Alston & Bird Consumer Finance Blog

Dodd-Frank Act

Joint Trade Associations Reject the CFPB’s “Discrimination-Unfairness” Theory

In a June 28 letter to Director Chopra and accompanying White Paper and press release, the ABA, CBA, ICBA, and the U.S. Chamber of Commerce have called on the Consumer Financial Protection Bureau (CFPB or Bureau) to rescind recent revisions made to its UDAAP examination manual that had effectuated the CFPB’s controversial theory that alleged discriminatory conduct occurring outside the offering or provision of credit could be addressed using “unfairness” authority. The White Paper characterized the primary legal flaws in the CFPB’s action as follows:

  • The CFPB’s conflation of unfairness and discrimination ignores the text, structure, and legislative history of the Dodd-Frank Act. For example, the Dodd-Frank Act discusses “unfairness” and “discrimination” as two separate concepts and defines “unfairness” without mentioning discrimination. The Act’s legislative history refers to the Bureau’s antidiscrimination authority in the context of ECOA and HMDA, while referring to the Bureau’s UDAAP authority separately.
  • The CFPB’s view of “unfairness” is inconsistent with decades of understanding and usage of that term in the Federal Trade Commission Act and with the enactment of ECOA. Congress gave the CFPB the same “unfairness” authority that it gave to the Federal Trade Commission in 1938, which has never included discrimination. It makes no sense that Congress would have enacted ECOA in 1974 to address discrimination in credit transactions if it had already prohibited discrimination through the FTC’s unfairness authority. For the same reason, Congress could not have intended in 1938 for unfairness to “fill gaps” in civil rights laws that did not exist.
  • The CFPB’s view is contrary to Supreme Court precedent regarding disparate impact liability. The CFPB’s actions and statements indicate it conflates unfairness with disparate impact, or unintentional discrimination. The Supreme Court has recognized disparate impact as a theory of liability only when Congress uses certain “results-oriented” language in antidiscrimination laws, e.g., the Fair Housing Act. The Dodd Frank Act neither contains the requisite language, nor is it an antidiscrimination law.
  • The CFPB’s action is subject to review by courts because it constitutes final agency action – a legislative rule – that is invalid, both substantively and procedurally. The CFPB’s action carries the force and effect of law and imposes new substantive duties on supervised institutions. However, the Bureau did not follow Administrative Procedure Act requirements for notice-and-comment rulemaking. Additionally, the CFPB’s interpretation is not in accordance with law and exceeds the CFPB’s statutory authority. The CFPB’s action should be held unlawful and set aside.
  • The CFPB’s action is subject to Congressional disapproval under the Congressional Review Act. A Member of Congress can request a GAO opinion on whether the CFPB’s actions are a rule, which can ultimately trigger Congressional review using the procedures established in the Congressional Review Act.

The White Paper concludes:

“Such sweeping changes that alter the legal duties of so many are the proper province of Congress, not of independent regulatory agencies, and the CFPB cannot ignore the requirements of the Administrative Procedures Act and Congressional Review Act. The CFPB may well wish to ‘fill gaps’ it perceives in federal antidiscrimination law. But Congress has simply not authorized the CFPB to fill those gaps. If the CFPB believes it requires additional authority to address alleged discriminatory conduct, it must obtain that authority from Congress, not take the law into its own hands. The associations and our members stand ready to work with Congress and the CFPB to ensure the just administration of the law.”

Take-away:

The position taken in the White Paper that the CFPB’s actions were contrary to law may be an indication that the trade groups intend to mount an APA legal challenge. Alternatively, the arguments made could in theory form a defense to any CFPB supervisory or enforcement action premised upon its new “discrimination-unfairness” theory. Financial institutions subject to CFPB examination would be well-advised to consider the arguments raised by the groups.

CFPB’s SBREFA Outline on Automated Valuation Models Rekindles Debate over Disparate Impact Liability under the ECOA

Section 1473(q) of the Dodd-Frank Act (now codified at 12 U.S.C. § 3354(q)) amended the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“FIRREA”) to instruct the CFPB, Fed, OCC, FDIC, NCUA, and FHFA (collectively, the “agencies”) to jointly develop regulations for quality control standards for automated valuation models (“AVMs”), defined as “any computerized model used by mortgage originators and secondary market issuers to determine the collateral worth of a mortgage secured by a consumer’s principal dwelling.” As part of the rulemaking process, the Small Business Regulatory Enforcement Fairness Act of 1996 (“SBREFA”) requires the CFPB to convene a Small Business Review Panel to consider whether the rule could have a significant economic impact on a substantial number of small entities. Accordingly, on February 23, 2022, the CFPB released an outline of proposals and alternatives under consideration by the agencies to seek informed feedback and recommendations from small businesses likely to be subject to the rule.

As amended, subparts (1) – (4) of FIRREA Section 1125(a) mandate that the agencies establish four specific quality control standards for AVMs. FIRREA Section 1125(a)(5) also affords the agencies discretion to adopt standards designed to “account for any other such factor that the agencies…determine to be appropriate.” As such, the CFPB’s SBREFA outline proposes creating a fifth such discretionary quality control standard “designed to protect against unlawful discrimination.”

In support of its proposal, the CFPB asserts that algorithmic systems such as AVMs are subject to Federal nondiscrimination laws, including the Equal Credit Opportunity Act (“ECOA”), because a lender evaluating an applicant’s collateral could use an AVM “in a way that would treat an applicant differently on a prohibited basis or result in unlawful discrimination against an applicant on a prohibited basis.” The CFPB then notes that it recognizes three different methods of proving discrimination under the ECOA and its implementing regulation (“Regulation B”): (1) overt discrimination; (2) disparate treatment; and (3) disparate impact. It is worth mentioning that overt discrimination has been viewed by federal regulators such as DOJ and the FDIC as a blatant type of disparate treatment that does not require an inference or presumption based on circumstantial evidence. However, it appears that the CFPB considers these theories to be distinct from one another.

The third method of proving discrimination articulated by the CFPB, disparate impact, has been a controversial theory of liability because it imposes liability on a creditor even where the creditor had no intent to discriminate against an applicant. Rather, the theory presumes that the creditor has treated applicants fairly and consistently in accordance with some facially neutral policy or procedure of the creditor. Of course, the disparate impact theory gained traction in the subprime lending cases post-2008 and then loomed large in the CFPB’s enforcement actions against indirect auto lenders, the latter of which were scrutinized by Congress in its decision to rescind the CFPB’s indirect auto lending guidance using the Congressional Review Act. In fact, it remains a legal question whether disparate impact claims are cognizable under the ECOA since the United States Supreme Court (“Supreme Court”) has never considered the issue, though civil rights advocates point to the Supreme Court’s willingness in the 2015 Inclusive Communities case to recognize the theory for discrimination claims brought under the Fair Housing Act (“FHA”).

Thus, should the agencies adopt a final rule that relies upon disparate impact under the ECOA as a legal basis to justify imposing a quality control standard on AVMs (or muddies the waters by relying upon both the ECOA and the FHA without distinction), it is possible that the rule could be challenged under the Administrative Procedures Act as not in accordance with the law. Alternatively, if the CFPB were to bring an enforcement action against a creditor for allegedly violating either the final rule’s quality control standard or ECOA itself on the basis of disparate impact, the creditor could defend itself by arguing among other things that disparate impact claims are not cognizable under the ECOA. Indeed, the ECOA lacks any “results-oriented” language like the “otherwise make available” language of the FHA or the “otherwise adversely affect” language of the Age Discrimination in Employment Act, which the Supreme Court, in decisions issued a decade apart, relied on in recognizing disparate impact liability.

Even if the plain language of the ECOA could not support a disparate impact claim, the CFPB might argue that the statute’s anti-discrimination provision is ambiguous (by asserting, for instance, that the word “discriminate” could be interpreted to encompass both intent-based and effects-based actions), in which case the CFPB may expect the reviewing court to grant its interpretation Chevron deference. See Chevron, U.S.A. v. Natural Resources Defense Council, Inc. 476 U.S. 837 (1984). But this argument also might prove difficult because Chevron deference is appropriate only when it appears that Congress has “delegated authority to the agency generally to make rules carrying the force of law, and … the agency interpretation claiming deference was promulgated in the exercise of such authority.” See Public Citizen, Inc. v. U.S. Dept. of Health and Human Services, 332 F.3d 654, 659 (D.C. Cir. 2003) (quoting U.S. v. Mead Corp., 533 U.S. 218 (2001)). In examining Regulation B, which was originally issued by the Fed and subsequently readopted by the CFPB, the only references to the concept of disparate impact appear in 12 C.F.R. § 1002.6(a) and Official Interpretation 6(a)-2. However, these provisions merely summarize the ECOA’s legislative history and Supreme Court precedent under Title VII of the Civil Rights Act, and even then, acknowledge only that the ECOA “may” prohibit acts that are discriminatory in effect. The CFPB has articulated its belief that disparate impact is cognizable under the ECOA elsewhere, including in a compliance bulletin and its examination manual, but those materials carry no force of law under the CFPB’s own recently-adopted rule. Thus, a reviewing court could conclude that the mere recitation of legislative history and of a judicial doctrine developed under an unrelated statute was not an actual exercise of rulemaking authority under the ECOA, and therefore that the agencies’ interpretation of the ECOA as expressed in Regulation B is not entitled to Chevron deference. In that circumstance, the reviewing court would be free to resolve any purported ambiguity in the ECOA according to its own construction, affording respect to the agencies’ position only to the extent it is persuasive. And should either of these issues – disparate impact under the ECOA or the availability of Chevron deference – ultimately be appealed to the Supreme Court, there may well be four justices willing to grant certiorari to consider them.

The uncertain outcome of any challenge to the CFPB’s use of disparate impact in a rulemaking or in enforcing the ECOA, given the stakes involved, suggests that the CFPB may seek to resolve matters via settlement rather than risking litigation in federal court. However, only time will tell whether the CFPB is spoiling for a fight.

Update regarding the BrightSpeed payment processor case

On January 18, after approximately fourteen months of settlement negotiations, the CFPB announced that it secured a settlement agreement with BrightSpeed Solutions, Inc., a third-party payment processor that had ceased operations nearly three years ago. As we reported in greater detail in a prior post, the CFPB asserted jurisdiction to bring its complaint against BrightSpeed by alleging that the company was a “covered person.” Under the Dodd-Frank, a covered person must offer or provide a “consumer financial product or service.” In the context of payment processing, the Dodd-Frank Act requires that such services be provided “to a consumer.” BrightSpeed, however, provided payment processing services only to merchants, not to consumers (the merchants were not alleged by the CFPB to be covered persons, meaning BrightSpeed was not a “service provider” for purposes of CFPB jurisdiction). In its answer to the CFPB’s complaint, BrightSpeed argued that the CFPB exceeded its statutory authority, its claims were barred by the statute of limitations, and it was using BrightSpeed’s financial distress as leverage against the company’s position.

If unnamed merchants defrauded consumers into purchasing unnecessary software in tech-support scams, as the CFPB alleged in its complaint, the merchants should be held to account by the FTC or state attorneys general (the CFPB, for instance, instructs consumers to report tech-support scams directly to the FTC). However, the CFPB’s claimed jurisdiction in this case would establish the precedent that it can bring enforcement actions against any payment processor for providing services to merchants, whether or not those merchants are providing financial products or services (its two prior attempts to establish such a precedent in the Intercept and Universal Debt Solutions cases failed). Moreover, such actions could be used to indirectly regulate merchant and retailer activity in a way specifically prohibited by Congress in the Dodd-Frank Act, similar to the way in which the CFPB once used enforcement actions against indirect auto lenders as a means of regulating dealer compensation practices.

The proposed stipulated judgment and order filed jointly by the CFPB and BrightSpeed with U.S. District Court for the Northern District of Illinois specifically requests that Judge John J. Tharp Jr. find that the CFPB’s “[c]omplaint alleges claims upon which relief may be granted” and “[e]ntry of this order is in the public interest.” The parties separately noticed that they will present their proposed order to Judge Tharp on the morning of Thursday, January 20, at 9:00 a.m.

Update Regarding the CFPB’s Buy Now, Pay Later Orders

In a prior post, we reported that the language used in orders recently issued by the CFPB to leading Buy Now, Pay Later (“BNPL”) providers suggested that the CFPB intends to use the information it collects to build enforcement cases rather than monitor market developments. We also reported that if this is the case, it is a departure from historic precedent and can be considered an end-run around the procedural safeguards established by Congress in Section 1052 of the Dodd-Frank Act to ensure that due process is afforded to financial institutions that become the target of CFPB enforcement investigations.

The CFPB’s intentions were apparently confirmed in a January 5 article in Axios about the BNPL orders, which quotes the CFPB’s small dollar, marketplace and installment lending program manager as saying:

It is certainly possible that we could as a result of the data collection take enforcement action.

Assuming this quote is accurate, recipients of CFPB 1022(c)(4) market monitoring orders should be well aware that any information provided to the agency may be used for enforcement purposes.

Is the CFPB using its market monitoring orders to build enforcement cases?

As we previously noted, on October 21, the CFPB issued orders to six large technology firms seeking information about their payment product business plans (the “October 21 Orders”). According to the Bureau, the purpose of orders was to “shed light on the business practices of the largest technology companies in the world.” The CFPB’s use of its market monitoring authority under Section 1022(c)(4) of the Dodd-Frank Act for this amorphous purpose was a break from established precedent. Historically, the CFPB issued 1022(c)(4) orders to support its efforts to issue specific rulemakings or Congressionally-mandated research reports. (See, e.g., Appendix B of the CFPB’s 2018 Sources and Uses of Data report).

On December 16, the CFPB again broke with historic precedent when it issued a new set of 1022(c)(4) orders, this time to five Buy Now, Pay Later (“BNPL”) providers (the “December 16 Orders”). Much has already been written about the information demanded by the CFPB in the orders, and about the institutions subject to the orders. However, less attention has been paid to what the CFPB might do with the information it receives.

Traditionally, the CFPB has maintained a firewall between its market monitoring function and its enforcement function, in recognition of the distinction established by Congress in the Dodd-Frank Act. Section 1022(c)(4) of the Dodd-Frank Act authorizes the CFPB to monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services. Congress specified that information obtained by the CFPB using this general power may only be made public (if at all) through aggregated reports or other formats designed to protect the confidentiality of the information. Accordingly, Congress provided few procedural safeguards to financial institutions subject to such collections. Section 1052 of the Dodd-Frank Act establishes the specific enforcement powers of the CFPB and provides that the CFPB may collect information by means of civil investigative demands (CIDs) for the purpose of ascertaining whether a financial institution has violated Federal consumer financial law. Congress provided several procedural safeguards for the targets of CFPB enforcement investigations, including requirements for the service and contents of CIDs, the collection of oral testimony, and the receipt of petitions to modify or set aside the CIDs.

In announcing its October 21 Orders, the CFPB publicly released a sample order representing the actual orders sent to the six technology firms. The language used in the sample order maintained the firewall between its market monitoring and enforcement activities, stating in relevant part:

This is a market-monitoring order issued under Section 1022(c)(1) & (4) of the Dodd-Frank Act… It is not a supervisory order …, nor is it being issued under section 1052 of the Dodd-Frank Act.

By contrast, the sample order released in connection with CFPB’s announcement of the December 16 Orders to the five BNPL providers lacks the language acknowledging that the order is not being issued under Section 1052, and only states in relevant part:

This is a market-monitoring order issued under Section 1022(c)(1) & (4) of the Dodd-Frank Act… It is not a supervisory order.

Also, the December 16 sample order contains new language not present in the October 21 sample order, stating:

The Bureau reserves the right to use the information for any purpose permitted by law.

Read together, these two changes suggest that the CFPB intends to remove the firewall between its market monitoring and enforcement functions and could use the information collected from the BNPL providers pursuant to the December 16 Orders to build enforcement cases. If so, this development could be considered an attempted end-run around the procedural safeguards established by Congress in Section 1052 of the Dodd-Frank Act. The CFPB can, if it wishes, provide express procedural safeguards within the orders that are equivalent to the types provided in Section 1052 or by agencies like the FTC in similar circumstances, but it has elected not to do so at this time. Recipients of future 1022(c)(4) orders should be mindful of this development in their responses to the CFPB.