Alston & Bird Consumer Finance Blog

Fair Credit Reporting Act (FCRA)

CFPB Proposes to Include Coerced Debt in the Definition of “Identity Theft”

By

What Happened?

On December 9, the Consumer Financial Protection Bureau (“CFPB”) issued an advance notice of proposed rulemaking(“ANPR”), seeking stakeholder input regarding amending the definitions of “identity theft” and “identity theft report” in Regulation V, which implements the Fair Credit Reporting Act (“FCRA”).

Specifically, the CFPB is proposing to expand the definition of “identity theft” to include actions taken “without effective consent,” which would prevent credit reporting agencies from refusing to block any type of debt obtained through coercion (such as through domestic abuse or elder abuse) from credit reports.

Why Does It Matter?

This proposed rulemaking started as a petition submitted to the CFPB by the National Consumer Law Center and the Center for Survivor Agency and Justice through the CFPB’s public petition procedures. In requesting the rulemaking, the petitioners cited relevant research and statistics, to support its request, including that:

  • between 94 and 99 percent of domestic violence survivors experienced economic abuse; and
  • a majority of domestic violence survivors remained in abusive relationships in part because of the coerced debt.

Based on public responses to this petition, the CFPB determined that the issue of “coerced debt” warrants rulemaking activity with the expectation that abuse survivors will experience significant increases to their credit scores. According to the CFPB’s blog post accompanying the ANPR, one study found that one third of survivors of abuse who managed to remove coerced debt from their credit report saw their credit score improve at least 20 points.

Specifically, the CFPB is soliciting feedback on the following questions:

  1. What information exists regarding the prevalence and extent of harms to victims of economic abuse, particularly coerced debt? How does the consumer reporting system, including provisions relating to identity theft, currently contribute to or reduce those harms?
  2. To what extent do protections under the FCRA or other Federal or State laws exist for victims of economic abuse with respect to consumer reporting information? What barriers exist that may prevent survivors of economic abuse from availing themselves of existing protections?
  3. Does coerced debt reflect the survivor’s credit risk independent of the abuser? Why or why not? Is there any data addressing the relevance of coerced debt to the survivor’s credit risk independent of the abuser?
  4. What are the costs and benefits of the proposed amendment outlined by the petition for rulemaking?
  5. The petition defines “coerced debt” as “all non-consensual, credit-related transactions that occur in a relationship where one person uses coercive control to dominate the other person.” What alternatives to that language should the CFPB consider?
  6. Comments to the petition identify survivors of intimate partner violence, domestic abuse, and gender-based violence as groups that would benefit from explicit inclusion of coerced debt as a form of identity theft. Commenters noted specific vulnerabilities for older Americans, children in foster care, and survivors of color.
    1. What barriers do these groups face as a result of coerced debt?
    2. How would the proposed amendments outlined in the petition for rulemaking reduce those barriers?
    3. Are there other populations who experience problems with coerced debt and whose experiences should be considered in the proposed rulemaking?
    4. How would the proposed amendments outlined in the petition for rulemaking address the needs of these other populations?
  7. Should the CFPB propose the amendments outlined by the petition for rulemaking? What alternatives should the CFPB consider? For instance:
    1. What documentation should a person be required to produce to show that their debt was coerced?
    2. What self-attestation mechanisms could be considered for meeting the standard for an identity theft report?
    3. Are there circumstances that should give rise to a presumption of coercion?
    4. Should the CFPB propose general protections related to coerced debt, specific protections for survivors of domestic or intimate partner violence, or a combination?

What Do I Need To Do?

Any party that would like to submit a comment may do so until March 7, 2025. Any interested party should identify comments by Docket No. CFPB-2024-0057, and should submit them through the Federal eRulemaking Portal, via email at ANPR-Coerced-Debt@cfpb.gov, or through the mail sent to the CFPB’s Legal Division.

CFPB Seeks Permanent Enforcement – Will this Further its Repeat Offender Agenda?

By

What Happened?

On May 31, 2024, the Consumer Financial Protection Bureau (CFPB) sued student loan servicer Pennsylvania Higher Education Assistance Agency (PHEAA) for illegally collecting on student loans that have been discharged in bankruptcy and sending false information about consumers to credit reporting companies, in violation of the Consumer Financial Protection Act (CFPA) and the Fair Credit Reporting Act. As a result of PHEAA’s alleged practices, borrowers are forced to either pay debt they do not owe or risk being hit with negative information on their credit reports and default due to the purported non-payment. The CFPB’s lawsuit asks the court to order PHEAA to stop its illegal conduct, provide redress to borrowers it has harmed, and pay a civil penalty.

Notably, this lawsuit follows a prior complaint and proposed stipulated judgments filed by the CFPB against PHEAA and National Collegiate Student Loan Trusts (the Trusts) just 25 days earlier. The stipulated judgments filed by the CFPB on May 6, 2024, if approved (briefing to continue until at least June 28, 2024), would require the PHEAA and the Trusts to pay more than $5 million for student loan servicing failures, including failing to provide accurate information to borrowers and incorrectly denying forbearance requests. In addition to certain affirmative obligations, the Trusts are prohibited from directly or indirectly violating sections 1031 (prohibiting unfair, deceptive, abusive acts and practices) and 1036 (prohibiting violating a federal consumer financial law) of the CFPA with respect to certain borrower requests.

Why Is It Important?

The proposed stipulated judgments conspicuously lack one important feature – they do not provide for a termination date. While certain administrative provisions contain time limits (such as 5-year notification and recordkeeping requirements), the stipulated judgments effectively act as a permanent injunction against PHEAA and the Trusts. In other words, if, at any point in the future, PHEAA were to violate the Consumer Financial Protection Act, then PHEAA would be liable for violating the stipulated judgment – and, subsequently, at risk of being branded a “repeat offender” by the CFPB. Conveniently, just last week, the CFPB finalized a rule to establish a registry to detect and deter corporate offenders that have broken consumer laws and are subject to federal, state, or local government or court orders.

What Do I Need to Do?

Institutions within the CFPB’s jurisdiction should be aware of the CFPB’s actions and present any applicable legal defenses as to why an indefinite contract may be deemed unenforceable in court. Further, institutions should enhance their compliance management systems to mitigate risk and ensure they do not end up on the CFPB’s repeat offender list.

CFPB Issues FCRA Advisory Opinions Addressing Background Screenings and Credit File Sharing Practices

By ,

What Happened?

On January 11, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued two separate advisory opinions interpreting consumer reporting agencies’ (“CRAs”) obligations under the Fair Credit Reporting Act (“FCRA”). First, the Bureau issued an advisory opinion on background check reports, which highlights that such reports must be complete, accurate, and free of information that is duplicative, outdated, expunged, sealed, or otherwise legally restricted from public access (the “Background Screening Opinion”). The Bureau’s second advisory opinion addresses file disclosure obligations under the FCRA, and “highlights that people are entitled to receive all information contained in their consumer file at the time they request it, along with the source or sources of the information contained within, including both the original and any intermediary or vendor source” (the “File Disclosure Opinion”).  The Bureau issued the advisory opinions to “ensure that the consumer reporting system produces accurate and reliable information and does not keep people from accessing their personal data.”

Why Is It Important?

The Background Screening Opinion

Section 607(b) of the FCRA requires that CRAs “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.” The Background Screening Opinion asserts that “[i]n many instances, background screening reports contain inaccurate information about consumers,” such as information about the wrong consumer, information that is duplicative, or that omits existing disposition information. The Bureau also found that some background screening reports “include arrests, convictions, or other court records that should not be included because they have been expunged or sealed or otherwise legally restricted from public access.”

Accordingly, the CFPB issued the Background Screening Opinion to “underscore obligations that the FCRA imposes when background screening reports are provided and used.” Specifically, the opinion affirms that CRAs must comply with their FCRA obligation to “follow reasonable procedures to assure maximum possible accuracy” under section 607(b). Specifically, the Background Screening Opinion provides that:

  • A CRA that reports public record information does not comply with section 607(b) if the CRA does not have reasonable procedures in place to ensure that the CRA:
    • does not report duplicative information or information that has been expunged, sealed, or otherwise legally restricted from public access in a manner that would prevent the user from obtaining it directly from the government entities that maintain the records, and
    • includes any existing disposition information if it reports arrests, criminal charges, eviction proceedings, or other court filings.
  • When CRAs include adverse information in consumer reports, the occurrence of the adverse event starts the running of the reporting period for adverse items under FCRA 605(a)(5), which is not restarted or reopened by the occurrence of subsequent events.
  • A non-conviction disposition (i.e., a dismissal or a similar disposition of criminal charges such as dropped charges or an acquittal) of a criminal charge cannot be reported beyond the 7-year period that begins to run at the time of the charge.

Accordingly, the Background Screening Opinion provides that CRAs “thus must ensure that they do not report adverse information beyond the reporting period” in section 605(a)(5) of the FCRA “and must at all times have reasonable procedures in place to prevent reporting of information that is duplicative or legally restricted from public access and to ensure that any existing disposition information is included if court filings are reported.”

The File Disclosure Opinion

Under the FCRA, CRAs are generally required to disclose to consumers all information in their file upon request. Specifically, section 609(a) of the FCRA provides that, upon request, a CRA must clearly and accurately disclose to the consumer “[a]ll information in the consumer’s file at the time of the request,” including the sources of the information. A “file” is defined as “all of the information on that consumer that is recorded and retained by a [CRA], regardless of how the information is stored.”

The File Disclosure Opinion clarifies that an individual requesting their files:

  • Only needs to make a request for their report and provide proper identification – they do not need to use specific language or industry jargon to be provided their complete file.
  • Must be provided their complete file with clear and accurate information that is presented in a way an average person could understand.
  • Must be provided the information in a format that will assist them in identifying inaccuracies, exercising their rights to dispute any incomplete or inaccurate information, and understanding when they are being impacted by adverse information.
  • Must be provided with the sources of the information in their file, including both the original and any intermediary or vendor source or sources.

What Do You Need to Do?

These advisory opinions follow President Biden’s October, 2023 Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (the “EO”).  Among other obligations, the EO encourages the CFPB to consider using its authority to use appropriate technologies including AI tools to ensure compliance with FCRA to address discrimination against protected groups.  These advisory opinions serve as a reminder of the importance of ensuring compliance with the FCRA, and that the use of data can lead to discriminatory outcomes under Federal law.

CFPB Touts 2023 Greatest Hits and Casts a Line for Enforcement Hires

By , ,

What Happened?

Earlier this week, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) released a blog post touting its 2023 successes in safeguarding “household financial stability” through the levying of fines and filing of lawsuits. The Bureau highlighted seven enforcement cases:

  • Protecting Servicemembers from Illegal High-Interest Loans and False Advertising: In February 2023, the CFPB ordered an auto title loan lender and several affiliated entities to pay a total of $15 million in penalties and consumer redress to resolve allegations that the entities violated the Military Lending Act. That same month, the CFPB permanently banned a California-based mortgage lender from the mortgage lending industry and imposed a $1 million penalty on the lender for repeatedly violating a 2015 consent order by, among other things, allegedly continuing to send advertisements to military families that led recipients to believe the company was affiliated with the U.S. government.
  • Taking Action for Illegally Charging Junk Fees, Withholding Credit Card Rewards, and Operating Fake Bank Accounts: In July 2023, the CFPB ordered a national bank to pay a more than $190 million in penalties and consumer redress to resolve allegations that the bank double dipped on insufficient funds fees imposed on customers, withheld reward bonuses promised to credit card customers, and misappropriated sensitive personal information to open accounts without customer knowledge or authorization. The Office of the Comptroller of the Currency (“OCC”) also found that the bank’s double-dipping on insufficient funds fees was illegal and ordered the bank to pay $60 million in penalties.
  • Intentional Illegal Discrimination Against Armenian Americans: In November 2023, the CFPB ordered a national bank to pay $25.9 million in fines and consumer redress for allegedly “intentionally and illegally discriminating against credit card applicants the bank identified as Armenian American.” 
  • Taking Action to Stop Loan Churning: In August 2023, the CFPB sued a high-cost installment loan lender and several of its wholly owned, state-licensed subsidiaries, for allegedly violating the Consumer Financial Protection Act by “illegally churning loans to harvest hundreds of millions in loan costs and fees.”
  • Illegal Rental Background Check and Credit Reporting Practices: In October 2023, the CFPB and the Federal Trade Commission (“FTC”) sued a rental screening subsidiary of a national consumer credit reporting agency for allegedly violating the Fair Credit Reporting Act by failing to take steps to ensure the rental background checks that landlords use to decide who gets housing were accurate and withholding from renters the names of third parties that were providing the inaccurate information. The resulting court order required the company to pay $15 million in penalties and make significant improvements to how it reports evictions. Separately, the CFPB ordered the national consumer reporting agency to pay $8 million in consumer redress and penalties for failing to timely place or remove security freezes and locks on consumer credit reports and for falsely telling certain consumers that their requests were processed.
  • Stopping unlawful junk advance fees for credit repair services: In August 2023, the CFPB entered into a settlement with a credit repair service conglomerate that imposed a $2.7 billion judgment and banned the companies from telemarketing credit repair services for 10 years.

The CFPB touted that in 2023 it secured over $3.5 billion in total fines and compensation from financial services “lawbreakers” in 2023.  The CFPB largely attributed these cases to the creation of a “team of technologists” working on emerging technologies to “enforce the law when emerging technologies harm consumers.”

Why is this Important?

The CFPB filed 29 enforcement actions in 2023 but selected the seven highlighted above, possibly signaling that junk fees, fair lending, servicemember protections, and credit reporting, among others, remain on the Bureau’s radar. We do not expect the CFPB to issue any sort of accounting covering enforcement cases which it dropped in 2023.

Interestingly, the CFPB also used this post to recruit new “cross-disciplinary” employees (both attorneys and non-attorneys) for its Office of Enforcement and reiterated that the Bureau is “significantly expanding [its] enforcement capacity in 2024 to build on [its] achievements so far.” The roles are located in the Bureau’s Washington, D.C. headquarters and its regional offices in Atlanta, Chicago, New York and San Francisco.  The last of the associated employment information virtual sessions occurred on January 30, 2024.  Strangely, the CFPB only released this blog post the day before the last of these three sessions and it is not known how that late notice may impact application numbers.

What Do You Need to Do?

Given that the CFPB is telegraphing those issues that are top of mind for the Bureau as well as its emphasis on ramping up enforcement in 2024, now is a good time for companies to review their compliance management programs and make any necessary enhancements to policies, procedures, processes, and systems to ensure compliance with all applicable consumer financial laws and regulations. In particular, institutions should revisit their compliance monitoring programs to determine whether any updates are needed to minimize enforcement risk.

HELOCs On the Rise: Is Your Servicing CMS Ready?

By ,

A&B ABstract:

The Consumer Financial Protection Bureau (“CFPB” or “Bureau”) has moved to clarify its regulatory authority at a time when the economic climate is ripe for a resurgence in HELOC lending. In an amicus brief filed by the CFPB on November 30, 2022 (the “Amicus Brief”), the Bureau acknowledged that its Mortgage Servicing Rules, which, in 2013, amended Regulation X, RESPA’s implementing regulation, and Regulation Z, TILA’s implementing regulation, do not apply to home equity lines of credit (“HELOCs”).  This is consistent with the Bureau’s guidance in the preamble to the CFPB Mortgage Servicing Rules under RESPA, wherein the Bureau recognized that HELOCs have a different risk profile, and are serviced differently, than first-lien mortgage loans, and that many of the rules under Regulation X would be “irrelevant to HELOCs” and “would substantially overlap” with the longstanding protections under TILA and Regulation Z that apply to HELOCs.

During this past refinance boom, consumers refinanced mortgage loans at record rates. Moreover, according to a recent report by the Federal Reserve, consumers are sitting on nearly 30 trillion dollars in home equity.  HELOCs allow consumers the opportunity to extract equity from their homes without losing the low interest rate on their first-lien loan. Generally, a HELOC is a revolving line of credit that is secured by a subordinate mortgage on the borrower’s residence that typically has a draw period of 5 or 10 years.  At the end of the draw period, the outstanding loan payment converts to a repayment period of 5 to 25 years with interest and principal payments required that fully amortize the balance.

Issues to Consider in Servicing HELOCs

Servicing HELOCs raise unique issues given the open-end nature of the loan, the typical second lien position, and the different regulatory requirements.  HELOC servicers will need to ensure their compliance management systems (“CMS”) are robust enough to account for a potential uptick in HELOC lending. Among many other issues, servicers will want to ensure their operations comply with several regulatory requirements, including:

Offsets: In the Amicus Brief, the CFPB argues that HELOCs accessible by a credit card are subject to the provisions of TILA and Regulation Z that prohibit card issuers from using deposit account funds to offset indebtedness arising out of a credit card transaction.

Disclosures: Long before the CFPB Mortgage Servicing Rules, TILA and Regulation Z contained disclosures applicable to HELOCs. As a result, the provisions of the CFPB Mortgage Servicing Rules under Regulation Z governing periodic billing statements, adjustable-rate mortgage (ARM) interest rate adjustment notices, and payment crediting provisions do not apply to HELOCs as these provisions are specifically limited to closed-end consumer credit transactions. However, the payoff statement requirements under Regulation Z are applicable both to HELOCs and closed-end consumer credit transactions secured by a dwelling. In addition to certain account-opening disclosures, a HELOC creditor (or its servicer) must make certain subsequent disclosures to the borrower, either annually (e.g., an annual statement) or upon the occurrence of a specific trigger event, such as the addition of a credit access device, a change in terms or change in billing cycle, or a notice to restrict credit. It is also worth noting that Regulation Z’s mortgage transfer notice (commonly referred to as the Section 404 notice) applicable when a loan is transferred, sold or assigned to a third party, applies to HELOCs. In contrast, RESPA’s servicing transfer notice does not apply to HELOCs.

Periodic Statements: TILA and Regulation Z contain a different set of periodic statement requirements, predating the CFPB Mortgage Servicing Rules, which are applicable to HELOCs. Under TILA, a servicer must comply with the open-end periodic statement requirements. That is true even if the HELOC has an open-end draw period followed by a closed-end repayment period, during which no further draws are permitted. Such statements can be complex given that principal repayment and interest accrual vary based on draws; there will be a conversion to scheduled amortization after the draw period ends; and balloon payments may be required at maturity, resulting in the need for servicing system adjustments.

Billing Error Resolution: Instead of having to comply with the Regulation X requirements for notices of error, HELOCs are subject to Regulation Z’s billing error resolution requirements.

Crediting of Payments: A creditor may credit a payment to the consumer’s account, including a HELOC, as of the date of receipt, except when a delay in crediting does not result in a finance or other charge, or except as otherwise provided in 12 C.F.R. § 1026.10(a).

Restrictions on Servicing Fees: Regulation Z restricts certain new servicing fees that may be imposed, where such fees are not provided for in the contract, because the credit may not, by contract or otherwise, change any term except as provided in 12 C.F.R § 1026.40.  With the CFPB’s increased focus on fees, this provision may be an area of focus for the Bureau and state regulators.

Restriction on Changing the APR: The creditor may not, by contract or otherwise, change the APR of a HELOC unless such change is based on an index that is not under the creditor’s control and such index is available to the general public.  However, this requirement does not prohibit rate changes which are specifically set forth in the agreement, such as stepped-rate plans or preferred-rate provisions.

Terminating, Suspending or Reducing a Line of Credit: TILA and Regulation Z restrict the ability of the creditor to prohibit additional extensions of credit or reduce the credit limit applicable to an agreement under those circumstances set forth in 12 C.F.R § 1026.40.  Similarly, TILA and Regulation Z impose restrictions on when the creditor may terminate and accelerate the loan balance.

Rescission: Similar to closed-end loans, the consumer will have a right of rescission on a HELOC; however, the right extends beyond just the initial account opening. During the servicing of a HELOC, the consumer has a right of rescission whenever (i) credit is extended under the plan, or (ii) the credit limit is increased. But there is no right of rescission when credit extensions are made in accordance with the existing credit limit under the plan. If rescission applies, the notice and procedural requirements set forth in TILA and Regulation Z must be followed.

Default: Loss mitigation and default recovery actions may be limited by the firstien loan. That’s because default or acceleration of the first-lien loan immediately triggers loss mitigation and default recovery to protect the second-lien loan.  The protection of the second-lien loan may involve advancing monthly payments on the first-lien loan.  Foreclosure pursued against the first-lien loan will trigger second lien to participate and monitor for protection and recovery. Even though not applicable to HELOCs, some servicers may consider complying with loss mitigation provisions as guidelines or best practices.

ECOA and FCRA: Terminating, suspending, or reducing the credit limit on a HELOC based on declining property values could raise redlining risk, which is a form of illegal disparate treatment in which a lender provides unequal access to credit or unequal terms of credit because of a prohibited characteristic of the residents of the area in which the credit seeker resides or will reside or in which the residential property to be mortgaged is located. Thus, lenders and servicers should have policies and procedures in place to ensure that actions to reduce, terminate or suspend HELOCs are carried out in a non-discriminatory manner.  Relatedly, the CFPB’s authority under the Dodd-Frank Act to prohibit unfair, deceptive or abusive acts or practices will similarly prohibit certain conduct in connection with the servicing of HELOCs that the CFPB may consider to be harmful to consumers.  It is also important to remember that ECOA requires that a creditor notify an applicant of action taken within 30 days after taking adverse action on an existing account, where the adverse action includes a termination of an account, an unfavorable change in the terms of an account, or a refusal to increase the amount of credit available to an applicant who has made an application for an increase.  Similar to ECOA, FCRA also requires the servicer to provide the consumer with an adverse action notice in certain circumstances.

State Law Considerations: And let’s not forget state law issues. While most of the CFPB’s Mortgage Servicing Rules do not apply to HELOCs, many state provisions may cover HELOCs.  As most HELOCs are subordinate-lien loans, second lien licensing law obligations arise. Also, sourcing, processing and funding draw requests could implicate loan originator and/or money transmitter licensing obligations. Also, at least one state prohibits a licensee from servicing a usurious loan.  For HELOCs, the issue is not only the initial rate but also the adjusted rate (assuming it is an ARM).  There may also be state-specific disclosure obligations, as well as restrictions on product terms (such as balloon payments or lien releases), fees, or credit line access devices, to name a few.

Takeaway

The servicing of HELOCs involve many of the same aspects as servicing first-lien residential mortgage loans.  However, because of the open-end credit line features and the typical second-lien position, there are several unique aspects to servicing HELOCs.  And, because there are no industry standard HELOC agreements, the terms of the HELOC (e.g., the length of draw and amortization periods, interest-only payment features, balloon, credit access, etc.) can vary greatly.  The economic climate is poised for a resurgence in home equity lending.  Now is the time to ensure your CMS is up to the task.