collect on accounts.  In July 2016, the CFPB published a study of third-party debt collection operations (“Operations Study”) that recognized debt collection firms’ reliance on vendors (such as print mail services, predictive dialers, voice analytics, payment processes and data servers).  In fact, the CFPB noted that most respondents use an outside vendor for sending written communications.

On November 30, 2020, amended Regulation F,  implementing the FDCPA, was published in the Federal Register with an effective date of November 30, 2021 (which has subsequently been delayed to January 29, 2022).  Regulation F does not specifically address the use of third-party vendors, such as print mail services, although the Operations Study was cited in the preamble to Regulation F.

With regard to civil liability, section 1692k of the FDCPA states that “[n]o provision of this section imposing any liability shall apply to any act done or omitted in good faith in conformity with any advisory opinion of the Bureau, notwithstanding that after such act or omission has occurred, such opinion is amended, rescinded, or determined by judicial or other authority to be invalid for any reason.”

The Hunstein Case

Despite the CFPB’s implicit recognition of debt collectors’ use of print and other vendors,  a recent court decision suggests that use of certain vendors could violate the FDCPA’s prohibition on third-party communications.  In Hunstein, the U.S. Court of Appeals for the Eleventh Circuit reversed the district court’s judgment, holding that (1) a violation of section 1692c(b) of the FDCPA confers Article III standing; and (2) a debt collector’s transmittal of a consumer’s personal information to its dunning vendor constituted a communication “in connection with the collection of any debt” within the meaning of section 1692c(b).

The facts in this case are not unusual, and reflect the typical interactions between a debt collector and their third-party vendors. Specifically, the debt collector, Preferred Collection and Management Services Inc. (“Preferred”), electronically transmitted information concerning Hunstein’s debt (his name and his status as a debtor, the entity to which he owed the debt, the outstanding balance, the fact that his debt resulted from his son’s medical treatment, and his son’s name) to its third-party vendor. In turn, the vendor used that information to create, print, and mail a dunning letter to Hunstein.  As a result, Hunstein sued alleging that by sending his personal information to the third-party vendor, Preferred had violated section 1692c(b). The district court dismissed Hunstein’s action for failure to state a claim, holding that Hunstein had not sufficiently alleged that Preferred’s transmittal to its third-party vendor violated section 1692c(b), because it was not a communication “in connection with the collection of any debt.”  Hunstein appealed to the Eleventh Circuit. On appeal, the Eleventh Circuit addressed both the issues of Article III standing and whether Preferred’s communication was “in connection with the collection of any debt.”

The court first considered the threshold issue of whether a violation of section 1692c(b) confers Article III standing. Specifically, the court focused on whether Hunstein had suffered an injury in fact, which requires an invasion of a legally protected interest that is both concrete and particularized and actual or imminent, not conjectural or hypothetical. The court indicated that the “standing question here implicates the concreteness sub-element.”  The court explained that a plaintiff can satisfy the concreteness requirement in one of three ways. A plaintiff can meet this requirement by (1) alleging a tangible harm (e.g., physical injury, financial loss, and emotional distress), (2) alleging a risk of real harm, or (3) identifying a statutory violation that gives rise to an “intangible-but-nonetheless-concrete injury.”  The court ultimately concluded that Hunstein had met the concreteness requirement “[b]ecause (1) § 1692c(b) bears a close relationship to a harm that American courts have long recognized as cognizable and (2) Congress’s judgment indicates that violations of §1692c(b) constitute a concrete injury.”

After concluding that Hunstein had standing to sue, the court considered whether Preferred’s transmittal to its third-party vendor was a “communication in connection with the collection of any debt.” At the outset, the court noted that the parties were in agreement that Preferred was a “debt collector,” that Hunstein was a “consumer,” and that the debt at issue was a “consumer debt,” as contemplated under the FDCPA. Moreover, the parties agreed that Preferred’s transmittal of Hunstein’s information to the third-party vendor constituted a “communication” within the meaning of the FDCPA. Thus, the only question remaining before the court was whether Preferred’s communication was “in connection with the collection of any debt.” The court began its analysis by reviewing the plain meaning of the phrase “in connection with” and the word “connection,” and determined that “in connection with” and “connection” are generally defined to mean “with reference to or concerning” and “relationship or association,” respectively.  Based on these definitions, and the facts at issue, the court found it “inescapable that Preferred’s communication to [its third-party vendor] as least ‘concerned,’ was ‘with reference to,’ and bore a ‘relationship or association’ to its collection of Hunstein’s debt.”  Accordingly, the court held that Hunstein had alleged a communication “in connection with the collection of any debt” as that phrase is commonly understood.

The court next considered, and rejected, Preferred’s three arguments that its communication was not “in connection with the collection of any debt.” First, the court found Preferred’s reliance on prior Eleventh Circuit decisions interpreting the phrase “in connection with the collection of any debt,” as used under section 1692e, to be misplaced. The court explained that in those line of cases, the court had focused on the language of the underlying communications that were at issue. However, the court found that the district court’s conclusion that the phrase “in connection with the collection of any debt” necessarily entails a demand for payment “defies the language and structure of § 1692c(b) for two separate but related reasons—neither of which applies to § 1692e.” First, the court explained that the “demand-for-payment interpretation would render superfluous the exceptions spelled out in §§ 1692c(b) and 1692b.” The court noted that under section 1692c(b), “[c]ommunications with four of the six excepted parties—a consumer reporting agency, the creditor, the attorney of the creditor, and the attorney of the debt collector—would never include a demand for payment,” and that the “same is true of the parties covered by § 1692b and, by textual cross-reference, excluded from § 1692c(b)’s coverage.” Accordingly, the court held that the phrase “in connection with the collection of any debt” in section 1692c(b) must mean something more than a mere demand for payment, so as not to render “Congress’s enumerated exceptions…redundant.”

The court also rejected Preferred’s argument that the court adopt a holistic, multi-factoring balancing test that was adopted by the Sixth Circuit in its unpublished opinion in Goodson v. Bank of Am., N.A., 600 Fed. Appx. 422 (6th Cir. 2015), for two reasons: (1) “Goodson and the cases that have relied on it concern § 1692e—not § 1692c(b),” and (2) sections 1692c(b) and 1692e differ both “linguistically, in that the former includes a series of exceptions that an atextual reading risks rendering meaningless, while the latter does not, and…operationally, in that they ordinarily involve different parties.” Moreover, the court found that “in the context of § 1692c(b), the phrase ‘in connection with the collection of any debt’ has a discernible ordinary meaning that obviates the need for resort to extratextual ‘factors.’”

Finally, the court rejected Preferred’s “industry practice” argument—namely that there is widespread use of mail vendors and a relative dearth of FDCPA suits against them—holding that simply because “this is (or may be) the first case in which a debtor has sued a debt collector for disclosing his personal information to a mail vendor hardly proves that such disclosures are lawful.”

In holding that Preferred’s communication with its third-party vendor constituted a communication “in connection with the collection of any debt,” the court acknowledged that its “interpretation of § 1692c(b) runs the risk of upsetting the status quo in the debt-collection industry…[and that its] reading of § 1692c(b) may well require debt collectors (at least in the short term) to in-source many of the services that they had previously outsourced, potentially at great cost.” Moreover, the court recognized that “those costs may not purchase much in the way of ‘real’ consumer privacy.” Nevertheless, the court noted that its “obligation is to interpret the law as written, whether or not we think the resulting consequences are particularly sensible or desirable.”

Takeaway 

The court’s textual reading of the statute fails to account for the technological changes to the industry since the FDCPA was enacted in 1977.

The CFPB has the authority to take a more pragmatic view, either through its advisory opinion program or formal rulemaking to recognize the important role of vendors while also putting in proper guardrails to protect consumers’ privacy.  Such a view would be consistent with the FTC’s treatment of this issue.  The FTC previously indicated that a debt collector could contact an employee of a telephone or telegraph company in order to contact the consumer, without violating the prohibition on communication to third parties, if the only information given is that necessary to enable the collector to transmit the message to, or make the contact with, the consumer. Presumably, a debt collector would have to transmit much the same information for purposes of communicating with the debtor through a letter vendor.

Congress also has the authority to modernize the FDCPA.  The House of Representatives recently passed a comprehensive debt collection bill (H.R. 2547, the Comprehensive Debt Collection Improvement Act, sponsored by Chairwoman Waters). While this bill currently doesn’t address the issue in Hunstein, that could be remedied in the Senate.

The consumer finance industry will be closely watching the Hunstein case as it works through the appeal process, as well as how other courts, Congress, CFPB and other regulators react.

An Ominous Development in CFPB Supervision

A&B ABstract: The CFPB’s Bulletin 2021-01 released on March 31, 2021 announced changes to the Bureau’s type of communications.  Does this bulletin suggest a desire of the CFPB to use the examination process for purposes that go beyond the Dodd-Frank Act?

The Dodd Frank Act

The Dodd-Frank Act grants the CFPB authority to require reports and conduct examinations of certain covered persons, including nonbanks and banks with greater than $10 billion in assets. However, the CFPB’s supervisory authority over these institutions is not unlimited. In general, the CFPB may engage in supervision only for three purposes: (1) assessing compliance with the requirements of “Federal consumer financial laws” (a term defined in 12 U.S.C. 5481(14) to include specific enumerated consumer laws); (2) obtaining information about the activities subject to such laws and the associated compliance systems or procedures of financial institutions; and (3) detecting and assessing associated risks to consumers and to markets for consumer financial products and services. See 12 U.S.C. 5515(b).

The CFPB’s examination manual outlines its supervision and examination process, and in relevant part provides that when all onsite examination activities are complete, the examiner in charge of the  examination should meet with the supervised entity’s management to discuss the CFPB’s preliminary examination findings, expected Matters Requiring Attention (“MRAs”), consumer compliance ratings (if applicable, and next steps. MRAs, the examination manual explains:

“are used by the Bureau to communicate to an institution’s Board of Directors, senior management, or both, specific goals to be accomplished in order to correct violations of Federal consumer financial law, remediate harmed consumers, and address related weaknesses in the CMS that the examiners found are directly related to violations of Federal consumer financial law.”

As a strictly legal matter, MRAs are not enforceable. However, there are real-world consequences for supervised institutions that do not take the actions prescribed in MRAs within the implementation timeframes prescribed by the CFPB. For instance, an institution’s responses to MRAs are considered by the CFPB when assessing its consumer compliance rating or the need for an enforcement action and also when scheduling future exam work. In other words, MRAs are not voluntary. Also, the CFPB’s exam findings, including MRAs, and institutions’ responses to MRAs are deemed confidential supervisory information under the CFPB’s rules. Consequently, they are non-public and not subject to release under FOIA.

This process creates a risk that the CFPB could abuse its supervisory authority. What happens, for instance, if the CFPB issues MRAs or other orders that require a supervised institution to take actions that exceed the requirements of the law? Could the CFPB issue MRAs that require the institution to conduct business in a manner that the CFPB prefers, above and beyond compliance with applicable laws or regulations? Supervised institutions understandably have a strong desire to avoid antagonizing examiners and avoiding a public enforcement action, so their interest is always to accommodate the CFPB’s supervisory demands. If the CFPB’s MRAs are never challenged, the risk of mission creep is very real.

CFPB’s Prior Guidance on Supervisory Communications

In 2018, the CFPB sought to mitigate mission creep  risk and ensure that the CFPB would not exceed its supervisory authority by issuing a public bulletin that made clear that MRAs would relate only to violations of Federal consumer financial law or CMS weaknesses that are directly related to those violations. The bulletin also created a second category of supervisory communication known as a Supervisory Recommendation (“SR”). However, SRs were to be used by the CFPB only to raise CMS concerns in cases where examiners did not identify a violation of Federal consumer financial law, and SRs do not include provisions for periodic reporting nor expected timelines for implementation. In other words, SRs are voluntary, and it is up to the supervised institution to decide whether address the CFPB’s concerns or act on its recommendations. By distinguishing MRAs from SRs, the CFPB sought to reinforce the clear statutory boundaries governing its supervisory authority.

CFPB’s Bulletin 2021-01

On March 31, 2021, the CFPB rescinded the 2018 bulletin, and issued a new bulletin in its stead. This new bulletin eliminates the SR category of supervisory communication and declares that CFPB examiners “may issue MRAs with or without a related supervisory finding that a supervisory entity has violated a Federal consumer financial law.”

Additionally, the bulletin declares that the CFPB will now use MRAs to convey its supervisory expectations not just for violations of Federal consumer financial laws and related CMS deficiencies, but also for “other laws enforced by the Bureau.” The CFPB does have authority to enforce certain laws that are not defined as Federal consumer financial laws, meaning that it can use its enforcement powers, including civil investigative demands, to detect violations of those laws, but it lacks authority to examine institutions for compliance with those laws. And in the examination context, the CFPB is not required to turn a blind eye to violations of law it may uncover; there are statutory mechanisms for the referral of certain violations to appropriate Departments and agencies. But here, the CFPB’s bulletin is declaring that the CFPB will use the supervisory process to address violations of laws other than Federal consumer financial laws through MRAs, which appears to exceed its statutory authority.

Also, the bulletin states that the CFPB “expects supervised entities to implement a CMS that, among other things, effectively prevents, identifies, and addresses risks to consumers.” This statement is inconsistent with the CFPB’s own examination manual, which states that the purpose of CMS is to maintain legal compliance with Federal consumer financial laws, not to address all risks to consumers. A violation of law Federal consumer financial law, of course, often represents a risk to consumers, but the two concepts are not coextensive. The Dodd-Frank Act does permit the CFPB to engage in market monitoring activities to identify risks to consumers and the proper functioning of consumer financial markets, but that authority is separate and distinct from its supervisory authority. See 12 U.S.C. 5511(b)(3) and 5512(c). However, with regard to supervision, the Dodd-Frank Act specifically limits the CFPB’s authority to address risks to consumers in two ways: first, the risk must generally be associated with a violation of Federal consumer financial law; and second, the risk must be created by the offering or provision of “consumer financial products and services,” which are specifically defined in 12 U.S.C. 5481(5). The CFPB’s bulletin does not acknowledge these statutory limitations, and the resulting lack of precision creates concern that the CFPB could identify risks to consumers not associated with the provision of consumer financial products and services or a violation of Federal consumer financial law and use its supervisory process to force supervised institutions to address them.

Finally, the bulletin warns that the CFPB is committed to using the full range of its authorities to “promote compliance with the law and to ensure that supervised entities protect consumers.” Here again, the CFPB is publicly committing to using the supervisory process to achieve an objective that goes beyond compliance with Federal consumer financial law. And while all observers would agree that “protecting consumers” is a laudable objective in the abstract, the bulletin neglects to define that phrase for purposes of supervision and examination, so readers are left in the dark as to the CFPB’s intended meaning. In what way can the objective of ensuring that supervised entities protect consumers be distinguished from promoting compliance with Federal consumer financial law? Without additional clarity from the CFPB, the statement appears on its face to assert a broader supervisory mandate than the one set forth in the Dodd-Frank Act.

Takeaway:

At best, the language used in the CFPB’s new bulletin is imprecise; at worst, it articulates an expansive view of the CFPB’s authority that should concern all supervised institutions and the public at large. However, because of the confidential nature of the supervisory examination process, the public lacks the means to evaluate how the CFPB administers its bulletin. Additional clarification from the CFPB regarding its intentions and  commitment to maintaining the boundaries of its statutory authority would no doubt be welcomed. Failing that, appropriate oversight by Congress or the Federal Reserve’s inspector general, which possess authority to review the CFPB’s confidential supervisory material, may eventually be warranted.

The CFPB is Sending Mixed Messages on COVID-19 Flexibility

A&B ABstract: The CFPB’s inconsistent statements about the need for flexibility to address the pandemic suggest a deeper game afoot.

 CFPB warns that continued COVID flexibility for financial institutions is not prudent…

On March 31, 2021, the CFPB announced it would be rescinding seven policy statements issued last year that provided financial institutions with flexibilities regarding certain regulatory filings or compliance with consumer financial laws and regulations due to the COVID-19 pandemic. One of the rescinded statements, for example, encouraged financial institutions to “work constructively with borrowers and other customers affected by COVID-19 to meet their financial needs” and to that end, “when conducting examinations and other supervisory activities and in determining whether to take enforcement action, the Bureau will consider the circumstances that entities may face as a result of the COVID-19 pandemic and will be sensitive to good-faith efforts demonstrably designed to assist consumers.”

In explaining the rescissions, Acting CFPB Director Uejio reasoned: “Because many financial institutions have developed more robust remote capabilities and demonstrated improved operations, it is no longer prudent to maintain these flexibilities.” Accordingly, the CFPB provided notice that it “intends to exercise the full scope of the supervisory and enforcement authority provided under the Dodd-Frank Act.”

To further drive home its point, on April 1, 2021, the CFPB issued a press release and compliance bulletin warning mortgage servicers that “unprepared is unacceptable” with regard to the treatment of mortgage borrowers exiting extended forbearances this fall. The CFPB stated it is “committed to using its authorities, including its authority under Regulation X mortgage servicing requirements and under the Consumer Financial Protection Act (CFPA), to ensure that homeowners facing the ongoing economic impact of the Coronavirus Disease (COVID-19) national emergency receive the benefits of critical legal protections and that avoidable foreclosures are avoided.”

Except when it is!

On March 2, 2021, the CFPB issued a notice of proposed rulemaking (NPRM) to delay the mandatory compliance date of the General Qualified Mortgage (QM) final rule from July 1, 2021 to October 1, 2022. The reason cited by the CFPB for the compliance delay is the “need to provide maximum flexibility [to financial institutions] to address the effects of the pandemic.” In particular, the CFPB’s proposal states:

“The Bureau is concerned that the potential impact of the COVID-19 pandemic on the mortgage market may continue for longer than anticipated at the time the Bureau issued the General QM Final Rule, and so could warrant additional flexibility in the QM market to ensure creditors are able to accommodate struggling consumers.”

Additionally, on April 7, 2021, the CFPB proposed to delay the effective date of two recent debt collection rules by sixty days, from November 30, 2021 until January 29, 2022. The reason cited by the CFPB for its proposed delay is “to give affected parties more time to comply due to the ongoing COVID-19 pandemic.” In particular, the CFPB’s proposal states:

“Since the Debt Collection Final Rules were published, the global COVID-19 pandemic has continued to cause widespread societal disruption, with effects extending into 2021. In light of that disruption, the Bureau believes that providing additional time for stakeholders to review and, if applicable, to implement the final rules may be warranted. The Bureau believes that extending the rules’ effective date by 60 days, to January 29, 2022, may provide stakeholders with sufficient time for review and implementation.”

What is really going on?

 Both of the CFPB’s delay NPRMs are curious. With respect to the QM delay proposal, a broad coalition of both housing and mortgage industry and consumer and civil rights groups files a joint comment letter stating that the recent enhancements to the General QM definition will replace loans that were designated QM under the temporary GSE Patch, and as a result, the organizations do not believe that extending the July 1 mandatory compliance date is necessary. And as our colleague Stephen Ornstein explained, recent FHFA actions will effectively sunset the GSE Patch on July 1 with or without the CFPB taking action. Further, with respect to the debt collection delay proposal, it is unlikely that 60 extra days before the rules take effect will make any appreciable difference to most market participants, considering that they were already given a full year to implement the rules, and they still won’t take effect for seven months.

The CFPB clearly has a strong desire to revisit both the underlying QM and debt collection final rules issued last year. For instance, as early as February 4, 2021, Acting Director Uejio stated that the CFPB would “[e]xplore options for preserving the status quo with respect to QM and debt collection rules.” And Diane Thompson, the Biden Administration political appointee now overseeing CFPB rulemaking efforts, publicly declared her hatred for the CFPB’s new General QM rule. If the CFPB does revisit these rules, it makes sense to do so soon; completing new rulemakings before the old ones take effect or require compliance could provide the CFPB a significant advantage in framing its mandatory Section 1022 cost-benefit analysis, depending upon the economic baseline established for analyzing the effects of its proposals. However, delaying rules simply for the purpose of changing them in light of the policy preferences of an incoming administration can be viewed skeptically by reviewing courts, since such actions tend to undermine the purposes of the Administrative Procedure Act. Perhaps that is the reason why the CFPB is disclaiming its plans to revisit the underlying rules in its delay NPRMs and, contrary to its own recent policy pronouncements, is relying instead upon the need for institutional flexibility to deal with the pandemic in the limited context of these two rules alone. Given the time constraints involved, the CFPB can be expected to show its full hand and propose changes to the QM and debt collection rules soon after it finalizes its associated delay rules.

What Do the CFPB’s and FTC’s 2020 Debt Collection Activity Forecast for 2021?

On March 22, 2021, the Consumer Financial Protection Bureau (CFPB) released its 2020 annual report to Congress on the administration of the Fair Debt Collection Practices Act (FDCPA). The CFPB’s annual report follows the Federal Trade Commission’s (FTC) annual letter to the CFPB regarding the FDCPA, publicly released on March 19, 2021. The annual report highlights both agencies’ efforts to protect and provide debt collection relief to consumers, particularly in light of the ongoing COVID-19 pandemic and resulting economic hardship.

In the latest Consumer Protection/FTC / Financial Services Litigation Advisory, Kathleen Benway, Kelley Connolly Barnaby, and Laura Komarek explore the reports from the CFPB and FTC on their work in 2020 and anticipate a tougher environment for debt collectors going forward.