Alston & Bird Consumer Finance Blog

Fair Credit Reporting Act (FCRA)

Federal and State Guidance Regarding the COVID-19 Pandemic

By

A&B Abstract:

The Alston & Bird Consumer Finance team recognizes that this is a period of great uncertainty both for the nation and our clients. We have received numerous questions and concerns regarding what federal and state regulators are doing in light of the COVID-19 pandemic and how their response may affect day-to-day business. We have been monitoring both the federal and state guidance that has been released in response to the COVID-19 pandemic and have provided a summary of what has been released thus far.  We are continuing to monitor for new developments and will update this blog post accordingly.

Federal Guidance

Federal Administrative Agencies:

  • HUD/FHA: On March 18, 2020, HUD released Mortgage Letter 2020-4, which placed a foreclosure and eviction moratorium on all FHA-insured Single Family mortgages for a period of 60 days. The moratorium applies both to the initiation of foreclosures and to the completion of foreclosures in process.  Similarly, evictions of persons from properties secured by FHA-insured single-family mortgages are suspended for 60 days.  Deadlines of the first legal action and reasonable diligence timelines for Home Equity Conversion Mortgages are extended by 60 days.  In light of the broad language of the Mortgagee Letter, it does not appear that HUD intended to carve out vacant and abandoned properties from the foreclosure moratorium.  HUD has informally confirmed this interpretation.
  • USDA: On March 19, 2020, the USDA issued SFH Guaranteed Servicing Notice (March 19, 2019) which, effective immediately, provides that borrowers with USDA guaranteed loans are subject to a moratorium on foreclosure for a period of 60 days. The moratorium applies to the initiation of foreclosures and to the completion of foreclosures in process.  In addition, deadlines of the first legal action and reasonable diligence timelines are extended by 60 days. Similarly, evictions of persons from properties secured by USDA guaranteed loans are also suspended for a period of 60 days.
  • VA: On March 18, 2020, the VA issued Circular 26-20-8, which strongly encourages loan holders to establish a sixty-day moratorium beginning March 18, 2020, on completing pending foreclosures or imitating new foreclosures on loans.  Additionally, due to the widespread impact of COVID-19, loan holders should consider the impact of completing an eviction action when choosing to retain the property instead of conveying to VA.  VA requests holders not to expose Veterans and their families to additional risk through an eviction, if at all feasible.  Previously, on March 16, 2020, the VA issued Circular 26-20-7, which provides, in relevant part, that (1) lenders should have continuity of operation plans in place to support its ongoing ability to conduct business operations in the event of an interruption to business operations and processes; (2) servicers may employ the following relief to veterans impacted by COVID-19: (a) forbearance, (b) late charge waivers on affected loans, and (c) suspension of credit bureau reporting on affected loans; and (3) appraisers should continue to conduct business as outlined in Chapter 10 of the M26-7, Lenders Handbook.

Federal Government-Sponsored Entities:

  • Fannie Mae: Fannie Mae released a Bulletin for borrowers detailing its response to the COVID-19. Fannie Mae has placed a moratorium on foreclosure sales and evictions for sixty (60) days. In conjunction with the Bulletin, Fannie Mae also issued Lender Letter LL-2020-02, which sets forth guidance for lenders in responding to COVID-19.  The letter provides guidance for lenders concerning topics such as (1) forbearance plan eligibility for borrowers, (2) evaluating borrowers for mortgage modifications, (3) credit bureau reporting, and (4) suspension of foreclosure sales.
  • Freddie Mac: Freddie Mac released a Bulletin for mortgage servicers detailing its response to the COVID-19 and new guidelines for Freddie Mac mortgage servicers during the COVID-19 pandemic. Similar to Fannie Mae, the Bulletin provides guidance for lenders concerning topics such as (1) forbearance plan eligibility for borrowers, (2) evaluating borrowers for mortgage modifications, (3) credit bureau reporting, and (4) suspension of foreclosure sales.

State Guidance

State Legislatures:

  • Enacted Legislation and Executive Orders
    • District of Columbia: On March 17, 2020 Mayor Bowser signed the COVID-19 Response Emergency Amendment Act of 2020, which expires on June 15, 2020. The act provides for, among other things, a prohibition on evictions for as long D.C. is under a public health emergency.
    • New Hampshire: On March 17, 2020, New Hampshire Governor Christopher Sununu issued Emergency Order #4 pursuant to Executive Order 2020-04, which (1) prohibits an owner of non-restricted property or restricted property, as those terms are defined in RSA 540:1-a, from initiating eviction proceedings under RSA 540, and (2) prohibits all judicial and non-judicial foreclosure actions under RSA 479 or any other applicable law, rule or regulation, during the State of Emergency declared in Executive Order 2020-04.
    • New Jersey: The New Jersey Legislature passed Assembly Bill 3859, which allows the New Jersey governor to issue an executive order during a Public Health Emergency, pursuant to the New Jersey Emergency Health Powers Act, prohibiting the removal of any lessee, tenant, or homeowner from a residential property as the result of an eviction or foreclosure action.  Governor Philip Murphy subsequently issued Executive Order No. 106, which prohibits any lessee, tenant, homeowner or any other person from being removed from a residential property as a result of an eviction or foreclosure proceeding.
    • Kansas: On March 17, 2020, Governor Laura Kelly issued Executive Order No. 20-06, which orders all financial institutions operating in Kansas to temporarily suspend the initiation of any mortgage foreclosure efforts or judicial proceedings and any commercial or residential eviction efforts or judicial proceedings until May 1, 2020.
  • Pending Legislation
    • Massachusetts: The Massachusetts Legislature is considering House Docket No. 4935, which, if enacted, would impose a moratorium on evictions and foreclosures during the COVID-19 emergency.
    • Virginia: Currently, Virginia House Bill 340 is on Governor Northam’s desk, and he has until April 11th to take action on the bill. If passed, the bill would provide foreclosure and eviction protections for federal workers upon the closure of the federal government.

State Regulators:

In addition to state legislation and executive order, state regulators across the country have released guidance to regulated entities concerning the COVD-19 pandemic and indicating what the state regulators are doing in response. The Nationwide Multistate Licensing System (“NMLS”) has compiled state regulator guidance issued in response to COVID-19. The NMLS has posted this document to their website, and it is updated regularly. Below, we have included a summary of the information released by state regulators as of (March 20, 2020):

  • Alaska Department of Commerce, Community & Economic Development (“Department”): The Department posted guidance on its website stating that licensed mortgage-broker lenders may require licensed mortgage loan originators to work and undertaken licensed activities from home. The Department stated that it would not take administrative or other punitive action against a licensed mortgage loan originator or the sponsoring licensed company if the mortgage loan originator conducts activities requiring licensure from home. This guidance does not have an expiration date but is subject to revision.
  • Alabama State Banking Department (“Department”): The Department released guidance for any entity licensed by the Department. The Department instructed that licensees need to comply with all applicable statutes, regulations, and data security regulations. The Department noted that not all licenses may be able to work from home if their home location does comply with the applicable statutes, regulations, and data security regulations. This guidance does not have an expiration date but is subject to revision.
  • Arkansas Securities Department (“Department”): The Department released guidance for licensed mortgage loan companies, mortgage loan officers, and branch managers. The Department stated that mortgage loan companies may have mortgage loan officers work from home at unlicensed locations as long as state and federal data security standards are upkept. This guidance is in effect until June 1, 2020 but is subject to revision.
  • Colorado Department of Real Estate (“Department”): The Department released guidance that since Colorado law is silent as to the location at which mortgage loan originators are required to work. Therefore, the Department instructed that licensed mortgage loan originators may work from home. This guidance does not have an expiration date but is subject to revision.
  • Connecticut Department of Banking (“Department”): The Department released guidance for all consumer credit licensees. The Department is allowing consumer credit licensees to work from home during the CORVID-19 pandemic as long as the licensee follows applicable law, notifies the Department in writing, and that no licensable activity can take place at home with a member of the public. This guidance is in effect until April 30, 2020.
  • Iowa Division of Banking (“Division”): The Division released guidance for all entities that it regulates. The Division stated that all licensees may work from home during the CORVID-19 pandemic even if their home is an unlicensed office as long as appropriate data security measures are put into place. This guidance does not have an expiration date but is subject to revision.
  • Idaho Department of Finance (“Department”): The Department released guidance for all entities that it regulates. The Department is allowing licensed and registered entities to allow their employees to work from home even if that location is not a licensed location. Licensed and registered entities must keep up data security, may not advertise the unlicensed location as a licensed location, and may not meet with consumers or have consumers come to an unlicensed location. This guidance is in effect until June 30, 2020 but is subject to revision.
  • Indiana Department of Financial Institutions (“DFI”): The DFI issued temporary guidance offering licensees the ability to take precautions deemed necessary to avoid the risk of exposure or to comply with requirements of voluntary or mandated quarantines and is effective through June 30, 2020, unless otherwise modified or withdrawn.
  • Kansas Office of the State Bank Commissioner (“Commissioner”): The Commissioner released guidance for all entities that it regulates. The Commissioner is allowing licensed and registered entities to allow employees to work from home even if that location is not a licensed location. Licensed and registered entities must keep up adequate data security protection and may not take physical records out of the licensed location if they have confidential information. This guidance does not have an expiration date but is subject to revision.
  • Kentucky Department of Financial Institutions (“DFI”): The DFI released guidance to Kentucky-chartered financial institutions recommending that such institutions take certain actions in response to the COVID-19 pandemic.  Such actions include, among others, (1) working with customers affected by the coronavirus to meet their financial needs, which may include waiving overdraft and/or minimum balance fees, restructuring existing loans, extending loan repayment terms, and easing terms for new loans, (2) managing COVID-19 related staffing issues, and (3) making sure business continuity plans include pandemic planning.
  • Louisiana Office of Financial Institutions Non-Depository Division (“Division”): The Division released guidance for all licensed mortgage lenders, brokers, and originators. The Division is allowing entities to close their licensed locations and work from home, but entities that do so much provide the Division with notice of the new location. This guidance is in effect until April 9, 2020, but is subject to revision.
  • Massachusetts Division of Banks (“Division”): The Division released guidance for all licensed entities. The Division is allowing licensed entities to work from home as long as the unlicensed location is not advertised to the public and licensed entities do not meet with consumers at unlicensed locations. This guidance does not have an expiration date but is subject to revision.
  • Maryland Commissioner of Financial Regulation (“Commissioner”): The Commissioner released guidance for all licensed mortgage brokers, lenders, and servicers. The Commissioner is allowing licensed mortgage brokers, lenders, and servicers to work from home provided that the work would not require the location to be licensed as a branch office under Maryland law. This guidance does not have an expiration date but is subject to revision.  In addition, the Commissioner issued an Industry Advisory on March 19, 2020, advising the industry of Maryland Court of Appeals Chief Judge Mary Ellen Barbera’s March 18, 2020 order, which immediately stays all residential foreclosure and eviction actions in Maryland.
  • Michigan Department of Insurance and Financial Services (“DIFS”): The DIFS is seeking information regarding responses to the COVID-19 pandemic from all Michigan consumer finance licensees and registrants.  Responses were due on Friday, March 20, 2020 by 5:00pm and were required to address  whether (1) the licensee/registrant had temporarily or permanently reduced any services provided in their office locations or by your business, (2) whether the licensee/registrant had implemented a program to allow staff to work remotely and, if so, certain additional information about such program, (3) whether and in what way the licensee/registrant had communicated with their customers to provide them with information regarding any changes the licensee/registrant had implemented in response to the pandemic and how those changes may affect them, and (4) whether the licensee/registrant had proactively reached out to their customers to provide them with information concerning what they should do if they are having trouble making their loan payment.
  • Minnesota Department of Commerce (“Department”): The Department has issued separate guidance to Minnesota Industrial Loan & Thrift Companies, Licensed Mortgage Originators and Servicers (companies and individuals), Licensed Non-Depository Financial Institutions, and Regulated Loan Companies.  The guidance is intend to address certain issues and questions related to changes in branch locations or employees working from home as a result of the COVID-19 pandemic.
  • Mississippi Department of Banking and Consumer Finance (“DBCF”): The DBCF released guidance for licensed mortgage loan originators. The DBCF is allowing licensed mortgage loan originators to work from home provided that data security measures are put in place and the licensed mortgage loan originator does not have consumers meet with the licensed mortgage loan originator at their home. This guidance does not have an expiration date but is subject to revision. The DBCF also issued separate guidance to Mississippi Mortgage Licensees and Consumer Finance Licensees regarding industry pandemic preparedness and outline flexibility in DBCF processes in response to the COVID-19 pandemic.
  • Montana Division of Banking and Financial Institutions (“DBFI”): On March 19, 2020, the DBFI issued a Supervisory Memorandum on Operations During Novel Coronavirus Situation, in which the DBFI provides the industry with answers to FAQs regarding preferred methods of communication as well as notification requirements for branch and loan production office closures and hours changes during the COVID-19 pandemic.
  • Nebraska Department of Baking and Finance (“DBF”): The DBF released guidance for licensed mortgage bankers and sponsored/licensed mortgage loan originators. The DBF is allowing mortgage bankers and mortgage loan originators to work from home provided that they notify the DBF and the DBF approves the new location. All physical documents must remain at a licensed location, but licensees may access information digitally. This guidance is in effect until December 31, 2020 but is subject to revision.
  • New Hampshire Banking Department (“Department”): The Department released guidance for licensed mortgage loan originators. The Department is allowing licensed mortgage loan originators to work from home even if that location further than 100 miles from their supervisory office as would otherwise be required under New Hampshire law. This guidance does not have an expiration date but is subject to revision.
  • New Mexico Financial Institutions Division (“Division”): The Division released guidance for all mortgage licensees. The Division is allowing all mortgage licensees to work from home provided that data security measures are put in place and no mortgage licensee advertise from or meet with consumers from their home if it is an unlicensed location. This guidance is in effect until May 31, 2020 but is subject to revision.
  • Nevada Division of Mortgage Lending (“Division”): The Division released guidance for all licensed mortgage companies and mortgage loan originators. The Division is allowing licensed mortgage companies and mortgage loan originators to work from home even if it would be considered an unlicensed location. This guidance is in effect until May 31, 2020 but is subject to revision.
  • New York Department of Financial Services (“NY DFS”): The NY DFS has asked licensees to submit plans to the NY DFS on how they plan to address the CORVID-19 pandemic. In addition, the NY DFS issued guidance to New York State regulated and exempt mortgage servicers regarding support for borrowers impacted by COVID-19.
  • Oklahoma Department of Consumer Credit (“Department”): The Department has released guidance for licensed mortgage loan originators and their employees. The Department has stated that licensed mortgage loan originators and their employees may work from home as long as they put in place appropriate data security measures. This guidance is in effect until April 30, 2020 but is subject to revision.
  • Oregon Division of Financial Regulation (“Division”): The Division has released guidance for all licensed entities. Licensed entities can work from home provided that the entity provides notice to the department, the entity has procedures in place for data security and more broadly for working from home, and no consumers at met with at unlicensed locations. Mortgage loan originators must keep all physical records at a licensed location. This guidance is in effect until April 30, 2020 but is subject to revision.
  • Pennsylvania Department of Banking and Securities (“Department”): The Department issued FAQs related to compliance with Governor Wolf’s Order that non-life-sustaining businesses shut down their physical operations.
  • Puerto Rico Office of the Commissioner of Financial Institutions (“OCFI”): The OCFI issued Circular Letter CIF Number CC-2020-002 to all financial institutions required to file reports with the OCFI, which extends the deadlines for filing such reports in light of the governmental closure ordered by Governor Garced, due to the State of Emergency declared in response to COVID-19.
  • Rhode Island Division of Banking (“Division”): The Division has released guidance for licensed mortgage loan originators, mortgage lenders, loan brokers, and exempt company registrants. The Division is allowing licensed mortgage loan originators to work from home if they and their sponsoring entities have adequate data security measure in place. Consumers are not allowed to visit any unlicensed location including the home of a mortgage loan originator if it is not a licensed location. This guidance is in effect until April 30, 2020 but is subject to revision.
  • South Carolina Consumer Finance Division of the Board of Financial Institutions (“Division”): The Division has released guidance for licensed mortgage origination and servicing companies. Licensed mortgage origination and servicing companies can work from home provided that they have a contingency plan in place, adequate data security measures, and do not remove any physical records from licensed offices. This guidance is in effect until April 30, 2020 but is subject to revision.
  • South Dakota Division of Banking (“Division”): The Division had released guidance for licensed mortgage loan originators and their sponsoring entities. Licensed mortgage loan originators can work from home provided that they have adequate data security measures in place and do not take any physical records out of licensed locations. This guidance is in effect until June 5, 2020 but is subject to revision.
  • Texas Office of Consumer Credit Commissioner (“Commissioner”): The Commissioner has released guidance for licensed regulated lenders. All licensed regulated lenders can work from home provided that they prepare a written plan describing the steps it is taking, have adequate data security measures, and ensure that all physical records remain in a licensed location. This guidance is in effect until May 31, 2020 but is subject to revision.
  • Texas Department of Savings and Mortgage Lending (“Department”): The Department has issued guidance temporarily suspending any requirement that a physical office be open to the public during posted normal business hours.  Additionally, licensed mortgage loan originators may work from home or another remote location, whether located in Texas or another state, even if the home or remote location is not a licensed branch.  The guidance provides certain requirements in the event that a licensed residential mortgage loan originator or mortgage loan staff work remotely.  These allowances do not amend Texas Financial Code, Chapter 156 and/or 157 and are being allowed strictly due to the COVID-19 pandemic.
  • Vermont Department of Financial Regulation (“Department”): The Department has released guidance for licensed mortgage loan originators and their sponsoring entities. All licensed mortgage loan originators may work from home provided that no licensable activity is taken place with a consumer at an unlicensed location, adequate data security measures are put into place, and a plan is contingency plan is put in place. This guidance does not have a current expiration date but is subject to revision.
  • Washington Department of Financial Institutions (“Department”): The Department released guidance for licensed mortgage loan originators and their sponsoring entities. All licensed mortgage loan originators may work from home provided that adequate data security measures are put in place. Consumers are not allowed to visit licensed mortgage loan originators at unlicensed locations. This guidance is effective until June 5, 2020 but is subject to change.  The DFI also issued guidance to Washington regulated and exempt residential mortgage loan servicers regarding support for borrowers impacted by COVID-19.  The guidance urges such institutions to take reasonable and prudent actions, subject to the requirements of any related guarantees or insurance policies, to support those adversely impacted by COVID-19.
  • Wisconsin Department of Financial Institutions (“Department”): The Department released guidance for licensed mortgage loan originators. All licensed mortgage loan originators may work from home provided that their sponsoring entity notify the Department, a list is kept of all mortgage loan originators who elect to work from home where the home is not a licensed branch, appropriate data security measures are taken, and no physical records are present at unlicensed locations. Consumers are not allowed to visit unlicensed locations. This guidance does not have a current expiration date but is subject to revision.
  • West Virginia Division of Financial Institutions (“DFI”): The DFI issued guidance to West Virginia Regulated Financial Institutions allowing employees of regulated entities to temporarily work from home or some other remote location approved by the financial institutions, whether located in West Virginia or another state. Regulated financial institutions may permit employees to work at home or from a designated remote location, to the extent that the position allows, as long as privacy and security issues may be adequately addressed.  The guidance is in effect from March 13, 2020 through May 1, 2020.

Takeaway

As the federal government and the states work feverishly to address the growing concerns surrounding the COVID-19 pandemic, members of the financial services industry must stay abreast of the rapid changes in the legal and regulatory landscape.  We will continue to monitor for new developments and will update this post to highlight additional federal or state guidance that is issued.

FTC Announces Settlement with Mortgage Broker for Publishing Personal Information about Consumers

By

A&B ABstract:

On January 7, 2020, the Federal Trade Commission (FTC) announced a complaint and settlement against California mortgage broker Mortgage Solutions FCS, doing business as Mount Diablo Lending, and its owner, Ramon Walker, (collectively, Mortgage Solutions).  The FTC’s complaint (Complaint) alleged that in response to negative Yelp reviews posted by applicants and customers, the company publicly posted sensitive personal information, including financial information, about those individuals gleamed that it gleaned from mortgage applications and credit report.  Specifically, according to the Complaint, that information included sources of income, payment and credit histories, taxes, family relationships and health. The FTC alleged that Mortgage Solutions’ actions violated the Fair Credit Reporting Act (FCRA), the Gramm Leach Bliley Act (GLBA) and Section 5 of the FTC Act. As part of the settlement, Mortgage Solutions will pay a $120,000 civil penalty for violating the FCRA.

Discussion

The Complaint, filed in the U.S. District Court for the Northern District of California by the U.S. Department of Justice on behalf of the FTC, alleges that between June 2015 and August 2016, defendant Walker published or caused to be published responses to negative consumer reviews about Mortgage Solutions’ services that appeared on the consumer review website, Yelp.com, that were publicly viewable on Yelp’s page for Mount Diablo Lending.  The Complaint also alleges that required privacy notices provided to customers were inadequate and were not followed, and that the company’s information security program was inadequate.   A summary of the FTC’s complaint counts follows:

Violations of the FCRA: 

The Complaint alleges that Mortgage Solutions impermissibly used consumer reports in violation of the FCRA.  According to the Complaint, some of the personal information that Mortgage Solutions publicly posted about consumers was information contained in consumer reports it obtained.  The FCRA allows use of consumer reports only for the permissible purposes identified in section 604(a) of the FCRA; however, public dissemination – such as Mortgage Solutions’ posting of consumers’ information on Yelp.com – is not a permissible purpose

Violation of the GLBA Privacy Rule (Regulation P): 

The Complaint alleges that Mortgage Solutions failed to provide a clear, conspicuous and accurate privacy notice and impermissibly disclosed non- public personal information about some of its customers in violation of the GLBA Privacy Rule.  The Privacy Rule requires, among other things, that a financial institution provide annually a clear and conspicuous notice to customers that accurately reflects the financial institution’s privacy policies and practices, including its security policies and practices.

According to the Complaint, from October 2012 until April 2018, Mortgage Solutions disseminated a privacy notice that omitted or misstated significant information. Among other things, the notice indicated that the only personal information collected by Mortgage Solutions is customers’ Social Security numbers and that Mortgage Solutions did not share this personal information with any third party for any reason. In fact, the company collected myriad types of sensitive personal information, including income information, credit histories, and dates of birth.  The Complaint further alleges that Mortgage Solutions’  posting of customer information on Yelp.com caused the privacy notice to be inaccurate, and additionally violated the Privacy Rule

Violation of the GLBA Safeguards Rule:

The Complaint alleges that  Mortgage Solutions failed for a period of time to develop and implement an information security program, and when it did implement a program, it fell short of regulatory standards.  The Safeguard’s Rule requires financial institutions to implement a comprehensive written “information security program” containing reasonable administrative, technical, and physical safeguards. It further requires that financial institutions regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures.

According to the Complaint, Mortgage Solutions did not have an information security program until September 2017 (in spite of being in business since at least 2012), and when it did finally implement a plan, the plan made no provision for regularly testing or assessing its own effectiveness.  Further, according to the complaint, Diablo failed to engage in such regular testing or assessment.

Violation of Section 5 of the FTC Act: 

The Complaint alleges that publicly posting consumers’ personal information was deceptive and unfair under Section 5 of the FTC Act.

Relief:

In addition to paying a $120,000 civil penalty, the terms of the settlement prohibit Mortgage Solutions from misrepresenting its privacy and data security practices; misusing credit reports; and improperly disclosing personal information to third parties. It also must implement a comprehensive data security program designed to protect the personal information it collects and obtain third-party assessments of its information security program every two years. Finally, the company must designate a senior corporate manager responsible for overseeing the information security program to certify compliance with the order every year.

Takeaways

The FTC is continuing to assert its authority against financial institutions within its jurisdiction, including its general authority to prevent unfair and deceptive acts or practice under the FTC Act, and its authority with respect to the FCRA and GLBA.

In addition, this case represents the FTC’s latest effort to crack down on companies who attempt to restrict or retaliate against consumers negative public reviews on social media and other public websites.  In 2019 the FTC announced five cases alleging violations of the Consumer Review Fairness Act, which bans form contract provisions that restrict a consumer’s ability to post reviews about a seller’s goods, services, or conduct. Those cases challenged illegal “confidentiality” or “non-disparagement” clauses that sometimes threatened consumers with financial penalties for posting reviews.

 

 

CFPB Issues New Edition of Supervisory Highlights

By

A&B ABstract:

 The Fall 2019 edition of the CFPB’s Supervisory Highlights focuses on credit reporting issues of interest.

Discussion

The Fall 2019 edition of Supervisory Highlights represents the second time the Consumer Financial Protection Bureau (“CFPB”)  has focused entirely on credit reporting.  With respect to furnishers, the Supervisory Highlights includes five categories of supervisory observations relating to compliance with the Fair Credit Reporting Act (“FCRA”) and its implementing Regulation V and associated compliance management system weaknesses.

Policies and Procedures

 Under Regulation V, a furnisher must establish and implement reasonable written policies and procedures regarding the accuracy and integrity of the consumer information it provides to consumer reporting companies (“CRCs”).  Related examination findings by the CFPB include:

  • Mortgage industry furnishers failed to have policies and procedures appropriate to the nature, size, complexity, and scope of their activities;
  • The policies and procedures of auto loan furnishers failed to provide sufficient guidance on the conduct of “reasonable investigations of indirect disputes that contain allegations of identity theft”; and
  • Debt collection furnishers failed to have policies and procedures that differentiated between FCRA disputes, disputes under the Fair Debt Collection Practices Act, and debt validation requests.

The CFPB also addressed examination findings for furnishers of deposit account information.

Reporting Information with Actual Knowledge of Errors

 Under FCRA, a furnisher cannot furnish information relating to a consumer that it “knows or has reasonable cause to believe … is inaccurate,” unless the furnisher clearly and conspicuously discloses to the consumer an address to which the consumer can send notice that specific information is inaccurate.

The CFPB found that one or more furnishers violated this prohibition by reporting to CRCs accounts with derogatory status codes that were inaccurate because of coding errors, and that the furnishers knew or had reasonable cause to believe were inaccurate.  Further, these furnishers failed: (1) in investigating disputes of such information to conduct a root-cause analysis that would have identified the source of the issue; and (2) to provide consumers with a clear and conspicuous disclosure of the address to which they could send notices of dispute.

Duty to Correct and Update Information

 A furnisher must promptly notify a CRC if it determines that information provided to the CRC is incomplete or inaccurate, and must make any corrections or addition to the information to correct the issue.  The CFPB identified examples of auto loan and deposit account furnishers who violated this duty.

Duty to Provide Notice of Delinquency of Accounts

 FCRA imposes on furnishers a duty to report the date of first delinquency – defined as “the month and year of commencement of the delinquency on the account that immediately preceded the action” – to a CRC within 90 days.  The CFPB identified instances of furnishers incorrectly reporting the date of delinquency

Obligations Upon Notice of Dispute

 The final category of findings in connection with the activities of furnishers is obligations upon notice of dispute.  If a consumer disputes the accuracy of information contained in a consumer report, FCRA and Regulation V require a furnisher to conduct a reasonable investigation of the dispute.

Among other issues, the CFPB noted that furnishers violated this duty by:

  • Failing to conduct reasonable investigations of both direct and indirect disputes;
  • Failing to timely complete dispute investigations within the timeframe established by Regulation V (generally 30 days); or
  • Failing to notify consumers of a determination that a dispute is frivolous or irrelevant (and that, as a result, the furnisher will not undertake an investigation).

Takeaway

As the second edition dedicated to consumer reporting, these Supervisory Highlights puts furnishers and CRCs that this is an area of focus for the CFPB.  Building on the credit reporting supervisory observations in the Summer 2019 edition, furnishers – banks, mortgage servicers, auto loan servicers, student loan servicers, and debt collectors – should take the opportunity to evaluate their own policies, procedures, and processes for compliance with FCRA and Regulation V.

Maine Enacts Law Protecting Victims of Economic Abuse

By

A&B Abstract:  An Act to Provide Relief to Survivors of Economic Abuse (the “Economic Abuse Law”), effective September 19, 2019, is aimed at preventing “economic abuse” by providing certain protections to victims of such abuse, in part, by imposing additional obligations on debt collectors and consumer reporting agencies (“CRAs”).  Debt collectors and CRAs should carefully review the Economic Abuse Law and determine whether updates to their policies, procedures and controls are necessary to ensure compliance with these additional protections.

What does the Economic Abuse Law do?

The Economic Abuse Law attempts to help victims of so-called “economic abuse” by (i) amending the Maine Fair Debt Collection Practices Act (“MFDCPA”) to provide certain protections from debt collection for survivors of economic abuse, (ii) amending the Maine Fair Credit Reporting Act (“MFCRA”) to require credit reporting agencies to remove from a consumer’s credit report any debt that is determined to be the result of economic abuse, and (iii) authorizing the courts to order compensation for losses resulting from economic abuse.

What is “economic abuse”?

Under the Economic Abuse Law, “economic abuse” means causing or attempting to cause an individual to be financially dependent by maintaining control over the individual’s financial resources.  The definition also includes the following non-exhaustive list of certain types of economic abuse:

  • unauthorized use of credit or property,
  • withholding access to money or credit cards,
  • forbidding attendance at school or employment,
  • stealing from or defrauding of money or assets,
  • exploiting the individual’s resources for personal gain of the defendant, or
  • withholding physical resources such as food, clothing, necessary medications or shelter.

See 19-A M.R.S. § 4002(3-B).  The Economic Abuse Law’s legislative history clarifies that the definition of “economic abuse” “is not intended to address identity theft, which is covered by the federal Fair Credit Reporting Act . . . Instead, the amendment includes, but is not limited to, the exploitative use of joint credit accounts without authorization by both joint owners and debt incurred through coercion.”

What protections does the Economic Abuse Law provide?

Additional Protections Under the MFDCPA

Under the existing provisions of the MFDCPA, if a consumer notifies a debt collector in writing within 30 days of receiving a debt validation notice, that the debt, or any portion of the debt, is disputed or that the consumer requests the name and address of the original creditor, the debt collector must cease collection of the debt or any disputed portion of the debt, until the debt collector obtains verification of the debt or a copy of the judgment, or the name and address of the original creditor, and a copy of the verification or judgment, or name and address of the original creditor, is mailed to the consumer by the debt collector.  32 M.R.S. § 11014(2).

The Economic Abuse Law amends the MFDCPA to also require that a debt collector cease collection of a debt or any disputed portion of a debt owed by a consumer subjected to economic abuse, “[i]f the consumer provides documentation to the debt collector as set forth in [14 M.R.S. § 6001(6)] that the debt or any portion of the debt is the result of economic abuse.”  Under 14 M.R.S. § 6001(6), acceptable documentation includes (1) a statement signed by a Maine-based sexual assault counselor, an advocate, or a victim witness advocate, (2) a statement signed by a health care provider, mental health care provider or law enforcement officer, or (3) a copy of a (i) protection from abuse (or harassment) complaint or a temporary order or final order of protection, (ii) police report prepared in response to an investigation of an incident of domestic violence, sexual assault or stalking, or (iii) criminal complaint, indictment or conviction for a domestic violence, sexual assault or stalking charge.

Unlike the existing protections discussed above, this new provision could be read to impose an absolute bar to the collection of debt resulting from economic abuse, as it is unclear whether there could be circumstances under which a debt collector may resume collection of such debt.  For example, one piece of acceptable documentation that a victim may provide under 14 M.R.S. § 6001(6) is a “copy of a protection from abuse complaint or a temporary or final order of protection.”  To the extent that a debt collector relies on a complaint or temporary order of protection that a court ultimately dismisses, it is unclear whether, and if so how, a debt collector could resume collection of such debt.

Additional Protections Under the MFCRA 

The MFCRA requires that, if a consumer disputes any item of information contained in a consumer’s credit report on the grounds that it is inaccurate and the dispute is directly conveyed to the consumer reporting agency (“CRA”) by the consumer, the CRA must reinvestigate and record the current status of the information within 21 calendar days of notification of the dispute, unless the dispute is frivolous.  10 M.R.S. § 1310-H(2).

The Economic Abuse Law would provide additional protections for victims of economic abuse.  Specifically, if a consumer provides documentation to a CRA as set forth in 14 M.R.S. § 6001(6) that the debt or any portion of the debt is the result of economic abuse, the CRA must reinvestigate the debt and, if it is determined that the debt is the result of economic abuse, the CRA must remove from the consumer’s credit report any reference to the debt or any portion of the debt determined to be the result of economic abuse.  10 M.R.S. § 1310-H(2-A).

Compensation for Victims of Economic Abuse 

In addition to the foregoing, the Economic Abuse Law also amends Maine’s Protection from Abuse Chapter to expressly empower the courts to provide monetary compensation to victims of economic abuse.  Specifically, courts are expressly authorized to “enter a finding of economic abuse” and “[o]rder payment of monetary relief to the plaintiff for losses suffered as a result of the defendant’s conduct.”  See 19-A M.R.S. § 4007(1).  The legislative history clarifies that the [Economic Abuse Law] does not add economic abuse as a type of conduct for which a protection from abuse order may be sought, although it does provide that if a protection from abuse order is issued, the court has expanded discretion to order appropriate monetary relief to help address the impact of any economic abuse that may be found by the court.”

Takeaway

As Maine regulators gear up to implement and enforce the additional protections provided by the Economic Abuse Law, debt collectors and CRAs should carefully review and update their policies, procedures and controls to ensure compliance with these additional protections.

CFPB Issues New Edition of Supervisory Highlights

By

A&B Abstract:

The Summer 2019 edition of the CFPB’s Supervisory Highlights indicates recent examination focuses for several categories of consumer credit products.

CFPB Issues New Edition of Supervisory Highlights

On September 19, the Consumer Financial Protection Bureau (“CFPB”) issued the Summer 2019 edition of Supervisory Highlights, detailing examination findings relating to automobile loan origination, credit card account management, debt collection, credit reporting, and mortgage origination.

Automobile Loan Origination

In the auto loan origination context, the CFPB discusses when the selling of add-on guaranteed asset protection (“GAP”) products may constitute an abusive act or practice as prohibited under the Consumer Financial Protection Act.  (In the event of theft of or damage to a vehicle, GAP products cover the difference between the amount the consumer owes on an auto loan and the amount received from the insurer.)  Specifically, the CFPB indicates that the selling of GAP products to consumers with a low LTV may be an abusive practice, as such consumers are unlikely to benefit from the product.

Credit Card Account Management

The Supervisory Highlights focuses on four sets of practices in connection with credit cards:

  • Failure to provide clear and conspicuous disclosures for certain pricing terms in online advertisements;
  • Disclosures required under Regulation Z in order for a credit card issuer to obtain or enforce a consensual security interest in funds that a consumer has on deposit with the issuer in order to offset credit card debt;
  • The use of deceptive threats of repossession or foreclosure in credit card collections; and
  • Deceptive acts and practices in the marketing of secured credit card accounts.

Debt Collection

In the debt collection context, the CFPB reports examination findings that debt collectors have claimed and collected from consumers “interest not authorized by the underlying contracts between the debt collectors and the creditors.”  By misrepresenting the amount due on a debt, such conduct violate Section 807 of the Fair Debt Collection Practices Act.

Furnishing

The Supervisory Highlights includes five sets of findings relating to the furnishing of consumer information to consumer reporting companies (“CRCs”).  Specifically, CFPB examiners identified failures of furnishers to:

  • timely conduct an investigation of, or respond to, notice of a dispute from CRC, in violation of Section 623(b)(1) of the Fair Credit Reporting Act;
  • report the results of dispute investigations to all CRCs to which they provided information about consumers;
  • promptly correct and update information previously furnished to a CRC that is incomplete or inaccurate;
  • provide notice to CRCs in connection with the reporting of information whose accuracy or completeness is disputed by a consumer; and
  • implement reasonable policies and procedures regarding the accuracy and integrity of information relating to consumers that is furnished to CRCs.

Mortgage Origination

Finally, the Supervisory Highlights discusses examination findings relating to the inaccurate disclosure of APR and total annual loan cost information for closed-end reverse mortgage transactions, in violation of Regulation Z.

Takeaway

Each edition of the Supervisory Highlights provides related industries a glimpse into the Bureau’s current examination priorities.  Entities should take the opportunity to review the issues discussed above, as applicable to their business practices, to help ensure their own compliance with federal laws and regulations.