Alston & Bird Consumer Finance Blog

#CFPB

CFPB Issues FCRA Advisory Opinions Addressing Background Screenings and Credit File Sharing Practices

By ,

What Happened?

On January 11, 2024, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued two separate advisory opinions interpreting consumer reporting agencies’ (“CRAs”) obligations under the Fair Credit Reporting Act (“FCRA”). First, the Bureau issued an advisory opinion on background check reports, which highlights that such reports must be complete, accurate, and free of information that is duplicative, outdated, expunged, sealed, or otherwise legally restricted from public access (the “Background Screening Opinion”). The Bureau’s second advisory opinion addresses file disclosure obligations under the FCRA, and “highlights that people are entitled to receive all information contained in their consumer file at the time they request it, along with the source or sources of the information contained within, including both the original and any intermediary or vendor source” (the “File Disclosure Opinion”).  The Bureau issued the advisory opinions to “ensure that the consumer reporting system produces accurate and reliable information and does not keep people from accessing their personal data.”

Why Is It Important?

The Background Screening Opinion

Section 607(b) of the FCRA requires that CRAs “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.” The Background Screening Opinion asserts that “[i]n many instances, background screening reports contain inaccurate information about consumers,” such as information about the wrong consumer, information that is duplicative, or that omits existing disposition information. The Bureau also found that some background screening reports “include arrests, convictions, or other court records that should not be included because they have been expunged or sealed or otherwise legally restricted from public access.”

Accordingly, the CFPB issued the Background Screening Opinion to “underscore obligations that the FCRA imposes when background screening reports are provided and used.” Specifically, the opinion affirms that CRAs must comply with their FCRA obligation to “follow reasonable procedures to assure maximum possible accuracy” under section 607(b). Specifically, the Background Screening Opinion provides that:

  • A CRA that reports public record information does not comply with section 607(b) if the CRA does not have reasonable procedures in place to ensure that the CRA:
    • does not report duplicative information or information that has been expunged, sealed, or otherwise legally restricted from public access in a manner that would prevent the user from obtaining it directly from the government entities that maintain the records, and
    • includes any existing disposition information if it reports arrests, criminal charges, eviction proceedings, or other court filings.
  • When CRAs include adverse information in consumer reports, the occurrence of the adverse event starts the running of the reporting period for adverse items under FCRA 605(a)(5), which is not restarted or reopened by the occurrence of subsequent events.
  • A non-conviction disposition (i.e., a dismissal or a similar disposition of criminal charges such as dropped charges or an acquittal) of a criminal charge cannot be reported beyond the 7-year period that begins to run at the time of the charge.

Accordingly, the Background Screening Opinion provides that CRAs “thus must ensure that they do not report adverse information beyond the reporting period” in section 605(a)(5) of the FCRA “and must at all times have reasonable procedures in place to prevent reporting of information that is duplicative or legally restricted from public access and to ensure that any existing disposition information is included if court filings are reported.”

The File Disclosure Opinion

Under the FCRA, CRAs are generally required to disclose to consumers all information in their file upon request. Specifically, section 609(a) of the FCRA provides that, upon request, a CRA must clearly and accurately disclose to the consumer “[a]ll information in the consumer’s file at the time of the request,” including the sources of the information. A “file” is defined as “all of the information on that consumer that is recorded and retained by a [CRA], regardless of how the information is stored.”

The File Disclosure Opinion clarifies that an individual requesting their files:

  • Only needs to make a request for their report and provide proper identification – they do not need to use specific language or industry jargon to be provided their complete file.
  • Must be provided their complete file with clear and accurate information that is presented in a way an average person could understand.
  • Must be provided the information in a format that will assist them in identifying inaccuracies, exercising their rights to dispute any incomplete or inaccurate information, and understanding when they are being impacted by adverse information.
  • Must be provided with the sources of the information in their file, including both the original and any intermediary or vendor source or sources.

What Do You Need to Do?

These advisory opinions follow President Biden’s October, 2023 Executive Order on the Safe, Secure and Trustworthy Development and Use of Artificial Intelligence (the “EO”).  Among other obligations, the EO encourages the CFPB to consider using its authority to use appropriate technologies including AI tools to ensure compliance with FCRA to address discrimination against protected groups.  These advisory opinions serve as a reminder of the importance of ensuring compliance with the FCRA, and that the use of data can lead to discriminatory outcomes under Federal law.

CFPB Touts 2023 Greatest Hits and Casts a Line for Enforcement Hires

By , ,

What Happened?

Earlier this week, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) released a blog post touting its 2023 successes in safeguarding “household financial stability” through the levying of fines and filing of lawsuits. The Bureau highlighted seven enforcement cases:

  • Protecting Servicemembers from Illegal High-Interest Loans and False Advertising: In February 2023, the CFPB ordered an auto title loan lender and several affiliated entities to pay a total of $15 million in penalties and consumer redress to resolve allegations that the entities violated the Military Lending Act. That same month, the CFPB permanently banned a California-based mortgage lender from the mortgage lending industry and imposed a $1 million penalty on the lender for repeatedly violating a 2015 consent order by, among other things, allegedly continuing to send advertisements to military families that led recipients to believe the company was affiliated with the U.S. government.
  • Taking Action for Illegally Charging Junk Fees, Withholding Credit Card Rewards, and Operating Fake Bank Accounts: In July 2023, the CFPB ordered a national bank to pay a more than $190 million in penalties and consumer redress to resolve allegations that the bank double dipped on insufficient funds fees imposed on customers, withheld reward bonuses promised to credit card customers, and misappropriated sensitive personal information to open accounts without customer knowledge or authorization. The Office of the Comptroller of the Currency (“OCC”) also found that the bank’s double-dipping on insufficient funds fees was illegal and ordered the bank to pay $60 million in penalties.
  • Intentional Illegal Discrimination Against Armenian Americans: In November 2023, the CFPB ordered a national bank to pay $25.9 million in fines and consumer redress for allegedly “intentionally and illegally discriminating against credit card applicants the bank identified as Armenian American.” 
  • Taking Action to Stop Loan Churning: In August 2023, the CFPB sued a high-cost installment loan lender and several of its wholly owned, state-licensed subsidiaries, for allegedly violating the Consumer Financial Protection Act by “illegally churning loans to harvest hundreds of millions in loan costs and fees.”
  • Illegal Rental Background Check and Credit Reporting Practices: In October 2023, the CFPB and the Federal Trade Commission (“FTC”) sued a rental screening subsidiary of a national consumer credit reporting agency for allegedly violating the Fair Credit Reporting Act by failing to take steps to ensure the rental background checks that landlords use to decide who gets housing were accurate and withholding from renters the names of third parties that were providing the inaccurate information. The resulting court order required the company to pay $15 million in penalties and make significant improvements to how it reports evictions. Separately, the CFPB ordered the national consumer reporting agency to pay $8 million in consumer redress and penalties for failing to timely place or remove security freezes and locks on consumer credit reports and for falsely telling certain consumers that their requests were processed.
  • Stopping unlawful junk advance fees for credit repair services: In August 2023, the CFPB entered into a settlement with a credit repair service conglomerate that imposed a $2.7 billion judgment and banned the companies from telemarketing credit repair services for 10 years.

The CFPB touted that in 2023 it secured over $3.5 billion in total fines and compensation from financial services “lawbreakers” in 2023.  The CFPB largely attributed these cases to the creation of a “team of technologists” working on emerging technologies to “enforce the law when emerging technologies harm consumers.”

Why is this Important?

The CFPB filed 29 enforcement actions in 2023 but selected the seven highlighted above, possibly signaling that junk fees, fair lending, servicemember protections, and credit reporting, among others, remain on the Bureau’s radar. We do not expect the CFPB to issue any sort of accounting covering enforcement cases which it dropped in 2023.

Interestingly, the CFPB also used this post to recruit new “cross-disciplinary” employees (both attorneys and non-attorneys) for its Office of Enforcement and reiterated that the Bureau is “significantly expanding [its] enforcement capacity in 2024 to build on [its] achievements so far.” The roles are located in the Bureau’s Washington, D.C. headquarters and its regional offices in Atlanta, Chicago, New York and San Francisco.  The last of the associated employment information virtual sessions occurred on January 30, 2024.  Strangely, the CFPB only released this blog post the day before the last of these three sessions and it is not known how that late notice may impact application numbers.

What Do You Need to Do?

Given that the CFPB is telegraphing those issues that are top of mind for the Bureau as well as its emphasis on ramping up enforcement in 2024, now is a good time for companies to review their compliance management programs and make any necessary enhancements to policies, procedures, processes, and systems to ensure compliance with all applicable consumer financial laws and regulations. In particular, institutions should revisit their compliance monitoring programs to determine whether any updates are needed to minimize enforcement risk.

CFPB Amicus Brief in FDCPA Case Signals Its Stance on Liability for False Statements

By

A&B Abstract:

On January 2, the Consumer Finance Protection Bureau (“CFPB” or “Bureau”) filed an amicus brief in Carrasquillo v. CICA Collection Agency, Inc. in support of Plaintiff-Appellant Carrasquillo. The brief challenges the District Court’s interpretation of the Fair Debt Collection Practices Act (“FDCPA”) in relation to a debt collector’s intent when making potentially incorrect statements.

Background:

Section 1692e of the Fair Debt Collection Practices Act (“FDCPA”) provides that “[a] debt collector may not use any false, deceptive, or misleading representation or means in connection with the collection of any debt.”  The statute creates a private right of action for consumers to sue debt collectors who break the law by lying or providing wrong information while collecting a debt.

The Carrasquillo Case:

The Carrasquillo case originated in September 2019, when the Plaintiff-Appellant initiated bankruptcy proceedings.  Defendant CICA Collection Agency had been engaged to collect an alleged debt from the Plaintiff-Appellant.  In October 2020 (during the pendency of the bankruptcy proceedings), CICA mailed a letter stating that such debt was “due and payable,” and that the Plaintiff-Appellant could be sued if the debt was not paid.  The letter did not acknowledge the pending bankruptcy proceeding.

In October 2021, the Plaintiff-Appellant sued the Defendant in the District Court for the District of Puerto Rico, alleging that the letter violated the FDCPA, for, among other grounds, making a false statement (given the operation of the automatic stay under 11 U.S.C. § 362).

CICA filed a Motion to Dismiss, arguing that it did not know Carrasquillo filed for bankruptcy because it had not received notice of the bankruptcy proceeding.  Therefore, CICA argued, it did not intentionally make a false statement, and should not be subject to liability.  The District Court granted CICA’s Motion to Dismiss, agreeing that the FDCPA did not intend to punish unintentional false statements.  The Plaintiff-Appellant appealed to the First Circuit.

The Amicus Brief:

In its brief, the CFPB argued that Section 1692e’s prohibition against the use of “any false, deceptive, or misleading representation” extends to the provision of wrong information. Thus, the FDCPA allows a consumer to sue a debt collector for providing wrong information that the collector should have known was wrong – such as, the CFPB argues, CICA’s claim that it could sue to collect debt from a consumer who had filed for bankruptcy.

Intent:

The CFPB’s primary contention is that intent is not a factor in determining liability under the law.  The Bureau supports this by emphasizing that elsewhere in the FDCPA, Congress described as an example of a violation “communicating or threatening to communicate to any person credit information which is known or which should be known to be false.” (Emphasis added.) Section 1692e indicates that these examples are provided “[w]ithout limiting the general application of the foregoing [statement]…” Accordingly, the Bureau argues, debt collectors cannot “stick their heads in the sand and claim ignorance” to avoid liability from incorrect statements – regardless of whether such statements were intentional.

Compliance Procedures:

In its brief, the CFPB also argues that debt collectors must show that they have procedures in place designed to prevent unintentional mistakes (such as that that the Defendant claims occurred in the Carrasquillo matter). Section 1692k of the FDCPA protects a debt collector from liability if the violation “resulted from a bona fide error notwithstanding the maintenance of procedures reasonably adapted to avoid any such error.” (Emphasis added.)  By the terms of that provision, the Bureau argues, “it is not enough for a debt collector to merely show that its conduct was unintentional to avoid liability; rather, it must also show that the violation was the result of a ‘bona fide error’ and that the collector maintained ‘procedures reasonably adapted to avoid’ that error.”

Takeaways:

If the appellate court rules for the Plaintiff-Appellant, favoring the CFPB’s argument, debt collectors will need to revisit their compliance procedures to ensure they do not accidentally make false statements to consumers.

The CFPB’s brief also highlights its ideal enforcement position regarding the FDCPA, which would include a zero-tolerance policy for debt collectors making false statements (barring a bona fide error which the debt collector would have the obligation to prove).

Complying with the “Consider” Requirement Under the Revised Qualified Mortgage Rules

By

A&B Abstract:

Purchasers of residential mortgage loans who are conducting audits of residential mortgages that they buy in the secondary market are struggling to determine what documentation satisfies the “consider” requirement of the revised qualified mortgage (QM) standards that became mandatory on October 1, 2022. In fact, originators of residential mortgage loans are not in agreement regarding what particular written policies and procedures they must promulgate and maintain and the documentation that they should include in the loan files. We set forth what we believe are the policies and procedures and the documentation that creditors must maintain and provide to their counterparties to comply with the consider requirement.

The Revised QM Rules

As a threshold matter, on December 10, 2020, Kathy Kraninger, who was the director of the Consumer Financial Protection Bureau (CFPB), issued the revised QM rules that replaced Appendix Q and the strict 43% debt-to-income ratio (DTI) underwriting threshold with a priced-based QM loan definition. The revised QM rules also terminated the QM Patch, under which certain loans eligible for purchase by Fannie Mae and Freddie Mac do not have to be underwritten to Appendix Q or satisfy the capped 43% DTI requirement. Compliance with the new rules became mandatory on October 1, 2022.

Under the revised rules, for first-lien transactions, a loan receives a conclusive presumption that the consumer had the ability to repay (and hence receives the safe harbor presumption of QM compliance) if the annual percentage rate does not exceed the average prime offer rate (APOR) for a comparable transaction by 1.5 percentage points or more as of the date the interest rate is set. A first-lien loan receives a “rebuttable presumption” that the consumer had the ability to repay if the APR exceeds the APOR for a comparable transaction by 1.5 percentage points or more but by less than 2.25 percentage points. The revised QM rules provide for higher thresholds for loans with smaller loan amounts, for subordinate-lien transactions, and for certain manufactured housing loans.

To qualify for QM status, the loan must continue to meet the statutory requirements regarding the 3% points and fees limits, and it must not contain negative amortization, a balloon payment (except in the existing limited circumstances), or a term exceeding 30 years.

Consider and Verify Consumer Income and Assets

In lieu of underwriting to Appendix Q, the revised rule requires that the creditor consider the consumer’s current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan, debt obligations, alimony, child support, and DTI ratio or residual income. The final rule also requires the creditor to verify the consumer’s current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan and the consumer’s current debt obligations, alimony, and child support.

In particular, to comply with the consider requirement under the rule, the CFPB provides creditors the option to consider either the consumer’s monthly residual income or DTI. The CFPB imposes no bright-line DTI limits or residual income thresholds. As part of the consider requirement, a creditor must maintain policies and procedures for how it takes into account the underwriting factors enumerated above and retain documentation showing how it took these factors into account in its ability-to-repay determination.

The CFPB indicates that this documentation may include, for example, “an underwriter worksheet or a final automated underwriting system certification, in combination with the creditor’s applicable underwriting standards and any applicable exceptions described in its policies and procedures, that shows how these required factors were taken into account in the creditor’s ability-to-repay determination.”

CFPB Staff Commentary

Paragraph 43(e)(2)(v)(A) of the CFPB Staff Commentary to Regulation Z requires creditors to comply with the consider requirement of the new QM rule by doing the following:

a creditor must take into account current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan, debt obligations, alimony, child support, and monthly debt-to-income ratio or residual income in its ability-to-repay determination. A creditor must maintain written policies and procedures for how it takes into account, pursuant to its underwriting standards, income or assets, debt obligations, alimony, child support, and monthly debt-to-income ratio or residual income in its ability-to-repay determination. A creditor must also retain documentation showing how it took into account income or assets, debt obligations, alimony, child support, and monthly debt-to-income ratio or residual income in its ability-to-repay determination, including how it applied its policies and procedures, in order to meet this requirement to consider and thereby meet the requirements for a qualified mortgage under § 1026.43(e)(2). This documentation may include, for example, an underwriter worksheet or a final automated underwriting system certification, in combination with the creditor’s applicable underwriting standards and any applicable exceptions described in its policies and procedures, that show how these required factors were taken into account in the creditor’s ability-to-repay determination [emphasis added].

The Secondary Market’s Review of Creditors’ Policies and Procedures and File Documentation

The revised rules suggest that, at a minimum, to ensure that the creditor has satisfied the “consider” requirement, a creditor must promulgate and maintain policies and procedures for how it takes into account the underwriting factors enumerated above as well as retain documentation showing how it took these factors into account in its ability-to-repay determination. Ideally, the creditor should make these written policies and procedures available to the creditor’s secondary market counterparties.

Further, and more importantly, the revised rules indicate that the individual loan files should contain a worksheet, Automated Underwriting Systems (AUS) certification, or some other written evidence documenting how the enumerated factors were taken into account in meeting the enhanced ability-to-repay standards. The underwriters should document their use of applicable exceptions to the creditor’s general policies and procedures in underwriting the loan.

Notwithstanding the foregoing, it is our understanding that compliance with these requirements has been uneven in the industry and that certain creditors have not promulgated the requisite written policies and procedures related to the consideration of income, assets, and debt. In addition, documentation (i.e., worksheets and AUS certifications) of these factors in individual loan files has been haphazard and inconsistent.

In March 2023, the Structured Finance Association convened an ATR/QM Scope of Review Task Force, comprising rating agencies, diligence firms, issuers, and law firms, to develop uniform best practice testing standards for performing due diligence on QM loans. Discussion topics included the documentation of the consider requirement of the revised QM rules.

In its early meetings, the participants in the task force confirmed that creditors have not uniformly developed written policies and procedures documenting the consider requirement. Participants have focused more on the creditor’s actual documentation of income, assets, and debt in individual loan files they believe would demonstrate substantive compliance with the underwriting requirements of the revised rules.

At this early juncture (compliance with the revised rule became mandatory in October 2022), it may be premature for secondary market purchasers of residential mortgage loans to cite their sellers or servicers for substantive noncompliance with the revised QM rules if these entities have not developed robust written policies and procedures that show how they consider income, assets, and debt.

It may be more fruitful for the secondary market to focus on the actual file documentation itself and determine whether the creditors have satisfied the consider requirement by properly underwriting the loans in accordance with the requisite elements and documenting the file with the appropriate worksheets and other written evidence.

The creditor’s failure to maintain the general policies and procedures does not necessarily render the subject loans non-QM if the loan files are adequately underwritten and amply documented. Compliance with the new QM rules and the documentation of the consider requirement is still at a rudimentary stage, and the secondary market will have to periodically revisit the way it audits mortgage loans.

CFPB’s Message to Mortgage Servicers: Make Sure You Comply with RESPA’s Force-Placed Insurance Requirements

By ,

A&B Abstract:

In Case You Missed It:  At the recent Federal Housing Finance Agency’s Symposium on Property Insurance, CFPB Director Rohit Chopra spoke about force-placed insurance and conveyed the following message: “The CFPB will be carefully monitoring mortgage market participants, especially mortgage servicers to ensure they are meeting all of their obligations to consumers under the law.”

The CFPB’s servicing rules set forth in RESPA’s Regulation X specifically regulate force-placed insurance. For purposes of those requirements, the term “force-placed insurance” means hazard insurance obtained by a servicer on behalf of the owner or assignee of a mortgage loan that insures the property securing such loan. In turn, “hazard insurance” means insurance on the property securing a residential mortgage loan that protects the property against loss caused by fire, wind, flood, earthquake, falling objects, freezing, and other similar hazards for which the owner or assignee of such loan requires assistance. However, force-placed insurance excludes, for example, hazard insurance required by the Flood Disaster Protection Act of 1973, or hazard insurance obtained by a borrower but renewed by a company in accordance with normal escrow procedures.

Given the Bureau’s announcement, now is a good time to confirm that your company has adequate controls in place to ensure compliance with all of the technical requirements of RESPA’s force-placed insurance provisions.  Set forth below are some of the many questions to consider:

Escrowed Borrowers:

  • When a borrower maintains an escrow account and is more than 30 days past due, does the company ensure that force-placed insurance is only purchased if the company is unable to disburse funds from the borrower’s escrow account?
    • A company will be considered “unable to disburse funds” when the company has a reasonable basis to believe that (i) the borrower’s hazard insurance has been canceled (or was not renewed) for reasons other than nonpayment of premium charges; or (ii) the borrower’s property is vacant.
    • However, a company will not be “unable to disburse funds” only because the escrow account does not contain sufficient funds to pay the hazards insurance charges.

Required Notices:

  • Does the company ensure that the initial, reminder, and renewal notices required for force-placed insurance strictly conform to the timing, content, format, and delivery requirements of Regulation X?

Charges and Fees:

  • Does the company ensure that no premium charge or fee related to force-placed insurance will be assessed to the borrower unless the company has met the waiting periods following the initial and reminder notices to the borrower that the borrower has failed to comply with the mortgage loan contract’s requirements to maintain hazard insurance, and sufficient time has elapsed?
  • Are the company’s fees and charges bona fide and reasonable? Fees and charges should:
    • Be for services actually performed;
    • Bear a reasonable relationship to the cost of providing the service(s); and
    • Not be prohibited by applicable law.
  • Does the company have an adequate basis to assess any premium charge or fee related to force-placed insurance, meaning that the company has a reasonable basis to believe that the borrower has failed to comply with the mortgage loan contract’s requirement to maintain hazard insurance because the borrower’s coverage is expiring, has expired or is insufficient?
  • Does the company have appropriate controls in place to ensure that the company will not assess any premium charge or fee related to force-place insurance to the borrower if the company receives evidence that the borrower has maintained continuous hazard insurance coverage that complies with the fee requirements of the loan contract prior to the expiration of the waiting periods (at least 45 days have elapsed since the company delivered the initial notice and at least 15 days have elapsed since the company delivered the reminder notice)?
  • Will the company accept any of the following as evidence of continuous hazard insurance coverage:
    • A copy of the borrower’s hazard insurance policy declarations page;
    • The borrower’s insurance certificate;
    • The borrower’s insurance policy; or
    • Another similar form of written confirmation?
  • Does the company recognize that the borrower will be considered to have maintained continuous coverage despite a late payment when applicable law or the borrower’s policy contemplates a grace period for the payment of the hazard insurance premium and a premium payment is made within that period and accepted by the insurance company with no lapse in coverage?
  • Within 15 days of receiving evidence (from any source) demonstrating that the borrower has maintained hazard insurance coverage that complies with the hazard insurance requirements in the loan contract, does the company:
    • Cancel any force-placed insurance that the company has purchased to insure the borrower’s property; and
    • Refund to the borrower all force-placed insurance premium charges and related fees paid by such borrower for any period of overlapping insurance coverage and remove from the borrower’s account all force-placed insurance charges and related fees that the company assessed to the borrower for such period?

And let’s not forget that companies must continue to comply with the above requirements if the company is a debt collector under the Fair Debt Collection Practices Act (“FDCPA”) with respect to a borrower and that borrower has exercised a “cease communication” right under the FDCPA.  Of course, failure to comply with the Regulation X requirements could also result in violations of UDAAP and FDCPA provisions.

Takeaway:

Given that the CFPB is telegraphing its upcoming review of servicers’ force-placed insurance practices, now is a good time for companies to ensure that their compliance management programs are robust enough to ensure compliance with all the technical requirements of RESPA’s force-placed insurance requirements. Alston & Bird’s Consumer Financial Services team is happy to assist with such a review.