The US consumer financial services marketplace is competitive and heavily regulated. Advances in technology and significant capital investment have attracted technology firms, including established firms and start-ups, to compete in the financial services market with traditional providers, including banks and the card networks. While there has been some slowing of enforcement activity, focused enforcement agencies, including the Consumer Financial Protection Bureau (CFPB), the federal banking regulators, which include the Federal Reserve System (Federal Reserve), the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC), as well as state regulatory authorities are still active in enforcing consumer financial services laws. The CFPB has considered and adopted significant rule-makings, including rule-makings based on its authority under the Consumer Financial Protection Act of 2010 (CFPA), its founding statute, and other federal consumer financial protection laws. Looking forward, the rate of innovation and evolving regulatory climate have the potential to create an inflection point for the US consumer financial services market and opportunities for both new and established market participants.


i Statutory framework

Consumer payments, deposits and credit are subject to a complex set of federal and state statutes and regulations. With respect to consumer payments, the Electronic Fund Transfer Act (EFTA) establishes the basic rights, responsibilities and liabilities of consumers and the entities that provide electronic fund transfer services, while other federal laws, including the Expedited Funds Availability Act, provide additional consumer protections. In addition, laws in nearly every state regulate money transmission, generally under a state licensing regime. With respect to deposits, the Federal Deposit Insurance Act (FDIA) establishes comprehensive deposit insurance coverage, while other federal laws, including the Truth in Savings Act, and state laws, provide consumer protections. Consumer credit also is heavily regulated under federal and state law. The Truth in Lending Act (TILA) and the Equal Credit Opportunity Act (ECOA) provide the backbone for federal consumer protections related to the various forms of consumer credit. State law, including state usury protections, also apply. Finally, the CFPA, the Federal Trade Commission (FTC) Act, and state law set forth prohibitions on unfair, deceptive and, in some cases under the CFPA, abusive acts or practices (UDAP/UDAAP).

In addition to these substantive statutes covering consumer payments, deposits and credit, there is an overlay of federal statutes covering law enforcement objectives (e.g., the Bank Secrecy Act), consumer financial privacy (e.g., the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA)), and data security (e.g., GLBA), among other key statutes and regulations targeting public policy objectives. This overlay is the subject of extensive review and analysis in other treatises or law journals and is referred to herein only in passing.

ii Regulatory framework

Entities that provide consumer financial products or services are subject to regulation and enforcement by both federal and state authorities. At the federal level, the CFPB has enforcement authority with respect to 'covered persons', including banks with assets over US$10 billion, 'larger participants' in certain consumer financial product or service markets, and 'service providers', as those terms are defined in the CFPA.2 The CFPB also has authority to write rules prohibiting covered persons and service providers from engaging in UDAAPs, and to enforce such rules.3 In addition, the CFPB has rule-making and enforcement authority under the federal consumer financial protection statutes, including those listed above (such as EFTA and TILA), that apply to all persons subject to the laws, without regard to whether they are a covered person or a service provider.4 Finally, the CFPB has authority to enforce against any person who aids or abets a UDAAP, which means 'knowingly or recklessly' providing 'substantial assistance to a covered person' in connection with a violation of the UDAAP prohibition.5

In addition to the CFPB, at the federal level, the banking regulators and the FTC have enforcement authority with respect to certain banks and non-banks, respectively. At the state level, banking departments, licensing authorities and state attorneys general have varying degrees of rule-making and enforcement authority.


i Overview

In the United States, the primary payment methods are cash, debit card, credit card, prepaid card, cheques and ACH transactions. The Federal Reserve estimates that in 2015 alone there were more than 174 billion non-cash retail payment transactions in the US, with a value in excess of US$97 trillion.6 According to the Federal Reserve, the most common payment methods are card-based (debit, credit and prepaid), while ACH transactions have the highest dollar value for non-cash retail payments.7

Although there is a great deal of industry interest and activity around online and mobile payments, to date, most online and mobile payments are processed using traditional payment infrastructures. Nevertheless, emerging payment solutions can leverage a number of enhancements over traditional payment methods, including improved customer interfaces, increased use of customer data, and integration with customer loyalty or reward programmes or other third-party services used by consumers. These enhancements have the potential to lessen friction and promote consumer conversion and usage rates. Many of the novel legal and regulatory issues surrounding emerging payments are related to these enhancements.

ii Recent developments

On 14 September 2018, NACHA announced the approval of three rules to improve same-day ACH capabilities of financial institutions: (1) as of 18 September 2020, same-day ACH transactions may be submitted to the ACH network for an additional two hours each business day; (2) as of 20 March 2020, the same-day ACH per-transaction dollar limit is increased to US$100,000; and (3) as of 20 September 2019, the speed of funds availability for certain same-day and next-day ACH credits will be increased by expanding the window of time for which funds from same-day ACH credits are processed.8

On 1 April 2019, the CFPB prepaid accounts rule (prepaid rule) took effect.9 The prepaid rule significantly alters the way prepaid card programmes are offered and managed in the United States by amending key provisions of the CFPB's Regulation E (Electronic Fund Transfers) and Regulation Z (Truth in Lending).10 The prepaid rule establishes a prescriptive 'pre-acquisition' disclosure regime, provides an alternative to written periodic statements, and contains modified error resolution procedures and cardholder liability limitations. It also extends modified versions of certain requirements under the Credit Card Accountability Responsibility and Disclosure Act (the CARD Act) to prepaid accounts, including a requirement to submit to the CFPB, and to post to a public website, certain prepaid account agreements.11

On 9 August 2019, the Federal Reserve published a notice and request for comment on its plan for the Federal Reserve Banks to develop a new interbank faster payments system, called the 'FedNow' service, with a targeted launch date of 2023 or 2024.12 Under the proposal, FedNow would be a real-time gross settlement (RTGS) system that would allow payments to settle in a matter of seconds, under which settlement entries would be final and irrevocable after a transaction is processed. The Federal Reserve noted that while a private-sector RTGS is already in place in the United States, the existence of a competing publicly provided RTGS may enhance efficiency and safety issues that could arise in a single-provider market, including by promoting competition, spurring innovation, lowering prices, and creating buffers against a single point of failure in the payment system.

On 19 December 2019, the Federal Reserve issued its most recent triennial Federal Reserve Payments Study.13 The study shows that, between 2015 and 2018, US debit card and credit card payments increased by 8.9 per cent per year, ACH payments grew 6 per cent per year and cheque payments fell by more than 7 per cent per year. The study also found that in 2018 the value of remote general-purpose card payments nearly equalled the value of in-person card payments. Finally, the study found a significant shift in the usage of chip-based EMV cards, as the number of chip-authenticated payments for general-purpose cards increased from 2 per cent in 2015 to over 50 per cent in 2018.


i Overview

Access to deposit accounts for currently 'unbanked' or 'underbanked' consumers and compliance with overdraft rules remain high priorities for US regulatory agencies, including the CFPB. The CFPB has taken action against institutions that have allegedly charged inappropriate overdraft fees and has encouraged alternatives that prevent consumers from overdrafting their accounts. Technological developments such as online banking, mobile banking and text-message alerts for low balances can help consumers better manage their accounts and prevent overdrafts.

ii Recent developments

On 29 March 2019, the CFPB published its 2018 Consumer Response Annual Report.14 According to the report, the 25,900 checking or savings account complaints received by the CFPB in 2018 represent about 8 per cent of total complaints received. The CFPB also reported that the most common consumer complaints about deposit accounts (63 per cent) involved account management, and most of these complaints identified issues regarding depositing and withdrawing funds and using a debit card or ATM card. For example, some consumers described difficulties in accessing their funds, reported financial institutions placing holds on deposits, and stated that financial institutions extended the release date of the funds without notice.

On 15 May 2019, despite an earlier indication by the CFPB that it did not plan to consider an overdraft services rule-making,15 the agency published a notice stating that it is conducting a review of its 2009 overdraft rule, which limits the ability of financial institutions to charge overdraft fees for paying ATM and one-time debit card transactions that overdraw a consumer's account unless the consumer has affirmatively consented, or opted in, to the payment of such fees.16 The CFPB noted that while the number of consumers who have opted in to overdraft services varies widely by financial institution, considerably fewer than half of consumers do so. The CFPB also referenced its 2013 conclusion that the overdraft rule led to a material decrease in the amount of overdraft fees paid by consumers. In response, on 1 July 2019, 25 state attorneys general sent a joint comment letter to the CFPB urging the agency not to amend the rule.17 The state attorneys general asserted that the overdraft rule, in its current form, 'sensibly focuses on the type of transactions where the benefits of overdraft services to consumers are smaller relative to the costs and where the risk of inadvertent overdrafts is the highest', and that any decision to roll back the rule would cause harm to consumers.


i Overview

According to the Federal Reserve, the total revolving consumer credit outstanding in the United States as of October 2019 was more than US$1 trillion.18 Revolving credit transactions are subject to a variety of statutes and regulations, including TILA and the ECOA, that impose both substantive and disclosure requirements. In addition, credit card issuers and acquirers are contractually obligated to comply with card network rules. These laws and rules focus primarily on consumer protections, such as those related to disclosure of terms, credit balances, billing error resolution, changes in terms, credit reporting and discrimination.

ii Recent developments

On 27 August 2019, the CFPB released its fourth biennial report on the credit card market, as required by the CARD Act.19 The report, entitled 'The Consumer Credit Card Market', is informed by public responses to a January 2019 request for information, in which the CFPB solicited information about a number of aspects of the consumer credit card market. The report summarises key findings on topics including the cost and availability of credit, credit card issuer practices related to digital account servicing and credit score access, balance transfers and the complexity of credit cards, rewards programmes, deferred interest products, products marketed to non-prime borrowers, third-party comparison sites, credit card debt collection, and product innovation. In the report, the CFPB notes that:

Market conditions remain stable, in large part because of low unemployment, modest wage growth, and higher consumer confidence in the past two years.20


i Overview

Residential mortgages are heavily regulated products in the United States. A complex web of state and federal statutes and regulations governs nearly every aspect of the residential mortgage loan lifecycle, including underwriting, origination, closing, servicing, loss mitigation and foreclosure. While non-mortgage instalment credit products, including auto loans, student loans and personal loans, are not subject to the volume and degree of end-to-end regulatory requirements seen in the mortgage market, they too are regulated at the federal and state levels. Moreover, the CFPB's enforcement arm has focused on student lending, loan servicing and small-dollar lending, while its rule-making arm reconsidered the agency's sweeping 2017 rule to regulate the short-term instalment loan market.21 The CFPB decided to propose rescission of certain provisions of its short-term instalment loan rule and delayed the compliance date of others.22

Beyond traditional instalment loan products, online lending platforms, or 'marketplace lenders', have proliferated rapidly in the United States. According to the Federal Reserve, the total non-revolving consumer credit outstanding in the United States as of October 2019 was more than US$3 trillion.23 Marketplace lenders, which are generally non-bank platform providers, often partner with banks, which originate loans and sell either the loans or the receivables to the marketplace lender, private investors, or both. Alternatively, marketplace lenders may independently originate loans under state lending licences and sell the loans or the receivables to investors. Federal and state regulators have been intently focused on marketplace lending.24

ii Recent developments

On 17 November 2017, the CFPB published a rule to regulate the short-term instalment loan market.25 While the rule was to take effect on 16 April 2018 for certain provisions, the CFPB delayed the effective date of the entire rule until 19 August 2019. Subsequently, on 26 October 2018, the CFPB stated that it would reconsider the rule and address the rule's compliance date.26 On 14 February 2019, the CFPB published a proposed rule to rescind certain aspects of the 2017 rule, including the provision that it would be an unfair and abusive practice for a lender to make a covered short-term or longer-term balloon-payment loan, including payday and vehicle title loans, without reasonably determining that the consumer has the ability to repay the loan according to its terms.27 On 17 June 2019, the CFPB published a rule delaying the compliance date for the mandatory underwriting provisions of the 2017 rule to November 2020.28 The CFPB subsequently said that it plans to finalise its proposal to amend the 2017 rule in April 2020.29

On 22 November 2019, the CFPB published a request for information on its 2013 integrated mortgage disclosures as part of the CFPB's five-year assessment of the rule.30 The mortgage disclosure rule, known as the TILA-RESPA Integrated Disclosures (TRID) Rule, combined certain mortgage disclosures that consumers receive under TILA and the Real Estate Settlement Procedures Act (RESPA). To ensure that homebuyers receive clear and factual information about the terms and costs of their home loans, the TRID Rule mandates that creditors use standardised forms for most transactions and provide borrowers loan estimates and closing disclosures within three business days. The CFPB sought comments to inform its assessment, as well as other information about the implementation of the TRID Rule and its effect on innovation in the mortgage market.

On 30 September 2018, the California governor signed into law an act that requires disclosure of key terms in connection with certain commercial financing by non-banks.31 The law is the first US state law to require consumer-style disclosures for commercial financing and is intended to facilitate comparisons of financing options by recipients of covered commercial financing offers. The law applies to commercial financing offers of US$500,000 or less to entities in California by any entity that extends a specific offer of commercial financing, including non-depository institutions that arrange commercial financing as part of a bank partnership arrangement. 'Commercial financing' includes commercial loans of US$5,000 or more, commercial open-end credit plans, lease financing transactions, account receivable purchase transactions, asset-based lending transactions, and factoring.

On 4 December 2018, the California Department of Business Oversight (DBO) requested public comment in developing regulations to implement the law.32 On 26 July 2019, the DBO issued a second request for comment, which was accompanied by draft regulations.33 The draft regulations contain general formatting and content requirements, as well as unique requirements for closed-end transactions, commercial open-end credit plans, factoring, accounts receivable purchase transactions, lease financing, and asset-based lending transactions. The draft regulations also detail how certain estimates for factoring, accounts receivable purchase transactions, and asset-based lending transactions are to be calculated. In addition, the draft regulations would expressly permit a provider in a commercial financing transaction via the internet to obtain the recipient's signature electronically after making the required disclosures. As of this writing, the regulations have yet to be finalised.

A series of cases have questioned whether a bank is the 'true lender' in a partnership with a marketplace lender. If the marketplace lender is the 'true lender' instead of the bank, it could be required to obtain state licences and conform its loans to state usury laws. Outcomes of these cases have varied. One federal district court held that federal law expressly pre-empts state usury laws for bank-partner programmes where the bank initially holds the loan.34 In contrast, other federal district courts have refused to dismiss 'true lender' actions on pre-emption grounds,35 and have analysed whether a marketplace lender holds the 'predominant economic interest' in the loan and, thus, is the 'true lender'.36 For example, California district courts have come to divergent conclusions on the issue.37

While distinguishable from the 'true lender' line of cases, and a revolving credit case on the facts, the question of whether a loan is subject to state usury laws after it is sold to a non-bank lender, is particularly significant for lenders in the Second Circuit (which includes Connecticut, New York and Vermont) in the wake of the US Supreme Court's 2016 denial of certiorari in Midland Funding LLC et al v. Madden.38 By declining to review Madden, the Supreme Court let stand the Second Circuit's controversial holding that Section 85 of the National Bank Act,39 which pre-empts state laws governing the rate of interest a national bank may charge on a loan, does not have pre-emptive effect after a national bank sells a loan to a non-bank.40 A federal district court has considered whether the National Bank Act pre-empted state usury law when applied to a non-bank assignee of loans originated by a national bank; while the court recognised that state law would be pre-empted as to the national bank that originated the loan, it cited Madden in dicta in noting that it was 'not persuaded' that National Bank Act pre-emption applied to assignees of national banks.41

On 8 June 2017, the US House of Representatives passed legislation that would have added the following language to Section 85 of the National Bank Act: 'A loan that is valid when made as to its maximum rate of interest . . . shall remain valid with respect to such rate regardless of whether the loan is subsequently sold, assigned, or otherwise transferred to a third party . . . notwithstanding any State law to the contrary.'42 On 14 February 2018, the House of Representatives passed additional legislation that would have amended the National Bank Act with language virtually identical to the 'valid when made' language.43 While a similar bill was introduced in the US Senate in July 2017,44 no further legislative action has been taken.

On 18 November 2019, the OCC issued for comment a notice of proposed rule-making to clarify that when a bank sells, assigns, or otherwise transfers a loan, the interest permissible prior to the transfer would continue to be permissible following the transfer.45 On 19 November 2019, the FDIC issued a notice of proposed rule-making seeking to reaffirm the authority for assignees of loans originated by state banks to enforce the contractual interest rate terms of those loans.46 The OCC proposed rule would apply to all national banks and state and federal savings associations, while the FDIC proposed rule would extend this parity to state banks. Neither the OCC nor the FDIC proposed rule would address the issue of who is the 'true lender' in the context of the sale or assignment of a bank-originated loan or receivables to the third party; however, the FDIC indicated in its proposed rule that it would view unfavourably entities attempting to evade lower interest rates by partnering with state banks.47


Regulators and courts have focused on other areas related to consumer financial services, including regulatory enforcement, privacy and cybersecurity, debt collection, anti-money laundering and innovation. The developments identified below are representative, not exhaustive.

i Regulatory enforcement

On 6 December 2018, Kathleen Kraninger was confirmed as Director of the CFPB by the US Senate. In one of her first major policy speeches, she noted that the emphasis of the CFPB will be prevention of consumer harm through supervision and rulemaking, rather than enforcement and the imposition of penalties.48 Consistent with this emphasis, on 23 April 2019 the CFPB announced changes to its policy regarding civil investigative demands (CIDs).49 The CFPB uses CIDs to investigate potential violations of law for which the CFPB may bring an enforcement action. According to the CFPB, under the new CID policy, the CFPB will provide recipients of CIDs with more information on the potentially applicable provision of law that may have been violated and will identify the business activities that are subject to the CFPB's authority.

ii Privacy and cybersecurity

The US privacy regime is generally based on principles of notice and choice, while cybersecurity is based on a standard of 'reasonableness'.

With respect to privacy, on 28 June 2018, the California governor signed into law what is arguably the most expansive privacy legislation in US history.50 With effect from 1 January 2020, the California Consumer Privacy Act (CCPA) provides California residents with several core individual rights: (1) the right to request deletion of personal information that a business has collected from the consumer; (2) the right to request that a business provide information about, and copies of, personal information; (3) the right to opt out of the sale of personal information; and (4) the right to be free from discrimination (in other words, businesses are prohibited from charging different prices or rates to consumers, providing different services, or denying goods or services to consumers who exercise their rights under the CCPA). The specific requirements under the CCPA continue to change as the California legislature has enacted six different amendments to the CCPA before the law has even taken effect,51 and the California attorney general is promulgating regulations to implement the statute.52

On 24 July 2019, the FTC announced a US$5 billion settlement with Facebook, Inc. for allegedly violating an earlier FTC order by misrepresenting users' ability to control the privacy of their data and the extent to which Facebook made user data available to third parties.53 The FTC also alleged that Facebook engaged in unfair acts or practices with regard to how it allowed information provided by users in connection with setting up their account security to be used by third parties. As part of the settlement, the FTC required Facebook to make significant changes to its privacy compliance system, including significant oversight by the FTC.

For cybersecurity, the trend is towards more prescriptive requirements, as well as aggressive enforcement. For instance, on 4 April 2019, the FTC published a request for comment on proposed regulations54 that would move away from the risk-based approach established by the FTC's 2002 data security standards55 known as the Safeguards Rule. The FTC proposed rules would impose prescriptive requirements, many of which appear to be based on the NYDFS cybersecurity regulations that went into effect in 2017.56 For example, the FTC proposed rule would require covered financial institutions to implement an information security programme that meets technical requirements, such as encryption and multi-factor authentication. It would also impose specific training and assessment obligations, such as annual penetration testing and biannual vulnerability assessments, and would require annual reports to the institution's Board of Directors on its information security programme.

On 22 July 2019, the CFPB, FTC and attorneys general from 48 states, the District of Columbia, and Puerto Rico announced a global settlement with Equifax Inc., one of the Big Three credit reporting agencies (CRAs) in the United States, in connection with the company's 2017 cybersecurity incident in which criminals gained access to certain files that reportedly affected approximately 147 million US consumers.57 The settlement requires Equifax to provide up to US$425 million in monetary relief to affected consumers and to pay a US$100 million civil money penalty.58

iii Debt collection

On 21 May 2019, the CFPB published proposed regulations to implement the Fair Debt Collection Practices Act (FDCPA).59 Although the FDCPA was enacted in 1977, substantive implementing regulations have never been promulgated. The proposed regulations, if implemented, would create bright line rules, particularly with regard to how the FDCPA applies to newer communication technologies, such as voicemail, email, text messaging and social media. In 2013, the CFPB published an advance notice of proposed rulemaking that raised the possibility that the CFPB would promulgate regulations that would apply to first-party debt collection (i.e., the collection of debts by the person to whom such debt is owed), even though first-party debt collection is not generally covered by the FDCPA.60 However, the proposed regulations would apply only to debt collectors currently subject to the FDCPA.

Although the FDCPA prohibits debt collectors from repeatedly calling debtors with the intent to harass or abuse them, the proposed regulations would limit debt collectors to making no more than seven telephone calls per consumer per debt in any seven-day period or within seven days after making contact with the consumer about the debt.61 The limitations on the number of telephone calls would not apply to other forms of communication, such as text messages or emails. The proposed regulations would, however, require debt collectors to maintain reasonable procedures to avoid errors in sending emails or text messages to consumers. The proposed regulations would also prohibit a debt collector from communicating with debtors via a social media platform if such communications would be viewable by third parties. In addition, the proposed regulations would allow consumers to opt out of a debt collector's use of any medium of communication.

Because many of the substantive restrictions under the FDCPA apply when a debt collector engages in communication with a debtor, the proposed regulations would allow debt collectors to make 'limited-content messages' that would not be deemed to be a communication under the FDCPA. The message would need to contain only the information required or permitted by the proposed regulations to qualify as a limited-content message. Such limited-content messages would be subject to the call restrictions described above, but would allow debt collectors to make contact with debtors without triggering the regulatory requirements that apply when engaging in a communication with a debtor.

Additionally, the proposed regulation would expressly prohibit a debt collector from suing or threatening to sue a consumer to collect a debt that the collector knows or should know is time-barred under the applicable statute of limitations.62 Debt collectors would be prohibited from reporting information about a debt collector to a consumer reporting agency before communicating with a consumer about the debt, a practice sometimes referred to as 'passive debt collection'.63 The proposed regulation would prohibit a debt collector from selling, transferring or placing for collection a debt if the collector knows or should know that the debt has been paid or discharged in bankruptcy or that an identity theft report was filed with respect to the debt.64

iv Anti-money laundering

On 3 December 2018, the federal prudential regulators and the Financial Crimes Enforcement Network (FinCEN) issued a joint statement on innovative approaches to anti-money laundering (AML) and counter-financing of terrorism (CFT) programmes.65 In the joint statement, the agencies encouraged financial institutions to use innovative tools and technologies, such as artificial intelligence and digital identity technologies, to help identify and report money laundering, terrorist financing and other illicit activities.

On 18 April 2019, FinCEN announced the first enforcement action against a peer-to-peer virtual currency exchanger for alleged violations of the Bank Secrecy Act (BSA).66 FinCEN assessed a civil money penalty in connection with allegations that the individual, as an operator of a virtual currency exchange, failed to register with FinCEN as a money services business, failed to establish and implement an effective written AML programme, failed to detect and report suspicious transactions, and failed to file currency transaction reports.67

v Innovation

US financial services regulators and financial services providers are interested in the ways in which innovative technologies, such as artificial intelligence and machine learning, can be applied to financial services. Although many of these new technologies have potential benefits such as expanded access to credit, they may also present risks such as unintended discrimination, also referred to as disparate impact discrimination.

US financial services regulators have focused on how policies and regulations can be changed to encourage responsible innovation. On 10 September 2019, the CFPB issued three new or updated policies to reduce regulatory uncertainty and promote innovation: a no-action letter (NAL) policy, trial disclosure programme (TDP) policy, and compliance assistance sandbox (CAS) policy.68 The new NAL and TDP policies69 replace previous under-utilised policies, with the CFPB approving no trial disclosure programmes in nearly six years and issuing only one no-action letter in three years.70 The new policies aim to increase industry utilisation by streamlining the review and approval processes and reducing the ongoing reporting requirements. Concurrent with the release of the new policies, the CFPB issued a no-action letter to the US Department of Housing and Urban Development under the new NAL policy.71 The CAS policy is a new policy under which persons offering an innovative product or service may be granted a statutory safe harbour under TILA, the ECOA or the EFTA.72

On 30 April 2019, the OCC requested public comment on a proposed Innovation Pilot Program.73 The proposed programme would allow OCC-supervised institutions, including those using third-party service providers, to apply to take part in a three-to-24-month small-scale pilot to test the feasibility of new or unique products or services where regulatory uncertainty is perceived to be a barrier to the development and implementation of the product or service.74


The CFPB has continued to issue public consent orders related to a broad range of consumer financial products and services, including debt collection, deposit accounts, auto loans and loan origination. A brief review of UDAAP standards and key orders is provided below.

Generally, 'unfairness' means substantial injury to the consumer that the consumer could not have reasonably avoided, which is not outweighed by consumer or competitive benefits.75 'Deception' generally exists where there is a material representation, omission, or practice that is likely to mislead the consumer acting reasonably in the circumstances.76 Finally, 'abusiveness', which was established under the CFPA, means material interference with a consumer's ability to understand a term or condition of a consumer financial product or service, or taking unreasonable advantage of a lack of the consumer's understanding, the consumer's inability to protect his or her own interests, or the consumer's reasonable reliance on a covered person to act in the interests of the consumer.77

i Unfair practices

The following are examples of recent CFPB allegations of unfair practices:

  1. Reopening accounts. The CFPB found that a federal savings association engaged in unfair practices when it reopened previously closed deposit accounts without obtaining consumers' prior authorisation or without providing timely notice.78 The CFPB found that the bank reopened the account when it received certain types of debits and credits to the accounts, which potentially resulted in negative balances and the accumulation of fees.
  2. Credit cards. The CFPB alleged that a retailer that issued store credit cards engaged in unfair practices when its employees enrolled consumers with credit card accounts into an optional payment protection insurance plan offered by a third-party insurer without the consumers' knowledge or consent.79
  3. Automatic debits. The CFPB found that an online lender engaged in unfair practices when:
    • it electronically debited payments from consumers' bank accounts without obtaining authorisation to debit the accounts; and
    • a software error resulted in the lender debiting consumers' bank accounts for full loan payment amounts after the consumer had been approved for an extension on the loan payment.80
  4. Student loan servicing. The CFPB found that a student loan servicer engaged in unfair acts or practices when it failed to process adjustments to the principal balances of some student loans after the loans were placed in deferment, forbearance, or income-based repayment plans.81
  5. Data breach. The CFPB found Equifax, a CRA, acted unfairly by failing to provide reasonable security for the sensitive consumer personal information that was compromised in a 2017 data breach.82

ii Deceptive practices

The following list includes examples of recent CFPB allegations of deceptive practices:

  1. Mortgage loan refinancing. The CFPB alleged that a non-bank mortgage company engaged in deceptive practices when its employees made inaccurate 'apples-to-apples' comparisons of consumers' current mortgage to the company's refinancing offer during in-home sales pitches.83
  2. Credit cards. The CFPB alleged that a retailer that issued store credit cards engaged in various deceptive practices, including that the retailer's employees deceived consumers into providing personal information and completing credit card applications without the consumers' knowledge or consent and that the employees misrepresented the credit card financing terms, including the interest rate, monthly payment amount and promotional financing eligibility terms.84
  3. Mortgage assistance services. The CFPB alleged that a company offering mortgage assistance relief services engaged in deceptive acts or practices when it made misleading claims about the effectiveness of documents and materials that it sold to consumers as a solution to consumers' mortgage problems.85
  4. Debt collection. The CFPB found that a debt collection company falsely:
    • threatened consumers with legal action that they had no intention of taking;
    • represented to consumers that their employees were attorneys when they were not; and
    • represented to consumers that their credit reports would be negatively affected if they did not make payments on the debt, even though the company did not report the consumer debts to credit reporting agencies.86
  5. Funds transfers. The CFPB found that a remittance transfer provider deceived consumers when the company provided consumers with a disclosure stating that the company would not be responsible for errors made by its payment agents even though applicable law would hold the company liable for such errors.87
  6. Debt settlement services. The CFPB alleged that a debt settlement services provider engaged in deceptive behaviour by misrepresenting its ability to negotiate with creditors and charging fees to consumers without settling their debts as promised.88
  7. Privacy. The FTC found that a large social network violated a previous consent order when the company made misrepresentations regarding the ability of users to control the privacy of their data and the extent to which the company made user data available to third parties.89 The FTC also found that the company was deceiving consumers with regard to how account security information would be used.

iii Abusive practices

Below are examples of recent CFPB allegations of abusive practices:

  1. Mortgage assistance services. The CFPB alleged that a company offering mortgage assistance relief services engaged in abusive acts or practices when it took advantage of consumers' lack of understanding of residential mortgage and foreclosure laws and marketed and sold to consumers boilerplate documents and materials that lacked merit as a solution to consumers' mortgage problems.90
  2. Debt settlement services. The CFPB alleged that a debt settlement services provider abusively made some customers negotiate their own settlements and instructed borrowers to mislead lenders by concealing the fact of their enrolment in the debt settlement programme in order to negotiate their debt.91


The climate of deregulation and the influence of non-traditional financial services providers on the US consumer financial services market will continue to be the dominant forces shaping the country's consumer financial services regulatory landscape in the coming year. Financial technology firms continue to deploy innovative technological solutions and develop new uses for a rapidly expanding universe of consumer data, and supervisory and regulatory authorities continue to try to keep pace. The coming year will also see continued evolution of the body of case law surrounding the 'true lender' issue, and perhaps resolution of the Madden issue, whether through judicial or regulatory action.


1 Rick Fischer is a senior partner and Obrea Poindexter and Jeremy Mandell are partners at Morrison & Foerster LLP.

2 12 U.S.C. Section 5481.

3 id. Section 5531.

4 id. Sections 5512, 5561 to 5567.

5 id. Section 5536.

6 See Federal Reserve, The 2019 Federal Reserve Payments Study at 1 (19 Dec. 2019) (triennial study).

7 id. at 2.

8 Press Release, NACHA–The Electronic Payments Association, Same Day ACH Will Be Enhanced to Meet ACH End-User Needs (14 Sept. 2018).

9 Rules Concerning Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and the Truth in Lending Act (Regulation Z), 83 Fed. Reg. 6,364 (13 Feb. 2018); see also 81 Fed. Reg. 83,934 (22 Nov. 2016).

10 12 C.F.R. pts. 1005, 1026.

11 Pub. L. No. 111-24, 123 Stat. 1734 (2009).

12 Federal Reserve Actions to Support Interbank Settlement of Faster Payments, 84 Fed. Reg. 39,297 (9 Aug. 2019).

13 Federal Reserve, The 2019 Federal Reserve Payments Study (19 Dec. 2019).

14 See Consumer Financial Protection Bureau, Consumer Response Annual Report (Mar. 2019).

15 See Blog Post, Consumer Financial Protection Bureau, Spring 2018 Rulemaking Agenda (10 May 2018).

16 Overdraft Rule Review Pursuant to the Regulatory Flexibility Act, 84 Fed. Reg. 21,729 (15 May 2019).

17 State of New York Office of the Attorney General, Letter to Kathleen L Kraninger Re: Request for Comment on the Economic Impact of the Overdraft Rule (No. CFPB-2019-0023) (1 July 2019).

18 See Federal Reserve Board, G.19 Consumer Credit, October 2019 (6 Dec. 2019).

19 Consumer Financial Protection Bureau, The Consumer Credit Card Market (27 Aug. 2019).

20 id. at 6.

21 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 82 Fed. Reg. 54,472 (17 Nov. 2017).

22 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 84 Fed. Reg. 4,252 (proposed 14 Feb. 2019); Payday, Vehicle Title, and Certain High-Cost Installment Loans; Delay of Compliance Date; Correcting Amendments, 84 Fed. Reg. 27,907 (17 Jun. 2019).

23 See Federal Reserve Board, G.19 Consumer Credit, October 2019 (6 Dec. 2019).

24 See, e.g., U.S. Dep't of the Treasury, Opportunities and Challenges in Marketplace Lending (10 May 2016); Press Release, Cal. Dep't of Bus. Oversight, California Online Lending Grows by More Than 930% Over Five Years (4 Apr. 2015); Press Release, New York Dep't of Financial Services, DFS Issues Online Lending Report (11 July 2018).

25 Payday, Vehicle Title, and Certain High-Cost Installment Loans, 82 Fed. Reg. 54,472 (17 Nov. 2017).

26 Consumer Financial Protection Bureau, Public Statement Regarding Payday Rule Reconsideration and Delay of Compliance Date (26 Oct. 2018).

27 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 84 Fed. Reg. 4,252 (proposed 14 Feb. 2019).

28 See Payday, Vehicle Title, and Certain High-Cost Installment Loans; Delay of Compliance Date; Correcting Amendments, 84 Fed. Reg. 27,907 (17 Jun. 2019).

29 See Blog Post, Consumer Financial Protection Bureau, Fall 2019 Rulemaking Agenda (20 November 2019).

30 Request for Information Regarding the Integrated Mortgage Disclosures Under the Real Estate Settlement Procedures Act (Regulation X) and the Truth in Lending Act (Regulation Z) Rule Assessment, 84 Fed. Reg. 64,436 (22 Nov. 2019).

31 Cal. Stats. 2018, Ch. 1011, Sec. 2 (adding Cal. Fin. Code Div. 9.5, §§ 22800–22805).

32 Invitation for Comments on Proposed Rulemaking Commercial Financing Disclosures, PRO 01-18 (4 Dec. 2018).

33 Invitation for Comments on Proposed Rulemaking Commercial Financing Disclosures, PRO 01-18 (26 Jul. 2019).

34 Sawyer v. Bill Me Later Inc., 23 F. Supp. 3d 1359 (D. Utah 2014).

35 See, e.g., Meade v Marlette Funding LLC, No. 1:17-cv-00575 (D. Colo. 21 Mar. 2018); Meade v. Avant of Colorado LLC, 307 F. Supp. 3d 1134 (D. Colo. 1 Mar. 2018).

36 Commonwealth of Pennsylvania v. Think Finance, Inc., et al., No. 14-cv-7139 (E.D. Pa. 14 Jan. 2016).

37 Compare Consumer Financial Protection Bureau v. CashCall Inc., No. 2:15-cv-07522 (C.D. Cal. 31 Aug. 2016), with Beechum v. Navient Solutions Inc., No. 2:15-cv-08239 (C.D. Cal. 20 Sept. 2016).

38 Midland Funding, LLC v. Madden, 136 S. Ct. 2505, 579 U.S. __ (2016).

39 12 U.S.C. Section 85.

40 Madden v. Midland Funding, LLC, 786 F.3d 246 (2d Cir. 2015).

41 Eul v. Transworld Systems, Inc., No. 1:15-cv-7755 (N. D. Ill. Mar. 30, 2017).

42 Financial CHOICE Act of 2017, H.R. 10, 115th Cong. Subtit. Q, § 581 (2017).

43 Protecting Consumers' Access to Credit Act of 2017, H.R. 3299, 115th Cong. (2018).

44 Protecting Consumers' Access to Credit Act of 2017, S. 1642, 115th Cong. (2017).

45 Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred, 84 Fed. Reg. 64,229 (proposed 21 Nov. 2019).

46 Federal Interest Rate Authority, 84 Fed. Reg. 66,845 (proposed 6 Dec. 2019).

47 id.

48 Speech by Kathleen Kraninger, Director, Consumer Financial Protection Bureau, at the Bipartisan Policy Center (17 Apr. 2019).

49 Press Release, Consumer Financial Protection Bureau, CFPB Announces Policy Change Regarding Bureau Civil Investigative Demands (23 Apr. 2019).

50 Cal. Civ. Code §§ 1798.100–1798.199.

51 See Cal. Stats. 2018 c. 735 (S.B. 1121); Cal. Stats. 2019 c. 757 (A.B. 1355); Cal. Stats. 2019 c. 763 (A.B. 25); Cal. Stats. 2019 c. 748 (A.B. 874); Cal. Stats. 2019 c. 759 (A.B. 1564); Cal. Stats. 2019 c. 751 (A.B. 1146).

52 41-Z Cal. Regulatory Notice Reg. 1341 (11 Oct. 2019).

53 Complaint, U.S. v. Facebook, Inc., No. 19-cv-2184 (D.D.C. 24 July 2019).

54 Privacy of Consumer Financial Information Rule under the Gramm-Leach-Bliley Act, 84 Fed. Reg. 13,150 (proposed 4 Apr. 2019).

55 16 C.F.R. pt. 314.

56 See N.Y. Comp. Codes R. & Regs. tit. 23, pt. 500.

57 Press Release, Consumer Financial Protection Bureau, CFPB, FTC and States Announce Settlement with Equifax Over 2017 Data Breach (22 July 2019).

58 Stipulated Order for Permanent Injunction and Monetary Judgment, Bureau of Consumer Financial Protection v. Equifax Inc., No. 1:19-cv-03300-TWT (N.D. Ga. 23 July 2019).

59 Debt Collection Practices (Regulation F), 84 Fed. Reg. 23,274 (proposed 21 Mar. 2019).

60 Debt Collection (Regulation F), Advance Notice of Proposed Rulemaking, 78 Fed. Reg. 67,847, 67,853 (12 Nov. 2013).

61 Debt Collection Practices (Regulation F), 84 Fed. Reg. 23,274 (proposed 21 Mar. 2019).

62 id. at 23,403.

63 id.

64 id.

65 Federal Reserve, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, Office of the Comptroller of the Currency, Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing (3 Dec. 2018).

66 Press Release, Financial Crimes Enforcement Network, FinCEN Penalizes Peer-to-Peer Virtual Currency Exchanger for Violations of Anti-Money Laundering Laws (18 Apr. 2019).

67 Assessment of Civil Money Penalty, In Re Eric Powers, No. 2019-01 (18 Apr. 2019).

68 Press Release, Consumer Financial Protection Bureau, CFPB Issues Policies to Facilitate Compliance and Promote Innovation (10 Sept. 2019).

69 Consumer Financial Protection Bureau, Policy on No-Action Letters, 84 Fed. Reg. 48, 229 (13 Sept. 2019); Policy to Encourage Trial Disclosure Programs, 84 Fed. Reg. 48,260 (13 Sept. 2019).

70 Press Release, Consumer Financial Protection Bureau, CFPB Announces First No-Action Letter to Upstart Network (14 Sept. 2017).

71 Press Release, Consumer Financial Protection Bureau, CFPB Issues Policies to Facilitate Compliance and Promote Innovation (10 Sept. 2019).

72 Consumer Financial Protection Bureau, Policy on the Compliance Assistance Sandbox, 84 Fed. Reg. 48,246 (13 Sept. 2019).

73 Press Release, Office of the Comptroller of the Currency, OCC Solicits Public Comment on Proposed Innovation Pilot Program (30 April 2019).

74 Office of the Comptroller of the Currency, OCC Innovation Pilot Program (30 April 2019).

75 12 U.S.C. Section 5531(c).

76 Federal Trade Commission, Policy Statement on Deception (14 Oct. 1983), appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984).

77 12 U.S.C. Section 5531(d).

78 Consent Order, USAA Federal Savings Bank, No. 2019-BCFP-0001 (3 Jan. 2019).

79 Complaint, Bureau of Consumer Financial Protection v. Sterling Jewelers Inc., No. 1:19-cv-00448 (S.D.N.Y. 16 Jan. 2019).

80 Consent Order, In re Enova International, Inc., No. 2019-BCFP-0003 (25 Jan. 2019).

81 Consent Order, In re Conduent Education Services, LLC, No. 2019-BCFP-0005 (1 May 2019).

82 Complaint, Bureau of Consumer Financial Protection v. Equifax Inc., No. 1:19-cv-03300-TWT (N.D. Ga. 22 July 2019).

83 Complaint, Bureau of Consumer Financial Protection v. Village Capital & Investment LLC, No. 2:18-cv-02304 (D. Nev. 4 Dec. 2018).

84 Complaint, Bureau of Consumer Financial Protection v. Sterling Jewelers Inc., No. 1:19-cv-00448 (S.D.N.Y. 16 Jan. 2019).

85 Complaint, Bureau of Consumer Financial Protection v. Certified Forensic Loan Auditors, LLC, No. 2:19-cv-07722 (C.D. Cal. 6 Sept. 2019).

86 Consent Order, In re Financial Credit Service, Inc., d/b/a Asset Recovery Associates, No. 2019-BCFP-0009 (28 Aug. 2019).

87 Consent Order, In re Maxitransfers Corporation, No. 2019-BCFP-0008 (27 Aug. 2019).

88 First Amended Complaint, Consumer Financial Protection Bureau v. Freedom Debt Relief, LLC, No. 3:17-cv-6484 (N.D. Cal. 1 June 2019).

89 Complaint, U.S. v. Facebook, Inc., No. 19-cv-2184 (D.D.C. 24 July 2019).

90 Complaint, Bureau of Consumer Financial Protection v. Certified Forensic Loan Auditors, LLC, No. 2:19-cv-07722 (C.D. Cal. 6 Sept. 2019).

91 First Amended Complaint, Consumer Financial Protection Bureau v. Freedom Debt Relief, LLC, No. 3:17-cv-6484 (N.D. Cal. 1 June 2019).