Alston & Bird Consumer Finance Blog

#CFPB

Update Regarding the CFPB’s Buy Now, Pay Later Orders

By

In a prior post, we reported that the language used in orders recently issued by the CFPB to leading Buy Now, Pay Later (“BNPL”) providers suggested that the CFPB intends to use the information it collects to build enforcement cases rather than monitor market developments. We also reported that if this is the case, it is a departure from historic precedent and can be considered an end-run around the procedural safeguards established by Congress in Section 1052 of the Dodd-Frank Act to ensure that due process is afforded to financial institutions that become the target of CFPB enforcement investigations.

The CFPB’s intentions were apparently confirmed in a January 5 article in Axios about the BNPL orders, which quotes the CFPB’s small dollar, marketplace and installment lending program manager as saying:

It is certainly possible that we could as a result of the data collection take enforcement action.

Assuming this quote is accurate, recipients of CFPB 1022(c)(4) market monitoring orders should be well aware that any information provided to the agency may be used for enforcement purposes.

Is the CFPB using its market monitoring orders to build enforcement cases?

By

As we previously noted, on October 21, the CFPB issued orders to six large technology firms seeking information about their payment product business plans (the “October 21 Orders”). According to the Bureau, the purpose of orders was to “shed light on the business practices of the largest technology companies in the world.” The CFPB’s use of its market monitoring authority under Section 1022(c)(4) of the Dodd-Frank Act for this amorphous purpose was a break from established precedent. Historically, the CFPB issued 1022(c)(4) orders to support its efforts to issue specific rulemakings or Congressionally-mandated research reports. (See, e.g., Appendix B of the CFPB’s 2018 Sources and Uses of Data report).

On December 16, the CFPB again broke with historic precedent when it issued a new set of 1022(c)(4) orders, this time to five Buy Now, Pay Later (“BNPL”) providers (the “December 16 Orders”). Much has already been written about the information demanded by the CFPB in the orders, and about the institutions subject to the orders. However, less attention has been paid to what the CFPB might do with the information it receives.

Traditionally, the CFPB has maintained a firewall between its market monitoring function and its enforcement function, in recognition of the distinction established by Congress in the Dodd-Frank Act. Section 1022(c)(4) of the Dodd-Frank Act authorizes the CFPB to monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services. Congress specified that information obtained by the CFPB using this general power may only be made public (if at all) through aggregated reports or other formats designed to protect the confidentiality of the information. Accordingly, Congress provided few procedural safeguards to financial institutions subject to such collections. Section 1052 of the Dodd-Frank Act establishes the specific enforcement powers of the CFPB and provides that the CFPB may collect information by means of civil investigative demands (CIDs) for the purpose of ascertaining whether a financial institution has violated Federal consumer financial law. Congress provided several procedural safeguards for the targets of CFPB enforcement investigations, including requirements for the service and contents of CIDs, the collection of oral testimony, and the receipt of petitions to modify or set aside the CIDs.

In announcing its October 21 Orders, the CFPB publicly released a sample order representing the actual orders sent to the six technology firms. The language used in the sample order maintained the firewall between its market monitoring and enforcement activities, stating in relevant part:

This is a market-monitoring order issued under Section 1022(c)(1) & (4) of the Dodd-Frank Act… It is not a supervisory order …, nor is it being issued under section 1052 of the Dodd-Frank Act.

By contrast, the sample order released in connection with CFPB’s announcement of the December 16 Orders to the five BNPL providers lacks the language acknowledging that the order is not being issued under Section 1052, and only states in relevant part:

This is a market-monitoring order issued under Section 1022(c)(1) & (4) of the Dodd-Frank Act… It is not a supervisory order.

Also, the December 16 sample order contains new language not present in the October 21 sample order, stating:

The Bureau reserves the right to use the information for any purpose permitted by law.

Read together, these two changes suggest that the CFPB intends to remove the firewall between its market monitoring and enforcement functions and could use the information collected from the BNPL providers pursuant to the December 16 Orders to build enforcement cases. If so, this development could be considered an attempted end-run around the procedural safeguards established by Congress in Section 1052 of the Dodd-Frank Act. The CFPB can, if it wishes, provide express procedural safeguards within the orders that are equivalent to the types provided in Section 1052 or by agencies like the FTC in similar circumstances, but it has elected not to do so at this time. Recipients of future 1022(c)(4) orders should be mindful of this development in their responses to the CFPB.

Did the CFPB follow PRA requirements in issuing its Big Tech orders?

By

On October 21, the CFPB issued a series of orders to “collect information on the business practices of large technology companies operating payments systems in the United States.”

The CFPB sent the orders to six companies: Amazon, Apple, Facebook, Google, PayPal, and Square. In a statement accompanying the press release announcing the orders, Director Chopra described the CFPB’s action as an “inquiry into big tech payment platforms” and stated that he had ordered “six technology platforms offering payment services” to turn over information about their products, plans and practices. Responses from the companies to the CFPB orders are due by December 15.

The CFPB issued the orders pursuant to Section 1022(c)(4) of the Consumer Financial Protection Act (CFPA), its so-called market monitoring authority. See 12 U.S.C. 5512(c). This authority permits the CFPB to collect information regarding the activities of “covered persons” (a defined term) for the purpose of monitoring markets for risks to consumers in the offering or provision of “consumer financial products or services” (another defined term). This jurisdictional limitation is important – the CFPB cannot issue these orders to any company in the country; the orders may only be sent to companies that are engaged in offering or providing financial services (or that are service providers to those companies). Hence the CFPB’s necessary and intentional focus on large technology companies operating payments systems in the United States, rather than all technology companies.

Importantly, CFPB information collections under Section 1022(c)(4) of the CFPA are not exempt from the Paperwork Reduction Act (PRA) of 1995. See 44 U.S.C. 3501 et seq. PRA requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. See 5 C.F.R. 1320.5(a). As part of the general PRA review process, agencies must seek two rounds of public comment regarding a proposed information collection for a combined minimum of 90 days.

In reviewing an agency’s information collection request, OMB’s Office of Information and Regulatory Affairs (OIRA) will determine among other things whether the request is necessary for the proper performance of the agency’s functions, is not duplicative of information otherwise accessible to the agency, and has practical utility. See 5 C.F.R. 1320.5(d). If OIRA approves the agency’s information collection request, OMB will issue the agency a unique control number. An agency may not conduct or sponsor and a person is not required to respond to a collection of information unless it displays a currently valid OMB control number. See 5 C.F.R. 1320.5(b).

The PRA and OMB’s implementing regulation each define “collection of information” to mean obtaining answers to identical questions posed to “ten or more persons” within a twelve-month period. See 44 U.S.C. 3502(3) and 5 C.F.R  1320.3(c). This means that PRA requirements generally do not apply to information collected from nine or fewer institutions. However, OMB regulations further specify that “[a]ny collection of information addressed to all or a substantial majority of an industry is presumed to involve ten or more persons.” See 5 CFR 1320.3(c)(4)(ii). OMB guidance provides:

“All such collections require OMB review and approval. Agencies may have evidence showing that this presumption is incorrect in a specific situation. In such a case, the agency may proceed with the collection without seeking OMB approval. Upon OMB request, however, the agency needs to provide that evidence to OMB and needs to abide by OMB’s determination as to whether the collection of information requires OMB approval.” See OIRA, “The PRA of 1995: Implementing Guidance for OMB Review of Agency Information Collection,” Draft, Ch. II.C.3 (August 16, 1999).

The CFPB did not seek public comment on its proposed information collection before issuing its October 21st orders, and does not appear to have obtained OMB approval of its proposed information collection prior to issuing its October 21 orders. The reason it did not do so appears to be because it issued orders to only six companies, which are fewer than the ten institutions necessary for mandatory application of the PRA. However, the question remains whether the six institutions (which the CFPB described as “Tech Giants” in its press release) collectively represent a “substantial majority” of the industry identified by the CFPB (i.e., “large technology companies operating payments systems in the United States”).

While it is not clear from OMB regulations or guidance what proportion of an industry would constitute a “substantial majority” for PRA purposes, it is not inconceivable that the combined size and market share of Amazon, Apple, Facebook, Google, PayPal and Square might constitute a substantial majority of the “big tech payment platforms” industry. If this is the case, OMB rules create a presumption that the CFPB’s October 21st orders are subject to the PRA. Under normal circumstances, when considering a proposed information collection, CFPB staff are expected to consult with the agency’s OIRA desk officer as appropriate and the CFPB’s PRA officer will also offer CFPB leadership an independent opinion regarding the applicability of the PRA. Additionally, the CFPB may have prepared evidence for submission to OMB to rebut the presumption that its proposed information collection is subject to the PRA. However, nothing in the CFPB’s press release, sample order, Director’s statement or November 1 request for comment address the applicability of the PRA to the information sought from the six companies.

Take-Away: If the PRA applies to the CFPB’s October 21st orders, there are two significant consequences. First, without an OMB-approved control number attached to the orders, the recipients are under no legal obligation to respond to the CFPB. Second, contrary to the statutory purposes of the PRA articulated by Congress, the public will have been deprived of the meaningful opportunity to provide comment regarding the proposed orders in advance of their issuance. Such comments would foreseeably focus on important considerations raised by the proposal, including for instance the utility of the information being sought and the logical nexus between demands for internal memoranda relating to potential future business plans and the CFPB’s limited authority to monitor for present risks to consumers in the current offering or provision of consumer financial products and services. Such commentary, if sought and received by the CFPB, could only help it craft its orders in a way that achieves its goals while remaining faithful to the statutory purposes of the PRA. In as much as the CFPB’s novel use of its Section 1022(c)(4) authority creates a precedent for the future, additional transparency from the CFPB regarding the application of the PRA to its October 21st orders may be warranted, and would undoubtedly be welcome before December 15.

New CFPB Chief Rohit Chopra Confirmed by Senate and Takes Immediate Action Against Big Tech Firms

By

A&B Abstract:

On September 30, 2021, the Senate confirmed Rohit Chopra to serve as director of the Consumer Financial Protection Bureau (CFPB) in a 50-48 vote along party lines. He had been serving as a member of the Federal Trade Commission (FTC) where he had been a vocal critic of big tech companies and advocated for increased restitution for consumers. He previously served as the CFPB’s private education loan ombudsman under former CFPB Director Richard Cordray. Prior to that, he had worked closely with Sen. Elizabeth Warren on the CFPB’s establishment. Consistent with his past practices, Chopra’s CFPB has now ordered six Big Tech companies to turn over information regarding their payment platforms.

Expectations for Chopra’s CFPB

President-elect Biden announced Chopra as his choice to lead the CFPB before Inauguration Day, and the Biden Administration subsequently referred his nomination to the Senate in February. Chopra succeeds Kathy Kraninger, who became Director in December 2018 after having served as a senior official at the Office of Management and Budget. She led the CFPB for two years before the incoming Biden Administration demanded her resignation on January 20. It is expected that Chopra will aggressively lead the CFPB and unleash an industry crack down. The October 21, 2021 order issued to Big Tech regarding payment products appears to be the first step in that plan. Additionally, credit reporting companies, small-dollar lenders, debt collectors, fintech companies, the student loan industry, and mortgage servicers are among the financial institutions expected to face scrutiny from Chopra’s CFPB. Prior to the Big Tech inquiry, the CFPB, under interim leadership, had already taken initial steps to implement pandemic-era regulations and to advance the Biden administration’s priorities. It is also expected that the enforcement practices under former-Director Cordray will be revived under a Chopra-led CFPB.

After his confirmation, Chopra stated an intent to focus on safeguarding household financial stability, echoing prior statements regarding his commitment to ensuring those under foreclosure or eviction protections during the pandemic are able to regain housing security. He has also declared an intent to closely scrutinize the ways that banks use online advertising, as well as take a hard look at data-collection practices at banks. In his remarks related to the market-monitoring order issued to Big Tech, Chopra was critical of the way companies may collect data and his concern that it may be used to “profit from behavioral targeting, particularly around advertising and e-commerce.”

Just one week later, Chopra delivered remarks in his first congressional hearing as Consumer Financial Protection Bureau director. In his prepared statements before both the House Committee on Financial Services and the Senate Committee on Banking, Housing, and Urban Affairs, he cited mortgage and rent payments, small business continuity, auto debt, and upcoming CARES Act forbearance expirations as problems he plans to address. He also stated an intent to closely monitor the mortgage market and scrutinize foreclosure activity. And, echoing his action from a week earlier, Chopra reiterated an intent to closely look at Big Tech and emerging payment processing trends. Chopra also noted a lack of competition in the mortgage refinance market and stated an intent to promote competition within the market.

Although appointed to a five year term, the CFPB director serves at the pleasure of the president after a landmark decision last year from the Supreme Court.

Takeaway

Industry participants, including credit reporting companies, small-dollar lenders, debt collectors, fintech companies, the student loan industry, and mortgage lenders and servicers can anticipate additional scrutiny in the coming months and years from the CFPB. As Chopra gets settled into his new role, we will be keenly watching where he turns his attention to next.

Modern-Day Redlining Enforcement: A New Baseline

By , ,

On October 22, 2021, the U.S. Department of Justice (DOJ) announced an aggressive new initiative, in collaboration with U.S. Attorneys’ Offices throughout the country, to combat the practice of redlining. Three days prior, the Consumer Financial Protection Bureau (CFPB) was said to be hiring up to 30 new enforcement attorneys to focus on redlining and other fair lending enforcement. While these developments are not surprising for an Administration that has emphasized the importance of promoting racial equity, particularly in homeownership, this swift and purposeful action by federal regulators signals that these agencies mean business. Indeed, as evidence of this new priority, federal regulatory agencies have issued two multimilliondollar redlining settlements against financial institutions just in the past two months.

Since the early 1990s, federal regulatory agencies have recognized redlining as a type of illegal “disparate treatment” (i.e., intentional) discrimination that violates federal fair lending laws such as the Fair Housing Act and the Equal Credit Opportunity Act (ECOA). For example, in 2009, the agencies defined the term “redlining” as a form of disparate treatment discrimination where a lender provides unequal access to credit, or unequal terms of credit, because of the race, color, national origin, or other protected characteristic of the residents of the area where the credit seeker resides or will reside or where the residential property to be mortgaged is located. As recently as 2019, the DOJ continued to use the term “redlining” to refer to a practice whereby “lenders intentionally avoid providing services to individuals living in predominantly minority neighborhoods because of the race of the residents in those neighborhoods.”

To that end, the earliest redlining enforcement actions were brought against banks whose alleged intent to discriminate could be the only explanation for the bank’s geographic distribution of loans around, but not in, minority communities. As proof of a bank’s intent to discriminate, the DOJ produced brightly colored maps to support its position that a bank had unnaturally drawn its service area boundaries to circumvent minority neighborhoods from its mortgage lending and then painstakingly adhered to this “red line” to avoid serving these neighborhoods. In Atlanta, one bank allegedly drew a red line down the railroad tracks that divided the city’s white and black neighborhoods, while in the District of Columbia, another bank allegedly drew its own line down the 16th Street corridor. Years later, in Detroit and Minneapolis-St. Paul, still other banks were alleged to have served a virtual “horseshoe” encompassing white neighborhoods while carving out minority neighborhoods. And again, in Indianapolis, a bank allegedly drew an “Indy Donut” that encircled and excluded the minority areas in the center of the city. In these cases, given that the banks were required by the Community Reinvestment Act (CRA) to define the areas they intended to serve, the DOJ pointed to the banks’ use of different, and in some cases, oddly shaped, service area boundaries (as opposed to existing legal borders or contiguous political subdivisions) as evidence of intent to discriminate.

Today, the majority of mortgage loans in the United States are made by nonbank mortgage lenders that, while not subject to the CRA’s requirements, remain bound by the antidiscrimination provisions of the Fair Housing Act and ECOA. In lieu of maps and service area boundaries, federal regulators now look to the loan application and origination data reported by the lender under the Home Mortgage Disclosure Act (HMDA) as the starting point for a redlining investigation. If the HMDA data suggests that a mortgage lender’s generation of mortgage loan applications or originations in majority-minority census tracts might not be as strong as that of its “peers” (e.g., similarly sized competitors), a federal regulator may initiate an investigation to determine whether the lender has violated fair lending laws. Of course, because data about “racial imbalance” has been deemed by the U.S. Supreme Court to be insufficient for establishing a prima facie case of discrimination, a federal regulator must supplement the data with evidence that the lender’s arguably weaker performance in minority neighborhoods may have resulted from an intent to discriminate by excluding or otherwise treating those areas differently.

Recently, however, the evidence cited by federal regulators to establish redlining has evolved and expanded significantly. Specifically, regulators appear to be relying on a “discouragement” theory of redlining that looks at the totality of the circumstances to determine whether a reasonable person would have been discouraged from applying for a loan product or service – perhaps regardless of whether the lender intended to discriminate. It is worth noting that this theory derives from ECOA’s implementing regulation, Regulation B, which extends the statute’s protections to “potential” applicants, and is not found in the language of ECOA itself.[1] While a lender is prohibited by Regulation B from making discouraging oral or written statements to an applicant on the basis of race or other protected characteristic, long-standing federal agency guidance indicates that a finding of discouragement necessarily requires some evidence of differential treatment on a prohibited basis. Traditional examples of discouragement have included the use of phrases such as “no children” or “no wheelchairs” or “Hispanic residence,” or a statement that an applicant “should not bother to apply.” In contrast, recent redlining enforcement suggests that federal regulators may be interested in the multitude of factors that could have contributed to a lender’s observed failure to reach minority neighborhoods, which, when taken together, may prove the lender’s intent to discriminate.

For example, federal regulators appear to be scrutinizing a lender’s marketing efforts and strategies to determine whether the lender has sufficiently prioritized minority areas. Prior to 2020, redlining cases highlighted the lender’s alleged failure to market in minority areas by intentionally treating these areas differently, either by allegedly excluding such areas from any marketing campaigns or using different marketing materials, such as solicitations or offers, for white versus minority areas.[2] The most recent redlining cases, however, suggest that lenders’ marketing strategies might need to go beyond treating white and minority neighborhoods consistently. Specifically, in its summer 2021 Supervisory Highlights, the CFPB called out a lender that had engaged in redlining by marketing via “direct mail marketing campaigns that featured models, all of whom appeared to be non-Hispanic white” and using only “headshots of its mortgage professionals in its open house marketing materials … who appeared to be non-Hispanic white.” Notably, the CFPB did not indicate that the lender had marketed to, and conducted open houses in, white neighborhoods while excluding minority neighborhoods, nor that the lender had used different marketing materials for white versus minority neighborhoods. Rather, the CFPB’s claim effectively acknowledges that residents of minority neighborhoods would have received the same marketing materials as any other neighborhood. Yet the CFPB’s position appears to be that the use of white models and white employees in these otherwise neutral marketing materials would have discouraged a prospective applicant in a minority area, regardless of whether the lender intended to discourage anyone or not.

Indeed, recent redlining enforcement suggests that not only will regulators allege it insufficient to treat all applicants and neighborhoods the same, but a lender must undertake affirmative action to specifically target minority neighborhoods. This approach attempts to impose unprecedented, CRA-like obligations on nonbank mortgage lenders to proactively meet the needs of specific neighborhoods or communities and ensure a strong HMDA data showing – or else be subject to redlining enforcement. For example, the July 2020 complaint filed by the CFPB against Townstone Financial Inc. claimed that the lender had “not specifically targeted any marketing toward African-Americans.” Along the same vein, the August 2021 settlement between the DOJ, Office of the Comptroller of the Currency (OCC), and a bank in the Southeast resolved allegations that the lender had failed to “direct” or “train” its loan officers “to increase their sources of referrals from majority-Black and Hispanic neighborhoods.” Of course, lenders understand that “specifically targeting” prospective customers or neighborhoods on the basis of race or other protected characteristic is not required by, and may present its own risk under, fair lending laws. Indeed, the CFPB has suggested that the industry might benefit from “clarity” of how to use “affirmative advertising” in a compliant manner. Similarly, the CFPB’s allegation that Townstone had “not employ[ed] an African-American loan officer during the relevant period, even though it was aware that hiring a loan officer from a particular racial or ethnic group could increase the number of applications from members of that racial or ethnic group” was not only irrelevant since the lender’s main source of marketing was mass market radio advertisements but also presumptive and problematic from an employment-law perspective.

Setting aside the legal questions raised by this expanded approach to redlining, mortgage lenders will also face practical considerations when assessing potential fair lending risk. Given the mortgage industry’s extensive use of social media, lead generation, artificial intelligence, and other technologies to carry out marketing strategies and disseminate marketing material, an inquiry by a federal regulator into potential discouragement of certain applicant groups or areas could be endless. Could every statement or omission made by an employee on any form of media be relevant to a redlining investigation? How many statements or omissions would it take for a federal regulator to conclude that a lender has engaged in intentional, differential treatment based on race or other protected characteristic? To that end, could personal communications between employees, which are not seen by the public, and thus could not have the effect of discouraging anyone from applying for a loan, nevertheless be sought by a federal regulator to further a case of intentional discrimination? The language of recent redlining cases suggests that a regulator may find these communications relevant to a redlining investigation even if they do not concern prospective applicants.

Ultimately, both federal regulators and mortgage industry participants must work together to promote homeownership opportunities in minority areas. But along the way, a likely point of contention will be whether enforcement should be imposed on a lender’s alleged failure to develop and implement targeted marketing strategies to increase business from minority areas, such as expanding the lender’s physical presence to minority areas not within reasonable proximity to the lender’s existing offices, conducting marketing campaigns directed exclusively at minority areas, and recruiting minority loan officers for the specific purpose of increasing business in minority areas. Such an approach might overstate the meaningfulness of physical presence and face-to-face interaction in the digital age, when lenders rely heavily on their online presence.

Of course, there may be legitimate, nondiscriminatory business reasons for a lender’s chosen approach to its operations and expansion. It remains to be seen whether those reasons will be sufficient to assure a federal regulator that the lender’s arguably weak performance in a minority area was not the result of redlining. However, given that nearly all precedent regarding redlining has been set by consent orders and has yet to be tested in the courts, the outcome of any particular investigation will greatly depend on the lender’s willingness to delve into these issues.

[1] See 12 CFR § 1002.4(b), Comment 4(b)-1: “the regulation’s protections apply only to persons who have requested or received an extension of credit,” but extending these protections to prospective applicants is “in keeping with the purpose of the Act – to promote the availability of credit on a nondiscriminatory basis.”

[2] For example, the Interagency Fair Lending Examination Procedures identify the following as “indicators of potential disparate treatment”: advertising only in media serving nonminority areas, using marketing programs or procedures for residential loan products that exclude one or more regions or geographies that have significantly higher percentages of minority group residents than does the remainder of the assessment or marketing area, and using mailing or other distribution lists or other marketing techniques for prescreened or other offerings of residential loan products that explicitly exclude groups of prospective borrowers or exclude geographies that have significantly higher percentages of minority group residents than does the remainder of the marketing area.