Articles

December 23, 2024

CFPB Bites of the Month - November 20, 2024 - CFPB Take Me Home, Country Roads

Justin B. Hosie, Eric L. Johnson and Kristen Yarows

In this month's article, we share some of our top "bites" for the prior and current month covered during the November 2024 webinar.

Bite 12: CFPB Issues Statement about Medicare Beneficiaries Billing

On October 31, 2024, the CFPB issued a statement about Medicare beneficiaries billing, warning about improper billing and collection practices. Specifically, the CFPB and the Centers for Medicare & Medicaid Services issued a joint statement to remind providers of health plans of Qualified Medicare Beneficiaries ("QMBs") of billing protections and potential consequences of violating them. According to the statement, federal law generally prohibits healthcare providers who accept Medicare from billing QMBs for cost-sharing, such as co-pays or deductibles. The CFPB noted there is evidence that some Medicare providers and suppliers improperly seek payment from this population, which can turn into debt collection actions and negative credit reports. The statement explains that debt collectors may not collect on improper or inaccurate bills targeting Medicare beneficiaries and that debt collectors may not tarnish credit reports with improper and inaccurate bills. The statement requests Medicare providers, billing agents, and debt collectors to examine their practices to ensure compliance with laws and remediate any harm to consumers stemming from violations.

Bite 11: CFPB Releases Report on State Data Privacy Laws

On November 12, 2024, the CFPB released a report on state data privacy laws, addressing various federal and state privacy protections.According to the report, between January 2018 and July 2024, eighteen states passed consumer data laws that exempted organizations subject to the Gramm-Leach-Bliley Act or Fair Credit Reporting Act ("FCRA"). According to the report, consumer finance companies increasingly collect and use large quantities of consumers' financial data as a source of revenue, including by selling that data to third parties. The CFPB noted that existing federal privacy protections may not protect consumers from companies' novel methods of collecting and monetizing data. The CFPB's report suggested that state policymakers should assess these purported "gaps" in existing privacy laws.

Bite 10: CFPB Releases Study on Small Business Lending

On November 13, 2024, the CFPB released a study on small business lending, noting disparities in how lenders treat business owners based on race. The CFPB study involved matched-pair testing using trained individuals who posed as small business owners seeking credit. The testers visited 25 unique bank branches in Fairfax County, Virginia and 25 branches in Nassau County, New York. Black participants were assigned slightly more favorable financial profiles but received less encouragement to apply for loans and were more frequently steered toward alternative loan products. The study noted significant disparities in two key areas. First, Black participants received less encouragement to apply for a loan, with lenders expressing interest in 23% of participants. White participants received lender interest at a 40% level. Second, Black business owners were suggested credit cards and home equity loans 59% of the time. White participants received such suggestions 39% of the time. The CFPB stated that although the pilot study was limited to two counties, it illustrates why collecting comprehensive lending data is crucial for uncovering potential discrimination.

Bite 9: CFPB Issues Circular on Employer use of Consumer Reports

On October 24, 2024, the CFPB issued a circular on employer use of consumer reports, warning that employers using consumer reports must comply with the FCRA. The circular addressed whether employers are permitted to make employment decisions using background dossiers, algorithmic scores, and other third-party consumer reports about workers without adhering to the FCRA. The CFPB concluded that background dossiers that are obtained from third parties and used by employers to make hiring, promotion, reassignment, or retention decisions are often governed by the FCRA. The circular noted that when looking at FCRA applicability over employment decisions based on a report from a third party, federal and state law enforcement agencies should consider whether the data use qualifies as a use for employment purposes and whether the report is obtained from a party that assembled or evaluated consumer information to produce a report. However, the circular notes that not all third parties that assemble or evaluate data will qualify as "consumer reporting agencies." The circular provides an example of reports containing information solely about transactions or experiences between the consumer and report-maker. The CFPB stated that the third-party consumer reports by employers increasingly extend beyond traditional background checks and may encompass a wide range of information.

Bite 8: CFPB Finalizes Personal Financial Data Rights Rule

On October 22, 2024, the CFPB announced the long-awaited final Personal Financial Data Rights Rule, claiming it will provide greater privacy rights and security over personal data.The rule is part of the CFPB's efforts under Section 1033 of the Consumer Financial Protection Act ("CFPA"), enacted by Congress in 2010. The CFPB claims that the rule aims to address market concentration that limits consumer choice over financial products and services by moving towards an open banking system. The final rule will require banks, credit unions, and other financial service providers to make consumers' data available on request to consumers and authorized third parties in a secure and reliable manner. It also defines obligations for third parties accessing consumers' data. According to the CFPB, the rule also promotes open and inclusive industry standards. The CFPB indicated that the Personal Financial Data Rights Rule was the CFPB's first significant rule to accelerate open banking, and claimed that the CFPB will be developing additional rules to address more products, services, and use cases. Mandatory compliance for the largest financial institutions is scheduled for April 1, 2026, while the smallest covered institutions will have until April 1, 2030 to comply.

Bite 7: CFPB Takes Action Against Student Lender and Investor

On October 17, 2024, the CFPB announced that it had filed a lawsuit against a student lender and its largest shareholder for allegedly misrepresenting the quality of the training programs at their partner schools and making false claims about graduates' hiring and salaries. The student lender offers loans for various short-term vocational programs including coding boot camps. According to the complaint, the student lender claimed to have vetted partner schools but nevertheless offered loans for programs that had not been analyzed at all or failed the lender's return-on-investment analysis. The complaint also alleges that the student lender failed to accurately disclose finance charges on loan documents and failed to disclose the APR in marketing materials. The CFPB asserts that the defendants violated the CFPA by engaging in abusive and deceptive acts. The CFPB also asserts that defendants violated the Truth in Lending Act and Regulation Z by using the names, emblems, or logos of certain schools to imply that they endorsed the lender. The CFPB seeks injunctive relief, monetary relief, and civil money penalties.

Bite 6: CFPB Settles Case with Mortgage Company over Alleged Discrimination

On November 1, 2024, the CFPB settled a case involving a mortgage company that allegedly discouraged potential applicants based on race or racial composition. The lawsuit alleged that the mortgage company violated the Equal Credit Opportunity Act, Regulation B, and the CFPA. The trial court granted the mortgage company's motion to dismiss, and the Seventh Circuit reversed the decision. The Seventh Circuit's decision held that "an analysis of the ECOA as a whole makes clear that the text prohibits not only outright discrimination against applications for credit, but also the discouragement of prospective applications for credit." The proposed order prohibits the mortgage company from engaging in any acts or practices that violate the ECOA, requires the mortgage company to maintain a compliance management system, and requires the mortgage company to provide ongoing educational training for its employees. The proposed order also requires the mortgage company to pay a $105,000 civil money penalty.

Bite 5: CFPB Takes Action Against Credit Union over System Rollout

On October 31, 2024, the CFPB and the National Credit Union Administration ("NCUA") entered into a consent order with a credit union over its attempted launch of a new online and mobile banking platform with an untested platform. The CFPB and NCUA alleged that the credit union violated the CFPA by committing an unfair practice. Specifically, the CFPB alleged that the credit union deprived consumer access to their money and accounts, rushing the new platform without appropriate testing. The CFPB and NCUA alleged that some features of the online platform were unavailable for more than six months. The agencies also alleged that the platform issues caused customers to lose access to their accounts, incur late fees when their payments did not process, and prevented access to their accounts. The order requires the credit union to refund fees and costs that were imposed on affected consumers due to the outage, create contingency plans to minimize the impact on consumers' ability to use its banking platform, and pay a $1.5 million civil penalty.

Bite 4: CFPB Takes Action Against Money Transfer Company

On November 14, 2024, the CFPB issued an order against a money transfer company who offers services to incarcerated individuals. Some of the services included online messaging, video visitation, and telephone services. The CFPB alleged that the company violated the CFPA's prohibition on unfairness by blocking consumers' accounts when a money transfer was charged-back and by requiring payment of the chargeback amount plus a fee to unblock the account. The CFPB also alleged that the company unfairly failed to disclose complete fee schedules for money transfers. The CFPB alleged that the company unfairly and abusively emptied and then retained funds from consumers' accounts after a period of inactivity. The order requires the company to pay at least $2 million in redress to consumers, pay $1 million in civil money penalties, and prohibits the company from committing these alleged violations in the future.

Bite 3: CFPB Takes Action Against Technology Company and Financial Firm

On October 23, 2024, the CFPB issued consent orders against a technology company that partnered with a financial institution to provide a credit card and against the financial institution. The CFPB alleged the company unfairly failed to send transaction disputes to the financial institution and that the financial institution delayed in resolving the disputes. The CFPB alleged that the companies deceptively mislead consumers to automatic enrollment in monthly installments through the card with interest-free payments. The CFPB alleged the parties abusively failed to display the interest-free installment in certain circumstances. The consent order requires the technology company to pay a civil money penalty of $25 million and the financial institution to pay a $45 million civil money penalty. The consent order also requires the financial institution to pay at least $19.8 million in redress to victims and restricts it from introducing a new credit card without providing the CFPB with a plan of how it will comply with the law.

Bite 2: CFPB Takes Action Against Credit Union for Overdraft Fees

On November 7, 2024, the CFPB announced an order prohibiting a credit union from charging certain overdraft fees. The CFPB alleged that from 2017 through 2022, the credit union charged consumers overdraft fees on debit-card purchases and ATM withdrawals for transactions often referred to as "authorize positive, settle negative" transactions, where the initial authorization appears to have enough funds, but the final settlement results in an overdraft. The CFPB alleged that the credit union collected an average of $44 million a year in these overdraft fees. The CFPB also alleged that the credit union charged overdraft fees when it delayed in posting credits to members' accounts from funds received through person-to-person payment networks, even though these funds appeared to members to be available for immediate use. The CFPB alleged that the credit union collected at least $4 million in these overdraft fees. The consent order prohibits the credit union from charging these types of overdraft fees. It also requires the credit union to pay more than $80 million in consumer redress and a $15 million fine.

Bite 1: Bank Sues CFPB Over its Benefits Card Investigation

On November 12, 2024, media outlets reported that a bank filed a lawsuit against the CFPB in a Texas federal court, alleging that the CFPB's investigation has been "aggressive and overreaching." The lawsuit alleges that the bank continues to suffer substantial harm from the CFPB's ongoing and costly ultra vires investigation and seeks a judgment declaring that the investigation exceeds the scope of the CFPB's statutory authority under both the CFPA and the Electronic Fund Transfer Act. The investigation concerns the bank's handling of a government program for distributing federal benefits via debt cards. In September 2023, the CFPB notified the bank that it was considering legal action against the bank alleging unfairness or abusiveness, based on customer service practices, including call wait times. According to the complaint, the bank sought repeatedly to demonstrate to the CFPB that the CFPB's legal arguments were flawed and that the CFPB had no basis to bring an enforcement action.

Extra Bite 1: FTC Announces Click to Cancel Rule

On October 16, 2024, the FTC announced revisions to the Negative Option Rule, now known as the "Rule Concerning Recurring Subscriptions and other Negative Option Programs" or "Click-to-Cancel Rule." The rulemaking began in 2019 and reflects input from over 16,000 public comments. The rule will apply to almost all negative option marketing, and cover both business-to-business transactions and business-to-consumer transactions. The rule prohibits misrepresentations of any material fact before asking consumers to sign up. The rule requires obtaining proof of consent before imposing charges and maintaining evidence of compliance. The rule requires a cancelation process that is as easy as the sign-up process. Violators can be liable for redress and civil penalties. Most of the provisions of the final rule will go into effect in 180 days, with some in effect within 60 days after publication in the Federal Register. The CFPB issued a statement on the FTC rulemaking in which CFPB Director Chopra said that the "CFPB can enforce the new Click-to-Cancel Rule, which will further enable the CFPB to protect consumers from being tricked into paying for products or services they do not want or need."

Extra Bite 2 : FTC Takes Action Against Online Cash Advance App

On November 5, 2024, the FTC announced an action against an online cash advance app, alleging the company charged undisclosed fees and tips.The FTC claims in its complaint that the company used misleading marketing to deceive consumers about the amount of cash advances, charged consumers undisclosed fees, and charged "tips" to consumers without their consent. According to the FTC, the company's advertising falsely claimed that consumers could receive "up to $500" and receive it "instantly." The complaint alleges that the consumers are often charged a "surprise fee" of 15% of their advance that is described as a "tip." The FTC also alleges that the company charged consumers a $1 monthly "membership fee" without clearly and conspicuously disclosing it. The FTC alleges that the company led consumers to believe that for every percentage of tip they give, the company donates a healthy meal to a needy child, but the company was only donating 10 cents for each percentage in "tip." According to the FTC, "consumers who discover they can leave a lower tip and attempt to do so see food taken away from a cartoon child until the image of the child is finally replaced by an image of an empty plate." The complaint alleges violations of the FTC Act and the Restore Online Shoppers' Confidence Act.

Still hungry? Please join us for our next CFPB Bites of the Month. If you missed any of our prior Bites, request a replay on our website.

Hudson Cook, LLP provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.