Alston & Bird Consumer Finance Blog

#CFPB

CFPB’s “Overdraft Lending” Rule Faces Immediate Legal Challenge

What Happened?

On December 12, 2024, the Consumer Financial Protection Bureau (CFPB) issued its final “overdraft lending” rule aimed at curbing overdraft fees charged by banks and credit unions with more than $10 billion in assets, also known as very large financial institutions (VLFIs). The CFPB characterized the rule as closing “an outdated overdraft loophole that exempted overdraft loans from lending laws.” This is the most recent development in the CFPB’s effort to address so-called junk fees.

That same day, a group of banks and financial trade associations—including the Mississippi Bankers Association, the Consumer Bankers Association, the American Bankers Association, and America’s Credit Unions—filed a lawsuit against the CFPB challenging the rule and seeking an injunction.

Why Does it Matter?

Key Provisions

Under the final rule, Regulation Z will apply to overdraft credit provided by VLFIs unless the VLFI provides such overdraft credit at or below costs and losses. As a result, VLFIs will have to choose one of the following options in connection with fees for overdraft credit: (1) capping fees for overdraft credit at the greater of $5 or at an amount that covers their costs and losses; or (2) disclosing the terms of overdraft credit in accordance with the Truth in Lending Act (TILA) and its implementing regulation, Regulation Z.

The CFPB’s final rule amends the definition and exemptions related to “Finance Charges” under Regulation Z and establishes new definitions related to “Overdraft Credit.” Currently, most overdraft fees are generally excluded from the definition of “Finance Charge”, and, therefore, overdraft services are not covered by TILA and Regulation Z The final rule amends this exclusion by creating a new defined term, “Above Breakeven Overdraft Credit,” and excludes such overdraft credit from the exemption for “charges imposed by a financial institution for paying items that overdraw an account.”

“Above Breakeven Overdraft Credit” is defined as “overdraft credit extended by a very large financial institution to pay a transaction on which, as an incident to or a condition of the overdraft credit, the very large financial institution imposes a charge or combination of charges exceeding the average of its costs and charge-off losses for providing non-covered overdraft credit.” The charges will be deemed to exceed the average costs and charge-off loses if they exceed the greater of: (1) the pro rata share of the very large financial institution’s total direct costs and charge-off losses for providing non-covered overdraft credit in the previous year; or (2) $5. A charge that exceeds this amount will be considered a finance charge and, therefore, imposing such charge on overdraft credit will result in the overdraft credit being considered “Covered Overdraft Credit.”

VLFIs should prepare to comply with this new rule by its effective date of October 1, 2025.

The Challenge to the Rule

A group of financial trade associations and banks filed suit in the Southern District of Mississippi challenging the final rule as improperly imposing an expansive and complex new regulatory regime on overdraft services offered by VLFIs, replete with de facto price caps and significant restrictions on the terms under which overdraft services can be offered.

The plaintiffs bring four challenges to the rule under the Administrative Procedure Act (APA), TILA, and the Consumer Financial Protection Act (CFPA).

First, they allege that the CFPB exceeded its statutory authority under TILA by interpreting “Credit” as encompassing overdraft services, and amending “Finance Charge” to include “Above Breakeven Overdraft Credit.” This, they argue, implicates the major questions doctrine—which bars agencies from making major policy decisions without clear congressional authorization—because the final rule will likely impact millions of Americans and billions of dollars of transactions.

Second, the plaintiffs allege the CFPB exceeded its statutory under TILA by imposing substantive credit restrictions when TILA is merely a disclosure statute. They argue this, too, implicates the major questions doctrine.

Third, the plaintiffs allege that the CFPB exceeded its statutory authority under the CFPA by imposing an unlawful fee cap on discretionary overdraft services because the CFPA itself expressly prohibits this kind of fee cap: the CFPB is prohibited from “establish[ing] a usury limit applicable to an extension of credit offered or made by a covered person to a consumer.”

Finally, the plaintiffs allege that the rule is arbitrary and capricious in violation of the APA because, among other things, it: (1) contains an inadequate cost-benefit analysis; (2) does not explain the change in the CFPB’s interpretation of TILA—namely, the CFPB’s reinterpretation of the definition of “Credit” as encompassing overdraft services; and (3) targets large institutions by imposing a $10 billion asset threshold, but ignores smaller financial institutions that similarly charge overdraft fees.

What Do I Need To Do?

VLFIs should consider what changes they need to make to their overdraft services to comply with the new rule by October 1, 2025, assuming that the new rule survives legal challenge.

That said, the legal challenge here has a meaningful chance of success. Recently, courts have been more willing to strike down rules under the major questions doctrine. It is also unclear how much genuine resistance the CFPB will put up in response to this challenge given the forthcoming change in administration. Assuming the new administration does not support this rule, it would likely be more efficient for the CFPB to allow the rule to be challenged and struck down than for it to attempt to repeal the rule, which will require a formal notice-and-comment rulemaking.

Financial Services Advisory: CFPB Finalizes Open Banking Rule on Consumer Financial Data Rights

Executive Summary
8 Minute Read

Our Financial Services Group unpacks the Consumer Financial Protection Bureau’s final rule on consumer financial data rights under Section 1033 of the Dodd–Frank Act.

  • The rule requires “data providers” to provide consumers and authorized third parties, upon request, with access to certain consumer financial data
  • “Data providers” include Regulation E banks and credit unions, Regulation Z card issuers, payment facilitators, and digital-wallet providers
  • Compliance deadlines are staggered based on institution size, with an exclusion for financial institutions with less than $850 million in assets

_______________________________________________________________

On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) finalized its rule on personal financial data rights under Section 1033 of the Dodd–Frank Wall Street Reform and Consumer Protection Act. Known as the “open banking rule,” it permits consumers to access, control, and share their financial data with authorized third parties. The rule creates a significant shift in control over consumer data in the United States, and it is intended to provide consumers with greater control over financial data, foster competition, and stimulate innovation across the financial services industry. The rule applies broadly to banks, credit unions, and nonbank financial institutions, all of which must make consumer financial data available upon authorized request.

Key Provisions

The rule requires a “data provider” to make available, without charge, “covered data” about consumer financial products and services to consumers and certain “authorized third parties,” in electronic form, upon request by the consumer. The rule requires the provision of such data in standardized, machine-readable formats to promote consistency between financial institutions and third parties. The CFPB will name standard-setting bodies to develop consensus standards to assess compliance with the rule.

Who is a “data provider”?

The CFPB has said its definition of “data provider” will continue to evolve, but it has prioritized financial institutions and card issuers. The rule defines a “data provider” as:

  • A financial institution – that is, a bank or credit union – as defined in Regulation E, 12 CFR 1005.2(i), excluding those with less than $850 million in assets.
  • A card issuer as defined in Regulation Z, 12 CFR 1026.2(a)(7), including buy now/pay later providers.
  • Any other person that “controls or possesses information concerning a covered consumer financial product or service that the consumer obtained” from that person, including providers offering payment facilitation products and services such as digital-wallet providers.

What is “covered data”?

The rule defines “covered data” as essential consumer financial information, including:

  • At least 24 months of transaction information in the control or possession of the data provider.
  • Account balance information.
  • Information to initiate payment to or from a Regulation E account directly or indirectly held by the data provider, including an account and routing number that can be used to initiate an Automated Clearing House transaction.
  • Terms and conditions, or agreements evidencing the terms of the legal obligation between a data provider and a consumer for a covered consumer financial product or service, including pricing information such as APRs and other pricing terms.
  • Upcoming bill payment information.
  • Basic information needed for account verification, limited to name, address, email address, and phone number associated with the covered consumer financial product or service.

Data providers will not have to provide confidential commercial information, including proprietary algorithms that might be used to derive credit or risk scores and information that is used solely for the purpose of fraud detection, money laundering, or other unlawful behavior.

Who is an “authorized third party”?

Fintech apps and data aggregators that offer services to consumers using their data are included as third parties. Authorized sharing with these entities must be based on informed consent that is to be renewed annually.

  • A “third party” means any person that is not the consumer about whom the covered data pertains or the data provider that controls or possesses the consumer’s covered data.
  • To access a consumer’s data, the third party must (1) provide the consumer with an authorization disclosure containing key terms of the data access; (2) provide a statement to the consumer in the authorization disclosure certifying that the third party agrees to obligations set forth in the final rule; and (3) obtain the consumer’s express informed consent to access covered data on behalf of the consumer by obtaining an authorization disclosure that is signed by the consumer electronically or in writing.
  • Third parties are limited in the collection, use, and retention of covered data to what is “reasonably necessary” to provide a product or service to a customer. Use of the data for targeted advertising, cross-selling of other products or services, or the sale of covered data are prohibited.

Stakeholder Perspectives and Compliance Considerations

Reactions to the final rule have been split. Consumer advocates have voiced support for the rule and the empowerment of consumers to control how and where their data can be used, as well as the ability to switch banks more easily. Just hours after the final rule was released, however, the Bank Policy Institute, the Kentucky Bankers Association, and Forcht Bank, a community bank in Kentucky, filed a joint lawsuit in the Eastern District of Kentucky requesting injunctive relief. The plaintiffs allege that the CFPB overstepped its statutory authority (in that Section 1033 relates to a consumer’s right to access their own information and does not speak to access by authorized third parties) and will expose banks to unreasonable liability risk. Forcing banks to share customers’ sensitive financial information while handcuffing banks from managing the risks of doing so, they allege, will increase fraud and the misuse of customer data.

Some of this concern stems from the allocation of responsibility for data security and accountability in the rule. It allows that data providers can deny access to data, but only if the denial is (1) directly related to a specific risk of which the data provider is aware, such as a failure of a third party to maintain adequate data security; and (2) applied in a consistent and nondiscriminatory manner. Data providers must keep a record of when a consumer or third-party request is refused. In the event of a security breach, data providers must notify affected consumers and the CFPB promptly. Notably, the rule requires data providers to verify that third parties uphold data privacy and security standards, but it places limited regulatory obligations on third parties themselves, leaving accountability for data security largely with the data providers. Data providers argue that the rule essentially forces them to subsidize third-party access to consumer data without sharing the cost burden.

During the rule comment period, a range on commentators raised concerns about potential overlaps and compliance complexities with other existing consumer financial laws, and the CFPB has attempted to address those issues in the final rule. Many comments focused on the need for clarity on how the rule interacts with laws such as the Electronic Fund Transfer Act (EFTA), Fair Credit Reporting Act (FCRA), and Gramm–Leach–Bliley Act (GLBA).

  • In comments before the final rule, data providers requested that the CFPB extend the Regulation E error resolution requirements to third parties such as data aggregators. The CFPB reasoned, however, that consumers should address these concerns with their primary financial institution, in line with statutory error resolution rights under the EFTA. Furthermore, data providers and third parties that are Regulation E financial institutions will continue to have error resolution obligations in the event of data breaches.
  • During the comment period to the final rule, there was concern that it would expand FCRA compliance. In the final rule, the CFPB clarified that data providers sharing information at the consumer’s request “does not cause data aggregators to incur legal liability under the FCRA that they would not otherwise assume through their ordinary operations” and would not “alter the types of data, parties, or permissible purposes covered by the FCRA.”
  • Some commentors asked how the rule’s data limitations align with GLBA permissions. The CFPB states Section 1033’s data sharing requirements coexist with GLBA but do not override or replace its mandates, maintaining distinct protections under each law.

Compliance Tiers and Timeline

The rule provides compliance deadlines that are staggered based on institution size:

  • First Tier: Depository institution data providers that hold at least $250 billion in total assets and nondepository institution data providers that generated at least $10 billion in total receipts in either calendar year 2023 or calendar year 2024 must comply by April 1, 2026.
  • Second Tier: Depository institution data providers that hold at least $10 billion in total assets but less than $250 billion in total assets and nondepository institution data providers that generated less than $10 billion in total receipts in both calendar year 2023 and calendar year 2024 must comply by April 1, 2027.
  • Third Tier: Depository institution data providers that hold at least $3 billion in total assets but less than $10 billion in total assets must comply by April 1, 2028.
  • Fourth Tier: Depository institution data providers that hold at least $1.5 billion in total assets but less than $3 billion in total assets must comply by April 1, 2029.
  • Fifth Tier: Depository institution data providers that hold less than $1.5 billion in total assets but more than $850 million in total assets must comply by April 1, 2030.

Conclusion: Prioritizing Readiness

The CFPB’s Section 1033 rule represents a transformative shift in the U.S. financial regulatory landscape, centering consumer control over data rights and driving the industry to an open banking model. Fintech advocates view it as an essential step towards consumer empowerment, while banks and credit unions warn of risks to data security and have liability concerns. Even as the CFPB begins assessing applications for standard-setting bodies, legal and compliance teams from institutions and fintech companies alike should begin to look ahead, with a focus on data security, potential contractual updates with third parties, and regulatory alignment.


Originally published November 22, 2024.

You can subscribe to future advisories and other Alston & Bird publications by completing our publications subscription form.

If you have any questions, or would like additional information, please contact one of the attorneys on our Financial Services Team.

CFPB Releases Chart to Help Determine if Nonbank Registration is Required

What Happened?

On October 3, 2024, the CFPB released a Nonbank Registration: Orders Rule Coverage Chart (the “Chart”) that summarizes how  an entity that is subject to an order may determine if it must register that order under the CFPB’s recently-issued Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders Final Rule (“the Final Rule”).

 Why is it Important?

The Final Rule was issued earlier this year in June and requires certain nonbank entities to register with the CFPB’s Nonbank Registry (“NBR”) and provide information about certain Federal, State, or local orders imposing obligations on the nonbank entity based on violations of certain consumer protection laws. In general, an entity that is subject to an order must register that order with the NBR if the order is a “covered order” and the entity is a “covered nonbank,” as those terms are defined in the Final Rule. In addition, a covered nonbank that meets the definition of a “supervised registered entity” must also annually identify the executive(s) responsible for, and knowledgeable of, the entity’s efforts to comply with the orders identified in the NBR and submit an annual written statement and attestation. We covered the Final Rule in more detail in a previous blog post that can be found here.

Chart Summary

The Chart first considers whether an order is a “covered order” under the Final Rule. A covered order must meet all of the following criteria:

  • It is an order, i.e., any written order or judgment issued by an agency or court in an investigation, matter, or proceeding;
  • It is a final, public order issued by an agency or court;
  • Identifies a covered nonbank by name as a party subject to the order;
  • Was issued, at least in part, in any action or proceeding brought by any Federal, State, or local agency;
  • Contains public provisions that impose obligations on the covered nonbank to take certain actions or to refrain from taking certain actions;
  • Imposes obligations on the covered nonbank based on certain alleged violations of a covered law (e.g., Federal consumer financial laws, any other laws enforced by the CFPB, and certain unfair, deceptive, or abusive acts or practices laws at both Federal and State levels) and;
  • Has an effective date on or after January 1, 2017.

Under the Final Rule, an order is not a “covered order” if it is:

  • An order with effective date prior to September 16, 2024, that did not remain in effect as of September 16, 2024; or
  • An order issued to a motor vehicle dealer that is predominantly engaged in the sale, leasing, and servicing of motor vehicles within the meaning of the Dodd-Frank Act 12 USC § 5519(a).

Next, the Chart considers whether a nonbank is a “covered nonbank.” A covered nonbank is a covered person under the Dodd-Frank Act that is not exempt from coverage under the Final Rule.  Under the Dodd-Frank Act, a “covered person” is (A) any person that engages in offering or providing a “consumer financial product or service”; and (B) any affiliate of such person if such affiliate acts as a service provider to such person. Among other things, consumer financial products and services generally include extending credit, servicing loans, brokering of certain leases of personal or real property, providing real estate settlement services, and collecting debt, to the extent that such products and services are offered or provided for use by consumers primarily for personal, family, or household purposes.

Under the Final Rule, a nonbank is not a “covered nonbank” if it is:

  • An insured depository institution or insured credit union (e.g., an FDIC-insured bank);
  • A “related person” under the Dodd-Frank Act (when that is the sole reason for qualifying as a covered person);
  • A State, including federally recognized Indian tribes;
  • A natural person;
  • Certain motor vehicle dealers; or
  • A person that qualifies as a covered person under the Dodd-Frank Act only because of conduct excluded from the CFPB’s rulemaking authority.

Implementation Submission Periods

The CFPB highlights the following key dates for the implementation submission periods on its website:

  • For Larger Participant CFPB-Supervised Covered Nonbanks, the registration submission period opens October 16, 2024, and the deadline to register is January 14, 2025.
  • For other CFPB-Supervised Covered Nonbanks, the registration period opens January 14, 2025, and the deadline to register is April 14, 2025.
  • For all other Covered Nonbanks, the registration period opens April 14, 2025, and the deadline to register is July 14, 2025.

What Do You Need to Do?

As of October 16, 2024, the registration submission period opened for Larger Participant CFPB-Supervised Covered Nonbanks, the first group of covered nonbank entities. The CFPB has issued rules identifying the criteria for “larger participants” in various consumer markets including automobile financing, student loan servicing, consumer reporting, consumer debt collection, and international money transfer markets. The requisite thresholds for covered nonbank entities in each market to be considered a “larger participant” are as follows:

  • Automobile Financing – At least 10,000 aggregate annual originations. 12 C.F.R. § 1090.108(b).
  • Student Loan Servicing – Account volume exceeds 1 million. 12 C.F.R. § 1090.106(b).
  • Consumer Reporting – Annual receipts resulting from consumer reporting are more than $7 million. 12 C.F.R. § 1090.104(b).
  • Consumer Debt Collection – Annual receipts resulting from consumer debt collection are more than $ 10 million. 12 C.F.R. § 1090.105(b).
  • International Money transfer – At least 1 million aggregate annual international money transfers. 12 C.F.R. § 1090.107(b).

Covered nonbank entities should ensure that they comply with the registration requirements and be aware of the upcoming deadlines in the coming months. Moreover, as advised in our last blog post covering the Final Rule, companies should double down on compliance and be extra vigilant to avoid the designation of a “repeat offender.”

Strike Force on Unfair and Illegal Pricing Holds First Public Meeting: CFPB Director Highlights Work on Junk Fees

What Happened?

As reported by Alston & Bird’s Antitrust Group, the Federal Trade Commission and the Department of Justice hosted the first public meeting of the Strike Force on Unfair and Illegal Pricing (the “Strike Force”).  President Biden announced the Strike Force’s formation in March 2024 to strengthen interagency efforts to root out and stop illegal corporate behavior that burdens American families through anticompetitive, unfair, deceptive, or fraudulent practices.  Officials from several agencies, including the CFPB, highlighted their work to lower prices across multiple industries for Americans.

Why Does it Matter?

With regards to the CFPB, Director Chopra highlighted some of its work on cracking down on so-called “junk fees,” many of which we have previously highlighted here, here, and here.

The CFPB has been prolific on its junk fee initiative, issuing 14 press releases, 10 blog posts, three enforcement actions, promulgating rules, commissioning eight reports, as well as issuing Advisory Opinions, Circulars and videos. In its prepared remarks at the Strike Force meeting, the CFPB Director outlined the Bureau’s work on junk fees imposed by companies that process payments, in this case for children’s school lunches. In his recent remarks, Director Chopra makes clear, the agency is not stopping and forecasted that:

  • The CFPB is looking at the costs for credit reports and credit scores and using existing laws to ensure that fees for such credit products are “fair and reasonable.”
  • The Bureau is “closely scrutinizing all aspects of the credit card market.”
  • The CFPB is “investigating the role of not just individual executives, but also the investors, like private equity funds, that call the shots.” According to Director Chopra, such controlling investor or other investment vehicle could be subject to direct liability if they are “calling the shots.”

What Do I Need to Do?

Companies subject to CFPB supervision should consult with consumer protection and antitrust counsel to make sure they are not inadvertently engaging in anticompetitive, deceptive, unfair or fraudulent practices, when setting pricing or when imposing, adding, or changing fees.

Companies should also evaluate their pricing and fee practices to ensure they are making independent decisions for setting prices.

When changing pricing or adding fees, companies should look closely at the CFPB’s priorities, which is wide and deep and includes fees in mortgage origination, mortgage servicing, credit cards, and payment processors, among others.

CFPB Releases Long-Awaited Proposal to Amend Regulation X Loss Mitigation Rules

What Happened?

On July 10, 2024, the Consumer Financial Protection Bureau (CFPB or Bureau) proposed a rule to amend provisions of its Mortgage Servicing Rules to significantly revamp requirements relating to borrowers experiencing payment difficulties (the Proposed Rule).  The Proposed Rule includes a number of key changes to the servicing requirements in Regulation X (12 C.F.R. Part 1024), including limited English Proficiency requirements. While many of the key concepts were anticipated by the industry, the proposed provisions go much further than expected.

The Bureau is accepting comments on the Proposed Rule through September 9, 2024.

Why Does it Matter?

In June 2023, the Bureau signaled its intent to engage in rulemaking to streamline certain requirements and processes in the Mortgage Servicing Rules to significantly revamp requirements relating to borrowers experiencing payment difficulties (the Proposed Rule). The Proposed Rule would represent the first major changes to the Mortgage Servicing Rules since 2016 (although the Bureau has made targeted updates in the interim – such as the 2018 changes relating to periodic statements). We describe the key provisions below.

Loss Mitigation Procedures

Under the Proposed Rule, the CFPB would remove most of the existing application-based loss mitigation framework from § 1024.41, including the existing provisions regarding loss mitigation application reviews and notices; complete application evaluations and notices); “anti-evasion” facially-complete applications, and exceptions for short-term loss mitigation options and COVID-19-related options; notices of complete application; and the associated commentary.

The CFPB proposes to replace the existing loss mitigation framework with a new hand raise framework based on foreclosure procedural safeguards, as follows:

  • Loss Mitigation Review Cycle: Under the Proposed Rule, the foreclosure procedure safeguards begin once a “loss mitigation review cycle begins.”
    • A Loss Mitigation Review Cycle would be defined as a continuous period of time beginning when the borrower makes a request for loss mitigation assistance, provided the request is made more than 37 days before a foreclosure sale and ending when the loan is brought current or when the foreclosure process procedural safeguards (as discussed in Loss Mitigation Procedures) are met. A loss mitigation review cycle continues while a borrower is in a temporary or trial modification and the loan has not yet been brought current.
    • A Request for Loss Mitigation Assistance would include any oral or written communication occurring through any usual and customary channel for mortgage servicing communications whereby a borrower asked a service for mortgage review, including a borrower expresses an interest in pursuing a loss mitigation option. There are a few things to note in this definition. The definition is to be interpreted broadly to include (i) a borrower who expresses an interest in pursuing a loss mitigation option, (ii) a borrower who indicates that they have experienced a hardship and asks the servicer for assistance with making payments, retaining their home, or avoiding foreclosure, or (iii) in response to a servicer’s unsolicited offer of a “loss mitigation option” (as that term is currently defined in Regulation X), a borrower expresses an interest in pursuing either the loss mitigation option offered or any other loss mitigation option. According to the Proposed Rule’s preamble, “a servicer should presume that a borrower who experiences a delinquency has made a request for loss mitigation assistance when they contact the servicer unless they clearly express some other intention.” The proposal clarifies that certain informal types of communications (such as social media messaging or handwritten notes on payment coupons) would not constitute a request for loss mitigation assistance but fails to provide servicers flexibility to designate where borrowers can make such requests.
  • Foreclosure Procedural Safeguards: Under the Proposed Rule, once a “loss mitigation review cycle” begins, a servicer would be prohibited from beginning or advancing the foreclosure process until one of the following procedural safeguards is met:
    • The servicer has reviewed the borrower for all available “loss mitigation options,” a defined term under existing Regulation X, and no available loss mitigation options remain, the servicer has sent the borrower all required notices required, and the borrower has not requested any appeal within the applicable time period or, if applicable, all of the borrower’s appeals have been denied; or
    • The borrower has not communicated with the servicer for at least 90 days despite the servicer having regularly taken steps to communicate with the borrower regarding their loss mitigation review and, if applicable, the servicer’s loss mitigation determination.

Importantly, the Proposed Rule would no longer require a borrower to submit a complete loss mitigation application in order to enjoy foreclosure protections. Rather, borrowers would receive the proposed foreclosure protections as soon as they request loss mitigation assistance.

  • Prohibition on Advancing Foreclosure: Currently, servicers are prohibited from making the first notice or filing required by applicable law for any judicial or non-judicial foreclosure process under certain circumstances, as well as from moving for foreclosure judgment or order of sale or conducting a foreclosure sale under other circumstances. However, currently, servicers may still proceed with other interim foreclosure actions, such as mediation or arbitration.

Under the Proposed Rule, if a borrower requests loss mitigation assistance more than 37 days before a foreclosure sale, a servicer would be prohibited from initiating or advancing foreclosure (which would also include sale scheduling or completion) unless one of the above foreclosure procedural safeguards are met. The CFPB notes that, under the proposed rule, advancing the foreclosure process would include any judicial or non-judicial actions that advance the foreclosure process and were not yet completed prior to the borrower’s request for a loss mitigation option. Such actions might include, for example, certain filings, such as those related to mediation, arbitration, or reinstatement that take place prior to final order or sale; certain affidavits, motions, and responses that advance the foreclosure process; or recordings or public notices that occur before a final foreclosure judgment or sale. Notably, the CFPB is not proposing to require servicers to dismiss pending foreclosures; however, a servicer may be required to make necessary filings to pause the foreclosure proceedings until the safeguards are met.

  • Sequential Loss Mitigation Review: Under the Proposed Rule’s loss mitigation framework, a servicer would no longer be required to collect a complete loss mitigation application for all available options prior to making a determination about whether to deny or to offer a loss mitigation option to a borrower. Accordingly, a servicer would be permitted, but not required to, review a borrower for loss mitigation options sequentially rather than simultaneously. Notably, the CFPB clarifies in the preamble to the Proposed Rule, that “[i]nvestor guidelines, including what are commonly referred to as waterfalls, will continue to determine whether any loss mitigation option is available and whether the borrower qualifies for a given option.”
  • Fee Prohibition: The CFPB is proposing to replace the temporary COVID-19 procedural safeguards in § 1024.41 with a proposed requirement that during a loss mitigation review cycle, no fees beyond the amounts scheduled or calculated as if the borrower made all contractual payments on time and in full under the terms of the mortgage contract shall accrue on the borrower’s account.

The CFPB states that the proposed fee protection “would be broad, and would restrict the accrual of interest, penalties, and fees during the loss mitigation review cycle.” The Bureau also acknowledges that “this broad prohibition may result in servicers making payments to third party companies for delinquency-related services that servicers may not be able to recoup[.]” However, the CFPB states that it has preliminarily “determine[d] that borrowers who have made a request for loss mitigation assistance should not continue accruing fees that make it harder for them to resolve the delinquency and avoid foreclosure” and “that fee protections may create incentives for servicers under the proposed new framework to efficiently process a borrower’s request for loss mitigation assistance and evaluate them for loss mitigation solutions quickly and accurately.” That said, given that the loss mitigation review framework could go on almost indefinitely, as noted below, it is hard to see how such efficiencies or incentives would be realized.

  • Duplicative Requests: Currently, a servicer is required to comply with the requirements of Regulation X for a borrower’s loss mitigation application, unless the servicer has previously complied with the requirements of that section for a complete loss mitigation application submitted by the borrower and the borrower has been delinquent at all times since submitting the prior complete application.

Significantly, the Proposed Rule would require that servicers comply with the requirements of proposed § 1024.41 for a borrower’s request for loss mitigation assistance during the same loss mitigation review cycle unless one of the procedural safeguards is met. Notably, the Proposed Rule would not appear to prohibit a borrower from re-requesting loss mitigation assistance indefinitely (and, thus, beginning a new loss mitigation review cycle with new foreclosure procedural safeguards), unless otherwise provided by investor guidelines.

Loss Mitigation Determination Notices

  • Coverage of Determination Notices Expanded: Currently, Regulation X requires that loss mitigation determination notices state, in relevant part, which loss mitigation options, if any, the servicer will offer to the borrower on behalf of the owner or assignee of the mortgage, the specific reason or reasons a borrower’s complete loss mitigation application is denied for any trial or permanent loan modification option available to the borrower and, if applicable, that the borrower has the right to appeal the denial of any loan modification option as well as the amount of time the borrower has to file such an appeal and any requirements for making an appeal.

The Proposed Rule would expand § 1024.41’s loss mitigation determination notice provisions to require that servicers provide determination notices for all types of loss mitigation offers and denials, including forbearances, deferrals, and partial claims.  In other words, servicers would be required to include in determination notices the specific reason or reasons a borrower’s loss mitigation request is denied for any loss mitigation option (not just loan modification options) available to the borrower as well as information regarding the borrower’s appeal rights (which would extend to all loss mitigation denials).

  • Expanded Information on Determination Notices: Under the Proposed Rule, in addition to disclosing the amount of time the borrower has to accept or reject an offer, the borrower’s right to appeal the loss mitigation determination, and the specific reason or reasons for that loss mitigation determination, a servicer’s determination notice would be required to include the following additional information:
    • Information about key borrower-provided inputs that served as the basis for the loss mitigation determination;
    • A telephone number, mailing address, and website address, where the borrower can access a list of non-borrower provided inputs used by the servicer in making the loss mitigation determination;
    • Information that would enable a borrower to access a list of all loss mitigation options that may be available from the investor; and
    • Information about all other loss mitigation options that may remain available, previously offered options that the borrower did not accept, and whether any offered option will remain available if the borrower requests review for additional options prior to accepting or rejecting the offer.

The expanded information requirements, as proposed, raise a number of unanswered questions.

For example, it is unclear what would constitute a “key” borrower-provided input. The preamble to the Proposed Rule suggests that any borrower-provided input that served as the basis for the servicer’s determination would arguably be covered. Similarly, it is unclear what is the scope of non-borrower provided inputs servicers must permit borrowers to access. For example, it is unclear whether servicers would be required to list that, among other things, the property is secured by a first-lien mortgage loan, the property is owner-occupied, and/or the borrower’s loan meets specified delinquency requirements (if applicable).

Further, the expanded notice requirements are likely to create significant operational challenges for servicers. For example, servicers will likely need to track not only the loss mitigation options generally made available by the owner or assignee of each loan they service, but also the loss mitigation options previously offered to each borrower, the options each borrower did not accept, and whether any previously offered option will remain available if a borrower requests review for additional options prior to accepting or rejecting the offer. These operational complexities are compounded by the fact that investors and agencies routinely update their loss mitigation guidelines.

  • Denial Due to Missing Documents or Information Not in Borrower’s Control: In addition to relocating the current requirements relating to when a servicer may deny a loss mitigation application due solely to missing information not in the borrower’s or servicer’s control, the Proposed Rule would also amend the requirements to align with other proposed changes.

First, the Proposed Rule would prohibit servicers from denying a request for loss mitigation assistance due solely to missing information not in the borrower’s or servicer’s control unless the servicer has “regularly taken steps” to obtain the missing information and has been unable to obtain the information for at least 90 days. The CFPB indicated that it “expects that regularly taking steps would minimally include repeated attempted contact through the 90-day period with the relevant third party from whom the servicer needs to obtain the information.” The intent is to “ensure that servicers are making efforts to obtain needed information before denying a loss mitigation application due to missing information.”  While the Bureau proposes to replace the term “reasonable diligence” with “regularly taking steps,” the CFPB “does not intend to reduce or to lessen a servicer’s current obligation to obtain missing documents or information not in the borrower’s control.”

Second, the Proposed Rule would require servicers to provide a notice to borrowers if they deny such a request for loss mitigation assistance. The notice would retain certain information currently required, including requiring a statement that the servicer will complete its evaluation of the borrower for all available loss mitigation options promptly upon receiving the missing third-party information, but also would provide borrowers with additional information, including informing the borrower that the servicer will complete its evaluation of the request for loss mitigation assistance if the servicer receives the referenced missing documents or information within 14 days of providing the missing information determination notice to the borrower.

Third, the Proposed Rule would require servicers to provide borrowers with detailed information, which includes, among other things, a list of all other loss mitigation options that are still available to the borrower and a statement describing the next steps the borrower must take to be reviewed for those loss mitigation options, or a statement that the servicer has reviewed the borrower for all available loss mitigation options and none remain.

  • Unsolicited Loss Mitigation Offers: The Proposed Rule would require that a servicer provide the borrower with a notice when it offers a loss mitigation option based solely on information that the servicer already has instead of new borrower-provided information. The notice would be required to include the amount of time the borrower has to accept or reject the offer of loss mitigation and information notifying the borrower, among other things, of all other loss mitigation options that may remain available to the borrower and investor information.

Notably, the Proposed Rule would not revise the definition of “loss mitigation option,” which includes, among other things, refinancings. Moreover, the requirement to provide notice for unsolicited loss mitigation offers would not be limited to delinquent borrowers. As a result, it is unclear whether a lender/servicer that makes an unsolicited refinancing offer based solely on information that the lender/servicer already has (such as for a streamline refinancing) would be subject to the proposed notice requirement.

Loss Mitigation Error Resolution and Appeals

The CFPB proposes two significant changes to the notice of error provisions:

  • Covered Errors Expanded: The CFPB proposes to clarify that a failure to make an accurate loss mitigation determination on a borrower’s mortgage loan is a covered error, subject to the procedural requirements of § 1024.35.  According to the Bureau, this is merely clarifying its longstanding position, although courts have thought differently.
  • Notice of Appeal Also Covered Error: The Bureau is proposing that a notice of appeal could also be subject to the error resolution procedural requirements and vice versa.  More specifically, when an appeal meets the error resolution procedural requirements of § 1024.35, the proposed rule would require servicers to treat it as a notice of error and comply with the procedural requirements.  Similarly, if a borrower submits a notice of error under § 1024.35 relating to a loss mitigation determination, the notice of error would also constitute an appeal under Regulation X if the borrower submits the notice of error within 14 days after the servicer provides its loss mitigation determination.  When a notice of error is also an appeal, the Proposed Rule would require a servicer to complete the notice of error response requirements in § 1024.35 prior to making a determination about the borrower’s appeal.  So, a servicer would need to comply with the 30-day time period for a notice of appeal even in those instances where the notice of error provisions provides a longer response time.

Early Intervention

In addition to removing language relating to the COVID-19 pandemic, the Proposed Rule would make the following changes to the early intervention requirements in existing § 1024.39:

  • Written Early Intervention Notice Requirements: Under the Proposed Rule, servicers would be required to include the following additional information in the written early intervention notice:
    • The name of the owner or assignee of the borrower’s loan along with a statement providing a brief description of each type of loss mitigation option that is generally available from the investor of the borrower’s loan;
    • A website address and telephone number where the borrower can access a list of all loss mitigation options that may be available from the owner or assignee of the borrower’s loan; and
    • If applicable, a statement informing the borrower how to make a request for loss mitigation assistance.
  • Alternative Early Intervention Requirements for Performing Borrowers in Forbearance: The Proposed Rule would partially exempt servicers from the live contact and written early intervention notice requirements while a borrower is performing pursuant to the terms of a forbearance.
  • Terms of a Forbearance: The Proposed Rule would require that, at least 30 days, but no more than 45 days, before the scheduled end of the forbearance, the servicer establish, or make good faith efforts to establish, live contact with the borrower. During this contact, the servicer would be required to inform the borrower of the date the borrower’s current forbearance is scheduled to end and of the availability of loss mitigation options, if appropriate. In addition, the Proposed Rule would require that the servicer to provide a written notice, that discloses the date the borrower’s current forbearance is scheduled to end as well as the information required by the proposed written early intervention notice, at least 30 days, but no more than 45 days, before the scheduled end of the forbearance. The Proposed Rule also would require that, when a forbearance ends for any reason, a servicer must resume compliance with the early intervention and live contact requirements on the next payment due date following the forbearance end date.

Given the narrow time frame (15 days) within which servicers must establish, or make good faith efforts to establish, live contact with a borrower before the scheduled end of the borrower’s forbearance, this proposed requirement may create operational challenges for servicers.

Language Access

Currently, Regulation X does not contain requirements concerning serving limited English proficient borrowers. In its proposal, the Bureau strongly states that it “expects mortgage servicers to assist borrowers with limited English proficiency.”  To that end, and without clear statutory authority and without providing proposed regulation text, the CFPB proposes the following:

  • Specified Written Communications Required in Spanish: Servicers would be required to accurately (which term is not defined) translate into Spanish the specified written communications, meaning the early intervention notices (but not the website listing loss mitigation options that the CFPB is proposing) and notices whose forbearances will soon end, as well as written notices concerning loss mitigation. A servicer would be required to provide the Spanish and English versions to all borrowers.
  • Translations of Certain Written and Oral Communications in Five Additional Languages: Upon borrower request, servicers would be required to provide accurate translations of the specified written communication in one of the servicer-selected languages. Additionally, upon borrower request, the servicer would be required to make available and establish a connection with interpretative services before or within a reasonable time of establishing connection with the borrower during the specified oral communications to the extent that the borrower’s requested language is one selected by the servicer under the Proposed Rule. The specified oral communications would be the live contact and continuity of contact requirements. The servicer would be required to select five of the most frequently used languages from languages spoken by a significant majority of their non-Spanish speaking borrowers with limited English proficiency.
  • In-language Statements: Servicers would also be required to provide five brief statements accurately translated into the five languages selected by the servicer in the English version of the specified written communications. These statements would identify the availability of translation and interpretative services for the specified written and oral communications in the five languages and how borrowers can request such services.
  • Solicitation through Servicing: Under the Proposed Rule, if a borrower received marketing for their mortgage loan before origination in a language other than English, and the servicer knows or should have known of that marketing, the servicer would be required to make available translations or interpretations for that language even if it is not one of the servicer-selected languages.
  • Accurate translations: Failure to provide accurate translations or interpretations would result in a violation of the proposed requirement and the underling requirement.

Other Servicing Issues

In addition to the principal changes outlined above, the CFPB is seeking comments on a number of other topics that impact borrowers and servicers’ practices, to include credit reporting, zombie mortgages, and successors in interest.

  • Credit Reporting: The CFPB notes in its proposal that credit reporting issues arise with borrowers undergoing loss mitigation, specifically with respect to the accuracy and consistency of the information that servicers furnish. Specifically, the CFPB calls out the examples of:
    • after a borrower and servicer have agreed to a loss mitigation option, and the borrower is performing under the terms of that option, the servicer furnishing information to a credit reporting agency indicating that the borrower is delinquent based on the loan terms in place prior to the loss mitigation option; and
    • a servicer inconsistently using, or failing to use, appropriate industry guidance when reporting tradeline data for borrowers affected by a natural disaster, especially with respect to reporting optional data or reporting data without appropriate context.

In light of these issues, the Bureau is requesting public comment about how it could ensure that servicers furnish accurate and consistent credit reporting information for borrowers in connection.  Specifically, the CFPB is soliciting comment on:

    • What servicer practices may result in the furnishing of inaccurate or inconsistent information about mortgages undergoing loss mitigation review?
    • What protocols or practices do servicers currently use to ensure that mortgages are reported accurately and consistently? Are there specific protocols or practices for ensuring that loans in forbearance, or affected by natural disasters, are reported accurately and consistently?
    • Would it be helpful to have a special code to flag all mortgages undergoing loss mitigation review in tradeline data?
    • What steps should the CFPB take to ensure that servicers furnish accurate and consistent tradeline data?
  • Zombie Mortgages: Over the past year, the CFPB has become increasingly vocal about the issues that “zombie” (i.e., dormant, subordinate-lien) mortgage debt may pose to consumers, opining that certain protections under TILA, RESPA, and the Mortgage Servicing Rules apply to the collection of such debt. To guide further action, the Bureau is requesting public comment on the prevalence of zombie mortgages, whether such mortgages are likely to cause consumer harm in the future, and what action the CFPB could take to protect borrowers.
  • Successors in Interest: The Bureau’s major amendments to the Mortgage Servicing Rules in 2016 included the addition of provisions relating to successors in interest (using the framework established by the Garn-St. Germain Depository Institutions Act of 1982). The CFPB notes in the introduction to the Proposed Rule that it continues to receive feedback on challenges these provisions pose – whether by restricting the ability of successors in interest to take advantage of the protections, or by unintentionally excluding certain categories of consumers from the definition of a successor in interest.  Accordingly, the Bureau is requesting comment, data, and information on the prevalence of issues relating to successors in interest, as well as comment on what additional actions it could take to better protect potential, confirmed, and prospective successors in interest.

Similarly, as part of the Proposed Rule the CFPB is considering updates to its commentary to Regulation X, particularly as it relates to a request for loss mitigation assistance received from a potential successor in interest prior to confirming that individual’s identity and ownership interest in the property, and to the application of the Proposed Rule’s foreclosure procedural safeguards.

Impact on “Small Servicers”

Important to note is that the requirements of the Proposed Rule would not apply to a “small servicer,” meaning an entity that:

  • Services (together with any affiliates) 5,000 or fewer mortgage loans, for all of which the servicer (or an affiliate) is the creditor or assignee;
  • Is a Housing Finance Agency (as defined in 24 C.F.F. § 266.5); or
  • Is a non-profit entity (i.e., a 501(c)(3)) that services 5,000 or fewer mortgage loans on behalf of associated non-profit entities, for all of which the servicer or associated entity is the creditor.

What Do I Need to Do?

Given that this represents the first widespread changes to the Mortgage Servicing Rules in eight years, the Proposed Rule could result in significant changes to industry practices – requiring investment of time and other resources as servicers consider the move toward implementing new requirements.  At the Proposed Rule stage – when the opportunity for public comment remains open – servicers should carefully review the Bureau’s proposal to consider how it would impact servicing practices, and whether they can offer public comment or data that would be beneficial to guiding the CFPB as it moves forward in implementing amendments to Regulation X.  Servicers should consider submitting a comment letter to ensure that the Bureau receives any necessary feedback on the Proposed Rule and its invitations for data and other information.