Alston & Bird Consumer Finance Blog

#CFPB

Ohio Mortgage Rules Have Changed: Servicing Now Covered

By ,

What Happened?

Effective September 19, 2025, the Division of Financial Institutions (“Division”) of the Ohio Department of Commerce adopted amended rules (the “Amended Rules”) under the Ohio Residential Mortgage Lending Act (“RMLA”) to add and clarify obligations for mortgage servicers.

Why Does it Matter?

The Amended Rules are largely intended to provide clarity to mortgage servicers regarding the application of the RMLA to mortgage servicing businesses, and to implement procedures to prevent servicing problems. For entities licensed under the RMLA, the Amended Rules address registration of offices, unlicensed activity, recordkeeping, prohibited practices, servicing transfers, escrow payments, payment processing, error resolution, borrower requests for information, and a servicer’s obligations upon loss of license. The Amended Rules largely mirror the CFPB’s mortgage servicing rules (i.e., 12 C.F.R. Part 1024, Subpart C (Regulation X) and, to some extent, 12 C.F.R. Part 1026 (Regulation Z)).

Notably, an entity that violates the Amended Rules may be subject to penalties under the RMLA, which are up to $1,000 per day for each day a violation of law or rule is committed, repeated, or continued (and up to $2,000 a day of there is a pattern of repeated violations of law or rule).

Below, we highlight some of the most impactful provisions of the Amended Rules.

Amended Rules

  • Registration Requirements: The Division amended Section 1301:8-7-02 of the Ohio Administrative Code (the “OAC”) to require entities subject to the RMLA (mortgage brokers, lenders and servicers) to register each office location at which it transacts business.
  • Standards for Applications, License, and Registration: The Division amended Section 1301:8-7-03 of the OAC, to clarify that a mortgage broker, mortgage servicer, or loan originator cannot conduct business if they fail to renew their registration on or before December 31. (The Division indicated that it was amending the renewal date to correct a drafting error that incorrectly identified January 31 as the renewal date.)
  • Recordkeeping: The Division amended Section 1301:8-7-06 of the OAC, which relates to recordkeeping, to require a mortgage servicer to retain records that document actions taken with respect to a borrower’s account for four years following the date the loan is discharged or transferred to another servicer; and to maintain specified documents and data in a manner that facilitates compiling the documents and data into a servicing file within five days. (The rule does not expressly address maintenance of records of telephone calls with borrowers.) While the rule requires retention of the same records required under Regulation X (12 C.F.R. § 1024.38(c)), note that the retention period is much longer than Regulation X’s and does not exempt small servicers under Regulation X.
  • Prohibited Practices: The Division amended Section 1301:8-7-16 of the OAC, to add a list of actions specific to servicing that constitute improper, fraudulent, or dishonest dealings under Ohio Revised Code section 1322.40.  Specifically, the rule prohibits a servicer from, among other things:
    • assessing a borrower any premium or charge related to force-placed insurance unless the servicer: (i) has a reasonable basis to believe that the borrower has failed to comply with the residential mortgage loan contract’s requirement to maintain hazard insurance; and (ii) delivers or mails to the borrower a written notice at least 45 days before assessing such charge or fee;
    • misrepresenting or omitting any material information in connection with the servicing of a residential mortgage loan, including misrepresenting the amount, nature, or terms of any fee or payment due or claimed to be due on a residential mortgage loan, the terms and conditions of the servicing agreement, or the borrower’s obligations under the residential mortgage loan;
    • failing to apply payments in accordance with a servicing agreement or the terms of a note; (d) making payments in a manner that causes a policy of insurance to be canceled or causes property taxes or similar payments to become delinquent;
    • failing to credit a periodic payment to the borrower’s account as of the date of receipt, except when a delay in crediting does not result in any charge to the borrower or in the reporting of negative information to a consumer reporting agency (except where the servicer specifies in writing requirements for the borrower to follow in making payments, but accepts a payment that does not conform to the requirements, where the servicer has five days to credit the payment);
    • requiring any amount of money to be remitted by means which are more costly to the borrower than a bank or certified check or attorney’s check from an attorney’s account to be paid by the borrower;
    • charging a fee for handling a borrower dispute, facilitating routine borrower collection, arranging a forbearance or repayment plan, sending a borrower a notice of nonpayment, or updating records to reinstate a loan; or
    • pyramiding late fees.
  • Mortgage Servicing Definitions: The Division added Section 1301:8-7-35 to the OAC, which defines terms relevant for the provisions of other new sections (as discussed below), including: (a) “confirmed successor in interest,” “escrow account,” and “qualified written request,” which are consistent with Regulation X; and (b) “federal lending law” and “residential mortgage loan,” the latter of which is defined to limit the Amended Rules’ application to closed-end loans, consistent with Regulation X and Regulation Z.
  • Mortgage Servicing Transfers: The Division added Section 1301:8-7-36 to the OAC, to prohibit a transferee servicer from treating an on-time payment made to the old servicer within the 60-day period following the transfer of servicing. It also requires the old servicer to either forward the payment to the new servicer, or return it to the borrower and notify the borrower of the proper recipient. This rule generally mirrors 12 C.F.R. § 1024.33(c).
  • Escrow Accounts: The Division added Section 1301:8-7-37 to the OAC, which requires a mortgage servicer to: (i) make all required escrow payments in a timely manner, and (ii) timely return any payments due to the borrower. It also allows a servicer, if the borrower agrees, to credit any amount remaining in a borrower’s account to a new escrow account for a new loan. This rule generally mirrors 12 C.F.R. §§ 1024.34 and 1024.17(k).
  • Error Resolution Procedures: The Division added Section 1301:8-7-38 to the OAC, which establishes error resolution procedures that mirror the requirements of the CFPB mortgage servicing rules (12 C.F.R. § 1024.35).
  • Requests for Information: The Division added Section 1301:8-7-39 to the OAC, which establishes information request procedures that mirror the requirements of the CFPB mortgage servicing rules (12 C.F.R. § 1024.34).
  • Mortgage Servicer Obligations upon Loss of License: Finally, the Division added Section 1301:8-7-40 to the OAC, which provides that the revocation, suspension, or failure of a servicer to obtain or maintain a license does not affect a servicer’s obligations under a preexisting contract with a lender or borrower.

What To Do Now?

The Amended Rules significantly expand the requirements applicable to mortgage servicers subject to the RMLA. While many of the Amended Rules mirror those under the CFPB’s mortgage servicing rules, certain provisions impose additional obligations on mortgage servicers and/or apply to servicers that may otherwise be exempt from certain requirements under the CFPB’s mortgage servicing rules (e.g., small servicers). Accordingly, mortgage servicers should carefully review the Amended Rules and ensure that their policies, procedures, and controls are updated as appropriate to ensure compliance. Alston & Bird’s Consumer Financial Services Team is actively engaged and monitoring these developments and can assist with any compliance concerns regarding the changes imposed by the Amended Rules.

CFPB’s “Overdraft Lending” Rule Faces Immediate Legal Challenge

By ,

What Happened?

On December 12, 2024, the Consumer Financial Protection Bureau (CFPB) issued its final “overdraft lending” rule aimed at curbing overdraft fees charged by banks and credit unions with more than $10 billion in assets, also known as very large financial institutions (VLFIs). The CFPB characterized the rule as closing “an outdated overdraft loophole that exempted overdraft loans from lending laws.” This is the most recent development in the CFPB’s effort to address so-called junk fees.

That same day, a group of banks and financial trade associations—including the Mississippi Bankers Association, the Consumer Bankers Association, the American Bankers Association, and America’s Credit Unions—filed a lawsuit against the CFPB challenging the rule and seeking an injunction.

Why Does it Matter?

Key Provisions

Under the final rule, Regulation Z will apply to overdraft credit provided by VLFIs unless the VLFI provides such overdraft credit at or below costs and losses. As a result, VLFIs will have to choose one of the following options in connection with fees for overdraft credit: (1) capping fees for overdraft credit at the greater of $5 or at an amount that covers their costs and losses; or (2) disclosing the terms of overdraft credit in accordance with the Truth in Lending Act (TILA) and its implementing regulation, Regulation Z.

The CFPB’s final rule amends the definition and exemptions related to “Finance Charges” under Regulation Z and establishes new definitions related to “Overdraft Credit.” Currently, most overdraft fees are generally excluded from the definition of “Finance Charge”, and, therefore, overdraft services are not covered by TILA and Regulation Z The final rule amends this exclusion by creating a new defined term, “Above Breakeven Overdraft Credit,” and excludes such overdraft credit from the exemption for “charges imposed by a financial institution for paying items that overdraw an account.”

“Above Breakeven Overdraft Credit” is defined as “overdraft credit extended by a very large financial institution to pay a transaction on which, as an incident to or a condition of the overdraft credit, the very large financial institution imposes a charge or combination of charges exceeding the average of its costs and charge-off losses for providing non-covered overdraft credit.” The charges will be deemed to exceed the average costs and charge-off loses if they exceed the greater of: (1) the pro rata share of the very large financial institution’s total direct costs and charge-off losses for providing non-covered overdraft credit in the previous year; or (2) $5. A charge that exceeds this amount will be considered a finance charge and, therefore, imposing such charge on overdraft credit will result in the overdraft credit being considered “Covered Overdraft Credit.”

VLFIs should prepare to comply with this new rule by its effective date of October 1, 2025.

The Challenge to the Rule

A group of financial trade associations and banks filed suit in the Southern District of Mississippi challenging the final rule as improperly imposing an expansive and complex new regulatory regime on overdraft services offered by VLFIs, replete with de facto price caps and significant restrictions on the terms under which overdraft services can be offered.

The plaintiffs bring four challenges to the rule under the Administrative Procedure Act (APA), TILA, and the Consumer Financial Protection Act (CFPA).

First, they allege that the CFPB exceeded its statutory authority under TILA by interpreting “Credit” as encompassing overdraft services, and amending “Finance Charge” to include “Above Breakeven Overdraft Credit.” This, they argue, implicates the major questions doctrine—which bars agencies from making major policy decisions without clear congressional authorization—because the final rule will likely impact millions of Americans and billions of dollars of transactions.

Second, the plaintiffs allege the CFPB exceeded its statutory under TILA by imposing substantive credit restrictions when TILA is merely a disclosure statute. They argue this, too, implicates the major questions doctrine.

Third, the plaintiffs allege that the CFPB exceeded its statutory authority under the CFPA by imposing an unlawful fee cap on discretionary overdraft services because the CFPA itself expressly prohibits this kind of fee cap: the CFPB is prohibited from “establish[ing] a usury limit applicable to an extension of credit offered or made by a covered person to a consumer.”

Finally, the plaintiffs allege that the rule is arbitrary and capricious in violation of the APA because, among other things, it: (1) contains an inadequate cost-benefit analysis; (2) does not explain the change in the CFPB’s interpretation of TILA—namely, the CFPB’s reinterpretation of the definition of “Credit” as encompassing overdraft services; and (3) targets large institutions by imposing a $10 billion asset threshold, but ignores smaller financial institutions that similarly charge overdraft fees.

What Do I Need To Do?

VLFIs should consider what changes they need to make to their overdraft services to comply with the new rule by October 1, 2025, assuming that the new rule survives legal challenge.

That said, the legal challenge here has a meaningful chance of success. Recently, courts have been more willing to strike down rules under the major questions doctrine. It is also unclear how much genuine resistance the CFPB will put up in response to this challenge given the forthcoming change in administration. Assuming the new administration does not support this rule, it would likely be more efficient for the CFPB to allow the rule to be challenged and struck down than for it to attempt to repeal the rule, which will require a formal notice-and-comment rulemaking.

Financial Services Advisory: CFPB Finalizes Open Banking Rule on Consumer Financial Data Rights

By , ,

Executive Summary
8 Minute Read

Our Financial Services Group unpacks the Consumer Financial Protection Bureau’s final rule on consumer financial data rights under Section 1033 of the Dodd–Frank Act.

  • The rule requires “data providers” to provide consumers and authorized third parties, upon request, with access to certain consumer financial data
  • “Data providers” include Regulation E banks and credit unions, Regulation Z card issuers, payment facilitators, and digital-wallet providers
  • Compliance deadlines are staggered based on institution size, with an exclusion for financial institutions with less than $850 million in assets

_______________________________________________________________

On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) finalized its rule on personal financial data rights under Section 1033 of the Dodd–Frank Wall Street Reform and Consumer Protection Act. Known as the “open banking rule,” it permits consumers to access, control, and share their financial data with authorized third parties. The rule creates a significant shift in control over consumer data in the United States, and it is intended to provide consumers with greater control over financial data, foster competition, and stimulate innovation across the financial services industry. The rule applies broadly to banks, credit unions, and nonbank financial institutions, all of which must make consumer financial data available upon authorized request.

Key Provisions

The rule requires a “data provider” to make available, without charge, “covered data” about consumer financial products and services to consumers and certain “authorized third parties,” in electronic form, upon request by the consumer. The rule requires the provision of such data in standardized, machine-readable formats to promote consistency between financial institutions and third parties. The CFPB will name standard-setting bodies to develop consensus standards to assess compliance with the rule.

Who is a “data provider”?

The CFPB has said its definition of “data provider” will continue to evolve, but it has prioritized financial institutions and card issuers. The rule defines a “data provider” as:

  • A financial institution – that is, a bank or credit union – as defined in Regulation E, 12 CFR 1005.2(i), excluding those with less than $850 million in assets.
  • A card issuer as defined in Regulation Z, 12 CFR 1026.2(a)(7), including buy now/pay later providers.
  • Any other person that “controls or possesses information concerning a covered consumer financial product or service that the consumer obtained” from that person, including providers offering payment facilitation products and services such as digital-wallet providers.

What is “covered data”?

The rule defines “covered data” as essential consumer financial information, including:

  • At least 24 months of transaction information in the control or possession of the data provider.
  • Account balance information.
  • Information to initiate payment to or from a Regulation E account directly or indirectly held by the data provider, including an account and routing number that can be used to initiate an Automated Clearing House transaction.
  • Terms and conditions, or agreements evidencing the terms of the legal obligation between a data provider and a consumer for a covered consumer financial product or service, including pricing information such as APRs and other pricing terms.
  • Upcoming bill payment information.
  • Basic information needed for account verification, limited to name, address, email address, and phone number associated with the covered consumer financial product or service.

Data providers will not have to provide confidential commercial information, including proprietary algorithms that might be used to derive credit or risk scores and information that is used solely for the purpose of fraud detection, money laundering, or other unlawful behavior.

Who is an “authorized third party”?

Fintech apps and data aggregators that offer services to consumers using their data are included as third parties. Authorized sharing with these entities must be based on informed consent that is to be renewed annually.

  • A “third party” means any person that is not the consumer about whom the covered data pertains or the data provider that controls or possesses the consumer’s covered data.
  • To access a consumer’s data, the third party must (1) provide the consumer with an authorization disclosure containing key terms of the data access; (2) provide a statement to the consumer in the authorization disclosure certifying that the third party agrees to obligations set forth in the final rule; and (3) obtain the consumer’s express informed consent to access covered data on behalf of the consumer by obtaining an authorization disclosure that is signed by the consumer electronically or in writing.
  • Third parties are limited in the collection, use, and retention of covered data to what is “reasonably necessary” to provide a product or service to a customer. Use of the data for targeted advertising, cross-selling of other products or services, or the sale of covered data are prohibited.

Stakeholder Perspectives and Compliance Considerations

Reactions to the final rule have been split. Consumer advocates have voiced support for the rule and the empowerment of consumers to control how and where their data can be used, as well as the ability to switch banks more easily. Just hours after the final rule was released, however, the Bank Policy Institute, the Kentucky Bankers Association, and Forcht Bank, a community bank in Kentucky, filed a joint lawsuit in the Eastern District of Kentucky requesting injunctive relief. The plaintiffs allege that the CFPB overstepped its statutory authority (in that Section 1033 relates to a consumer’s right to access their own information and does not speak to access by authorized third parties) and will expose banks to unreasonable liability risk. Forcing banks to share customers’ sensitive financial information while handcuffing banks from managing the risks of doing so, they allege, will increase fraud and the misuse of customer data.

Some of this concern stems from the allocation of responsibility for data security and accountability in the rule. It allows that data providers can deny access to data, but only if the denial is (1) directly related to a specific risk of which the data provider is aware, such as a failure of a third party to maintain adequate data security; and (2) applied in a consistent and nondiscriminatory manner. Data providers must keep a record of when a consumer or third-party request is refused. In the event of a security breach, data providers must notify affected consumers and the CFPB promptly. Notably, the rule requires data providers to verify that third parties uphold data privacy and security standards, but it places limited regulatory obligations on third parties themselves, leaving accountability for data security largely with the data providers. Data providers argue that the rule essentially forces them to subsidize third-party access to consumer data without sharing the cost burden.

During the rule comment period, a range on commentators raised concerns about potential overlaps and compliance complexities with other existing consumer financial laws, and the CFPB has attempted to address those issues in the final rule. Many comments focused on the need for clarity on how the rule interacts with laws such as the Electronic Fund Transfer Act (EFTA), Fair Credit Reporting Act (FCRA), and Gramm–Leach–Bliley Act (GLBA).

  • In comments before the final rule, data providers requested that the CFPB extend the Regulation E error resolution requirements to third parties such as data aggregators. The CFPB reasoned, however, that consumers should address these concerns with their primary financial institution, in line with statutory error resolution rights under the EFTA. Furthermore, data providers and third parties that are Regulation E financial institutions will continue to have error resolution obligations in the event of data breaches.
  • During the comment period to the final rule, there was concern that it would expand FCRA compliance. In the final rule, the CFPB clarified that data providers sharing information at the consumer’s request “does not cause data aggregators to incur legal liability under the FCRA that they would not otherwise assume through their ordinary operations” and would not “alter the types of data, parties, or permissible purposes covered by the FCRA.”
  • Some commentors asked how the rule’s data limitations align with GLBA permissions. The CFPB states Section 1033’s data sharing requirements coexist with GLBA but do not override or replace its mandates, maintaining distinct protections under each law.

Compliance Tiers and Timeline

The rule provides compliance deadlines that are staggered based on institution size:

  • First Tier: Depository institution data providers that hold at least $250 billion in total assets and nondepository institution data providers that generated at least $10 billion in total receipts in either calendar year 2023 or calendar year 2024 must comply by April 1, 2026.
  • Second Tier: Depository institution data providers that hold at least $10 billion in total assets but less than $250 billion in total assets and nondepository institution data providers that generated less than $10 billion in total receipts in both calendar year 2023 and calendar year 2024 must comply by April 1, 2027.
  • Third Tier: Depository institution data providers that hold at least $3 billion in total assets but less than $10 billion in total assets must comply by April 1, 2028.
  • Fourth Tier: Depository institution data providers that hold at least $1.5 billion in total assets but less than $3 billion in total assets must comply by April 1, 2029.
  • Fifth Tier: Depository institution data providers that hold less than $1.5 billion in total assets but more than $850 million in total assets must comply by April 1, 2030.

Conclusion: Prioritizing Readiness

The CFPB’s Section 1033 rule represents a transformative shift in the U.S. financial regulatory landscape, centering consumer control over data rights and driving the industry to an open banking model. Fintech advocates view it as an essential step towards consumer empowerment, while banks and credit unions warn of risks to data security and have liability concerns. Even as the CFPB begins assessing applications for standard-setting bodies, legal and compliance teams from institutions and fintech companies alike should begin to look ahead, with a focus on data security, potential contractual updates with third parties, and regulatory alignment.

Originally published November 22, 2024.

You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.

If you have any questions, or would like additional information, please contact one of the attorneys on our Financial Services Team.

CFPB Releases Chart to Help Determine if Nonbank Registration is Required

By ,

What Happened?

On October 3, 2024, the CFPB released a Nonbank Registration: Orders Rule Coverage Chart (the “Chart”) that summarizes how  an entity that is subject to an order may determine if it must register that order under the CFPB’s recently-issued Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders Final Rule (“the Final Rule”).

 Why is it Important?

The Final Rule was issued earlier this year in June and requires certain nonbank entities to register with the CFPB’s Nonbank Registry (“NBR”) and provide information about certain Federal, State, or local orders imposing obligations on the nonbank entity based on violations of certain consumer protection laws. In general, an entity that is subject to an order must register that order with the NBR if the order is a “covered order” and the entity is a “covered nonbank,” as those terms are defined in the Final Rule. In addition, a covered nonbank that meets the definition of a “supervised registered entity” must also annually identify the executive(s) responsible for, and knowledgeable of, the entity’s efforts to comply with the orders identified in the NBR and submit an annual written statement and attestation. We covered the Final Rule in more detail in a previous blog post that can be found here.

Chart Summary

The Chart first considers whether an order is a “covered order” under the Final Rule. A covered order must meet all of the following criteria:

  • It is an order, i.e., any written order or judgment issued by an agency or court in an investigation, matter, or proceeding;
  • It is a final, public order issued by an agency or court;
  • Identifies a covered nonbank by name as a party subject to the order;
  • Was issued, at least in part, in any action or proceeding brought by any Federal, State, or local agency;
  • Contains public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions;
  • Imposes obligations on the covered nonbank based on certain alleged violations of a covered law (e.g., Federal consumer financial laws, any other laws enforced by the CFPB, and certain unfair, deceptive, or abusive acts or practices laws at both Federal and State levels) and;
  • Has an effective date on or after January 1, 2017.

Under the Final Rule, an order is not a “covered order” if it is:

  • An order with effective date prior to September 16, 2024, that did not remain in effect as of September 16, 2024; or
  • An order issued to a motor vehicle dealer that is predominantly engaged in the sale, leasing, and servicing of motor vehicles within the meaning of the Dodd-Frank Act 12 USC § 5519(a).

Next, the Chart considers whether a nonbank is a “covered nonbank.” A covered nonbank is a covered person under the Dodd-Frank Act that is not exempt from coverage under the Final Rule.  Under the Dodd-Frank Act, a “covered person” is (A) any person that engages in offering or providing a “consumer financial product or service”; and (B) any affiliate of such person if such affiliate acts as a service provider to such person. Among other things, consumer financial products and services generally include extending credit, servicing loans, brokering of certain leases of personal or real property, providing real estate settlement services, and collecting debt, to the extent that such products and services are offered or provided for use by consumers primarily for personal, family, or household purposes.

Under the Final Rule, a nonbank is not a “covered nonbank” if it is:

  • An insured depository institution or insured credit union (e.g., an FDIC-insured bank);
  • A “related person” under the Dodd-Frank Act (when that is the sole reason for qualifying as a covered person);
  • A State, including federally recognized Indian tribes;
  • A natural person;
  • Certain motor vehicle dealers; or
  • A person that qualifies as a covered person under the Dodd-Frank Act only because of conduct excluded from the CFPB’s rulemaking authority.

Implementation Submission Periods

The CFPB highlights the following key dates for the implementation submission periods on its website:

  • For Larger Participant CFPB-Supervised Covered Nonbanks, the registration submission period opens October 16, 2024, and the deadline to register is January 14, 2025.
  • For other CFPB-Supervised Covered Nonbanks, the registration period opens January 14, 2025, and the deadline to register is April 14, 2025.
  • For all other Covered Nonbanks, the registration period opens April 14, 2025, and the deadline to register is July 14, 2025.

What Do You Need to Do?

As of October 16, 2024, the registration submission period opened for Larger Participant CFPB-Supervised Covered Nonbanks, the first group of covered nonbank entities. The CFPB has issued rules identifying the criteria for “larger participants” in various consumer markets including automobile financing, student loan servicing, consumer reporting, consumer debt collection, and international money transfer markets. The requisite thresholds for covered nonbank entities in each market to be considered a “larger participant” are as follows:

  • Automobile Financing – At least 10,000 aggregate annual originations. 12 C.F.R. § 1090.108(b).
  • Student Loan Servicing – Account volume exceeds 1 million. 12 C.F.R. § 1090.106(b).
  • Consumer Reporting – Annual receipts resulting from consumer reporting are more than $7 million. 12 C.F.R. § 1090.104(b).
  • Consumer Debt Collection – Annual receipts resulting from consumer debt collection are more than $ 10 million. 12 C.F.R. § 1090.105(b).
  • International Money transfer – At least 1 million aggregate annual international money transfers. 12 C.F.R. § 1090.107(b).

Covered nonbank entities should ensure that they comply with the registration requirements and be aware of the upcoming deadlines in the coming months. Moreover, as advised in our last blog post covering the Final Rule, companies should double down on compliance and be extra vigilant to avoid the designation of a “repeat offender.”

Strike Force on Unfair and Illegal Pricing Holds First Public Meeting: CFPB Director Highlights Work on Junk Fees

By

What Happened?

As reported by Alston & Bird’s Antitrust Group, the Federal Trade Commission and the Department of Justice hosted the first public meeting of the Strike Force on Unfair and Illegal Pricing (the “Strike Force”).  President Biden announced the Strike Force’s formation in March 2024 to strengthen interagency efforts to root out and stop illegal corporate behavior that burdens American families through anticompetitive, unfair, deceptive, or fraudulent practices.  Officials from several agencies, including the CFPB, highlighted their work to lower prices across multiple industries for Americans.

Why Does it Matter?

With regards to the CFPB, Director Chopra highlighted some of its work on cracking down on so-called “junk fees,” many of which we have previously highlighted here, here, and here.

The CFPB has been prolific on its junk fee initiative, issuing 14 press releases, 10 blog posts, three enforcement actions, promulgating rules, commissioning eight reports, as well as issuing Advisory Opinions, Circulars and videos. In its prepared remarks at the Strike Force meeting, the CFPB Director outlined the Bureau’s work on junk fees imposed by companies that process payments, in this case for children’s school lunches. In his recent remarks, Director Chopra makes clear, the agency is not stopping and forecasted that:

  • The CFPB is looking at the costs for credit reports and credit scores and using existing laws to ensure that fees for such credit products are “fair and reasonable.”
  • The Bureau is “closely scrutinizing all aspects of the credit card market.”
  • The CFPB is “investigating the role of not just individual executives, but also the investors, like private equity funds, that call the shots.” According to Director Chopra, such controlling investor or other investment vehicle could be subject to direct liability if they are “calling the shots.”

What Do I Need to Do?

Companies subject to CFPB supervision should consult with consumer protection and antitrust counsel to make sure they are not inadvertently engaging in anticompetitive, deceptive, unfair or fraudulent practices, when setting pricing or when imposing, adding, or changing fees.

Companies should also evaluate their pricing and fee practices to ensure they are making independent decisions for setting prices.

When changing pricing or adding fees, companies should look closely at the CFPB’s priorities, which is wide and deep and includes fees in mortgage origination, mortgage servicing, credit cards, and payment processors, among others.