The Consumer Finance Law Review: USA
The US consumer financial services marketplace is competitive and heavily regulated. Advances in technology and significant capital investment have attracted technology firms, including both established firms and start-ups, as well as retailers to compete in the financial services market with traditional providers, including banks and the card networks. While there has been some slowing of enforcement activity, focused enforcement agencies, including the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), the federal banking regulators, which include the Federal Reserve System (Federal Reserve), the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC), as well as state regulatory authorities are still active in enforcing consumer financial services laws. The CFPB has considered and adopted significant rule-makings, including rule-makings based on its authority under the Consumer Financial Protection Act of 2010 (CFPA), its founding statute, and other federal consumer financial protection laws. Looking forward, the rate of innovation and evolving regulatory climate have the potential to create an inflection point for the US consumer financial services market and opportunities for both new and established market participants.
Legislative and regulatory framework
i Statutory framework
Consumer payments, deposits and credit are subject to a complex set of federal and state statutes and regulations. With respect to consumer payments, the Electronic Fund Transfer Act (EFTA) establishes the basic rights, responsibilities and liabilities of consumers and the entities that provide electronic fund transfer services, while other federal laws, including the Expedited Funds Availability Act, provide additional consumer protections. In addition, laws in nearly every state regulate money transmission, generally under a state licensing regime. With respect to deposits, the Federal Deposit Insurance Act (FDIA) establishes comprehensive deposit insurance coverage, while other federal laws, including the Truth in Savings Act, as well as corresponding state laws, provide consumer protections. Consumer credit also is heavily regulated under federal and state law. The Truth in Lending Act (TILA) and the Equal Credit Opportunity Act (ECOA) provide the backbone for federal consumer protections related to the various forms of consumer credit. State law, including state usury protections, also apply. Finally, the CFPA, the FTC Act and state law set forth prohibitions on unfair, deceptive and, in some cases under the CFPA, abusive acts or practices (UDAP/UDAAP).
In addition to these substantive statutes covering consumer payments, deposits and credit, there is an overlay of federal statutes covering law enforcement objectives (e.g., the Bank Secrecy Act), consumer financial privacy (e.g., the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA)) and data security (e.g., GLBA), among other key statutes and regulations targeting public policy objectives. This overlay is the subject of extensive review and analysis in other treatises or law journals and is referred to herein only in passing.
ii Regulatory framework
Entities that provide consumer financial products or services may be subject to regulation and enforcement by both federal and state authorities. At the federal level, the CFPB has enforcement authority with respect to 'covered persons', including banks with assets over US$10 billion, 'larger participants' in certain consumer financial product or service markets, and 'service providers', as those terms are defined in the CFPA.2 The CFPB also has authority to write rules prohibiting covered persons and service providers from engaging in UDAAPs, and to enforce such rules.3 In addition, the CFPB has rule-making and enforcement authority under a number of federal consumer financial protection statutes, including those listed above (such as EFTA and TILA), that apply to all persons subject to the laws, without regard to whether they are a covered person or a service provider.4 Finally, the CFPB has authority to enforce against any person who aids or abets a UDAAP, which means 'knowingly or recklessly' providing 'substantial assistance to a covered person' in connection with a violation of the UDAAP prohibition.5
In addition to the CFPB, at the federal level, the banking regulators and the FTC have enforcement authority with respect to banks and non-banks, respectively. At the state level, banking departments, licensing authorities and state attorneys general have varying degrees of rule-making and enforcement authority.
In the United States, the primary payment methods are cash, debit card, credit card, prepaid card, cheques and automated clearing house (ACH) transactions. The Federal Reserve estimates that in 2018 alone there were more than 174 billion non-cash retail payment transactions in the US, with a value in excess of US$97 trillion.6 According to the Federal Reserve, the most common payment methods are card-based (debit, credit and prepaid), while ACH transactions have the highest dollar value for non-cash retail payments.7
Although there is a great deal of industry interest and activity around online and mobile payments, to date, most online and mobile payments are processed using traditional payment infrastructures. Nevertheless, emerging payment solutions can leverage a number of enhancements over traditional payment methods, including improved customer interfaces, increased use of customer data, and integration with customer loyalty or reward programmes or other third-party services used by consumers. These enhancements have the potential to lessen friction and promote consumer conversion and usage rates. Many of the novel legal and regulatory issues surrounding emerging payments are related to these enhancements.
ii Recent developments
On 11 August 2020, the Federal Reserve published service details on the Federal Reserve Banks' new interbank faster payments system, called the 'FedNow' service, which has a targeted launch date in 2023 or 2024.8 FedNow will be a real-time gross settlement (RTGS) system that will allow payments to be settled in a matter of seconds, under which settlement entries will be final and irrevocable after a transaction is processed. Following up on this announcement, on 11 June 2021, the Federal Reserve published proposed amendments to Regulation J to govern funds transfers through the FedNow service by establishing a new Subpart C.9
A private-sector RTGS is already in place in the United States; however, the Federal Reserve has indicated that the existence of a competing publicly provided RTGS may enhance efficiency and safety issues that could arise in a single-provider market, including by promoting competition, spurring innovation, lowering prices and creating buffers against a single point of failure in the payment system.
Once operational, banks will be able to accept, transmit, and settle payments 24 hours a day, seven days a week and 365 days per year. The FedNow service is expected to support credit transfer use cases, including peer-to-peer payments, bill payments and low-value business-to-business payments. Initially, FedNow will process and settle payments up to $25,000. The FedNow service will be available to banks in the United States and permit customers to send and settle payments instantly through online banking platforms.10 Once the sender initiates the payment, the recipient will receive a notice from FedNow containing information about the payment and receive a prompt to accept or deny the payment. If the customer accepts the payment, FedNow will transfer the funds to the recipient's bank account and the bank will settle the transaction in the moment. While en route, funds will be held by the Federal Reserve accounts associated with each party's bank. Completed payments will be final.11
On 25 June 2020, the then Acting Comptroller of the Currency announced an OCC plan to implement a national analogue to traditional state money transmission licences. Referred to as the 'Payments Charter' (distinct from the OCC's FinTech Charter proposal currently being litigated before the US Court of Appeals for the Second Circuit),12 the platform would function as a national licensing body regulated by the OCC that would allow money transmitters who wish to do business nationwide to apply for and maintain one national licence instead of individual state licences. Despite the intended benefits of such a charter, the traditional payment regulators – state and local authorities – have expressed concerns about the programme, primarily that state regulations are often more thorough than those enforced at the national level.13 On 14 January 2021, the then Acting Comptroller of the Currency stepped down, leaving the fate of the Payments Charter in question.
On 9 September 2021, the Conference of State Bank Supervisors released a model Money Transmission Modernization Act for adoption by the individual states.14 The model law seeks to replace state-specific money transmitter laws with a single set of nationwide standards. The model law would establish a common regulatory approach to several elements of money transmission, including stored value, sale of payment instruments and transmission of virtual currency.
In 2020 and 2021, policymakers have leveraged the payments system to make economic impact payments to consumers to counter the effects the covid-19 pandemic has had on the economy. Economic impact payments have been made directly to consumers via batch processing systems, including the automated clearing house, card-based payment systems and cheque-based payments.
Deposit accounts and overdrafts
Access to deposit accounts for currently 'unbanked' or 'underbanked' consumers and compliance with overdraft rules remain high priorities for US regulatory agencies, including the CFPB, as well as the banking industry.15 The CFPB has taken action against institutions that have allegedly charged inappropriate overdraft fees and has encouraged alternatives that prevent consumers from overdrafting their accounts. Technological developments such as online banking, mobile banking and text-message alerts for low balances can help consumers better manage their accounts and prevent overdrafts.
ii Recent developments
On 24 March 2021, the CFPB published its 2020 Consumer Response Annual Report.16 According to the report, the CFPB received 30,000 checking or savings account complaints in 2020 – an increase of more than 3,000 consumer complaints from 2019. These complaints represent about 6 per cent of the total complaints received. The CFPB also reported that the most common consumer complaints about deposit accounts (63 per cent) involved account management, and most of these complaints identified issues regarding depositing and withdrawing funds and using an ATM card. For example, some consumers described difficulties in accessing their funds, reported financial institutions placing holds on deposits without notice and stated that financial institutions extended the release date of the funds without notice. The CFPB added that a notable update in 2020 was of consumer complaints regarding the disbursement of covid-19 pandemic economic impact payments into deposit accounts, including payments being sent to closed accounts, among other concerns.
In May 2019, the CFPB published a notice stating that it was conducting a review of its 2009 overdraft rule, which limits the ability of financial institutions to charge overdraft fees for paying ATM and one-time debit card transactions that overdraw a consumer's account unless the consumer has consented, or opted in, to the payment of such fees.17 The CFPB noted that while the number of consumers who have opted in to overdraft services varies widely by financial institution, considerably fewer than half of consumers do so. In response, in July 2019, 25 state attorneys general sent a joint comment letter to the CFPB urging the agency not to amend the rule, arguing that rolling back the consumer protections within the overdraft rule would be a 'serious and harmful mistake'.18 The state attorneys general asserted that the overdraft rule, in its current form, 'sensibly focuses on the type of transactions where the benefits of overdraft services to consumers are smaller relative to the costs and where the risk of inadvertent overdrafts is the highest'. According to the CFPB's spring 2020 regulatory agenda, the agency determined that the overdraft rule should continue without change at this time.19
According to the Federal Reserve, the total revolving consumer credit outstanding in the United States rebounded to more than US$1 trillion in September 2021 after a drop to less than US$980 billion in 2020.20 Revolving credit transactions are subject to a variety of statutes and regulations, including TILA and the ECOA, that impose both substantive and disclosure requirements. In addition, credit card issuers and acquirers are contractually obligated to comply with card network rules. These laws and rules focus primarily on consumer protections, such as those related to disclosure of terms, credit balances, billing error resolution, changes in terms, credit reporting and discrimination.
ii Recent developments
In 2021, the CFPB reasserted itself as an active regulator and enforcement agency, ending the more relaxed approach the agency assumed as a result of the covid-19 pandemic and the policy views of the prior administration. On 31 March 2021, for example, the CFPB rescinded a series of policy statements that were issued in 2020 and intended to provide flexibility to companies affected by the pandemic.21 Among the rescinded statements was one that provided financial companies with temporary flexibility on regulatory reporting obligations.22 Another rescinded statement afforded temporary supervisory and enforcement flexibility for credit card issuers regarding the electronic delivery of certain disclosures.23
On 30 December 2020, the CFPB issued an approval order to a federal savings bank allowing the bank to develop a 'dual-feature' credit card. As proposed, the credit card would have a secured credit feature for consumers with short or damaged credit histories, and would allow eligible cardholders to graduate to unsecured use after a minimum of 12 months. The CFPB's approval order grants Synchrony Bank a safe harbour from liability under TILA and Regulation Z with respect to the development and provision of the dual-feature credit card.24
On 29 September 2021, the CFPB released its fifth biennial report on the consumer credit card market. The report summarises the impact of the Credit Card Accountability Responsibility and Disclosure Act on the consumer credit card market in the United States. Among the report's conclusions are findings that more than 88 per cent of all general-purpose credit applications were made via digital channels in 2020, that most basic account servicing functions are now available in almost all card issuers' mobile and online platforms, and that consumers are increasingly engaged in those platforms.25
Residential mortgages are heavily regulated products in the United States. A complex web of state and federal statutes and regulations governs nearly every aspect of the residential mortgage loan lifecycle, including underwriting, origination, closing, servicing, loss mitigation and foreclosure. While non-mortgage instalment credit products, including auto loans, student loans and personal loans, are not subject to the volume and degree of end-to-end regulatory requirements seen in the mortgage market, they too are regulated at the federal and state levels. Moreover, the CFPB's enforcement arm has focused on student lending, loan servicing and small-dollar lending, while its rule-making arm has finalised the rescission of certain provisions of its short-term instalment loan rule.26
Beyond traditional instalment loan products, online lending platforms, or 'marketplace lenders', and buy now, pay later (BNPL) platforms have proliferated rapidly in the United States. According to the Federal Reserve, the total non-revolving consumer credit outstanding in the United States as at September 2021 was more than US$3 trillion.27 Marketplace lenders, which are generally non-bank platform providers, often partner with banks, which originate loans and sell either the loans or the receivables to the marketplace lender or private investors, or both. Alternatively, marketplace lenders may independently originate loans under state lending licences and sell the loans or the receivables to investors. Federal and state regulators have been intently focused on BNPL and marketplace lending.28
ii Recent developments
On 7 July 2020, the CFPB issued a final rule to regulate the short-term instalment loan market, revoking a 2017 provision making it an unfair and abusive practice to make covered short-term or longer-term balloon payment loans without reasonably determining that the consumer has the ability to repay.29 The final rule also revoked 2017 mandatory underwriting requirements for making ability-to-repay determinations and exemptions for certain loans from the mandatory underwriting requirements.30 On 22 March 2021, the CFPB, acting under a new administration, expressed its renewed commitment to addressing harm caused by small-dollar lending business models that 'continue to rely on consumers' inability to repay'.31 On 14 October 2021, the Fifth Circuit Court of Appeals entered an order staying the effective date of the CFPB's short-term instalment loan rule.32
On 26 July 2019, the California Department of Business Oversight (DBO) issued draft regulations and a request for comment on a 2018 California law that requires disclosure of key terms in connection with certain commercial financing by non-banks.33 On 17 January 2020, the DBO issued a request for comment on the economic impact of the proposed regulations.34 The draft regulations contain general formatting and content requirements, as well as unique requirements for closed-end transactions, commercial open-end credit plans, factoring, accounts receivable purchase transactions, lease financing and asset-based lending transactions. The draft regulations also detail how certain estimates for factoring, accounts receivable purchase transactions and asset-based lending transactions are to be calculated. In addition, the draft regulations would expressly permit a provider in a commercial financing transaction via the internet to obtain the recipient's signature electronically after making the required disclosures. The DBO, which has been renamed the Department of Financial Protection and Innovation (DFPI), issued a notice of rule-making action for the regulations on 11 September 2020.35 The notice of rule-making action indicated that the regulations would take effect on 1 July 2020, or six months after the final regulations are adopted, whichever was later. However, the DFPI has modified the proposed rule four times in the past year, most recently on 5 November 2021. On 23 December 2020, the Governor of New York signed a similar bill into law, which goes into effect on 1 January 2022.36
A series of cases have questioned whether a bank is the 'true lender' in a partnership with a marketplace lender. If the marketplace lender is the 'true lender' instead of the bank, it could be required to obtain state licences and conform its loans to state usury laws. Outcomes of these cases have varied. One federal district court held that federal law expressly pre-empts state usury laws for bank-partner programmes where the bank initially holds the loan.37 In contrast, other federal district courts have refused to dismiss 'true lender' actions on pre-emption grounds38 and have analysed whether a marketplace lender holds the 'predominant economic interest' in the loan and, thus, is the 'true lender'.39 For example, California district courts have come to divergent conclusions on the issue.40 In cases litigated in Colorado, a settlement was reached on 7 August 2020 between the Colorado Attorney General and the Administrator of the Colorado Uniform Consumer Credit Code and the plaintiffs, under which marketplace lending programmes would be permissible under Colorado law, provided that the programmes meet certain criteria related to oversight, disclosure, funding, licensing, consumer terms and structure.41 However, on 27 October 2020, the OCC published a final rule introducing a 'simple, bright-line test' for determining which entity is the 'true lender' in a partnership with a marketplace lender.42 Under the final rule, a national bank or federal savings association will be considered the 'true lender' of a loan originated in connection with a lending partnership between the bank and a non-bank service provider if, as of the date the loan is originated, the national bank or federal savings association is named as the lender in the loan agreement or funds the loan.43 Nevertheless, under the new administration, a Congressional Review Act resolution was enacted on 30 June 2021 that rescinded the OCC true lender rule. The effect of the repeal is to revert to the patchwork of judicial decisions that predated the OCC's bright-line standard.
While distinguishable from the 'true lender' line of cases, and a revolving credit case on the facts, the question of whether a loan is subject to state usury laws after it is sold to a non-bank lender is particularly significant for lenders in the Second Circuit (including Connecticut, New York and Vermont) in the wake of the US Supreme Court's 2016 denial of certiorari in Midland Funding LLC et al v. Madden.44 By declining to review Madden, the Supreme Court let stand the Second Circuit's controversial holding that Section 85 of the National Bank Act,45 which pre-empts state laws governing the rate of interest a national bank may charge on a loan, does not have pre-emptive effect after a national bank sells a loan to a non-bank.46 A federal district court has considered whether the National Bank Act pre-empted state usury law when applied to a non-bank assignee of loans originated by a national bank; while the court recognised that state law would be pre-empted as to the national bank that originated the loan, it cited Madden in dicta in noting that it was 'not persuaded' that the National Bank Act pre-emption applied to assignees of national banks.47
On 18 November 2019, the OCC issued a notice of proposed rule-making to clarify that when a bank sells, assigns or otherwise transfers a loan, the interest permissible prior to the transfer would continue to be permissible following the transfer.48 On 19 November 2019, the FDIC issued a notice of proposed rule-making seeking to reaffirm the authority for assignees of loans originated by state banks to enforce the contractual interest rate terms of those loans.49 Neither the OCC nor the FDIC proposed rule addressed the issue of who is the 'true lender' in the context of the sale or assignment of a bank-originated loan or receivables to the third party; however, the FDIC indicated in its proposed rule that it would view unfavourably entities attempting to evade lower interest rates by partnering with state banks.50
Despite opposition from a number of state attorneys general, on 29 May 2020, the OCC finalised the rule reaffirming that the 'valid when made' doctrine is applicable to loans originated by a national bank or a federal savings bank.51 The final rule amends the OCC's regulations to provide that when a national bank or savings association sells, assigns or otherwise transfers a loan, interest on a loan that is permissible before the transfer continues to be permissible after the transfer.52 The FDIC similarly finalised its proposed rule on 22 July 2020, codifying that permissible interest made by state-chartered banks and insured branches of foreign banks remains valid when a loan is transferred or sold.53 Unlike the OCC's true lender rule, the OCC's 'valid when made' rule appears to be at least temporarily secure, as Congress missed the deadline to challenge the rule under the Congressional Review Act. Also, Acting Comptroller of the Currency Michael Hsu indicated in June 2021 that the OCC does not intend to disrupt the rule.
Regulators and courts have focused on other areas related to consumer financial services, including regulatory enforcement, privacy and cybersecurity, digital currency, anti-money laundering and innovation. The developments identified below are representative, not exhaustive.
i Regulatory enforcement
The CFPB initiated 48 enforcement actions in 2020. On 30 September 2021, the US Senate voted to confirm Rohit Chopra as Director of the CFPB. During his confirmation hearing, Chopra pledged to crack down on banks that use online behavioural advertising to manipulate consumers, scrutinise banks' data-collection practices and reinforce the CFPB's fair lending and equal opportunity efforts.
Under the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act), state attorneys general are expressly empowered to bring civil actions to enforce the Dodd-Frank Act, certain other enumerated consumer financial protection laws and the CFPB implementing regulations. The state attorneys general of some states have been vocal in their opposition to actions taken, or not taken, by the CFPB, and some states have increased their enforcement activities to fill any perceived gap created by the CFPB's reduced enforcement activities. For example, state attorneys general in Massachusetts, New Jersey and Pennsylvania have created additional consumer protection units, New York announced a new Consumer Protection and Enforcement Division within the New York Department of Financial Services and California enacted legislation to overhaul its financial regulatory agency, the California DFPI, which, in addition to its previous regulatory powers, possesses broad new consumer protection powers that are modelled after those of the CFPB.
ii Privacy and cybersecurity
The US privacy regime is generally based on principles of notice and choice, whereas cybersecurity is based on a standard of 'reasonableness'.
With respect to privacy, on 2 March 2021, the Commonwealth of Virginia enacted the Consumer Data Protection Act (CDPA), becoming the second US state, following California, to enact a comprehensive privacy law.54 In many respects, the CDPA, which will take effect on 1 January 2023, resembles California's earlier-enacted privacy laws. The CDPA provides Virginia residents with several rights:
- the right to request deletion or correction of personal information that a business has collected from the consumer;55
- the right to request that a business provide information about, and copies of, personal information;56
- the right to opt out of the processing of personal information for purposes of targeted advertising, profiling or sale;57 and
- the right to be free from discrimination (in other words, businesses are prohibited from charging different prices or rates to consumers, providing different services, or denying goods or services to consumers who exercise their rights under the CDPA).58
Unlike California's privacy laws, which allow for private lawsuits for data breaches, the CDPA lacks any private right of action for consumers, leaving enforcement to Virginia's Attorney General.59 The CDPA applies generally to persons conducting business of a certain size that controls personal information relating to consumers. Significantly, however, the CDPA wholly exempts from coverage both financial institutions and data subject to the GLBA.60
With respect to cybersecurity, the trend is towards more prescriptive requirements, as well as aggressive enforcement. For example, on 9 December 2021, the FTC published finalised amendments to its Safeguards Rule, promulgated under the GLBA.61 The Safeguards Rule requires covered financial institutions to develop, implement and maintain a comprehensive information security programme.62 The final rule will move away from the risk-based approach established by the FTC in 2002. Instead, the FTC's final rule will impose prescriptive requirements, many of which appear to be based on the cybersecurity regulations of the New York Department of Financial Services, which went into effect in 2017.63 For example, the final rule will require covered financial institutions (i.e., those that collect information relating to 5,000 or more consumers) to implement an information security programme that meets technical requirements, such as encryption and multi-factor authentication. The final rule also will impose specific training and assessment obligations, such as annual penetration testing and vulnerability assessments of information systems – at least biannually but whenever an institution confronts an elevated risk – and will require annual reports to the institution's board of directors on its information security programme. The final rule takes effect on 10 January 2022, with the effective date of many provisions delayed until 9 December 2022.
On 30 August 2021, the Securities and Exchange Commission (SEC) announced that it had entered into settlement agreements with three firms, comprising various broker-dealer and investment advisory entities, for failures in their cybersecurity programmes, which resulted in cyber hacks that exposed the personal information of thousands of customers.64 Each firm agreed to cease and desist from future violations, to be censured, and to pay a penalty, which ranged from US$200,000 to US$300,000.65 The SEC's orders against the firms found that they violated, among other laws, Rule 30(a) of Regulation S-P, which is designed to protect confidential customer information.66The final rule took effect on 10 January 2022, with the effective date of many provisions delayed until 9 December2022.
iii Digital currency
Congress and US regulators are increasingly focusing on digital currency issuers, exchanges and service providers. For example, on 15 November 2021, as part of the US infrastructure law, a hotly debated provision was enacted that imposes reporting requirements on cryptocurrency 'brokers', with estimates that such reporting would allow the Internal Revenue Service to collect an additional $28 billion in tax revenue over 10 years.67 On 21 September 2021, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) issued an updated advisory warning about the sanctions risks of facilitating ransomware payments using cryptocurrencies.68 Also, for the first time, OFAC sanctioned a cryptocurrency exchange, SUEX, designating it as a malicious cyber actor.69 The move follows several other enforcement actions relating to digital currencies, including several settlements by the SEC involving the use of digital currencies in the unregistered offering of securities.70 Finally, on 1 November 2021, an inter-agency working group of federal regulators issued a report on stablecoins, requesting that Congress regulate the asset class to prevent bank runs, consumer abuse and breakdowns in payment systems.71 The report hinted that stablecoin issuers could be regulated like banks, while noting that properly designed and regulated stablecoins could promote more efficient and inclusive payment options.72
iv Anti-money laundering
On 1 January 2021, the Anti-Money Laundering Act of 2020 (AMLA) was enacted, representing the most significant update to the Bank Secrecy Act (BSA) since the USA PATRIOT Act of 2001. Among other things, the AMLA requires the Financial Crimes Enforcement Network (FinCEN) to implement a national database registering the beneficial ownership of covered business entities and expands whistleblower rewards and protections for those who report violations of the BSA.73 The AMLA also enhances penalties for BSA violations by repeat and egregious violators and enables the US Department of Justice and the US Department of the Treasury to subpoena foreign banks maintaining US correspondent accounts for records relating to any account held at the bank, including records maintained outside of the United States that do not relate to the correspondent account.74
On 30 June 2021, as required by the AMLA, FinCEN published its enforcement priorities, which include corruption, cybercrime, digital currencies, fraud and terrorist financing.75 The AMLA requires FinCEN, within 180 days of publishing the priorities, to promulgate regulations in order to achieve them.76 At the same time, FinCEN also announced that, as further required by the AMLA, it had submitted to Congress its assessment of no-action letters, concluding that FinCEN should adopt regulations establishing a no-action letter process as a supplement to other forms of guidance it provides.77 On 5 April 2021, FinCEN issued an advance notice of proposed rule-making (ANPR) seeking public comment on how business entities covered by the AMLA should submit information to FinCEN reporting their beneficial ownership.78 Among other things, the ANPR asked commenters:
- whether the AMLA definitions of 'beneficial owner', 'reporting company' and 'applicant' are sufficiently clear;
- whether other information related to beneficial ownership, such as affiliates and subsidiaries, should also be collected; and
- how FinCEN will protect collected beneficial ownership information while ensuring that the information may be used for legitimate purposes by law enforcement and national security officials.
The regulations implementing the beneficial ownership reporting requirements had to be promulgated by 1 January 2022, with an effective date to be determined.
US financial services regulators and financial services providers are interested in the ways in which innovative technologies, such as artificial intelligence (AI) and machine learning, can be applied to financial services. Although many of these new technologies have potential benefits such as expanded access to credit, they may also present risks such as unintended discrimination, also referred to as disparate impact discrimination.
US financial services regulators have focused on how policies and regulations can be changed to encourage responsible innovation. For instance, on 31 March 2021, the OCC, Federal Reserve, FDIC, CFPB and National Credit Union Administration issued a request for information to understand how financial institutions use AI for customer service and other businesses purposes; appropriate governance, risk management and controls over AI; and any challenges in developing, adopting and managing AI.79 Recognising the trend of disaggregation in financial services as banks and financial services continue to innovate, the OCC, Federal Reserve and FDIC issued proposed guidance on 19 July 2021 that would establish a framework for financial institutions to develop risk management principles based on, among other things, the nature, complexity and risk of their third-party relationships.80
The CFPB has signalled increasing interest in large technology firms, issuing a series of orders to collect information about the business practices of technology firms operating in or adjacent to payments systems in the United States.81 The CFPB stated that the wide-ranging information request will help the CFPB better understand how these firms use data and manage data access. These information requests may signal potential rule-making or other regulatory activity in this area.
In addition, in response to increasing requests from novel charter types and other financial services firms for accounts at the Federal Reserve Banks, the Federal Reserve published proposed guidelines for evaluating account and service requests.82 The proposed guidelines would consider the legal authority for the applicants to request account and service access, as well as risks posed to the Federal Reserve Banks, financial markets and the broader economy, as well as any impact on the Federal Reserve's monetary policy goals.
The CFPB has continued to issue public consent orders related to a broad range of consumer financial products and services, including debt collection, mortgage loans, prepaid cards, auto loans, student loans and loan origination. A brief review of UDAAP standards and key orders is provided below.
Generally, 'unfairness' means substantial injury to the consumer that the consumer could not have reasonably avoided, which is not outweighed by consumer or competitive benefits.83 'Deception' generally exists where there is a material representation, omission or practice that is likely to mislead the consumer acting reasonably in the circumstances.84 Finally, 'abusiveness', which was established under the CFPA, means material interference with a consumer's ability to understand a term or condition of a consumer financial product or service, or taking unreasonable advantage of a lack of the consumer's understanding, the consumer's inability to protect his or her own interests, or the consumer's reasonable reliance on a covered person to act in the interests of the consumer.85
Following a change in leadership, on 11 March 2021, the CFPB rescinded its 2020 Statement of Policy on Abusiveness.86 In the rescission, the CFPB concluded that the policy statement's intended principles, including 'making a good-faith effort to comply with the abusiveness standard', added uncertainty for market participants. Further, the new CFPB leadership disagreed with past leadership's limited approach toward enforcing abusiveness claims.
i Unfair practices
The following are examples of recent CFPB allegations of unfair practices:
- Mortgage servicers: the CFPB alleged that a national mortgage servicer engaged in unfair practices by failing to identify recently transferred loans with pending modifications and subsequently wrongfully denying some borrowers loan modifications or making permanent modifications to borrowers' loans only after significant delays beyond the period provided for in the trial modification agreement.87
- Payment processing: the CFPB alleged that a third-party payment processor engaged in unfair practices by processing payments of consumers who were defrauded into purchasing software and services when they knew, or should have known, their clients were engaged in fraud.88
- Loan origination: the CFPB alleged that a financial technology company that services and facilitates origination of consumer loans engaged in unfair practices by originating loans to consumers who did not request or authorise them, and structuring its loan origination and servicing programme in a manner that enabled the origination of unauthorised loans.89
- Auto lending: the CFPB alleged that an auto loan servicer engaged in unfair practices by continuing to bill borrowers for automotive coverage but then failing to provide that coverage, and by assessing and collecting fees that borrowers were not contractually obligated to pay.90 The CFPB alleged that another auto loan servicer engaged in unfair practices by wrongfully repossessing vehicles and withholding consumers' belongings until they paid an upfront fee.91
- Prepaid cards: the CFPB alleged that a prepaid card provider engaged in unfair acts and practices by causing some consumers to be charged fees on their debit release card that were not authorised by their cardholder agreements.92
ii Deceptive practices
The following list includes examples of recent CFPB allegations of deceptive practices:
- Advertisements: the CFPB alleged that a lender engaged in deceptive advertising by disseminating advertisements that contained false, misleading and inaccurate statements, including specific credit terms that the lender was not prepared to offer, and used phrasing and formatting that falsely represented or implied that the lender was affiliated with the government, including the Veterans Administration.93
- Debt collection: the CFPB alleged that a debt collector engaged in deceptive practices by making false or deceptive threats to consumers, and misrepresenting, expressly or by implication, the amount of debt consumers owed, in order to induce payments.94
- Student loans: the CFPB alleged that a depository institution, also a provider and servicer of student loans, engaged in deceptive acts and practices by misrepresenting the minimum periodic payments owed by consumers and the amount of interest paid.95 The CFPB alleged that a student loan company engaged in deceptive acts by falsely representing that an income share agreement did not create debt.96
- Non-bank lender: the CFPB alleged that a non-bank lender engaged in deceptive practices by misrepresenting its relationship with the government and that consumers' accounts would be turned over to a debt collection agency for non-payment.97
- Mortgage: the CFPB alleged that a mortgage servicer engaged in deceptive acts or practices by foreclosing on some borrowers while their loss mitigation applications or appeals were pending, even after the borrowers' loan modifications had been approved.98
iii Abusive practices
Below are examples of recent CFPB allegations of abusive practices:
- Non-bank lender: the CFPB alleged that a non-bank lender engaged in abusive practices using English-language agreements to enrol clients, when it knew many of its clients and co-signers did not understand English and that some were unable to read in any language, rushed through the enrolment process, and omitted or misrepresented material terms of the written agreement prior to client enrolment.99
- Debt collection: the CFPB alleged that a debt-settlement company engaged in abusive practices by misrepresenting to consumers that the company would work in the consumers' interest only and that it was not owned by creditors, when the company had financial connections to some of the consumers' creditors.100
- Prepaid cards: the CFPB alleged that a prepaid card provider engaged in abusive practices by requiring consumers to use a prepaid card to receive money owed to them, including government benefits, and because there was no reasonably available mechanism by which consumers could close the card and obtain their balance without paying a fee.101
Please see the previous sections for details on recent cases.
Rapid technological innovation, the covid-19 pandemic and the shifting political and regulatory environment, at least in the near term, have altered the landscape for consumer financial services. Under the new presidential administration, the regulatory and enforcement climate have shifted, and the trend towards deregulation is moderating. Nevertheless, the influence of non-traditional financial services providers on the US consumer financial services market will continue to be one of the dominant forces shaping the country's consumer financial services regulatory landscape in the coming year. Financial technology firms continue to deploy innovative technological solutions and develop new uses for a rapidly expanding universe of consumer data, and supervisory and regulatory authorities continue to try to keep pace.
1 Rick Fischer is a senior partner and Jeremy Mandell is a partner at Morrison & Foerster LLP.
2 12 U.S.C. Section 5481.
3 id. Section 5531.
4 id. Sections 5512, 5561 to 5567.
5 id. Section 5536.
6 See Federal Reserve, The 2019 Federal Reserve Payments Study at 1 (19 Dec. 2019) (triennial study).
7 id. at 2.
8 See generally, Service Details on Federal Reserve Actions to Support Interbank Settlement of Instant Payments, 85 Fed. Reg. 48,522 (11 Aug. 2020).
9 See generally, Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire, 86 Fed. Reg. 31,376 (11 June 2021).
10 See generally, Service Details on Federal Reserve Actions to Support Interbank Settlement of Instant Payments, 85 Fed. Reg. 48,522 (11 Aug. 2020).
12 ABA Banking Journal Podcast, OCC's Brooks Plan to Unveil 'Payments Charter 1.0' This Fall, American Bankers Association (25 June 2020), https://bankingjournal.aba.com/2020/06/podcast-occs-brooks-plans-to-unveil-payments-charter-1-0-this-fall/; see also Complaint for Declaratory and Injunctive Relief, Conference of State Bank Supervisors, Inc. v. Office of the Comptroller of the Currency, Case 1:20-cv-03797 (Dist. Ct. D.C., 22 Dec. 2020).
13 See Brief for Appellee, Lacewell v. Office of the Comptroller of the Currency, Case 19-4271 (2d Cir., 23 July 2020).
14 See Conference of State Bank Supervisors, CSBS Model Money Transmission Modernization Act (9 Sept. 2021).
15 In October 2020, the American Bankers Association, the national trade group for banks, 'called on every bank in the country to consider offering Bank-on certified accounts to expand access to banking services and reduce the number of unbanked and underbanked Americans.' See Press Release, American Bankers Association, ABA Urges America's Banks to Offer Bank On-Certified Accounts (19 Oct. 2020), https://www.aba.com/about-us/press-room/press-releases/aba-urges-americas-banks-to-offer-bank-on-certified-accounts.
16 See Consumer Financial Protection Bureau, Consumer Response Annual Report (Mar. 2021).
17 Overdraft Rule Review Pursuant to the Regulatory Flexibility Act, 84 Fed. Reg. 21,729 (15 May 2019).
18 State of New York Office of the Attorney General, Letter to Kathleen L Kraninger Re: Request for Comment on the Economic Impact of the Overdraft Rule (No. CFPB-2019-0023) (1 July 2019).
19 See Consumer Financial Protection Bureau, Semiannual Regulatory Agenda, 85 Fed. Reg. 52,809 (26 Aug. 2020).
20 See Federal Reserve Board, G.19 Consumer Credit, September 2021 (5 Nov. 2021).
21 Press Release, Consumer Financial Protection Bureau, CFPB Rescinds Series of Policy Statements to Ensure Industry Complies with Consumer Protection Laws (31 Mar. 2021).
22 Consumer Financial Protection Bureau, Statement on Supervisory and Enforcement Practices Regarding Bureau Information Collections for Credit Card and Prepaid Account Issuers (26 Mar. 2020).
23 Consumer Financial Protection Bureau, Statement on Supervisory and Enforcement Practices Regarding Electronic Credit Card Disclosures in Light of the COVID-19 Pandemic (3 June 2020).
24 Consumer Financial Protection Bureau, Synchrony Bank Approval Order (30 Dec. 2020).
25 Consumer Financial Protection Bureau, Report on the Consumer Credit Market (29 Sept. 2021).
26 See Payday, Vehicle Title, and Certain High-Cost Installment Loans, 85 Fed. Reg. 44,382 (22 Jul. 2020).
27 See Federal Reserve Board, G.19 Consumer Credit, September 2021 (5 Nov. 2021).
28 See, for example, U.S. Dep't of the Treasury, Opportunities and Challenges in Marketplace Lending (10 May 2016); Federal Trade Commission, A Survey of 15 Marketplace Lenders' Online Presence (9 Jun. 2016); Press Release, Cal. Dep't of Bus. Oversight, California Online Lending Grows by More Than 930% Over Five Years (4 Apr. 2015); Press Release, New York Dep't of Financial Services, DFS Issues Online Lending Report (11 July 2018); Congressional Research Service, Rapidly Growing “Buy Now, Pay Later” (BNPL) Financing: Market Developments and Policy Issues (1 Nov. 2021).
29 Payday, Vehicle Title, and Certain High-Cost Installment Loans, 85 Fed. Reg. 44,382 (22 Jul. 2020).
31 Blog Post, Consumer Financial Protection Bureau, Our Commitment to Protecting Vulnerable Borrowers (23 Mar. 2021).
32 Community Financial Services Ass'n of America, Ltd. v. Consumer Financial Protection Bureau, No. 1:18-CV-295 (W.D. Tex., 1 Oct. 2021).
33 Second Invitation for Comments on Proposed Rulemaking, Commercial Financing Disclosures, PRO 01/18 (26 Jul. 2019).
34 Third Invitation for Comments on Proposed Rulemaking, Commercial Financial Disclosures, PRO 01/18 (17 Jan. 2020).
35 Notice of Rulemaking Action, PRO 01/18 (11 Sept. 2020).
36 N.Y. Fin. Serv. Law Section 801 et seq. (effective 1 Jan. 2022).
37 Sawyer v. Bill Me Later Inc., 23 F. Supp. 3d 1359 (D. Utah 2014).
38 See, for example, Meade v Marlette Funding LLC, No. 1:17-cv-00575 (D. Colo. 21 Mar. 2018); Meade v. Avant of Colorado LLC, 307 F. Supp. 3d 1134 (D. Colo. 1 Mar. 2018).
39 Commonwealth of Pennsylvania v. Think Finance, Inc., No. 14-cv-7139 (E.D. Pa. 14 Jan. 2016).
40 Compare Consumer Financial Protection Bureau v. CashCall Inc., No. 2:15-cv-07522 (C.D. Cal. 31 Aug. 2016), with Beechum v. Navient Solutions Inc., No. 2:15-cv-08239 (C.D. Cal. 20 Sept. 2016).
41 Assurance of Discontinuance, In re Avant of Colorado, LLC and Marlette Funding, LLC (7 Aug. 2020).
42 National Banks and Federal Savings Associations as Lenders, 85 Fed. Reg. 68,742 (30 Oct. 2020).
44 Midland Funding, LLC v. Madden, 136 S. Ct. 2505, 579 U.S. __ (2016).
45 12 U.S.C. Section 85.
46 Madden v. Midland Funding, LLC, 786 F.3d 246 (2d Cir. 2015).
47 Eul v. Transworld Systems, Inc., No. 1:15-cv-7755 (N. D. Ill. Mar. 30, 2017).
48 Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred, 84 Fed. Reg. 64,229 (proposed 21 Nov. 2019).
49 Federal Interest Rate Authority, 84 Fed. Reg. 66,845 (proposed 6 Dec. 2019).
51 Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred, 85 Fed. Reg. 33,530 (2 Jun. 2020).
53 Federal Interest Rate Authority, 85 Fed. Reg. 44,146 (22 Jul. 2020).
54 Va. Code Sections 59.1-575 through 59.1.585 (effective 1 Jan. 2023).
55 id. Section 59.1-577(A)(2)–(3).
56 id. Section 59.1-577(A)(4).
57 id. Section 59.1-577(A)(5).
58 id. Section 59.1-578(A)(4).
59 id. Section 59.1-584(A).
60 id. Section 59.1-576(B).
61 Press Release, Federal Trade Commission, FTC Strengthens Security Safeguards for Consumer Financial Information Following Widespread Data Breaches (27 Oct. 2021).
62 16 C.F.R. pt. 314.
63 See N.Y. Comp. Codes R. & Regs. tit. 23, pt. 500.
64 Press Release, Securities and Exchange Commission, SEC Announces Three Actions Charging Deficient Cybersecurity Procedures (30 Aug. 2021).
66 Order, In re Cetera Advisor Networks LLC et al., No. 3-20490 (30 Aug. 2021); Order, In re Cambridge Investment Research, Inc. & Cambridge Investment Research Advisors, Inc., No. 3-204965 (30 Aug. 2021); Order, In re KMS Financial Services, Inc., No. 3-204965 (30 Aug. 2021).
67 Infrastructure Investment and Jobs Act, Pub. L. No. 117-58, Sec. 80603 (2021) (amending 26 USC Sec. 6045(c)).
68 Office of Foreign Assets Control, Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (21 Sept. 2021).
69 U.S. Department of the Treasury, Treasury Takes Robust Actions to Counter Ransomware (21 Sept. 2021).
70 Order, SEC, In re Blotics Ltd., f/d/b/a Coinschedule Ltd., No. 3-20398 (14 July 2021); Order, SEC, In re Blockchain Credit Partners, d/b/a DeFi Money Market, Gregory Keough & Derek Acree, No. 3-20453 (6 Aug. 2021); Order, SEC, In re Poloniex, LLC, No. 3-20455 (9 Aug. 2021).
71 President's Working Group on Financial Markets, FDIC, and OCC, Report on Stablecoins (1 Nov. 2021).
73 31 U.S.C. Sections 5323, 5336.
74 31 U.S.C. Sections 5321, 5318.
75 Financial Crimes Enforcement Network, Anti-Money Laundering and Countering the Financing of Terrorism National Priorities (30 June 2021).
76 31 U.S.C. Section 5318.
77 Financial Crimes Enforcement Network, A Report to Congress: Assessment of No-Action Letters in Accordance with Section 6305 of the Anti-Money Laundering Act of 2020 (28 June 2021).
78 Beneficial Ownership Information Reporting Requirements, 86 Fed. Reg. 17,557 (ANPR, 5 Apr. 2021).
79 Request for Information and Comment on Financial Institutions' Use of Artificial Intelligence, Including Machine Learning, 86 Fed. Reg. 16,837 (31 Mar. 2021).
80 Proposed Interagency Guidance on Third-Party Relationships: Risk Management, 86 Fed. Reg. 38,182 (19 July 2021).
81 Press Release, Consumer Financial Protection Bureau, CFPB Orders Tech Giants to Turn Over Information on their Payment System Plans (21 Oct. 2021).
82 Proposed Guidelines for Evaluating Account and Services Requests, 86 Fed. Reg. 25,865 (11 May, 2021).
83 12 U.S.C. Section 5531(c).
84 Federal Trade Commission, Policy Statement on Deception (14 Oct. 1983), appended to Cliffdale Associates, Inc., 103 F.T.C. 110, 174 (1984).
85 12 U.S.C. Section 5531(d).
86 Statement of Policy Regarding Prohibition on Abusive Acts or Practices; Rescission, 86 Fed. Reg. 14,808 (19 Mar. 2021).
87 Complaint, Bureau of Consumer Financial Protection v. Nationstar Mortgage LLC d/b/a Mr. Cooper, No. 1:20-cv-3550 (7 Dec. 2020).
88 Complaint, Bureau of Consumer Financial Protection v. BrightSpeed Solutions, Inc. et al., No. 1:21-cv-01199 (3 Mar. 2021).
89 Consent Order, In re GreenSky, LLC, No 2021-CFPB-0004 (12 July 2021).
90 Consent Order, In re Lobel Financial Corporation, No. 2020-BCFP-0016 (21 Sept. 2020).
91 Consent Order, In re Nissan Motor Acceptance Corporation, No. 2020-BCFP-0017 (13 Oct. 2020).
92 Consent Order, In re JPay, LLC, No. 2021-CFPB-0006 (19 Oct. 2021).
93 Consent Order, In re Hypotec, Inc., No. 2020-BCFP-0012 (1 Sept. 2020); Consent Order, In re Service 1st Mortgage, Inc., No. 2020-BCFP-0013 (1 Sept. 2020), Consent Order, In re Accelerate Mortgage, LLC, No. 2020-BCFP-0014 (2 Sept. 2020); Consent Order, In re ClearPath Lending, Inc., No. 2020-BCFP-0015 (14 Sept. 2020).
94 Complaint, Bureau of Consumer Financial Protection v. JPL Recovery Solutions, LLC et al., No. 1:20-cv-01217 (8 Sept. 2020).
95 Consent Order, In re Discover Bank, et al., No. 2020-BCFP-0026 (22 Dec. 2020).
96 Consent Order, In re Better Future Forward, Inc., No. 2021-CFPB-0005 (7 Sept. 2021).
97 Complaint, Consumer Financial Protection Bureau v. Nexus Services, Inc., No. 5:21-cv-00016 (22 Feb. 2021).
98 Complaint, Bureau of Consumer Financial Protection v. Nationstar Mortgage LLC d/b/a Mr. Cooper, No. 1:20-cv-3550 (7 Dec. 2020).
99 Complaint, Consumer Financial Protection Bureau v. Nexus Services, Inc., No. 5:21-cv-00016 (22 Feb. 2021).
100 Complaint, Consumer Financial Protection Bureau v. SettleIt, Inc., No. 8:21-cv-00674 (13 Apr. 2021).
101 Consent Order, In re JPay LLC, No. 2021-CFPB-0006 (19 Oct 2021).