The US consumer financial services marketplace is competitive and heavily regulated. Advances in technology and significant capital investment have attracted technology firms, including established firms and start-ups, to compete in the financial services market with traditional providers, including banks and the card networks. The Consumer Financial Protection Bureau (CFPB) has matured into a strong enforcement agency, alongside the federal bank regulators, including the Federal Reserve, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation, and state regulatory authorities. The CFPB continues to issue significant rules, based on its authority under the Consumer Financial Protection Act of 2010 (CFPA), its founding statute, as well as other federal consumer financial protection laws. Looking forward, the rate of innovation and the new US presidential administration have the potential to create an inflection point for the US consumer financial services market and opportunities for both new and established market participants.


i Statutory framework

Consumer payments, deposits and credit are subject to a complex set of federal and state statutes and regulations. With respect to consumer payments, the Electronic Fund Transfer Act (EFTA) establishes the basic rights, responsibilities and liabilities of consumers and entities that provide electronic fund transfer services. In addition, laws in nearly every state regulate money transmission, generally under a state licensing regime. With respect to deposits, the Federal Deposit Insurance Act (FDIA) establishes comprehensive deposit insurance coverage, while other federal laws, including the Truth in Savings Act, provide consumer protections. Consumer credit also is heavily regulated under federal and state law. The Truth in Lending Act (TILA) and the Equal Credit Opportunity Act (ECOA) provide the backbone for federal consumer protections related to the various forms of consumer credit. State law, including state usury protections, may also apply. Finally, the CFPA and the Federal Trade Commission (FTC) Act set forth prohibitions on unfair, deceptive and, in some cases, abusive acts or practices (UDAAP/UDAP).

In addition to these substantive statutes covering consumer payments, deposits and credit, there is an overlay of federal statutes covering law enforcement objectives (e.g., the Bank Secrecy Act) and consumer financial privacy (e.g., the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act (FCRA)), among other key statutes and regulations targeting public policy objectives. This overlay is the subject of extensive review and analysis in other treatises or law journals and is referred to herein only in passing.

ii Regulatory framework

Entities that provide consumer financial products or services are subject to regulation and enforcement by federal and state authorities. At the federal level, the CFPB has enforcement authority with respect to ‘covered persons', including banks with assets over US$10 billion, ‘larger participants' in certain consumer financial product or service markets and ‘service providers', as those terms are defined in the CFPA.2 The CFPB also has authority to write rules prohibiting covered persons and service providers from engaging in UDAAPs and to enforce such rules.3 The CFPB also has rule-making and enforcement authority under the federal consumer financial protection statutes, including those listed above (e.g., EFTA and TILA), that apply to all persons subject to the laws, without regard to whether they are a covered person or a service provider.4 Finally, the CFPB has authority to enforce against any person who aids or abets a UDAAP, which means ‘knowingly or recklessly' providing ‘substantial assistance to a covered person' in connection with a violation of the UDAAP prohibition.5

In addition to the CFPB, at the federal level, the banking regulators and the FTC have enforcement authority with respect to certain banks and non-banks, respectively. At the state level, banking departments, licensing authorities and state attorneys general have varying degrees of rule-making and enforcement authority.


i Overview

In the United States, the primary payment methods are cash, debit card, credit card, cheques, and ACH transactions. The Federal Reserve System (Federal Reserve) estimates that in 2015 alone there were over 144 billion non-cash retail payment transactions in the US, with a value of almost US$178 trillion.6 According to the Federal Reserve, the most common payment methods are card-based (debit, credit and prepaid), while ACH transactions have the highest dollar value for non-cash retail payments.7

Although there is a great deal of industry interest and activity around online and mobile payments, to date, most online and mobile payments are processed using traditional payment infrastructures. Nevertheless, emerging payment solutions can leverage a number of enhancements over traditional payment methods, including improved customer interfaces, increased use of customer data, and integration with customer loyalty or reward programmes or other third-party services used by consumers. These enhancements have the potential to lessen friction and promote consumer conversion and usage rates. Many of the novel legal and regulatory issues surrounding emerging payments are related to these enhancements.

ii Recent developments

On 21 July 2015, the Federal Reserve established a Faster Payments Task Force (Task Force) to support the Federal Reserve's efforts to improve the speed, safety and efficiency of payments.8 The Task Force was assembled to engage stakeholders and advance the work outlined in the Federal Reserve's Strategies for Improving the US Payment System, published in January 2015.9 On 2 February 2016, the Task Force published a set of criteria by which the Task Force will evaluate faster payments approaches, including ubiquity, safety and security, efficiency and speed.10 Private-sector entities submitted proposals on faster payment approaches, and the Task Force plans to report on the 19 proposals under review in 2017.

On 15 October 2015, major US payment card networks independently began implementing a fraud liability shift from issuers to merchants. The liability shift was designed to encourage card issuers and merchants to transition from magnetic stripe technology to more secure EMV chip technology. EMV chips generate a unique, one-time code needed for a transaction to be approved, thereby greatly reducing counterfeit card risk. Notwithstanding the EMV liability shift, merchants in 2016 were not uniform in upgrading their card acceptance systems to accept chip-based card transactions.

On 22 November 2016, the CFPB published a final rule to regulate prepaid accounts.11 The prepaid accounts rule amends key provisions of the CFPB's Regulation E (Electronic Funds Transfers) and Regulation Z (Truth in Lending).12 The rule applies to payroll card accounts, certain government benefit accounts, and prepaid accounts whose primary function is to provide consumers with general transaction capabilities (e.g., to conduct transactions with merchants, at ATMs, or person to person). The rule establishes a prescriptive ‘pre-acquisition' disclosure regime, provides an alternative to written periodic statements, and contains modified error resolution procedures and cardholder liability limitations. The prepaid accounts rule also extends modified versions of certain requirements under the Credit Card Accountability Responsibility and Disclosure Act to prepaid accounts, including a requirement to submit to the CFPB, and to post to a public website certain prepaid account agreements.13 Finally, the prepaid accounts rule subjects discretional overdraft services certain credit features associated with prepaid accounts to the credit card requirements of Regulation Z. The prepaid accounts rule will significantly alter the way prepaid card programmes are offered and managed in the United States. With limited exceptions, the rule is effective 1 October 2017.


i Overview

Access to deposit accounts for currently ‘unbanked' or ‘underbanked' consumers and compliance with overdraft rules remain high priorities for US regulatory agencies, including the CFPB. The CFPB has taken action against institutions that have charged inappropriate overdraft fees and has encouraged alternatives that prevent consumers from overdrafting their accounts. Technological developments such as online banking, mobile banking and text-message alerts for low balances can help consumers better manage their accounts and prevent overdrafts.

ii Recent developments

On 3 February 2016, CFPB Director Richard Cordray wrote letters to the top 25 US retail banks urging banks to offer an account that would not permit account holders to overdraft their accounts.14 In his letter, Director Cordray said these accounts would present lower risk to banks and require less screening for risk, thus extending their availability to consumers who may be ‘unbanked' because of low credit scores.

On 18 May 2016, the CFPB and the prudential regulators issued interagency guidance outlining expectations that supervised financial institutions investigate and resolve ‘credit discrepancies' when customers make deposits to their checking and other deposit accounts.15 The guidance states that, through technological and other processes, supervised financial institutions are capable of fully reconciling credit discrepancies in most cases, and the agencies ‘expect financial institutions to adopt deposit reconciliation policies and practices that are designed to avoid or reconcile discrepancies, or designed to resolve discrepancies such that customers are not disadvantaged'.16 The guidance notes that failure to reconcile or resolve credit discrepancies may constitute an unfair, deceptive, or abusive act or practice.

On 14 July 2016, the CFPB entered into a consent order with, and assessed a US$10 million fine against, Santander Bank, NA (Santander) for allegedly allowing a telemarketing service provider to make false statements to consumers and violating the requirement under Regulation E that financial institutions obtain a consumer's affirmative consent before charging overdraft fees on certain transactions.17 According to the consent order, Santander paid its service provider a higher hourly rate when it achieved target levels of consumer opt-ins to overdraft service and failed to detect the service provider's improper practices in achieving those goals, including signing consumers up for overdraft service without their consent, misrepresenting the costs of the overdraft service, misrepresenting the fees a consumer could face by opting out, and misrepresenting the purpose of the sales call.


i Overview

According to the Federal Reserve, the total revolving consumer credit outstanding as of October 2016 was over US$980 billion.18 By some estimates, credit card debt may make up approximately three-quarters of all revolving consumer credit outstanding.19 Revolving credit transactions are subject to a variety of statutes and regulations, including TILA and ECOA, that impose both substantive and disclosure requirements. In addition, credit card issuers and acquirers are contractually obligated to comply with card network rules. These laws and rules focus primarily on consumer protections such as those related to disclosure of terms, credit balances, billing error resolution, changes in terms, credit reporting and discrimination.

ii Recent developments

On 30 June 2016, the US Court of Appeals for the Second Circuit overturned Visa and MasterCard's US$7.25 billion antitrust settlement with merchants over interchange fees and the ability of merchants to impose credit card surcharges.20 The Second Circuit rejected what would have been the largest ever class action settlement, holding that plaintiff class members were inadequately represented and, therefore, the settlement was ‘unreasonable and inadequate'.21 While participants in the settlement have sought review of the Second Circuit's ruling, the decision creates uncertainty with respect to whether the networks will permit merchants to impose surcharges on customers who pay with a credit card.

There is also uncertainty with respect to a minority of states that have laws restricting the ability of merchants to impose surcharges on consumers who pay with a credit card. In several states, merchants have filed lawsuits challenging the constitutionality of state surcharge statutes, and federal circuit courts have reached mixed conclusions.22 In September 2016, the US Supreme Court agreed to hear the Second Circuit case, Expressions Hair Design v. Schneiderman, and consider whether state laws that prohibit credit card surcharges are unconstitutional.

On 22 July 2015, the US Department of Defense published a final rule to amend its regulation implementing the Military Lending Act (MLA).23 The final rule significantly expands the scope of the MLA provisions by covering both new types of creditors and new credit products, including credit cards and other revolving credit accounts. The rule applies to creditors that extend consumer credit to ‘covered borrowers', or any consumer who, at the time he or she is first obligated on a credit transaction, is an active duty service member or a spouse or dependent of an active duty service member (the rule does not apply to a credit transaction when the service member ceases to be on active duty).24 The rule includes a cap on the military annual percentage rate (MAPR) of 36 per cent for any billing cycle, requires creditors to provide various disclosures to consumers, and prohibits prepayment penalties and compelled arbitration.25 The MAPR calculation is subject to detailed and complex rules for determining what fees and charges must be included, which are broader than the parallel requirements under TILA. Compliance with the rule was required by 3 October 2016; however, compliance for credit cards is delayed until 3 October 2017, unless extended for an additional year.26


i Overview

Residential mortgages are heavily regulated products in the United States. A complex web of state and federal statutes and regulations governs nearly every aspect of the residential mortgage loan lifecycle, including underwriting, origination, closing, servicing, loss mitigation, and foreclosure. While non-mortgage instalment products, including auto loans, student loans and personal loans, are not subject to the volume and degree of end-to-end regulatory requirements seen in the mortgage market, they are nonetheless regulated at the federal and state levels. Moreover, the CFPB's enforcement arm has recently focused on the auto finance and student loan servicing markets, while its rule-making arm is considering a sweeping new rule to regulate the short-term instalment loan market.27

Beyond traditional instalment loan products, online lending platforms, or ‘marketplace lenders', have proliferated rapidly in the US. Marketplace lenders, which are generally non-bank platform providers, typically partner with banks, which originate loans and sell either the loans or the receivables to the marketplace lender, private investors, or both. Alternatively, marketplace lenders may independently originate loans under state lending licences and sell the loans or the receivables to investors. Federal and state regulators are intently focused on marketplace lending at present.28

ii Recent developments

The Home Mortgage Disclosure Act (HMDA) requires certain financial institutions that originate mortgages to collect and report data about the mortgages they originate. On 28 October 2015, the CFPB published a final rule amending Regulation C, which implements HMDA.29 The rule, most of which becomes effective on 1 January 2018, makes changes to the types of institutions required to collect and report HMDA data, the types of transactions subject to collection and reporting, the particular data about transactions that institutions must collect and report, and the method and frequency of such reporting.

On 19 October 2016, the CFPB published significant amendments to its mortgage servicing rules.30 The amendments make multiple modifications to required loss mitigation procedures and add special rules governing borrowers in bankruptcy and successors in interest. Most of the rule's provisions become effective on 19 October 2017.

With respect to non-mortgage transactions, a series of recent cases have addressed the relationship between marketplace lenders and banks, questioning whether a bank is, in fact, the ‘true lender' in a partnership with a marketplace lender, given that the marketplace lender or a private investor typically purchases the bank's loans or receivables within days of origination. These cases are significant because, if the marketplace lender is the ‘true lender' instead of the bank, the marketplace lender could be required to obtain state licences and the loans must conform to state consumer credit and usury laws. Outcomes of these cases have varied widely. One federal district court deferred to the form of the loan transaction, holding that federal law expressly pre-empts state usury laws for bank-partner programmes.31 A state supreme court, on the other hand, analysed the substance of the loan transaction, holding that the marketplace lender was the ‘true lender' because it held the ‘predominant economic interest' in the transaction.32

While distinguishable from the ‘true lender' line of cases, and a revolving credit case on the facts, the US Supreme Court's denial of certiorari in Midland Funding, LLC et al. v. Madden is also an important case for lenders.33 By declining to review Madden, the Supreme Court let stand the Second Circuit's controversial holding that Section 85 of the National Bank Act,34 which pre-empts state laws governing the rate of interest a national bank may charge on a loan, does not have pre-emptive effect after a national bank sells a loan to a non-bank.35 The case could have significant implications for the secondary loan market, which relies on the long-standing ‘valid when made' principle of contracts, and in particular for marketplace lenders, which routinely purchase and sell bank-originated loans. At present, Madden's holding applies only in the Second Circuit, which is comprised of Connecticut, New York and Vermont.


Regulators and courts have focused on other areas related to consumer financial services, including fair access, privacy and cybersecurity, credit reporting, anti-money laundering and use of third-party service providers. The developments identified below are representative and not exhaustive.

i Fair access to financial services

On 15 September 2016, the US Department of Housing and Urban Development issued guidance on how the non-discrimination provisions in the Fair Housing Act apply to persons who have limited ability to speak, read, write or understand English in housing transactions.36

The CFPB issued guidance on fair access issues, including CFPB Director Cordray's 30 August 2016 letter to an advocacy group, which concluded that the ECOA and its implementing Regulation B prohibit credit discrimination based on gender identity and sexual orientation, including discrimination based on actual or perceived non-conformity with gender-based stereotypes.37 The CFPB also announced a series of steps designed to improve consumer access to checking accounts, including warning financial institutions that failure to accurately report negative checking account histories to consumer reporting agencies could result in CFPB action and issuing several guides to assist consumers with navigating the deposit account system.38

Also, in Hawkins v. Community Bank of Raymore, an evenly divided US Supreme Court failed to define the proper interpretation of the meaning of the term ‘applicant' under the ECOA; specifically, whether a spousal guarantor qualifies as an ‘applicant'.39

ii Privacy and cybersecurity

The US privacy regime is generally based on principles of notice and choice, while cybersecurity is based on a standard of ‘reasonableness'.

For cybersecurity, the trend is toward more prescriptive requirements, as well as aggressive enforcement. For instance, in February 2016 the California Attorney General released a report establishing the Attorney General's position that reasonable security practices under California law include meeting 20 specific security controls.40 In the same vein, in December 2016 the New York Department of Financial Services published revised draft cybersecurity regulations that would impose specific cybersecurity requirements on covered entities.41

On 2 March 2016, the CFPB obtained its first consent order related to data security practices, against Dwolla, Inc.42 The FTC has long been the primary federal regulator of non-banks' information security practices. The FTC is, however, engaged in a lengthy dispute, currently pending review by a court of appeals, regarding what constitutes ‘unfair' data security practices that violate Section 5 of the FTC Act.43

iii Credit reporting

Regulatory agencies and courts are actively considering matters related to credit reporting.

On 3 January 2017, the CFPB took action against Equifax and TransUnion (collectively, CRAs) alleging deception regarding their credit scoring products.44 The CFPB alleged that the CRAs deceived consumers about the value of the credit scores they sold and deceived consumers into enrolling in subscription programmes. The CFPB also alleged violations of the FCRA by Equifax related to the requirement to provide a free annual credit report, because Equifax first presented consumers with Equifax advertisements, while the FCRA prohibits such advertising until after consumers receive their annual report. The CRAs were ordered to make restitution of over US$17.6 million and pay civil money penalties of US$5.5 million.

On 16 May 2016, the US Supreme Court issued its opinion in Spokeo, Inc. v. Robins, an FCRA case where the issue was ‘[w]hether the particular procedural violations alleged . . . entail a degree of risk [of harm] sufficient to meet the concreteness requirement' necessary for standing to bring such an action.45 The Court remanded the case to the Ninth Circuit for further proceedings, but in doing so provided guideposts that courts, including the Ninth Circuit, should use in evaluating standing questions. The effect of Spokeo remains to be seen; nonetheless, the decision should make it more difficult for consumer class action claims seeking statutory damages for technical or procedural violations.

iv Anti-money laundering

In preparation for its review by the Financial Action Task Force (FATF), an international standards-setting body, the Financial Crimes Enforcement Network (FinCEN), a division of the US Treasury Department, adopted a number of enhanced anti-money laundering controls in 2016. On 11 May 2016, FinCEN published a final rule requiring financial institutions to enhance their customer due diligence procedures by identifying and verifying information about each individual who, directly or indirectly, owns 25 per cent or more of a legal entity customer of the financial institution, and each individual who has significant responsibility to control, manage, or direct the legal entity customer.46 These individuals are referred to as ‘beneficial owners'.47 The rule also added a ‘fifth pillar' to the prior four pillars of minimum requirements for an anti-money laundering compliance programme, which requires financial institutions to develop and update customer risk profiles, maintain and update customer information, and conduct ongoing anti-money laundering monitoring.48

The FATF review generally found that the United States has robust anti-money laundering controls, but that ‘significant gaps' still exist, including with respect to certain industries and professions that are insufficiently covered by existing regulations.49

In addition, interagency guidance issued on 21 March 2016 made clear that banks have an obligation to collect and verify information for individual cardholders of general-purpose prepaid cards that have features similar to a deposit account, regardless of whether the funds are held in a pooled account or whether the prepaid programme is managed by the bank or by a third party on behalf of the bank.50

v Use of partners and third-party service providers

Bank regulators recently have increased their scrutiny of the use of partners and third-party service providers. Both the OCC and the CFPB have issued guidance on the use of service providers, including the expectation of comprehensive and rigorous service provider oversight and management, and continue to take related enforcement actions.51 For example, in 2016, the CFPB brought an enforcement action against a national bank relating to its use of a service provider in marketing the bank's overdraft service, and required the bank to develop new vendor management policies and maintain certain compliance-related contractual provisions (i.e., duty to provide adequate training).52

On 26 October 2016, the CFPB reissued its guidance on the use of service providers to clarify that the ‘depth and formality' of service provider risk management programmes may vary depending on the service being performed (e.g., complexity and potential for consumer harm) and the performance of the service provider in carrying out activities in compliance with law.53 Both the OCC's and CFPB's guidance require supervised entities to have an effective process for managing service provider relationships, including thorough due diligence, review of policies and procedures, ongoing oversight and monitoring, and certain contractual provisions related to compliance expectations.


The CFPB has continued to flex its enforcement muscle in the UDAAP context by issuing public consent orders relating to a broad range of consumer financial products and services including auto loans, credit cards, debt collection, credit reporting, data security, deposit accounts, student loans and service member loans. A brief review of UDAAP standards and key orders are summarised below.

Generally, ‘unfairness' means unjustified consumer injury, or substantial injury to the consumer that the consumer could not have reasonably avoided, which is not outweighed by offsetting consumer or competitive benefits.54 ‘Deception' generally exists where there is a representation, omission, or practice that is likely to mislead the consumer acting reasonably in the circumstances, and the representation, omission or practice is material.55 Finally, the ‘abusive' standard, which was newly established under the CFPA, prohibits material interference with a consumer's ability to understand a term or condition of a consumer financial product or service; or taking unreasonable advantage of a lack of the consumer's understanding, an inability of the consumer to protect his or her own interests, or reasonable reliance by the consumer on a covered person to act in the interests of the consumer.56

i Unfair practices

The following are examples of CFPB allegations of unfair practices:

  • a Credit reporting. The CFPB alleged that failure to update or correct inaccurate credit reports for customers that remitted multiple partial payments that, when aggregated, constituted an eligible payment was ‘unfair'.57
  • b Debt collection. The CFPB alleged that failure to identify and remit payments by consumers to debt buyers in a timely manner was ‘unfair' because it precluded the debt buyers from updating consumers' account balances.58 Filing debt collection lawsuits based on summary data without reviewing account level documentation was also alleged to be ‘unfair'.59
  • c Payment processing. The CFPB alleged that continuing to process payments despite warnings, including high return rates, consumer complaints, and government enforcement actions, that their clients were engaged in fraudulent or illegal activities was ‘unfair'.60
  • d Account opening. The CFPB alleged an ‘unfair' practice, and levied its largest civil penalty to date against a bank, where the bank opened deposit accounts by transferring funds from existing consumer accounts without the consumer's knowledge, and then charged fees on the new accounts.61
  • e Lead aggregators. The CFPB alleged that failure to vet or monitor the entities to which a lead aggregator sold leads or loan applications, and failure to disclose the end purchasers of the applications was ‘unfair'.62
  • f Payday loans. The CFPB found that failure to disclose that the discount provided on loans, in which the consumer agreed to a shorter term than the statutory maximum, would be reversed upon default was ‘unfair'.63 The CFPB alleged that a different lender's practice of pressuring or coercing consumers to cash their cheques by retaining custody of the cheque to prevent consumers from leaving, processing the cheque without consumers' consent, and misrepresenting consumers' ability to cancel or reverse the cheque-cashing transaction was also ‘unfair'.64
  • g Service member loans. Freezing a consumer's electronic account access and disabling certain electronic services, without adequate notice, after a consumer became delinquent on an account was alleged to be ‘unfair'.65
  • h Student loans. The CFPB alleged that failure to disclose that the bank allocated partial payments proportionately across all grouped accounts, while treating each loan within the group as separate in its assessment of late fees and credit reporting, and failure to disclose to consumers that they could direct how the partial payment should be allocated was an ‘unfair' practice.66 The CFPB alleged that failure to aggregate multiple partial payments submitted within the same billing cycle likewise was ‘unfair'.67
ii Deceptive practices

The following list includes examples of CFPB allegations of deceptive practices:

  • a Auto loans. The CFPB found that failure to disclose costs that only applied to non-cash customers, such as mandatory repair coverage and a GPS payment tracker, as ‘finance charges' was ‘deceptive'.68
  • b Credit reporting. Misrepresenting the cost of credit repair services and falsely stating that the services would remove material negative entries on consumers' credit reports and increase consumers' credit scores was alleged to be ‘deceptive'.69
  • c Data security. The CFPB made its first foray into data security when it found that misrepresenting the security of the company's data, including misrepresenting that the data security practices met or exceeded industry standards and that its processing system was in compliance with payment card industry standards, was a ‘deceptive' practice.70
  • d Debt collection. The CFPB alleged that filing declarations in collection lawsuits that were either based on summary data or altered post execution was ‘deceptive'.71 Allegedly impersonating law enforcement officials, falsely threatening prosecution, and adding unauthorised collection fees to the debts was also considered ‘deceptive'.72
  • e Deposit accounts. The CFPB alleged that misrepresenting the benefits and costs of overdraft protection, including representing that an overdraft programme was a free service, when the consumer could incur multiple fees if they overdrew their account was ‘deceptive'.73
  • f Payday loans. The CFPB alleged that a lender representing that it did not charge fees for extending the repayment date was ‘deceptive' if, when the repayment date was extended, the lender reversed a previously applied discount for early repayment.74
  • g Student loans. The CFPB also continued its scrutiny of companies offering student loan repayment relief, finding that practices such as misrepresenting the amount of savings achievable, pre-approval status, and government affiliation were all ‘deceptive'.75
iii Abusive practices

Below are some examples of CFPB allegations of abusive practices:

  • a Auto loans. The CFPB found that a lender's practice of not including sticker prices on vehicles and only disclosing the purchase price of the vehicle after the consumer agreed to purchase the vehicle, combined with the lender's practice of failing to disclose certain ‘finance charges', was ‘abusive'.76 The CFPB further found that a lender's practice of using a ‘payback guide' that showed the amount of potential monthly payments for different repayment periods, but failed to disclose the total cost of the transaction, and that all loans are 30-day transactions that would renew with additional fees if a longer repayment period is selected was ‘abusive'.77
  • b Credit cards. Submission of credit card, debit card and deposit account applications using consumers' information without their knowledge or consent was alleged to be ‘abusive'.78
  • c Lead aggregators. Failure to correct misrepresentations by lead generators regarding loan terms while effectively steering consumers to less favourable loans than would otherwise be available to them, including loans that violated state usury statutes was alleged to be ‘abusive'.79
  • d Payday loans. The CFPB alleged that a lender's practice of pressuring or coercing consumers to cash their pay cheques by retaining custody of the cheque to prevent consumers from leaving, processing the cheque without consumers' consent, and misrepresenting consumers' ability to cancel or reverse the cheque-cashing transaction was also ‘abusive'.80


The change in the US presidential administration will be the dominant force shaping the country's consumer financial services regulatory landscape in the coming year. As a result of the changing administration, as well as a landmark decision in the PHH case,81 the priorities of and momentum behind the CFPB could see significant change. In addition, the influence of non-traditional financial services providers on the US consumer financial services market will continue to grow. Financial technology firms are deploying innovative technological solutions and developing new uses for a rapidly expanding universe of consumer data. In recognition of this growing influence, the OCC has announced that it intends to consider applications from financial technology companies, including marketplace lenders and non-bank payment providers, to become special purpose national banks.82 This new option potentially could relieve fintech companies of the regulatory burden of partnering with a bank or maintaining licences on a state-by-state basis, while subjecting such charters to direct supervisory and enforcement jurisdiction of the OCC. The coming year will also see continued evolution of the body of case law surrounding the ‘true lender' and Madden issues.

1 Richard Fischer is a senior partner, Obrea Poindexter is a partner and Jeremy Mandell is a senior associate at Morrison & Foerster LLP.

2 12 U.S.C. Section 5481.

3 Id. Section 5531.

4 Id. Sections 5512, 5561-5567.

5 Id. Section 5536.

6 See Federal Reserve System, The Federal Reserve Payments Study 2016 at 2 (22 Dec. 2016).

7 Id. at 3.

8 Press Release, Federal Reserve Board, Federal Reserve Announces Steering Committees of New Payments Task Forces System (21 July 2015).

9 Federal Reserve System, Strategies for Improving the U.S. Payment System (26 Jan. 2015).

10 Faster Payments Task Force, Faster Payments Effectiveness Criteria (2 Feb. 2016).

11 Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and the Truth In Lending Act (Regulation Z), 81 Fed. Reg. 83,934 (22 Nov. 2016).

12 12 C.F.R. pts. 1005 and 1026.

13 Pub. L. No. 111-24, 123 Stat. 1734 (2009).

14 Letter from Richard Cordray, Director, CFPB, to Financial Institution CEOs (2 Feb. 2016).

15 See Interagency Guidance Regarding Deposit Reconciliation Practices (18 May 2016).

16 Id. at 2.

17 Consent Order, In the Matter of Santander Bank, N.A., No. 2016-CFPB-0012 (14 July 2016).

18 See Federal Reserve Board, G.19 Consumer Credit, October 2016 (7 Dec. 2016).

19 See CFPB, The Consumer Credit Card Market at 29 (3 Dec. 2015).

20 In re Payment Card Interchange Fee and Merchant Discount Antitrust Litigation, Case 12‐4671, U.S. Court of Appeals for the Second Circuit (30 June 2016).

21 Id. at 16-17.

22 Compare Expressions Hair Design v. Schneiderman, 808 F.3d 118, 127 (2d Cir. 2015), cert. granted, 2016 WL 2855230 (29 Sept. 2016) (upholding New York ban on credit card surcharges) and Rowell v. Pettijohn, 816 F.3d 73, 80 (5th Cir. 2016) (upholding Texas ban on credit card surcharges) with Dana's R.R. Supply v. Attorney Gen., Florida, 807 F.3d 1235 (11th Cir. 2015) (striking down Florida ban on credit card surcharges) and Italian Colors Restaurant v. Harris, 99 F.Supp.3d 1199 (E.D. Cal. 2015), appeal docketed, No. 15-15873 (9th Cir. 30 Apr. 2015) (striking down California ban on credit card surcharges).

23 Limitations on Terms of Consumer Credit Extended to Service Members and Dependents, 80 Fed. Reg. 43,560 (22 July 2015).

24 32 C.F.R. Sections 232.1-232.3.

25 32 C.F.R. Sections 232.4(b), .6, and .8(h) and (c).

26 32 C.F.R. Section 232.13.

27 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 81 Fed. Reg. 47,864 (proposed 22 July 2016).

28 See, e.g., U.S. Treasury Dept., Opportunities and Challenges in Marketplace Lending (10 May 2016); Press Release, Cal. Dept. of Bus. Oversight, California DBO Announces Inquiry into ‘Marketplace' Lending Industry (11 Dec. 2015).

29 Home Mortgage Disclosure (Regulation C), 80 Fed. Reg. 66,128 (28 Oct. 2015).

30 Amendments to the 2013 Mortgage Rules Under the Real Estate Settlement Procedures Act (Regulation X) and the Truth in Lending Act (Regulation Z), 81 Fed. Reg. 72,160 (19 Oct. 2016).

31 Sawyer v. Bill Me Later Inc., 23 F.Supp.3d 1359 (D. Utah 2014).

32 CashCall v. Morrissey, No. 12-1274, 2014 WL 2404300 (W. Va. 30 May 2014), cert. denied, 135 S. Ct. 2050 (2015).

33 Midland Funding, LLC v. Madden, 136 S. Ct 2505, 579 U.S. __ (2016).

34 12 U.S.C. Section 85.

35 Madden v. Midland Funding, LLC, 786 F.3d 246 (2d Cir. 2015).

36 Dept. of Housing and Urban Development, Office of General Counsel Guidance on Fair Housing Act Protections for Persons with Limited English Proficiency (15 Sept. 2016).

37 Letter from Richard Cordray, Director, CFPB, to Services & Advocacy for GLBT Elders (30 Aug. 2016).

38 See Press Release, CFPB, CFPB Takes Steps to Improve Checking Account Access (3 Feb. 2016).

39 Hawkins v. Community Bank of Raymore, 136 S. Ct. 1072, 577 U. S. __ (2016).

40 Harris, K., California Data Breach Report (Feb. 2016).

41 Cybersecurity Requirements for Financial Services Companies, I.D. No. DFS-39-16-00008-RP (revised proposed rule) (to be codified at 23 NYCRR 500), N.Y. St. Reg. 28 Dec. 2016 at 23.

42 Consent Order, In the Matter of Dwolla, Inc., File No. 2016-CFPB-0007 (2 Mar. 2016).

43 See generally In the Matter of LabMD, Inc., FTC Docket No. 9357.

44 See Consent Order, In the Matter of Equifax Inc. and Equifax Consumer Services LLC, File No. 2017-CFPB-0001 (3 Jan. 2017); Consent Order, In the Matter of TransUnion Interactive Inc. TransUnion, LLC, and TransUnion, File No. 2017-CFPB-0002 (3 Jan. 2017).

45 Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1550, 578 U.S. __ (2016).

46 See Customer Due Diligence Requirements for Financial Institutions, 81 Fed. Reg. 29,398 (11 May 2016).

47 See id. at 29,451-29,452.

48 See id. at 29,457.

49 FATF, Anti-money laundering and counter-terrorist financing measures - United States, Fourth Round Mutual Evaluation Report (2016).

50 See Interagency Guidance to Issuing Banks on Applying Customer Identification Program Requirements to Holders of Prepaid Cards (21 Mar. 2016).

51 See OCC Bulletin 2013-29, Third Party Relationships: Risk Management Guidance (30 Oct. 2013); CFPB Bulletin 2012-3, Service Providers (13 Apr. 2012).

52 See Consent Order, In the Matter of Santander Bank, N.A., File No. 2016-CFPB-0012 (14 July 2016).

53 See CFPB Compliance Bulletin and Policy Guidance; 2016-02, Service Providers (26 Oct. 2016).

54 12 U.S.C. Section 5531(c).

55 Federal Trade Commission, Policy Statement on Deception (14 Oct. 1983).

56 12 U.S.C. Section 5531(d).

57 Consent Order, In the Matter of Wells Fargo Bank, N.A., File No. 2016-CFPB-0013 (22 Aug. 2016).

58 Consent Order, In the Matter of Citibank, N.A., File No. 2016-CFPB-0003 (23 Feb. 2016).

59 Consent Order, In the Matter of Pressler & Pressler, LLP et al., File No. 2016-CFPB-0009 (25 Apr. 2016).

60 Complaint, CFPB v. Intercept Corp, et al., No. 3:16-cv-00144-ARS (D. N.D. 6 June 2016).

61 Consent Order, In the Matter of Wells Fargo Bank, N.A., File No. 2016-CFPB-0015 (8 Sept. 2016).

62 Complaint, CFPB v. D and D Marketing, Inc., d/b/a T3 Leads et al., File No. 2:14-cv-09692 (C.D. Cal. 17 Dec. 2015).

63 Consent Order, In the Matter of Flurish, Inc., d/b/a LendUp, File No. 2016-CFPB-0023 (27 Sept. 2016).

64 Complaint, Consumer Financial Protection Bureau v. All American Check Cashing, Inc., et al., Docket No. 3:16-cv-00356-WHB-JCG (S.D. Miss. 11 May 2016).

65 Consent Order, In the Matter of Navy Federal Credit Union, File No. 2016-CFPB-0024 (11 Oct. 2016).

66 Consent Order, In the Matter of Wells Fargo Bank, N.A., File No. 2016-CFPB-0013 (22 Aug. 2016).

67 Id.

68 Consent Order, In the Matter of Y King S Corp, d/b/a Herbies Auto Sales, File No. 2015-CFPB-0001 (21 Jan. 2016).

69 Complaint, Consumer Financial Protection Bureau v. Prime Marketing Holdings, LLC, No. 2:16-cv-7111 (C.D. Cal. 22 Sept. 2016).

70 Consent Order, In the Matter of Dwolla, Inc., File No. 2016-CFPB-0007 (2 Mar. 2016).

71 Consent Order, In the Matter of Pressler & Pressler, LLP et al., File No. 2016-CFPB-0009 (25 Apr. 2016); Consent Order, In the Matter of New Century Financial Services, Inc., File No. 2016-CFPB-0010 (25 Apr. 2016).

72 Complaint, Consumer Financial Protection Bureau v. Douglas MacKinnon, et al., No. 1:16-cv-00880 (W.D.N.Y. 2 Nov. 2016).

73 Consent Order, In the Matter of Santander Bank, N.A., File No. 2016-CFPB-0012 (14 July 2016).

74 Consent Order, In the Matter of Flurish, Inc., d/b/a LendUp, File No. 2016-CFPB-0023 (27 Sept. 2016).

75 See Consent Order, In the Matter of Student Aid Institute, Inc., et al., File No. 2016-CFPB-0008 (30 March 2016).

76 Consent Order, In the Matter of Y King S Corp, d/b/a Herbies Auto Sales, File No. 2015-CFPB-0001 (21 Jan. 2016).

77 Consent Order, In the Matter of TMX Finance, LLC, File No. 2016-CFPB-0022 (26 Sept. 2016).

78 Consent Order, In the Matter of Wells Fargo Bank, N.A., File No. 2016-CFPB-0015 (8 Sept. 2016).

79 Complaint, Consumer Financial Protection Bureau v. D and D Marketing, Inc., d/b/a T3Leads, et al., No. 2:15-cv-9692 (C.D. Cal. 17 Dec. 2015).

80 Complaint, Consumer Financial Protection Bureau v. All American Check Cashing, Inc., et al., Docket No. 3:16-cv-00356-WHB-JCG (S.D. Miss. 11 May 2016).

81 See PHH Corp., et al. v. Consumer Financial Protection Bureau, 836 F.3d 1 (D.C. Cir. 2016), reh'g granted en banc, No. 15-1177 (Feb. 16, 2017) (vacating a $109 million disgorgement remedy for alleged violations of the Real Estate Settlement Procedures Act, and holding that the provision of law establishing the CFPB's single director, removable only ‘for inefficiency, neglect of duty, or malfeasance in office', was unconstitutional).

82 Office of the Comptroller of the Currency, Exploring Special Purpose National Bank Charters for FinTech Companies (Dec. 2016).