The Consumer Finance Law Review: USA


The US consumer financial services marketplace is competitive and heavily regulated. Advances in technology and significant capital investment have attracted technology firms, including both established firms and start-ups, as well as retailers to compete in the financial services market with traditional providers, including banks and the card networks. While there has been some slowing of enforcement activity, focused enforcement agencies, including the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), the federal banking regulators, which include the Federal Reserve System (Federal Reserve), the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC), as well as state regulatory authorities are still active in enforcing consumer financial services laws. The CFPB has considered and adopted significant rule-makings, including rule-makings based on its authority under the Consumer Financial Protection Act of 2010 (CFPA), its founding statute, and other federal consumer financial protection laws. Looking forward, the rate of innovation and evolving regulatory climate have the potential to create an inflection point for the US consumer financial services market and opportunities for both new and established market participants.

Legislative and regulatory framework

i Statutory framework

Consumer payments, deposits and credit are subject to a complex set of federal and state statutes and regulations. With respect to consumer payments, the Electronic Fund Transfer Act (EFTA) establishes the basic rights, responsibilities and liabilities of consumers and the entities that provide electronic fund transfer services, while other federal laws, including the Expedited Funds Availability Act, provide additional consumer protections. In addition, laws in nearly every state regulate money transmission, generally under a state licensing regime. With respect to deposits, the Federal Deposit Insurance Act (FDIA) establishes comprehensive deposit insurance coverage, while other federal laws, including the Truth in Savings Act, as well as corresponding state laws, provide consumer protections. Consumer credit also is heavily regulated under federal and state law. The Truth in Lending Act (TILA) and the Equal Credit Opportunity Act (ECOA) provide the backbone for federal consumer protections related to the various forms of consumer credit. State law, including state usury protections, also apply. Finally, the CFPA, the FTC Act, and state law set forth prohibitions on unfair, deceptive and, in some cases under the CFPA, abusive acts or practices (UDAP/UDAAP).

In addition to these substantive statutes covering consumer payments, deposits and credit, there is an overlay of federal statutes covering law enforcement objectives (e.g., the Bank Secrecy Act), consumer financial privacy (e.g., the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA)), and data security (e.g., GLBA), among other key statutes and regulations targeting public policy objectives. This overlay is the subject of extensive review and analysis in other treatises or law journals and is referred to herein only in passing.

ii Regulatory framework

Entities that provide consumer financial products or services may be subject to regulation and enforcement by both federal and state authorities. At the federal level, the CFPB has enforcement authority with respect to 'covered persons', including banks with assets over US$10 billion, 'larger participants' in certain consumer financial product or service markets, and 'service providers', as those terms are defined in the CFPA.2 The CFPB also has authority to write rules prohibiting covered persons and service providers from engaging in UDAAPs, and to enforce such rules.3 In addition, the CFPB has rule-making and enforcement authority under a number of federal consumer financial protection statutes, including those listed above (such as EFTA and TILA), that apply to all persons subject to the laws, without regard to whether they are a covered person or a service provider.4 Finally, the CFPB has authority to enforce against any person who aids or abets a UDAAP, which means 'knowingly or recklessly' providing 'substantial assistance to a covered person' in connection with a violation of the UDAAP prohibition.5

In addition to the CFPB, at the federal level, the banking regulators and the FTC have enforcement authority with respect to banks and non-banks, respectively. At the state level, banking departments, licensing authorities and state attorneys general have varying degrees of rule-making and enforcement authority.


i Overview

In the United States, the primary payment methods are cash, debit card, credit card, prepaid card, cheques and ACH transactions. The Federal Reserve estimates that in 2018 alone there were more than 174 billion non-cash retail payment transactions in the US, with a value in excess of US$97 trillion.6 According to the Federal Reserve, the most common payment methods are card-based (debit, credit and prepaid), while ACH transactions have the highest dollar value for non-cash retail payments.7

Although there is a great deal of industry interest and activity around online and mobile payments, to date, most online and mobile payments are processed using traditional payment infrastructures. Nevertheless, emerging payment solutions can leverage a number of enhancements over traditional payment methods, including improved customer interfaces, increased use of customer data, and integration with customer loyalty or reward programmes or other third-party services used by consumers. These enhancements have the potential to lessen friction and promote consumer conversion and usage rates. Many of the novel legal and regulatory issues surrounding emerging payments are related to these enhancements.

ii Recent developments

On 11 August 2020, the Federal Reserve published service details on the Federal Reserve Banks' new interbank faster payments system, called the 'FedNow' service, which has a targeted launch date in 2023 or 2024.8 FedNow will be a real-time gross settlement (RTGS) system that will allow payments to settle in a matter of seconds, under which settlement entries will be final and irrevocable after a transaction is processed. A private-sector RTGS is already in place in the United States; however, the Federal Reserve has indicated that the existence of a competing publicly provided RTGS may enhance efficiency and safety issues that could arise in a single-provider market, including by promoting competition, spurring innovation, lowering prices, and creating buffers against a single point of failure in the payment system.

Once operational, banks will be able to accept, transmit, and settle payments 24 hours a day, seven days a week, and 365 days per year. The FedNow service is expected to support credit transfer use cases, including peer-to-peer payments, bill payments, and low-value business-to-business payments. Initially, FedNow will process and settle payments up to $25,000. The FedNow service will be available to banks in the United States and permit customers to send and settle payments instantly through online banking platforms.9 Once the sender initiates the payment, the recipient will receive a notice from FedNow containing information about the payment and receive a prompt to accept or deny the payment. If the customer accepts the payment, FedNow will transfer the funds to the recipient's bank account and the bank will settle the transaction in the moment. While en route, funds will be held by the Federal Reserve accounts associated with each party's bank. Completed payments will be final.10

On 19 December 2019, the Federal Reserve issued its most recent triennial Federal Reserve Payments Study.11 The study shows that, between 2015 and 2018, US debit card and credit card payments increased by 8.9 per cent per year, ACH payments grew 6 per cent per year and cheque payments fell by more than 7 per cent per year. The study also found that in 2018 the value of remote general-purpose card payments nearly equalled the value of in-person card payments. Finally, the study found a significant shift in the usage of chip-based EMV cards, as the number of chip-authenticated payments for general-purpose cards increased from 2 per cent in 2015 to over 50 per cent in 2018.

On 25 June, 2020, the Acting Comptroller of the Currency announced an OCC plan to implement a national analogue to traditional state money transmission licences. Referred to as the Payments Charter (distinct from the OCC's FinTech Charter proposal currently being litigated before the US Court of Appeals for the Second Circuit),12 the platform would function as a national licensing body regulated by the OCC. Effectively, a money transmitter who wishes to do business nationwide would be able to apply for and maintain one national licence as opposed to the current list of more than 49 state licences required of national money transmitters. Despite the intended benefits of such a charter, the traditional payment regulators – state and local authorities – have expressed concerns about the programme, primarily that state regulations are often more thorough than those enforced at the national level.13

In 2020, policymakers have leveraged the payments system to make economic impact payments to consumers to counter the effects the covid-19 pandemic has had on the economy. Economic impact payments have been made directly to consumers via batch processing systems, including the automated clearinghouse, card-based payment systems, and check-based payments.

Deposit accounts and overdrafts

i Overview

Access to deposit accounts for currently 'unbanked' or 'underbanked' consumers and compliance with overdraft rules remain high priorities for US regulatory agencies, including the CFPB, as well as the banking industry.14 The CFPB has taken action against institutions that have allegedly charged inappropriate overdraft fees and has encouraged alternatives that prevent consumers from overdrafting their accounts. Technological developments such as online banking, mobile banking and text-message alerts for low balances can help consumers better manage their accounts and prevent overdrafts.

ii Recent developments

On 31 March 2020, the CFPB published its 2019 Consumer Response Annual Report.15 According to the report, the CFPB received 26,900 checking or savings account complaints in 2019 – an increase of nearly 1,000 consumer complaints from the prior year. As in 2018, these complaints represent about 8 per cent of total complaints received, and account for 0.02 per cent of the 119 million US households with checking or savings accounts. The CFPB also reported that the most common consumer complaints about deposit accounts (64 per cent) involved account management, and most of these complaints identified issues regarding depositing and withdrawing funds and using a debit card or ATM card. For example, some consumers described difficulties in accessing their funds, reported financial institutions placing holds on deposits, and stated that financial institutions extended the release date of the funds without notice.

On 15 May 2019, despite an earlier indication by the CFPB that it did not plan to consider an overdraft services rule-making,16 the agency published a notice stating that it is conducting a review of its 2009 overdraft rule, which limits the ability of financial institutions to charge overdraft fees for paying ATM and one-time debit card transactions that overdraw a consumer's account unless the consumer has affirmatively consented, or opted in, to the payment of such fees.17 The CFPB noted that while the number of consumers who have opted in to overdraft services varies widely by financial institution, considerably fewer than half of consumers do so. The CFPB also referenced its 2013 conclusion that the overdraft rule led to a material decrease in the amount of overdraft fees paid by consumers. In response, on 1 July 2019, 25 state attorneys general sent a joint comment letter to the CFPB urging the agency not to amend the rule, arguing that rolling back the consumer protections within the overdraft rule would be a 'serious and harmful mistake'.18 The state attorneys general asserted that the overdraft rule, in its current form, 'sensibly focuses on the type of transactions where the benefits of overdraft services to consumers are smaller relative to the costs and where the risk of inadvertent overdrafts is the highest'.

Revolving credit

i Overview

According to the Federal Reserve, the total revolving consumer credit outstanding in the United States as of October 2020 was almost US$980 billion, a drop from its high in 2019 of more than US$1 trillion.19 Revolving credit transactions are subject to a variety of statutes and regulations, including TILA and the ECOA, that impose both substantive and disclosure requirements. In addition, credit card issuers and acquirers are contractually obligated to comply with card network rules. These laws and rules focus primarily on consumer protections, such as those related to disclosure of terms, credit balances, billing error resolution, changes in terms, credit reporting and discrimination.

ii Recent developments

In 2020, the CFPB was active in issuing statements and guidance to financial institutions, particularly as the agency sought to mitigate the impact of the covid-19 pandemic on both institutions and consumers. On 26 March 2020, the CFPB issued a statement providing financial companies with temporary flexibility on regulatory reporting obligations, in light of covid-19.20

On 3 June 2020, the CFPB issued a statement regarding electronic credit card disclosures in light of covid-19.21 The statement indicated that the CFPB would afford temporary supervisory and enforcement flexibility for credit card issuers regarding the electronic delivery of certain disclosures.22

On 9 March 2020, the CFPB took action against a national bank alleging, among other things, that the national bank issued unauthorised credit cards to bank customers without the customer's knowledge or consent, in the interest of sales goals and employee incentive compensation.23

On 28 August 2020, the CFPB published a request for public comment to inform its review of the economic impact of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (the CARD Act) implementing regulations, as well as its biennial review of the consumer credit card market.24

Instalment credit

i Overview

Residential mortgages are heavily regulated products in the United States. A complex web of state and federal statutes and regulations governs nearly every aspect of the residential mortgage loan lifecycle, including underwriting, origination, closing, servicing, loss mitigation and foreclosure. While non-mortgage instalment credit products, including auto loans, student loans and personal loans, are not subject to the volume and degree of end-to-end regulatory requirements seen in the mortgage market, they too are regulated at the federal and state levels. Moreover, the CFPB's enforcement arm has focused on student lending, loan servicing and small-dollar lending, while its rule-making arm has finalised the rescission of certain provisions of its short-term instalment loan rule.25

Beyond traditional instalment loan products, online lending platforms, or 'marketplace lenders', have proliferated rapidly in the United States. According to the Federal Reserve, the total non-revolving consumer credit outstanding in the United States as of October 2020 was more than US$3 trillion.26 Marketplace lenders, which are generally non-bank platform providers, often partner with banks, which originate loans and sell either the loans or the receivables to the marketplace lender, private investors, or both. Alternatively, marketplace lenders may independently originate loans under state lending licences and sell the loans or the receivables to investors. Federal and state regulators have been intently focused on marketplace lending.27

ii Recent developments

In 2017, the CFPB published a rule to regulate the short-term instalment loan market.28 While certain aspects of the rule were scheduled to take effect in 2018, the CFPB delayed the effective date and ultimately proposed to rescind certain aspects of the 2017 rule, including the provision that it would be an unfair and abusive practice for a lender to make a covered short-term or longer-term balloon-payment loan, including payday and vehicle title loans, without reasonably determining that the consumer has the ability to repay the loan according to its terms.29 On 7 July 2020, the CFPB issued its final rule revoking the provision making it an unfair and abusive practice to make covered short-term or longer-term balloon payment loans without reasonably determining that the consumer has the ability to repay.30 The final rule also revoked mandatory underwriting requirements for making ability-to-repay determinations and exemptions for certain loans from the mandatory underwriting requirements.31

On 1 October 2020, the CFPB published its required assessment of the TILA-RESPA Integrated Disclosures (TRID) Rule, which combines certain mortgage disclosures that consumers receive under TILA and the Real Estate Settlement Procedures Act (RESPA).32 The assessment determined that the TRID Rule has made significant progress towards fulfilling the goals of the TRID Rule. In particular, the assessment noted that the TRID Rule has improved the ability of prospective borrowers to locate key mortgage information, to compare features and costs of different mortgage offers, to compare estimated and actual loan terms and costs, and to understand loan estimates and loan transactions.33 However, the assessment noted that evidence was mixed regarding whether the TRID Rule increased consumer shopping for mortgages.34

In 2018, the California governor signed into law an act that requires disclosure of key terms in connection with certain commercial financing by non-banks.35 On 4 December 2018, the California Department of Business Oversight (DBO) requested public comment in developing regulations to implement the law.36 On 26 July 2019, the DBO issued a second request for comment, which was accompanied by draft regulations.37 On 17 January 2020, the DBO issued a third request for comment on the economic impact of the proposed regulations.38 The draft regulations contain general formatting and content requirements, as well as unique requirements for closed-end transactions, commercial open-end credit plans, factoring, accounts receivable purchase transactions, lease financing, and asset-based lending transactions. The draft regulations also detail how certain estimates for factoring, accounts receivable purchase transactions, and asset-based lending transactions are to be calculated. In addition, the draft regulations would expressly permit a provider in a commercial financing transaction via the internet to obtain the recipient's signature electronically after making the required disclosures. Although as of this writing the regulations have yet to be finalised, the DBO on 11 September 2020 issued a notice of rule-making action for the regulations39 and held a public hearing on 9 November 2020.40 Notably, the notice of rule-making action indicated that the regulations would take effect on 1 July 2020, or six months after the final regulations are adopted, whichever is later.41

A series of cases have questioned whether a bank is the 'true lender' in a partnership with a marketplace lender. If the marketplace lender is the 'true lender' instead of the bank, it could be required to obtain state licences and conform its loans to state usury laws. Outcomes of these cases have varied. One federal district court held that federal law expressly pre-empts state usury laws for bank-partner programmes where the bank initially holds the loan.42 In contrast, other federal district courts have refused to dismiss 'true lender' actions on pre-emption grounds,43 and have analysed whether a marketplace lender holds the 'predominant economic interest' in the loan and, thus, is the 'true lender'.44 For example, California district courts have come to divergent conclusions on the issue.45 In cases litigated in Colorado, a settlement was reached on 7 August 2020 between the Colorado Attorney General and the Administrator of the Colorado Uniform Consumer Credit Code and the plaintiffs, under which marketplace lending programmes would be permissible under Colorado law, provided that the programmes meet certain criteria related to oversight, disclosure, funding, licensing, consumer terms, and structure.46 However, on 27 October 2020, the OCC published a final rule introducing a 'simple, bright-line test' for determining which entity is the 'true lender' in a partnership with a marketplace lender.47 Under the final rule, a national bank or federal savings association will be considered the 'true lender' of a loan originated in connection with a lending partnership between the bank and a non-bank service provider if, as of the date the loan is originated, the national bank or federal savings association is named as the lender in the loan agreement or funds the loan.48 Nevertheless, there is a risk that the final rule may be challenged in court by various state attorneys general, and Congress, in light of a change in Presidential administration, could overturn the final rule in 2021 using the Congressional Review Act.

While distinguishable from the 'true lender' line of cases, and a revolving credit case on the facts, the question of whether a loan is subject to state usury laws after it is sold to a non-bank lender, is particularly significant for lenders in the Second Circuit (including Connecticut, New York and Vermont) in the wake of the US Supreme Court's 2016 denial of certiorari in Midland Funding LLC et al v. Madden.49 By declining to review Madden, the Supreme Court let stand the Second Circuit's controversial holding that Section 85 of the National Bank Act,50 which pre-empts state laws governing the rate of interest a national bank may charge on a loan, does not have pre-emptive effect after a national bank sells a loan to a non-bank.51 A federal district court has considered whether the National Bank Act pre-empted state usury law when applied to a non-bank assignee of loans originated by a national bank; while the court recognised that state law would be pre-empted as to the national bank that originated the loan, it cited Madden in dicta in noting that it was 'not persuaded' that National Bank Act pre-emption applied to assignees of national banks.52

On 18 November 2019, the OCC issued for comment a notice of proposed rule-making to clarify that when a bank sells, assigns, or otherwise transfers a loan, the interest permissible prior to the transfer would continue to be permissible following the transfer.53 On 19 November 2019, the FDIC issued a notice of proposed rule-making seeking to reaffirm the authority for assignees of loans originated by state banks to enforce the contractual interest rate terms of those loans.54 The OCC proposed rule would apply to all national banks and state and federal savings associations, while the FDIC proposed rule would extend this parity to state banks. Neither the OCC nor the FDIC proposed rule would address the issue of who is the 'true lender' in the context of the sale or assignment of a bank-originated loan or receivables to the third party; however, the FDIC indicated in its proposed rule that it would view unfavourably entities attempting to evade lower interest rates by partnering with state banks.55

On 21 January 2020, 20 state attorneys general and the Hawaii Office of Consumer Protection submitted a comment letter to the OCC in opposition to the proposed rule.56 The state attorneys general argued that the OCC had exceeded its authority and that Section 85 of the National Bank Act only grants national banks the ability to charge the interest rates allowed by the laws of the state in which they are located.57 Moreover, the state attorneys general took the position that the OCC's proposed rule violated the Administrative Procedure Act for the reason that it was 'arbitrary and capricious' because it failed to address significant consequences of the proposed rule, including the effect the proposed rule would have on 'rent-a-bank' arrangements.58

Despite the opposition from the state attorneys general, on 29 May 2020, the OCC finalised the rule reaffirming that the 'valid when made' doctrine is applicable to loans originated by a national bank or a federal savings bank.59 The final rule amends the OCC's regulations to provide that when a national bank or savings association sells, assigns or otherwise transfers a loan, interest on a loan that is permissible before the transfer continues to be permissible after the transfer.60 The FDIC similarly finalised its proposed rule on 22 July 2020, codifying that permissible interest made by state-chartered banks and insured branches of foreign banks remains valid when a loan is transferred or sold.61

Other areas

Regulators and courts have focused on other areas related to consumer financial services, including regulatory enforcement, privacy and cybersecurity, debt collection, anti-money laundering and innovation. The developments identified below are representative, not exhaustive.

i Regulatory enforcement

The CFPB has initiated nearly 70 enforcement actions since December 2018, when Kathleen Kraninger was confirmed as Director by the US Senate.

Under the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act), state attorneys general are expressly empowered to bring civil actions to enforce the Dodd-Frank Act, certain other enumerated consumer financial protection laws, and the CFPB implementing regulations. The state attorneys general of some states have been vocal in their opposition to actions taken, or not taken, by the CFPB, and some states have increased their enforcement activities to fill any perceived gap created by the CFPB's reduced enforcement activities. For example, state attorneys general in Massachusetts, New Jersey, and Pennsylvania have created additional consumer protection units, New York announced a new Consumer Protection and Enforcement Division within the New York Department of Financial Services, and California enacted legislation to overhaul its financial regulatory agency, the California Department of Business Oversight, into a new Department of Financial Protection and Innovation, which, in addition to its existing regulatory powers, will possess broad new consumer protection powers that are modelled after those of the CFPB.

ii Privacy and cybersecurity

The US privacy regime is generally based on principles of notice and choice, whereas cybersecurity is based on a standard of 'reasonableness'.

With respect to privacy, on 1 January 2020, the California Consumer Privacy Act (CCPA), which is arguably the most expansive privacy legislation in US history, took effect.62 The CCPA provides California residents with several core individual rights:

  1. the right to request deletion of personal information that a business has collected from the consumer;
  2. the right to request that a business provide information about, and copies of, personal information;
  3. the right to opt out of the sale of personal information;
  4. the right to be free from discrimination (in other words, businesses are prohibited from charging different prices or rates to consumers, providing different services, or denying goods or services to consumers who exercise their rights under the CCPA); and
  5. the right to sue a business following a data security incident that results from failure to implement and maintain adequate security safeguards.

The specific requirements under the CCPA continue to change as the California legislature has enacted numerous amendments to the CCPA both before and after the law took effect,63 and as the California attorney general has proposed modifications to the implementing regulations within the first few months of the final regulations taking effect.64 Moreover, in November 2020, California voters passed the California Privacy Rights Act, an initiative to further strengthen the CCPA.65

On 15 January 2020, Facebook, Inc. agreed to a US$550 million settlement to resolve a class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The settlement stems from a 2015 complaint alleging that Facebook's facial-recognition technology violated BIPA by collecting, using and storing biometric identifiers from users' photographs without, among other things, first obtaining users' written consent.66

For cybersecurity, the trend is towards more prescriptive requirements, as well as aggressive enforcement. For instance, on 4 April 2019, the FTC published a request for comment on proposed regulations67 that would move away from the risk-based approach established by the FTC's 2002 data security standards68 known as the Safeguards Rule. The FTC proposed rules would impose prescriptive requirements, many of which appear to be based on the NYDFS cybersecurity regulations that went into effect in 2017.69 For example, the FTC proposed rule would require covered financial institutions to implement an information security programme that meets technical requirements, such as encryption and multi-factor authentication. It would also impose specific training and assessment obligations, such as annual penetration testing and biannual vulnerability assessments, and would require annual reports to the institution's Board of Directors on its information security programme. The FTC has received comments on the proposed regulations and has hosted public workshops regarding the proposed regulations but has not yet taken further action.

iii Debt collection

On 30 November 2020, the CFPB published final regulations to implement the Fair Debt Collection Practices Act (FDCPA).70 Although the FDCPA was enacted in 1977, substantive implementing regulations had never previously been promulgated. The final regulations create bright line rules, particularly with regard to how the FDCPA applies to newer communication technologies, such as voicemail, email, text messaging and social media. In 2013, the CFPB published an advance notice of proposed rule-making that raised the possibility that the CFPB would promulgate regulations that would apply to first-party debt collection (i.e., the collection of debts by the person to whom such debt is owed), even though first-party debt collection is not generally covered by the FDCPA.71 However, the final regulations apply only to debt collectors currently subject to the FDCPA.

Although the FDCPA prohibits debt collectors from repeatedly calling debtors with the intent to harass or abuse them, the final regulations create a rebuttable presumption of compliance if a debt collector makes no more than seven telephone calls per consumer per debt in any seven-day period or within seven days after making contact with the consumer about the debt.72 The limitations on the number of telephone calls do not apply to other forms of communication, such as text messages or emails. The final regulations do, however, require debt collectors to maintain reasonable procedures to avoid errors in sending emails or text messages to consumers. The final regulations also prohibit a debt collector from communicating with debtors via a social media platform if such communication is viewable by third parties. In addition, the final regulations allow consumers to opt out of a debt collector's use of any medium of communication.

Because many of the substantive restrictions under the FDCPA apply when a debt collector engages in communication with a debtor, the final regulations allow debt collectors to make 'limited-content messages' that are not deemed to be a communication under the FDCPA. A message needs to contain only the information required or permitted by the final regulations to qualify as a limited-content message. Such limited-content messages are subject to the call restrictions described above, but otherwise allow debt collectors to make contact with debtors without triggering the regulatory requirements that apply when engaging in a communication with a debtor. Although the CFPB's proposed regulations would have permitted limited-content messages via voicemail, email, text message, or live calls with third parties, the final regulations only permit limited-content messages via voicemail.

The final regulations also clarify certain recordkeeping requirements and prohibit a debt collector from selling, transferring or placing for collection a debt if the collector knows, or should know, that the debt has been paid or discharged in bankruptcy.73

The final regulations may not be the only regulations that the CFPB will promulgate to implement the FDCPA. The CFPB has indicated that it will consider further rule-making related to time-barred debts.74

iv Anti-money laundering

On 17 September 2020, the Financial Crimes Enforcement Network (FinCEN) published an advance notice of proposed rule-making (ANPR) seeking public comments on how to improve the effectiveness of anti-money laundering (AML) programmes that financial institutions are required to have under the Bank Secrecy Act (BSA).75 The ANPR proposes requiring financial institutions to establish and maintain effective and reasonably designed AML programmes that satisfy three core elements and objectives:

  1. an assessment and management of risk;
  2. compliance with BSA requirements; and
  3. reporting of information with a high degree of usefulness to the government.

v Innovation

US financial services regulators and financial services providers are interested in the ways in which innovative technologies, such as artificial intelligence and machine learning, can be applied to financial services. Although many of these new technologies have potential benefits such as expanded access to credit, they may also present risks such as unintended discrimination, also referred to as disparate impact discrimination.

US financial services regulators have focused on how policies and regulations can be changed to encourage responsible innovation. On 10 September 2019, the CFPB issued three new or updated policies to reduce regulatory uncertainty and promote innovation: a no-action letter policy, trial disclosure programme policy, and compliance assistance sandbox policy.76 The new no-action letter and trial disclosure policies77 replace previous policies, and the new no-action letter policy, in particular, has already been utilised more frequently than its predecessor.

On 22 June 2020, the CFPB launched a pilot advisory opinion programme to respond to specific requests for clarity on interpretive questions.78 The advisory opinions will be interpretive rules and will generally be applicable to the requestor of the advisory opinion and similarly situated parties.

Unfair practices

The CFPB has continued to issue public consent orders related to a broad range of consumer financial products and services, including debt collection, deposit accounts, auto loans and loan origination. A brief review of UDAAP standards and key orders is provided below.

Generally, 'unfairness' means substantial injury to the consumer that the consumer could not have reasonably avoided, which is not outweighed by consumer or competitive benefits.79 'Deception' generally exists where there is a material representation, omission, or practice that is likely to mislead the consumer acting reasonably in the circumstances.80 Finally, 'abusiveness', which was established under the CFPA, means material interference with a consumer's ability to understand a term or condition of a consumer financial product or service, or taking unreasonable advantage of a lack of the consumer's understanding, the consumer's inability to protect his or her own interests, or the consumer's reasonable reliance on a covered person to act in the interests of the consumer.81

On 6 February 2020, the CFPB published a new policy statement regarding the 'abusiveness' standard.82 The policy statement includes three important policies:

  1. the CFPB will focus on citing or challenging conduct as abusive only when the harm to consumers outweighs the benefit to consumers, including beneficial effects on access to credit;
  2. the CFPB will seek to avoid 'dual pleading' of abusiveness and unfairness or deception violations arising from all or almost all of the same facts; and
  3. the CFPB will seek monetary relief for abusive acts or practices only when there has been a lack of a good-faith effort to comply with the law (although the agency will continue to seek restitution for consumers regardless of whether the violator was acting in good faith).

i Unfair practices

The following are examples of recent CFPB allegations of unfair practices:

  1. Loan brokers. The CFPB alleged that individual defendants engaged in unfair practices by providing substantial assistance to loan brokers that were engaged in unfair practices by failing to inform consumers of their products' interest rates.83
  2. Account opening. The CFPB alleged that a national bank engaged in unfair practices by opening deposit accounts and issuing credit cards without consumers' knowledge or consent.84
  3. Debt collection. The CFPB alleged that a lender engaged in unfair practices by making repeated calls to borrowers and repeated calls to borrower's employers, references, and other third parties. The lender allegedly made calls even after being asked to stop and disclosed the existence of the consumers' delinquent debts to third parties.85
  4. Credit balances. The CFPB alleged that a lender engaged in unfair practices by failing to refund consumers' credit balances.86

ii Deceptive practices

The following list includes examples of recent CFPB allegations of deceptive practices:

  1. Loan brokers. The CFPB alleged that individual defendants engaged in deceptive practices by providing substantial assistance to loan brokers who falsely represented to consumers that:
    • the consumers may be subject to criminal prosecution for breaches of contract;
    • the consumers were legally obligated to make payments on loans that were void from inception; and
    • the loans they brokered were sales and not high-interest loans.87
  2. Advertisements. The CFPB alleged that a lender engaged in deceptive advertisements and telemarketing calls that promoted a 50 per cent discount on all finance charges even though the lender only provided borrowers with a 50 per cent rebate of the first finance charge.88
  3. Finance charges. The CFPB alleged that a lender engaged in deceptive practices by disclosing finance charges that were substantially lower than the consumer would have incurred if the loan was repaid according to the amortisation schedule provided to consumers.89
  4. Credit reporting. The CFPB alleged that mortgage loan servicers engaged in deceptive practices by telling consumers who complained about errors in their consumer report that the only way for the consumer to resolve the issue was to file a dispute with the consumer reporting agency even though the FCRA requires furnishers of credit information to investigate disputes and contact the consumer reporting agency to resolve any found errors.90
  5. Remittance services. The CFPB alleged that a remittance transfer provider engaged in deceptive acts or practices by making misleading statements in advertisements regarding the speed of its remittance transfers. According to the CFPB, the advertisements indicated that the company provides 'an instant to 24-hour delivery,' 'instant transfer[s]' or transfers 'within minutes,' but did not provide transfers within those time frames.91
  6. Overdraft. The CFPB alleged that a national bank engaged in deceptive acts or practices during the enrolment of consumers in a debit card overdraft protection service by making misleading statements in oral presentations of the service terms and by making inaccurate statements in marketing mailers.92
  7. Mortgage. The CFPB alleged that a mortgage broker and lender engaged in deceptive acts or practices by advertising mortgage products to consumers that included misrepresentations regarding the cost and other credit terms of the mortgage products, the consumers' ability or likelihood of obtaining the advertised mortgage, and the mortgage broker and lender's affiliation with the government.93

iii Abusive practices

Below are examples of recent CFPB allegations of abusive practices:

  1. Service enrolment. The CFPB alleged that a national bank engaged in abusive acts or practices by enrolling consumers in online banking services and enrolling consumers in lines of credit with the consumers' knowledge or consent.94
  2. Overdraft. The CFPB alleged that a national bank engaged in abusive acts or practices during the enrolment of consumers in a debit card overdraft protection service. Among other things, the CFPB alleged that bank employees enrolled consumers in the service based on the employees' unscripted oral presentation of the service and before providing consumers with written disclosure of the service, and that employees' oral presentations did not accurately describe the service.95


The covid-19 pandemic and the 2020 US elections, at least in the near term, have altered, or likely will alter, the landscape for consumer financial services. Under the new Presidential Administration, the regulatory and enforcement climate may shift, and the trend towards deregulation may reverse. Nevertheless, the influence of non-traditional financial services providers on the US consumer financial services market will continue to be one of the dominant forces shaping the country's consumer financial services regulatory landscape in the coming year. Financial technology firms continue to deploy innovative technological solutions and develop new uses for a rapidly expanding universe of consumer data, and supervisory and regulatory authorities continue to try to keep pace.


1 Rick Fischer is a senior partner and Jeremy Mandell is a partner at Morrison & Foerster LLP.

2 12 U.S.C. Section 5481.

3 id. Section 5531.

4 id. Sections 5512, 5561 to 5567.

5 id. Section 5536.

6 See Federal Reserve, The 2019 Federal Reserve Payments Study at 1 (19 Dec. 2019) (triennial study).

7 id. at 2.

8 See generally, Service Details on Federal Reserve Actions to Support Interbank Settlement of Instant Payments, 85 Fed. Reg. 48,522 (11 Aug. 2020).

9 id.

10 id.

11 Federal Reserve, The 2019 Federal Reserve Payments Study (19 Dec. 2019).

12 ABA Banking Journal Podcast, OCC's Brooks Plan to Unveil 'Payments Charter 1.0' This Fall, American Bankers Association (25 June 2020),; see also Complaint for Declaratory and Injunctive Relief, Conference of State Bank Supervisors, Inc. v. Office of the Comptroller of the Currency, Case 1:20-cv-03797 (Dist. Ct. D.C., 22 Dec. 2020).

13 See Brief for Appellee, Lacewell v. Office of the Comptroller of the Currency, Case 19-4271 (2d Cir., 23 July 2020).

14 In October 2020, the American Bankers Association, the national trade group for banks, 'called on every bank in the country to consider offering Bank-on certified accounts to expand access to banking services and reduce the number of unbanked and underbanked Americans.' See Press Release, American Bankers Association, ABA Urges America's Banks to Offer Bank On-Certified Accounts (19 Oct. 2020),

15 See Consumer Financial Protection Bureau, Consumer Response Annual Report (Mar. 2020).

16 See Blog Post, Consumer Financial Protection Bureau, Spring 2018 Rulemaking Agenda (10 May 2018).

17 Overdraft Rule Review Pursuant to the Regulatory Flexibility Act, 84 Fed. Reg. 21,729 (15 May 2019).

18 State of New York Office of the Attorney General, Letter to Kathleen L Kraninger Re: Request for Comment on the Economic Impact of the Overdraft Rule (No. CFPB-2019-0023) (1 July 2019).

19 See Federal Reserve Board, G.19 Consumer Credit, October 2020 (7 Dec. 2020).

20 Consumer Financial Protection Bureau, Statement on Supervisory and Enforcement Practices Regarding Bureau Information Collections for Credit Card and Prepaid Account Issuers (26 Mar. 2020).

21 Consumer Financial Protection Bureau, Statement on Supervisory and Enforcement Practices Regarding Electronic Credit Card Disclosures in Light of the COVID-19 Pandemic (3 Jun. 2020).

22 id.

23 Complaint, Bureau of Consumer Financial Protection v. Fifth Third Bank, N.A., No. 1:20-cv-01683 (N.D. Ill. 9 Mar. 2020).

24 85 Fed. Reg. 53,299 (28 Aug. 2020).

25 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 85 Fed. Reg. 44,382 (22 Jul. 2020).

26 See Federal Reserve Board, G.19 Consumer Credit, October 2020 (7 Dec. 2020).

27 See, for example, U.S. Dep't of the Treasury, Opportunities and Challenges in Marketplace Lending (10 May 2016); Federal Trade Commission, A Survey of 15 Marketplace Lenders' Online Presence (9 Jun. 2016); Press Release, Cal. Dep't of Bus. Oversight, California Online Lending Grows by More Than 930% Over Five Years (4 Apr. 2015); Press Release, New York Dep't of Financial Services, DFS Issues Online Lending Report (11 July 2018).

28 Payday, Vehicle Title, and Certain High-Cost Installment Loans, 82 Fed. Reg. 54,472 (17 Nov. 2017).

29 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 84 Fed. Reg. 4,252 (proposed 14 Feb. 2019).

30 Payday, Vehicle Title, and Certain High-Cost Installment Loans, 85 Fed. Reg. 44,382 (22 Jul. 2020).

31 id.

32 Consumer Financial Protection Bureau, Integrated Mortgage Disclosures Under the Real Estate Settlement Procedures Act (Regulation X) and the Truth in Lending Act (Regulation Z) Rule Assessment (1 Oct. 2020).

33 id. at 7–8.

34 id. at 8.

35 Cal. Stats. 2018, Ch. 1011, Sec. 2 (adding Cal. Fin. Code Div. 9.5, §§ 22800–22805).

36 Invitation for Comments on Proposed Rulemaking, Commercial Financing Disclosures, PRO 01-18 (4 Dec. 2018).

37 Second Invitation for Comments on Proposed Rulemaking, Commercial Financing Disclosures, PRO 01-18 (26 Jul. 2019).

38 Third Invitation for Comments on Proposed Rulemaking, Commercial Financial Disclosures, PRO 01-18 (17 Jan. 2020).

39 Notice of Rulemaking Action, PRO 01-18 (11 Sept. 2020).

40 Notice of Public Hearing on Proposed Commercial Financing Disclosure Regulations (PRO 01/18) via Zoom Video/Telephone Conference (9 Nov. 2020).

41 Third Invitation for Comments on Proposed Rulemaking, Commercial Financial Disclosures, PRO 01-18 (17 Jan. 2020).

42 Sawyer v. Bill Me Later Inc., 23 F. Supp. 3d 1359 (D. Utah 2014).

43 See, for example, Meade v Marlette Funding LLC, No. 1:17-cv-00575 (D. Colo. 21 Mar. 2018); Meade v. Avant of Colorado LLC, 307 F. Supp. 3d 1134 (D. Colo. 1 Mar. 2018).

44 Commonwealth of Pennsylvania v. Think Finance, Inc., No. 14-cv-7139 (E.D. Pa. 14 Jan. 2016).

45 Compare Consumer Financial Protection Bureau v. CashCall Inc., No. 2:15-cv-07522 (C.D. Cal. 31 Aug. 2016), with Beechum v. Navient Solutions Inc., No. 2:15-cv-08239 (C.D. Cal. 20 Sept. 2016).

46 Assurance of Discontinuance, In re Avant of Colorado, LLC and Marlette Funding, LLC (7 Aug. 2020).

47 National Banks and Federal Savings Associations as Lenders, 85 Fed. Reg. 68,742 (30 Oct. 2020).

48 id.

49 Midland Funding, LLC v. Madden, 136 S. Ct. 2505, 579 U.S. __ (2016).

50 12 U.S.C. Section 85.

51 Madden v. Midland Funding, LLC, 786 F.3d 246 (2d Cir. 2015).

52 Eul v. Transworld Systems, Inc., No. 1:15-cv-7755 (N. D. Ill. Mar. 30, 2017).

53 Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred, 84 Fed. Reg. 64,229 (proposed 21 Nov. 2019).

54 Federal Interest Rate Authority, 84 Fed. Reg. 66,845 (proposed 6 Dec. 2019).

55 id.

56 State of California Office of the Attorney General, et al., Letter to Joseph M. Otting Re: Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred (No. OCC-2019-0027) (21 Jan. 2020).

57 id.

58 id.

59 Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred, 85 Fed. Reg. 33,530 (2 Jun. 2020).

60 id.

61 Federal Interest Rate Authority, 85 Fed. Reg. 44,146 (22 Jul. 2020).

62 Cal. Civ. Code §§ 1798.100–1798.199.

63 See Cal. Stats. 2018 c. 735 (S.B. 1121); Cal. Stats. 2019 c. 757 (A.B. 1355); Cal. Stats. 2019 c. 763 (A.B. 25); Cal. Stats. 2019 c. 748 (A.B. 874); Cal. Stats. 2019 c. 759 (A.B. 1564); Cal. Stats. 2019 c. 751 (A.B. 1146); Cal. Stats. 2019 c. 753 (A.B. 1202); Cal. Stats. 2019 c. 750 (A.B. 1130); Cal. Stats. 2020 c. 268 (A.B. 1281); Cal. Stats. 2020 c. 172 (A.B. 713).

64 See Cal. Code Regs. tit. 11, §§ 999.300–999.337.

65 2020 Cal. Legis. Serv. Prop. 24 (to be codified at Cal. Civ. Code §§ 1798.100–1798.199).

66 Complaint, Patel v. Facebook, Inc., No. 1:15-cv-04265 (N.D. Ill. 14 May 2015).

67 Privacy of Consumer Financial Information Rule under the Gramm-Leach-Bliley Act, 84 Fed. Reg. 13,150 (proposed 4 Apr. 2019).

68 16 C.F.R. pt. 314.

69 See N.Y. Comp. Codes R. & Regs. tit. 23, pt. 500.

70 Debt Collection Practices (Regulation F), 85 Fed. Reg. 76,734 (30 Nov. 2020).

71 Debt Collection (Regulation F), Advance Notice of Proposed Rulemaking, 78 Fed. Reg. 67,847, 67,853 (12 Nov. 2013).

72 Debt Collection Practices (Regulation F), 85 Fed. Reg. 76,734, 76,890 (30 Nov. 2020).

73 id. at 76,892.

74 Debt Collection Practices (Regulation F), 85 Fed. Reg. 12,672 (proposed 3 Mar. 2020).

75 Anti-Money Laundering Program Effectiveness, 85 Fed. Reg. 58,023 (proposed 17 Sept. 2020).

76 Press Release, Consumer Financial Protection Bureau, CFPB Issues Policies to Facilitate Compliance and Promote Innovation (10 Sept. 2019).

77 Consumer Financial Protection Bureau, Policy on No-Action Letters, 84 Fed. Reg. 48, 229 (13 Sept. 2019); Policy to Encourage Trial Disclosure Programs, 84 Fed. Reg. 48,260 (13 Sept. 2019).

78 Advisory Opinions Pilot, 85 Fed. Reg. 37,331 (22 June 2020).

79 12 U.S.C. Section 5531(c).

80 Federal Trade Commission, Policy Statement on Deception (14 Oct. 1983), appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984).

81 12 U.S.C. Section 5531(d).

82 Statement of Policy Regarding Prohibition on Abusive Acts or Practices, 85 Fed. Reg. 6,733 (6 Feb. 2020).

83 Complaint, Bureau of Consumer Financial Protection v. Chou Team Realty, LLC et al., No. 8:20-cv-00043 (9 Jan. 2020).

84 Complaint, Bureau of Consumer Financial Protection v. Fifth Third Bank, N.A., No. 1:20-cv-01683 (9 Mar. 2020).

85 Consent Order, In re Cottonwood Financial Ltd., d/b/a Cash Store, No. 2020-BCFP-0001 (1 Apr. 2020).

86 Consent Order, In re Main Street Personal Finance, Inc. et al., No. 2020-BCFP-0003 (2 Jun. 2020).

87 Complaint, Bureau of Consumer Financial Protection v. Chou Team Realty, LLC et al., No. 8:20-cv-00043 (9 Jan. 2020).

88 Consent Order, In re Cottonwood Financial Ltd., d/b/a Cash Store, No. 2020-BCFP-0001 (1 Apr. 2020).

89 Consent Order, In re Main Street Personal Finance, Inc. et al., No. 2020-BCFP-0003 (2 Jun. 2020).

90 Consent Order, In re Harbour Portfolio Advisors, LLC et al., No. 2020-BCFP-0004 (23 Jun. 2020).

91 Consent Order, In re Trans-Fast Remittance LLC d/b/a New York Bay Remittance, No. 2020-BCFP-0010 (31 Aug. 2020).

92 Consent Order, In re TD Bank, N.A., No. 2020-BCFP-0007 (20 Aug. 2020).

93 Consent Order, In re Sovereign Lending Group, Inc., No. 2020-BCFP-0005 (27 Jul. 2020).

94 Complaint, Bureau of Consumer Financial Protection v. Fifth Third Bank, N.A., No. 1:20-cv-01683 (9 Mar. 2020).

95 Consent Order, In re TD Bank, N.A., No. 2020-BCFP-0007 (20 Aug. 2020).

Get unlimited access to all The Law Reviews content