AGENCY:

Consumer Financial Protection Bureau.

ACTION:

Supervisory Highlights.

SUMMARY:

The Consumer Financial Protection Bureau (CFPB or Bureau) is issuing its thirtieth edition of Supervisory Highlights.

DATES:

The Bureau released this edition of the Supervisory Highlights on its website on July 26, 2023. The findings included in this report cover examinations in the areas of auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday and small dollar lending, and remittances that were completed from July 1, 2022, to March 31, 2023.

FOR FURTHER INFORMATION CONTACT:

Jaclyn Sellers, Senior Counsel, at (202) 435–7449. If you require this document in an alternative electronic format, please contact CFPB_Accessibility@cfpb.gov.

SUPPLEMENTARY INFORMATION:

1. Introduction

Since its inception, the Consumer Financial Protection Bureau's (CFPB's) Supervision program has assessed supervised institutions' compliance with Federal consumer financial law and taken supervisory action against institutions that have violated it.^[1] This includes institutions engaged in unfair, deceptive, or abusive acts or practices (UDAAPs) prohibited by the Consumer Financial Protection Act of 2010 (CFPA).^[2] In April 2023, the CFPB issued a policy statement on abusive acts or practices to summarize the existing precedent, provide an analytical framework for identifying abusive conduct, and to offer some guiding principles.^[3]

This edition of Supervisory Highlights notes recent supervisory findings of abusive acts or practices supervised institutions engaged in across multiple product lines. Examiners also continue to find that supervised institutions are engaging in prohibited unfair and deceptive acts or practices. The CFPB will continue to supervise for, and enforce against, practices that may violate Federal consumer financial law, harm consumers, and impede competition.

Most supervised institutions rely on technology solutions to run their businesses and offer or provide consumer financial products or services. Supervision assesses information technology utilized by supervised entities, and information technology controls, that may impact compliance with Federal consumer financial law or risk to consumers. Examiners have identified several violations of Federal consumer financial law that were caused in whole or in part by insufficient information technology controls. This edition includes for the first time, findings from the CFPB's Supervision information technology program.

A key aspect of the CFPB supervision program is benefitting supervised institutions by identifying compliance issues before they become significant. The supervision process is confidential in nature. This confidentiality promotes candid communication between supervised institutions and CFPB supervisory personnel concerning compliance and related matters.

The findings included in this report cover examinations in the areas of auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday and small dollar lending, and remittances that were completed from July 1, 2022, to March 31, 2023. To maintain the anonymity of the supervised institutions discussed in Supervisory Highlights, references to institutions generally are in the plural and related findings may pertain to one or more institutions.

2. Supervisory Observations

2.1 Auto Origination

The CFPB assessed the auto finance origination operations of several Start Printed Page 52132 supervised institutions for compliance with applicable Federal consumer financial laws and to assess whether institutions have engaged in UDAAPs prohibited by the CFPA.^[4]

2.1.1 Deceptive Marketing of Auto Loans

Examiners found that supervised institutions engaged in the deceptive marketing of auto loans when they used advertisements that pictured cars that were significantly larger, more expensive, and newer than the advertised loan offers were good for. An act or practice is deceptive when: (1) the representation, omission, act, or practice misleads or is likely to mislead the consumer; (2) the consumer's interpretation of the representation, omission, act, or practice is reasonable under the circumstances; and (3) the misleading representation, omission, act, or practice is material.^[5]

Examiners found that the representations made in these advertisements were likely to mislead consumers, as the “net impression” to consumers was that the advertisements applied to a subset of cars to which they did not actually apply. Examiners further concluded that it was reasonable for consumers to believe that the advertised terms applied to a class of vehicles similar to the cars pictured in the ads. These representations were material as information about the central characteristics of a product or service—such as costs, benefits, and/or restrictions on the use or availability—are presumed to be material. Here, the promotional offers advertised were significantly more restricted than a consumer may have realized. In response to these findings, the institutions have stopped using the deceptive advertisements and have enhanced monitoring of marketing materials and advertisements across all product lines.

2.2 Auto Servicing

Examiners identified three unfair or abusive acts or practices at auto servicers related to charging interest on inflated loan balances, cancelling automatic payments without sufficient notice, and collection practices after repossession.

2.2.1 Collecting Interest on Fraudulent Loan Charges

When supervised institutions purchase retail installment contracts from auto dealers, dealers generally provide a document listing the options included on the vehicle. Some dealers fraudulently included in the document options that are not actually present on the vehicle, for example by listing undercoating that the vehicle does not actually have. This artificially inflates the value of the collateral, which may make it easier for the dealer to find funding for the contract from indirect lenders.

Examiners found that servicers engaged in unfair and abusive acts or practices by collecting and retaining interest borrowers paid on automobile loans that included options that were not in fact included in the collateral, leading to improperly inflated loan amounts. Examiners found that after initial loan processing, servicers attempted to contact consumers to verify that options listed by the dealer are in fact on the vehicle; consumers rarely identified discrepancies. In the event consumers identified discrepancies, servicers reduced the amounts that they paid dealers by the amount of the missing options. But servicers did not reduce the amount that consumers owed on the loan agreements and continued to charge interest tied to financing of the nonexistent options. Similarly, after repossession servicers compared the options actually present on the vehicle to the information originally provided by the dealer and, where the options were not actually included, obtained refunds from dealers that were applied to the deficiency balances. But the servicers did not refund consumers for the interest charged on the illusory options.

The CFPA defines an unfair act or practice as an act or practice that: (1) that causes or is likely to cause substantial injury to consumers; (2) which is not reasonably avoidable by consumers; and (3) is not outweighed by countervailing benefits to consumers or to competition.^[6] Examiners found that servicers engaged in unfair acts or practices when they collected interest on the nonexistent options. Examiners found that consumers suffered substantial injury when they paid excess interest resulting from improperly inflated loan amounts. Consumers could not reasonably avoid the injury because they had no reason to anticipate that dealers would fraudulently include nonexistent options and that the consumers would be charged interest based on the inflated loan amount. And even if consumers attempted to validate the options included, most consumers are not able to tell—merely by sight—the options included on a car, many of which may be hidden under the hood or otherwise not readily visible. And the injury is not outweighed by countervailing benefits to consumers or competition.

Examiners also found that the servicers engaged in abusive acts or practices. An act or practice is abusive if it: (1) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) takes unreasonable advantage of: a lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service; the inability of the consumer to protect the interest of the consumer in selecting or using a consumer financial product or service; or the reasonable reliance by the consumer on a covered person to act in the best interest of the consumer.^[7]

Here examiners concluded that the servicers' practices were abusive because they took unreasonable advantage of consumers' inability to protect their interests in the selection or use of the product by charging interest on loan balances that were improperly inflated because of the illusory options, which benefited the servicer to the detriment of consumers. Servicers were aware that some percentage of their loans had inflated balances and nevertheless collected excess interest on these amounts while seeking and obtaining refunds on the missing options. At the time of loan funding, consumers were unable to protect their own interests; it was impractical for them to challenge the practice because they did not know that certain options were missing.^[8] After repossession, servicers continued to take advantage of consumers' inability to protect their interests where they protected themselves by obtaining refunds from dealers for the value of options the collateral vehicles did not actually have but did not refund the excess interest amounts consumers had paid based on these inflated loan balances.

In response to these findings, Supervision directed the servicers to cease the practice.

2.2.2 Canceling Automatic Payments Without Sufficient Notice

Examiners found that servicers engaged in unfair acts or practices by suspending recurring automated Start Printed Page 52133 clearing house (ACH) payments prior to consumers' final payment without sufficiently notifying consumers that the final payment must be made manually. Consumers could enroll in automatic payments by completing a written electronic funds transfer authorization. The authorizations contained a small print disclosure that servicers would not automatically withdraw the final payment; servicers did not provide any additional communication to consumers before the final payment was required. Many consumers enrolled in these automatic payments for a period of years and relied on the automatic payments. But servicers cancelled the final withdrawal and did not debit the final payment, resulting in missed payments and late fee assessment by servicers. Consumers suffered substantial injury when servicers failed to provide adequate notice that they would not debit the final payment, including the late fees servicers charged consumers when consumers missed these payments. Consumers could not reasonably avoid this injury because they believed their payments would be processed automatically and the only disclosure that the payment would be cancelled was written in fine print in the initial enrollment paperwork. And the injury is not outweighed by countervailing benefits to consumers or competition.

In response to these findings, servicers remediated consumers and revised their policies and procedures.

2.2.3 Requiring Consumers To Pay Other Debts To Redeem Vehicles

Some vehicle financing contracts contain clauses allowing servicers to use the vehicle to secure other unrelated unsecured debts consumers owe to the company, such as credit card debt; this is referred to as cross-collateralization. Examiners found that after servicers repossessed vehicles, they accelerated the amount due on the vehicle finance contract and also accelerated any other amounts the consumer owed to the entity. When consumers called to recover the vehicles, the servicers required consumers to pay the full amount on all accelerated debts, which included both debt for the vehicle and other debts.

Examiners found that servicers engaged in unfair and abusive acts or practices by engaging in the blanket practice of cross-collateralizing loans and requiring consumers to pay other debts to redeem their repossessed vehicles.

Accelerating and demanding repayment on other debts before returning repossessed vehicles was unfair. It caused substantial injury to consumers because consumers were required to pay accelerated and cross-collateralized amounts across multiple loans or lose their vehicles. Consumers could not reasonably avoid the harm caused by this practice. While servicers occasionally allowed consumers to pay lesser amounts, they did so only if consumers objected or argued about the debt and consumers were not meaningfully made aware that arguing about the cross-collateralization could result in a lesser payment amount. And even if the consumer objected, representatives still used the cross-collateral provisions as a coercive collection tactic. A blanket practice of cross-collateralizing and demanding repayment does not benefit consumers and the harm outweighs any countervailing benefits to consumers or competition.

This practice was abusive because it also took unreasonable advantage of a lack of understanding of consumers of the material risks, costs, or conditions of their loan agreements. When consumers sought to reinstate their loans after repossession, servicers utilized contractual remedies to accelerate all debts owed to them which resulted in a significant monetary advantage to servicers while imposing a corresponding degree of economic harm on the consumer. These practices also inflicted significant emotional and psychological distress. The advantage gained by the servicers was unreasonable in the ordinary case of vehicle repossession. And consumers lacked an understanding of the material risks, costs, or conditions of the specific contractual remedies allowing for cross-collateralization at issue in the relevant loans.^[9]

In response to these findings, servicers remediated consumers and revised policies and procedures.

2.3 Consumer Reporting

Companies that regularly assemble or evaluate information about consumers for the purpose of providing consumer reports to third parties are “consumer reporting companies” (CRCs).^[10] These companies, along with the entities—such as banks, loan servicers, and others—that furnish information to the CRCs for inclusion in consumer reports, play a vital role in the availability of credit and have a significant role to play in the fair and accurate reporting of credit information. They are subject to several requirements under the Fair Credit Reporting Act (FCRA) ^[11] and its implementing regulation, Regulation V,^[12] including the requirement to reasonably investigate disputes and to furnish data subject to the relevant accuracy requirements. In recent reviews, examiners found deficiencies in CRCs' compliance with FCRA permissible purpose-related policy and procedure requirements and furnisher compliance with FCRA and Regulation V dispute investigation requirements.

2.3.1 CRC Duty To Maintain Reasonable Policies and Procedures Designed To Limit Furnishing Consumer Reports to Persons With Permissible Purpose(s)

The FCRA requires that CRCs must maintain reasonable procedures designed to limit the furnishing of consumer reports to persons with at least one of the permissible purposes enumerated under section 604(a) of the FCRA.^[13] In recent reviews of CRCs, examiners found that CRCs' procedures relating to ensuring end users of consumer reports have a requisite permissible purpose failed to comply with this obligation because the CRCs' procedures posed an unreasonable risk of improperly disclosing consumer reports to persons without a permissible purpose. For example, examiners identified multiple deficiencies in the CRCs' procedures, such as failing to maintain an adequate process for re-assessing end users' permissible purpose(s) where indicia of improper consumer report use by an end user is present. This created heightened risk of improper consumer report disclosures. In some instances, examiners found that such deficiencies resulted in CRCs furnishing consumer reports to end users despite having reasonable grounds to believe the end users did not have a requisite permissible purpose.

In response to these findings, CRCs are revising policies and procedures for, and their oversight of, onboarding end users and periodically re-assessing end users' permissible purpose(s). CRCs also are revising processes relating to the monitoring of end users, including the identification of end users exhibiting Start Printed Page 52134 indicia of impermissible consumer report use.

2.3.2 Furnisher Duty To Review Policies and Procedures and Update Them as Necessary To Ensure Their Continued Effectiveness

Examiners found that furnishers are violating the Regulation V duty to periodically review their policies and procedures concerning the accuracy and integrity of furnished information and update them as necessary to ensure their continued effectiveness.^[14] Specifically, in recent reviews of auto furnishers, examiners found that furnishers failed to review and update policies and procedures after implementing substantial changes to their dispute handling processes. For example, furnishers changed software systems for use in the investigation of disputes but maintained policies and procedures that referenced only systems no longer in use, inhibiting the continued effectiveness of those policies and procedures. In response to these findings, furnishers are updating their policies and procedures to reflect current systems and training staff to use them in handling disputes.

2.3.3 Furnisher Duty To Conduct Reasonable Investigations of Direct Disputes

Examiners are continuing to find that furnishers are violating the Regulation V duty to conduct a reasonable investigation of direct disputes.^[15] In recent reviews of mortgage furnishers, examiners found the furnishers failed to conduct any investigations of direct disputes that were received at an address provided by the furnishers to CRCs and set forth on consumer reports. Rather than investigate direct disputes sent to these qualifying addresses under Regulation V, the furnishers responded to the disputes by instructing the consumers to re-send their direct disputes to certain other addresses of the furnishers and only investigated the disputes to the extent the consumers re-sent them per these instructions. In response to these findings, furnishers are updating their policies and procedures to ensure that they conduct reasonable investigations of direct disputes that are sent to addresses provided by the furnishers to CRCs and set forth on consumer reports.

2.3.4 Furnisher Duty To Notify Consumers That a Dispute Is Frivolous or Irrelevant

Examiners are continuing to find that furnishers are violating the Regulation V duty to provide consumers with notices regarding frivolous or irrelevant disputes.^[16] In recent reviews of third-party debt collector furnishers, examiners found that furnishers failed to send any notice to consumers whose direct disputes they determined were frivolous or irrelevant. For example, when furnishers determined that disputes sent by consumers were duplicative of prior disputes, the furnishers did not investigate the disputes nor send notices to consumers setting forth the reasons for their determination and the information the consumers needed to submit for the furnishers to investigate the disputed information. In response to these findings, furnishers are establishing policies and procedures to identify and respond to frivolous or irrelevant disputes, including sending a letter to the consumer notifying the consumer of the determination that a dispute is frivolous or irrelevant and identifying the additional information needed to investigate the consumer's dispute.

2.3.5 Furnisher Duty To Inform Consumers of Information Needed To Investigate Frivolous or Irrelevant Disputes

Examiners are continuing to find that furnishers are violating their Regulation V duty, after making a determination that a direct dispute is frivolous or irrelevant, to include in their notices to consumers the reasons for that determination and to identify any information required to investigate the disputed information.^[17] In recent reviews of mortgage furnishers, examiners found that furnishers sent frivolous or irrelevant notices to consumers that failed to accurately convey what information the consumers needed to submit for the furnishers to investigate the disputed information. For example, furnishers sent consumers a frivolous notification stating that consumers must provide their entire unredacted credit report for the furnishers to investigate the dispute, even though an entire unredacted credit report was not required for the investigation and an excerpt of the relevant portion of the credit report would have sufficed. In response to these findings, furnishers are updating the content of their frivolous or irrelevant notices to eliminate the language requesting an entire unredacted credit report as a prerequisite for investigation.

2.3.6 Furnishers' Failure To Provide Adequate Address-Disclosures for Notices

Section 623(a)(1)(A) of the FCRA requires that a furnisher must not furnish to any CRC any information relating to a consumer if the furnisher knows or has reasonable cause to believe that the information is inaccurate.^[18] A furnisher is not subject to section 623(a)(1)(A) if the furnisher clearly and conspicuously specifies to consumers an address at which consumers may notify the furnisher that information it furnished is inaccurate.^[19] The FCRA does not require a furnisher to specify such an address. If a furnisher clearly and conspicuously specifies such an address, it is not subject to section 623(a)(1)(A) but must comply with section 623(a)(1)(B) of the FCRA, which provides that a furnisher shall not furnish information relating to a consumer to a CRC if it has been notified by the consumer, at the address specified for such notices, that certain information is inaccurate and such information is, in fact, inaccurate.^[20] A furnisher that specifies an address may also be subject to section 623(a)(2) of the FCRA if it determines that information it has furnished is not complete or accurate and fails to notify the CRC and provide corrections.^[21]

Examiners are continuing to find that furnishers are not clearly and conspicuously specifying to consumers an address for notices at which a consumer may notify the furnisher that information is inaccurate. In reviews of third-party debt collection furnishers, examiners found that the only notice or dispute address furnishers provided to consumers was an address included on debt validation notices for the purpose of disputing the validity of a debt. Examiners found that the debt validation notices did not specify to consumers an address for, or otherwise specify that the debt validity dispute address may also be used for, notices relating to inaccurately furnished consumer report information. As a result, examiners found that the furnishers have not met the requirement in section 623(a)(1)(C) of the FCRA to not be subject to section 623(a)(1)(A) and therefore are subject to the stricter Start Printed Page 52135 prohibition under section 623(a)(1)(A) of the FCRA against furnishing information the furnishers know or have reasonable cause to believe is inaccurate.

2.4 Debt Collection

The CFPB has supervisory authority to examine certain institutions that engage in consumer debt collection activities, including very large depository institutions, nonbanks that are larger participants in the consumer debt collection market, and nonbanks that are service providers to certain covered persons. Recent examinations of larger participant debt collectors identified violations of the Fair Debt Collection Practices Act (FDCPA) as well as the CFPA.

2.4.1 Unlawful Attempts To Collect Medical Debt

Examiners found that debt collectors continued collection attempts for work-related medical debt after receiving sufficient information to render the debt uncollectible under State worker's compensation law absent written evidence to the contrary, which the collector did not obtain from its client. The collectors made multiple calls over several years, during which they implied that the consumer owed the debt and asserted that the ambulance ride that gave rise to the debt originated from the consumer's home, despite evidence in their files that it originated from the consumer's workplace. Examiners found that, through these practices, the debt collectors violated the FDCPA by collecting an amount not permitted by law or agreement,^[22] by falsely representing the character, amount, or legal status of a debt,^[23] by engaging in conduct which had the natural consequence of harassing, oppressing, or abusing the consumer,^[24] and by using false, deceptive, or misleading representations in connection with the collection of a debt.^[25]

In response to these findings, Supervision directed the debt collectors to establish and maintain adequate collection policies, procedures, and training to include specific limitations on circumstances under which the collectors may contact consumers in connection with pending workers' compensation claims; enhancing call monitoring to include a review of accounts with a pending workers' compensation claim; and ensuring accounts are monitored for pending workers' compensation claims and collection attempts on such accounts are ceased.

2.4.2 Deceptive Representations About Interest Payments

Examiners found that debt collectors advised consumers that if they paid the balance in full by a date certain, any interest assessed on the debt would be reversed. The debt collectors then failed to credit the consumers' accounts with the accrued additional interest, resulting in the consumers paying more than the agreed upon amount. Examiners found this practice to be deceptive in violation of the CFPA.^[26] In response to these findings, Supervision directed the debt collectors to remediate all consumers who had overpaid.

2.5 Deposits

The CFPB continues to examine financial institutions to assess whether they have engaged in UDAAPs prohibited by the CFPA.^[27] The CFPB also continues its examinations of supervised institutions for compliance with Regulation E,^[28] which implements the Electronic Fund Transfer Act (EFTA).^[29] The CFPB also examines for compliance with other relevant statutes and regulations, including Regulation DD,^[30] which implements the Truth in Savings Act.^[31]

2.5.1 Unfair Line of Credit Usage and Fees

The CFPA prohibits any “covered person” from “engag[ing] in any unfair, deceptive, or abusive act or practice.” ^[32]

Examiners found unfair acts or practices due to institutions' assessment of both nonsufficient funds (NSF) and line of credit transfer fees on the same transaction. The institutions offered a line of credit program that consumers could opt-in to. If a consumer's checking account did not have sufficient funds to pay for a transaction, the institutions would transfer funds from the line of credit to cover the transaction and assess a line of credit transfer fee, as well as interest on the amount of credit extended. In some instances, the line of credit might not have sufficient funds to cover the transaction, in which case the institutions would deny the transaction and assess an NSF fee on the denied transaction. As the transaction was declined, no funds from the line of credit would be transferred to pay the transaction. But, if there were insufficient funds in the consumer's checking account to pay the NSF fee and that NSF fee overdrew the consumer's account, the institutions would automatically transfer funds from the line of credit to the consumer's checking account and assess a line of credit transfer fee.

Supervision found the institutions' practice of assessing both the NSF and the line of credit transfer fee on the same transaction is an unfair act or practice. These acts or practices caused or were likely to cause substantial injury in the form of two fees being assessed on the same denied transaction. Consumers who enrolled in the line of credit program were charged two fees instead of the single fee charged to those who were not enrolled, even though in both cases the transaction was returned unpaid. A consumer could not reasonably avoid this substantial injury as the consumer had no notice of the potential for double fees or ability to avoid the double fees in this automated process and would not reasonably expect that enrolling in a program meant to prevent overdraft and decrease fees related to denied transactions would instead increase them. These acts or practices did not provide benefits to consumers or competition.

The supervised institutions believed they had safeguards in place to not assess NSF fees and line of credit fees on the same transaction. Specifically, they programmed their systems to not assess both of these fees on the same day. The way the institutions' systems posted NSF fees, however, meant that the NSF and line of credit fees were incurred on different days, even though they were part of the same transaction. Thus, the safeguard was inadequate. In response to these findings, the institutions committed to system changes and remediated $113,358 to 4,147 consumers. The system change implemented by the supervised institutions was to avoid the issue altogether by entirely eliminating NSF fees for unpaid transactions.

2.6 Fair Lending

The CFPB's fair lending supervision program assesses compliance with the Equal Credit Opportunity Act (ECOA) ^[33] and its implementing regulation, Regulation B,^[34] as well as the Home Mortgage Disclosure Act (HMDA) ^[35] and its implementing regulation, Regulation Start Printed Page 52136 C,^[36] at institutions subject to the CFPB's supervisory authority. ECOA prohibits a creditor from discriminating against any applicant, with respect to any aspect of a credit transaction, on the basis of race, sex, color, religion, national origin, sex (including sexual orientation and gender identity), marital status, or age (provided the applicant has the capacity to contract), because all or part of the applicant's income derives from any public assistance program, or because the applicant has in good faith exercised any right under the Consumer Credit Protection Act.^[37]

During recent examinations, Examiners found lenders violated ECOA and Regulation B.

2.6.1 Pricing Discrimination

In the Fall 2021 issue of Supervisory Highlights, the CFPB discussed findings that mortgage lenders violated ECOA and Regulation B by discriminating against African American and female borrowers in the granting of pricing exceptions based upon competitive offers from other institutions.^[38] Since then, Supervision conducted additional examinations assessing mortgage lenders' compliance with ECOA and Regulation B with respect to the granting of pricing exceptions based on competitive offers from other institutions. The CFPB again found that mortgage lenders violated ECOA and Regulation B by discriminating in the incidence of granting pricing exceptions across a range of ECOA-protected characteristics, including race, national origin, sex, or age.

Examiners observed that certain lenders maintained policies and procedures that permitted the granting of pricing exceptions to consumers, including pricing exceptions for competitive offers. Generally, a pricing exception is when a lender makes exceptions to its established credit standards. For example, a lender may lower a rate to match a competitor's offer and retain the consumer. Examiners identified lenders with statistically significant disparities for the incidence of pricing exceptions at differential rates on a prohibited basis compared to similarly situated borrowers. Weaknesses in the lenders' policies and procedures with respect to pricing exceptions for competitive offers, the failure of mortgage loan officers to follow those policies and procedures, the lenders' lack of oversight and control over their mortgage loan officers' discretion in connection with and use of such exceptions, or managements' failure to take appropriate corrective action risks contributed to the observed disparities in the incidence of granting pricing exceptions. Examiners did not identify evidence of legitimate, non-discriminatory reasons that explained the disparities observed in the statistical analysis.

In several instances, examiners identified policies and procedures that were not designed to effectively mitigate ECOA and Regulation B violations or manage associated risks of harm to consumers. Some policies permitted mortgage loan officers to request a pricing exception by submitting a request into the loan origination system without requiring that the request be substantiated by documentation. While those requests were subject to managerial review, there were no guidelines for the bases for approval or denial of the exception request or the amount of the exception. Other policies had limited documentation requirements—and sometimes no documentation requirements for pricing exceptions below a certain threshold. This meant that the lenders could not effectively monitor whether the pricing exception request was initiated by the consumer and/or supported by a competitive offer to the consumer. Other policies granted some loan officers pricing exception authority up to certain thresholds without the need for competitive offer documentation or management approval. As a result, the lenders did not flag those discretionary discounts as pricing exceptions and did not monitor them. Some policies had more robust documentation and approval requirements. But those institutions did not effectively monitor interactions between loan officers and consumers to ensure that the policies were followed and that the loan officer was not coaching certain consumers and not others regarding the competitive match process. In other instances, examiners determined that loan officers were not properly documenting the initiation source of the concession request nor were they retaining and documenting competitors' pricing information in borrowers' files as required by the lender policy.

Examiners also identified weaknesses in training programs. Some lenders did not have training that explicitly addressed fair lending risks associated with pricing exceptions, including the risks of providing different levels of assistance to customers, on prohibited bases, in connection with a customer's request for a price exception. Other training programs did not cover pricing exceptions risk for employees who have discretionary pricing authority.

Finally, examiners concluded that management and board oversight at lenders was not sufficient to identify and address risk of harm to consumers from the lender's pricing exceptions practices. Similarly, examiners observed that some lenders failed to take corrective action based on their statistical observations of disparities in pricing exceptions. Some lenders failed to document whether additional investigation into observed disparities was warranted, review the causes of such disparities, or consider actions that might reduce such disparities.

In response to these findings, the CFPB directed lenders to, among other things: enhance or implement pricing exception policies and procedures to mitigate fair lending risks, including enhancing documentation standards and requiring clear exception criteria; enhance or implement policies requiring the retention of documentation for all pricing exceptions, including document regarding whether the pricing exception request was initiated by the consumer; develop and implement a monitoring and audit program to effectively identify and mitigate potential disparities and/or fair lending risks associated with the pricing exception approval process; or to identify and remediate harmed consumers.

2.6.2 Discriminatory Lending Restrictions

The CFPB recently reviewed lending restrictions in underwriting policies and procedures at several lenders to evaluate fair lending risks and to assess compliance with ECOA and Regulation B. The reviews focused on lending restrictions relating to how those lenders handled the treatment of applicants' criminal records and whether the lenders properly treated income derived from public assistance.

Regarding prior contact with the criminal justice system, both national data and the history of discrimination in the justice system suggest that restrictions on lending based on criminal history are, in many circumstances, likely to have a disparate impact based on race and national origin.^[39] Thus, the use of criminal history in credit decisioning may create a heightened risk of violating ECOA and Regulation B. The CFPB's review Start Printed Page 52137 identified risky policies and procedures at several institutions for several areas of credit, including mortgage origination, auto lending, and credit cards, but most notably within small business lending. A common thread in the CFPB review was that the discovery of criminal records prompted enhanced or second-level underwriting review. However, policies and procedures at several institutions did not provide detail regarding how that review should be conducted, creating fair lending risk around how the reviewing official exercises discretion. There were variations amongst the policies and procedures as to how the lender identified criminal records and which violations or charges triggered further review or denial. For example, some lenders generally denied credit when it identified applicants with felony convictions for financial crimes but did not deny credit for arrests or non-felony convictions. Other lenders treated criminal indictments, fraud cases, sexual offenses, and industry bans as significant risks. But without clear guidelines and well-defined standards designed to meet legitimate business needs, lenders risked violating ECOA and Regulation B by applying these underwriting restrictions in a manner that could discriminate on a prohibited basis.

With respect to the proper treatment of public assistance income in underwriting, ECOA and Regulation B prohibit discrimination against applicants, with respect to any aspect of a credit transaction, because all or part of the applicant's income derives from any public assistance program.^[40] Examiners identified lenders whose policies and procedures excluded income derived from certain public assistance programs or imposed stricter standards on income derived from public assistance programs. Lenders maintained a written policy that expressly prohibited underwriters from considering Home Assistance Payments provided by the Section 8 Housing Choice Voucher Homeownership Program.^[41] Lenders participated in mortgage lending programs that provided consumers with a benefit in the form of a mortgage credit certificate but did not treat those benefits as income under their underwriting standards. Some lenders maintained a policy with a six-year continuity-of-income requirement for applicants relying primarily on public assistance income that was stricter than the three-year requirements applicable to other applicants' income.

In response to these findings, the CFPB directed lenders to review, identify, and provide relief to any applicant negatively affected by these policies. Lenders were also directed to revise and implement policies and procedures and enhance related systems to ensure public assistance income is evaluated under standards applicable to other sources of income.

2.7 Information Technology

The CFPB's Supervision program evaluates information technology controls at supervised institutions that may impact compliance with Federal consumer financial law or implicate risk to consumers. The CFPB assesses the effectiveness of information technology controls in detecting and preventing data breaches and cyberattacks. For example, inadequate security for sensitive consumer information, weak password management controls, untimely software updates or failing to implement multi-factor authentication or a reasonable equivalent could cause or contribute to violations of law including the prohibition against engaging in UDAAPs.^[42]

Examiners found that institutions engaged in unfair acts or practices prohibited by the CFPA by failing to implement adequate information technology controls.

2.7.1 Failing To Implement Adequate Information Technology Security Controls

Examiners found that institutions engaged in unfair acts or practices by failing to implement adequate information technology security controls that could have prevented or mitigated cyberattacks. More specifically, the institutions' password management policies for certain online accounts were weak, the entities failed to establish adequate controls in connection with log-in attempts, and the same entities also did not adequately implement multi-factor authentication or a reasonable equivalent for consumer accounts.

The entities' lack of adequate information technology security controls caused substantial harm to consumers when bad actors accessed almost 8,000 consumer bank accounts and made fraudulent withdrawals in the sum of at least $800,000. Consumers were also injured because they had to devote significant time and resources to dealing with the impacts of the incident. For example, consumers had to contact the institutions to file disputes to determine why funds were missing from their accounts and then wait to be reimbursed by the institutions. Consumers may have had to spend additional time enrolling in credit monitoring services, identity theft protection services or changing their log-in credentials.

The impacted consumers could not reasonably avoid the injury caused by the institutions' inadequate information technology security controls. Consumers do not have control over certain aspects of an institutions' security features, such as how many log-in attempts an institution allows before locking an account or the number of transactions it labels suspicious, requiring additional verification. Similarly, only the institutions can implement measures to mitigate or prevent cyberattacks such as employing controls or tools to block automated malicious software (botnet) activity or ensuring sufficient authentication protocols are in place such as multi-factor authentication or an alternative of equivalent strength. Consumers do not have control over these security measures and were unable to reasonably avoid the injury caused by the cyberattacks. The injury to consumers outweighs any countervailing benefits, such as avoiding the cost of implementing information technology controls necessary to prevent these types of attacks.

In response to these findings, the institutions are implementing multi-factor authentication, or a reasonable equivalent, enhancing password management practices and implementing adequate controls for failed log-in attempts to prevent/mitigate unauthorized access to consumer accounts. Additionally, the institutions are providing remediation to impacted consumers.

2.8 Mortgage Origination

The CFPB assessed mortgage origination operations of several supervised institutions for compliance with applicable Federal consumer financial laws including Regulation Z. Start Printed Page 52138

2.8.1 Loan Originator Compensation: Differentiations Based on Product Type

Regulation Z generally prohibits compensating mortgage loan originators in an amount that is based on the terms of a transaction.^[43] It defines a term of a transaction as “any right or obligation of the parties to a credit transaction.” ^[44] And it provides that a determination of whether compensation is “based on” a term of a transaction is made based on objective facts and circumstances indicating that compensation would have been different if a transaction term had been different.^[45] Accordingly, in the preamble to the CFPB's 2013 Loan Originator Final Rule, the CFPB clarified that it is “not permissible to differentiate compensation based on credit product type, since products are simply a bundle of particular terms.” ^[46]

As part of their business model, institutions brokered-out certain mortgage products not offered in-house. For example, the institutions used outside lenders for reverse mortgage originations, but had their own in-house cash-out refinance mortgage product. Examiners determined that the institutions used a compensation plan that allowed a loan originator who originated both brokered-out and in-house loans to receive a different level of compensation for the brokered-out loans versus in-house loans. By compensating differently for loan product types that were not offered in-house, the entities violated Regulation Z by basing compensation on the terms of a transaction. In response to these findings, the entities have since revised their loan originator compensation plans to comply with Regulation Z.

2.8.2 Loan Disclosures: Failure To Reflect the Terms of the Legal Obligation on Disclosures

Regulation Z requires that disclosures “shall reflect the terms of the legal obligation between the parties.” ^[47] In most cases, disclosures should reflect the terms to which both the consumer and creditor are legally bound at the outset of a transaction.^[48]

Examiners found that the standard adjustable-rate promissory note used by an institution stated that the result of the margin plus the current index should be rounded up or down to the nearest one-eighth of one percentage point. However, examiners discovered that the institutions' loan origination system was not programmed to round. Thus, the fully indexed rate that the entity calculated and provided on their disclosures was calculated contrary to the promissory note for the loan. Consequently, the supervised institutions failed to reflect the terms of the legal obligation on disclosures in violation of Regulation Z.^[49] In response to these findings, the supervised institutions reconfigured their loan origination system to round according to the promissory note.

2.9 Mortgage Servicing

Examiners identified UDAAP and regulatory violations at mortgage servicers, including violations during the loss mitigation and servicing transfer processes, as well as payment posting violations.

2.9.1 Loss Mitigation Timing Violations

If a servicer receives a complete application more than 37 days before a scheduled foreclosure sale, then Regulation X ^[50] requires servicers to evaluate the complete loss mitigation applications within 30 days of receipt and provide written notices to borrowers stating which loss mitigation options, if any, are available. Examiners found that some servicers violated Regulation X when they failed to evaluate complete applications within 30 days of receipt.^[51] Relatedly, some servicers evaluated the application within 30 days but failed to provide the required notice to borrowers within 30 days as required.^[52] In response to these findings, servicers improved policies and implemented additional training.

Additionally, examiners found that servicers engaged in an unfair act or practice when they delayed processing borrower requests to enroll in loss mitigation options, including COVID–19 pandemic-related forbearance extensions, based on incomplete applications.^[53] These delays varied in length, including delays up to six months. Borrowers were substantially injured because they suffered one or more of the following harms: prolonged delinquency, late fees, default notices, and lost time and resources addressing servicer delays. Borrowers also experienced negative credit reporting because of the servicers' delays, resulting in a risk of damage to their credit that may have materialized into financial injury. Borrowers could not reasonably avoid injury because servicers controlled the processing of applications, and borrowers reasonably expected servicers to enroll them in the options they applied for. And the injury to consumers was not outweighed by benefits to consumers or competition.

In response to these findings, servicers ceased the practice and developed improved policies and procedures.

2.9.2 Mispresenting Loss Mitigation Application Response Times

Examiners found that servicers engaged in deceptive acts or practices when they informed consumers, orally and in written notices, that they would evaluate their complete loss mitigation applications within 30 days, but then moved toward foreclosure without completing the evaluations. Because the servicers received the complete loss mitigation applications 37 days or less before foreclosure, Regulation X did not require the servicers to evaluate the application within 30 days.^[54] But the servicers informed consumers in written and oral communications that they would evaluate borrowers' complete loss mitigation applications within 30 days, and these representations created the overall net impression that foreclosure would not occur until the servicers rendered decisions on the applications. The borrowers reasonably interpreted these representations to mean that they would receive decisions on the applications, and potentially a period of time to take other actions if the applications were denied, prior to foreclosure. Finally, the servicers' representations were material, as they prompted the borrowers to wait for notification concerning a possible loan modification and discouraged the borrowers from taking additional steps to prepare for foreclosure.

In response to these findings, servicers ceased the practice and Start Printed Page 52139 developed improved policies and procedures.

2.9.3 Assigning Continuity of Contact Personnel

Under Regulation X, servicers are required to establish continuity of contact with delinquent consumers by maintaining policies and procedures to assign personnel to delinquent borrowers by, at the latest, the 45th day of delinquency.^[55] These personnel should be made available to answer delinquent borrowers' questions via telephone, and the servicer shall maintain policies and procedures that are reasonably designed to ensure these personnel can perform certain functions.^[56] These include providing accurate information about loss mitigation and timely retrieving written information provided by the borrower to the servicer in connection with a loss mitigation application.^[57]

Examiners found that servicers violated Regulation X by failing to maintain adequate continuity of contact procedures.^[58] Servicers did not maintain policies and procedures that were reasonably designed to ensure that personnel were made available to borrowers via telephone and provided timely live responses if borrowers were unable to reach continuity of contact personnel; the servicers routinely failed to return phone calls from borrowers.^[59] And when consumers did speak with personnel, the personnel failed to provide accurate information about loss mitigation options that were available.^[60] Additionally, servicers' systems did not allow the assigned personnel to retrieve, in a timely manner, written information that the consumer had already provided in connection with their loss mitigation applications, causing assigned personnel to ask for information already in the servicers' possession.^[61]

In response to these findings, servicers updated their servicing platforms, developed new monitoring reports, implemented additional trainings, and revised policies and procedures.

2.9.4 Spanish Language Acknowledgement Notices Missing Information

Regulation X requires servicers, in most circumstances, to provide borrowers with a written acknowledgment notice within 5 days of receipt of a loss mitigation application.^[62] This notice must contain a statement that the borrower should consider contacting servicers of any other mortgage secured by the same property to discuss loss mitigation options.^[63] Examiners found that servicers violated Regulation X by failing to include this required language on Spanish language application acknowledgment notices. In contrast, servicers included this language on English language acknowledgment notices sent to English speaking consumers. In response to these findings, servicers updated their letter templates.

2.9.5 Failure To Provide Critical Loss Mitigation Information

Examiners found that servicers violated Regulation X and Regulation Z by failing to provide specific required information in several circumstances:

• Specific reasons for denial when they sent notices that included vague denial reasons, such as informing consumers that they did not meet the eligibility requirements for the program; ^[64]

• Correct payment and duration information for forbearance; ^[65] and

• Information in periodic statements about loss mitigation programs, such as forbearance, to which consumers had agreed.^[66]

In response to these findings, servicers updated their letter templates and enhanced monitoring.

2.9.6 Failure To Credit Payment Sent to Prior Servicer After Transfer

After a transfer of servicing, Regulation X requires that, during the 60-day period beginning on the effective date of transfer, servicers not treat payments sent to the transferor servicer as late if the transferor servicer receives them on or before the due date.^[67] Examiners found that servicers treated payments received by the transferor servicer during the 60-day period, but not transmitted by the transferor to the transferee until after the 60-day period, as late. This violated Regulation X because the transferor had received the payment within the 60-day period beginning on the effective date of the transfer. In response to these findings servicers remediated consumers and updated policies, procedures, training, and internal controls.

2.9.7 Failure To Maintain Policies and Procedures Reasonably Designed To Identify Missing Information After a Transfer

Regulation X ^[68] requires servicers to maintain policies and procedures that are reasonably designed to achieve the objectives in 12 CFR 1024.38(b). Commentary to Regulation X clarifies that “procedures” refers to the actual practices followed by the servicer.^[69] Under Regulation X,^[70] transferee servicers are required to maintain policies and procedures to identify necessary documents and information that may not have been included in a servicing transfer and obtain such information from the transferor servicer.

Examiners found that some servicers violated Regulation X when they failed to maintain policies and procedures reasonably designed to achieve the objective of facilitating transfer of information during servicing transfers. For example, servicers' policies and procedures were not reasonably designed because they failed to obtain copies of the security instruments, or any documents reestablishing the security instrument, to establish the lien securing the mortgage loans after servicing transfers. In response to these findings, servicers updated their policies and procedures and implemented new training.

2.10 Payday and Small-Dollar Lending

During examinations of payday and small-dollar lenders, Supervision identified unfair, deceptive, and abusive acts or practices and violations of Regulation Z. Supervision also identified risks associated with the Military Lending Act.

2.10.1 Unreasonable Limitations on Collection Communications

Examiners found that lenders engaged in abusive and deceptive acts or practices in connection with short-term, small-dollar loans, by including language in loan agreements purporting Start Printed Page 52140 to prohibit consumers from revoking their consent for the lender to call, text, or email the consumers. The agreements stated, for example, that consumers, “cannot revoke this consent to call, text, or email about your existing loan” and that “[n]one of our employees are authorized to receive a verbal revocation of this authorization.” Lenders that engage in unreasonable collections communications may violate the CFPA's prohibition against UDAAP. By implying that consumers could not take action to limit unreasonable collections communications, this practice was abusive because it took unreasonable advantage of the consumers' inabilities to protect their interests in selecting or using a consumer financial product or service by limiting such collections communications. The practice was also deceptive because it misled or was likely to mislead consumers acting reasonably as to a material fact, i.e., whether or not they could protect themselves by limiting unreasonable communications by phone, text, or email, and whether the lenders had an obligation to honor such requests. The practice was further abusive and deceptive under the above analyses because, contrary to the language of the loan agreements, the lenders' procedures did in fact require the lenders' representatives to allow consumers to revoke consent to communications.

In response to these findings, Supervision directed the lenders to revise the contract language to cease misleading consumers about their ability to limit collections calls, texts, and emails to reasonable channels, locations, and times, and to cease taking unreasonable advantage of consumers' inabilities to protect themselves against unreasonable or unlawful collection communications.

2.10.2 False Collection Threats

Examiners found that supervised institutions made false collection threats related to litigation, garnishment, and late fees, each of which constituted deceptive acts or practices in violation of the CFPA. The lenders sent letters to delinquent payday loan borrowers in certain states, stating that the supervised institutions “may pursue any legal remedies available to us” unless the consumer contacted the institution to discuss the delinquency. The representations misled or were likely to mislead borrowers into reasonably believing that the supervised institutions might take legal action against the consumer to collect the debt if the consumer did not make timely payment. It would be reasonable for consumers to interpret a threat to pursue “any legal remedies available to us” to include the legal remedy of a lawsuit or other similar civil action. The supervised institutions, however, never pursued such legal action to collect on payday loans in these states. The representations were material because threats of possible legal action could have an impact on a consumer's decision regarding whether and when to make payment. In response to these findings, Supervision directed the institutions to stop engaging in the deceptive conduct.

Examiners also found that lenders engaged in deceptive acts or practice by making false threats related to garnishment in collections communications. Lenders used the term “garnishment” in communications with consumers when referring to voluntary wage deduction process. These representations misled or were likely to mislead reasonable consumers by giving the false impression they would be subject to an involuntary legal garnishment process if they did not make payment. In fact, consumers could revoke voluntary wage deduction consent at will under the terms of the loan agreement and prevent deductions from occurring. Consumers acting reasonably would believe that the lenders express references to the possibility of garnishment accurately reflected what might happen absent the consumers making payment. The representations were material because they may have affected a consumer's decision regarding whether and when to make payment and whether to revoke their consent to the voluntary wage deduction process. In response to these findings, the entities were required to stop engaging in the deceptive conduct.

In addition, examiners found that periodic statements provided to borrowers falsely stated, “if we do not receive your minimum payment by the date listed above, you may have to pay a $25 late fee.” Such representations misled or were likely to mislead borrowers into reasonably believing that they could be charged late fees, when in fact lenders did not assess late fees in connection with the product. The representations were material because they were likely to affect consumers' decisions about whether and when to make payments. In response to these findings, Supervision directed the lenders to stop engaging in the deceptive conduct.

2.10.3 Unauthorized Wage Deductions

Examiners found that lenders engaged in unfair acts or practices with respect to consumers who signed voluntary wage deduction agreements by sending demand notices to consumers' employers that incorrectly conveyed that the employer was required to remit to the lenders from the consumer's wages the full amount of the consumer's loan balance. In fact, the consumer had agreed to permit the lenders only to seek a wage deduction in the amount of the individual scheduled payment due. The lenders then collected wages from the consumers' employers in amounts exceeding the single payment authorized by the consumer. This wage collection practice caused substantial injury to consumers who incurred monetary injury by having amounts deducted from their wages in excess of what they had authorized. The consumers could not have reasonably avoided the injury, which was caused by the lenders seeking and obtaining wage deductions in excess of those authorized by the consumers. The benefits to the lenders of collecting unauthorized amounts do not outweigh the injuries to the consumers in the form of lost wages. In response to these findings, Supervision directed lenders to stop engaging in the practice and provide remediation to impacted borrowers.

2.10.4 Misrepresentations Regarding the Impact of Payment of Debt in Collections

Examiners found that lenders engaged in deceptive acts or practices when they misrepresented to borrowers the impact that payment or nonpayment of debts in collection may have on the sale of the debt to a debt buyer and the subsequent impact on the borrower's credit reports. The lenders made representations about debt sale, credit reporting practices, and corresponding effects on consumer creditworthiness that misled or were likely to mislead the consumer. Their agents asserted or implied that making a payment would prevent referral to a third-party debt buyer and a negative credit impact. However, these agents had no basis to predict the consumer's credit situation or a potential debt buyer's furnishing practices, the lender's contracts with debt buyer prohibited furnishing to a CRC, and the debt was not in fact sold. It was reasonable for a consumer experiencing repayment difficulty to interpret the representations to mean that not making a payment would cause a third party to subsequently report adverse credit information and worsen their creditworthiness. The representations were material because they were likely to affect the consumer's choices or conduct regarding the loan. In response to these findings, Supervision directed Start Printed Page 52141 the entities to stop engaging in the deceptive conduct.

2.10.5 Risk of Harm to Consumers Protected by the Military Lending Act

Examiners found that installment lenders created a risk of harm to borrowers protected by the Military Lending Act by, before engaging in loan transactions, and contrary to their policies, failing to confirm that several thousand borrowers were not covered borrowers under the Military Lending Act as implemented by Department of Defense regulations.^[71] These risks included potentially, originating loans to covered borrowers at rates and terms impermissible under the Military Lending Act; not providing covered borrowers with required disclosures; including in loan agreements prohibited mandatory arbitration clauses; and failing to limit certain types of repeat or extended borrowing. In response to these findings, Supervision directed lenders to change their practices to prevent these risks.

2.10.6 Failure To Retain Evidence of Compliance With Disclosure Requirements Under Regulation Z

Examiners found that lenders failed to retain for two years evidence that they delivered clear and conspicuous closed-end loan disclosures in writing before consummation of the transaction, in a form that consumers may keep, in violation of the record-retention provision of Regulation Z,^[72] and creating a risk of a violation of the general disclosure requirements of Regulation Z.^[73] Copies of disclosures in loan files did not include evidence of when or how lenders delivered disclosures to borrowers. And lenders were unable to produce evidence that, for electronically signed contracts, disclosures were delivered to consumers in a form they may keep before loan consummation. Lenders' compliance procedures did not require delivery of loan disclosures to consumers in a form they may keep before consummation. In response to these findings, Supervision directed lenders to update compliance management systems to ensure clear and conspicuous disclosures are provided in writing in a form the consumer may keep before consummation and evidence of compliance is retained, consistent with Regulation Z, for all disclosure channels, including electronic or keypad.

2.11 Remittances

The CFPB evaluated both depository and non-depository institutions for compliance with the Electronic Funds Transfer Act (EFTA) and its implementing Regulation E, including subpart B (Remittance Rule).^[74]

2.11.1 Failure To Develop Policies and Procedures To Ensure Compliance With the Remittance Rule's Error Resolution Requirements

The Remittance Rule states that a remittance transfer provider shall develop and maintain written policies and procedures that are designed to ensure compliance with the error resolution requirements applicable to remittance transfers. Some institutions did not develop written policies and procedures designed to ensure compliance. This issue was noted in prior editions of Supervisory Highlights and continues to be an issue with institutions.^[75]

For example, some institutions used their anti-money laundering compliance policy in lieu of a specific policy tailored to the Remittance Rule requirements. The anti-money laundering policy and procedure included some basics, like identifying some covered Remittance Rule errors and the basic timeframes remittance providers had to investigate and resolve error notices. But they were not substitutes for Remittance Rule policies. They did not provide detailed guidance to employees on how to distinguish notices of error, the handling of which are subject to specific Remittance Rule requirements, from other complaints. They did not make clear employees should provide notifications that are required by the Remittance Rule to consumers when the institutions determined an error, no error, or a different error occurred. The policies also did not alert employees as to the remedies available to consumers under the Remittance Rule and articulated remedies different than those required by the Remittance Rule. Other institutions provided policies that indicated the institutions knew of the Remittance Rule and its requirements and had manuals to cover Remittance Rule compliance. However, these institutions did not develop procedures that would put these policies into effect. Specifically, the manuals did not provide adequate guidance to employees to resolve error notices in a consistent and compliant manner. Recitation of Remittance Rule requirements without greater detail on how to effectuate compliance does not ensure compliance as the Remittance Rule requires.

In response to these findings, institutions updated their policies and procedures during or after the conclusion of the examinations.

3. Supervisory Program Developments

3.1 Recent CFPB Supervision Program Developments

Set forth below are recent supervision program developments including circulars, bulletins, advisory opinions, policy statements and exam procedures that have been issued since the last regular edition of Supervisory Highlights.

3.1.1 CFPB Nonbank Supervisory Authorities

The CFPB has supervisory authority over nonbanks in the mortgage, private education, and payday loan markets, regardless of the entities' size.^[76] The CFPB also has supervisory authority over larger participants of markets for other consumer financial products or services defined by rule.^[77] Additionally, the CFPB has supervisory authority over nonbank covered persons it has reasonable cause to determine, by order, after notice and a reasonable opportunity to respond, based on complaints or information from other sources, that the person is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products or services.^[78] The CFPB issued a rule implementing this provision of the CFPA in 2013. These processes were amended after notice and comment in a final procedural rule in November 2022.^[79] Since the amended rule was finalized, the CFPB has entered into discussions with several entities across markets regarding the CFPB's supervision program and its benefits, including identifying potential compliance issues before they become significant. And the CFPB has issued several Notices of Reasonable Cause Start Printed Page 52142 commencing the risk-based supervision process under the rule. As a result of these activities, several entities have voluntarily consented to the CFPB's supervisory authority.

Additionally, the CFPB is conducting, or has scheduled, supervisory examinations of one or more data aggregators, including larger participants in the consumer reporting market.

3.1.2 CFPB Issued Circular Regarding Reopening Deposit Accounts That Consumers Previously Closed

On May 10, 2023, the CFPB issued a circular to emphasize that a financial institution's unilateral reopening of deposit accounts that consumers previously closed can constitute a violation of the CFPA's prohibition on unfair acts or practices.^[80]

3.1.3 CFPB Issued an Advisory Opinion Addressing Protection of Homeowners From Illegal Collection Tactics on Zombie Mortgages

On April 26, 2023, the CFPB issued an advisory opinion on debt collectors, covered by the FDCPA, threatening to foreclose on homes with mortgages past the statute of limitations.^[81] The advisory opinion clarifies that a covered debt collector who brings or threatens to bring a State court foreclosure action to collect a time-barred mortgage debt may violate the FDCPA and its implementing regulation.

3.1.4 CFPB Issued Policy Statement on Abusive Acts or Practices

On April 3, 2023, the CFPB issued a policy statement to explain how the CFPB analyzes the elements of abusiveness through relevant examples, with the goal of providing an analytical framework to fellow government enforcers and to the market for how to identify violative acts or practices.^[82]

3.1.5 CFPB Issued Bulletin 2023–01: Unfair Billing and Collection Practices After Bankruptcy Discharged of Certain Student Loan Debts

On March 16, 2023, the CFPB issued a bulletin on unfair billing and collection practices after bankruptcy discharges of certain student loan debt.^[83] The bulletin details examiners' findings that student loan servicers who collected on student loans that were discharged by a bankruptcy court had engaged in an unfair act or practice in violation of the CFPA. The CFPB issued this bulletin to notify regulated entities how the CFPB intends to exercise its enforcement and supervisory authorities on this issue.

3.1.6 CFPB Issued an Advisory Opinion To Protect Mortgage Borrowers From Pay-to-Play Digital Mortgage Comparison Shopping Platforms

On February 7, 2023, the CFPB issued an advisory opinion outlining how companies that operate digital mortgage comparison-shopping platforms violate the Real Estate Settlement Procedures Act when they steer shoppers to lenders by using pay-to-play tactics rather than providing shoppers with comprehensive and objective information.^[84]

3.1.7 CFPB Issued Circular on Unlawful Negative Option Marketing Practices

On January 19, 2023, the CFPB issued a circular that states that persons engaged in negative option marketing practices may violate the prohibition on unfair, deceptive, or abusive acts or practices in the CFPA.^[85] Negative option marketing practices may violate that prohibition where a seller (1) misrepresents or fails to clearly and conspicuously disclose the material terms of a negative option program; (2) fails to obtain consumers' informed consent; or (3) misleads consumers who want to cancel, erects unreasonable barriers to cancellation, or fails to honor cancellation requests that comply with its promised cancellation procedures.

3.1.8 CFPB Released Updates to Mortgage Servicing Exam Procedures

On January 18, 2023, the CFPB released its updated mortgage servicing exam procedures.^[86] The examination procedures describe the types of information that CFPB examiners gather to evaluate mortgage servicers' policies and procedures; assess whether servicers are complying with applicable laws; and identify risks to consumers related to mortgage servicing. The updated Examination Procedures include CFPB guidance released since the last update in June 2016.

4. Remedial Actions

The CFPB's supervisory activities resulted in and supported the below enforcement actions.

4.1.1 Citizens Bank

On May 23, 2023, the CFPB reached a settlement to resolve allegations that Citizens Bank violated consumer financial protection laws and rules that protect individuals when they dispute credit card transactions.^[87] The CFPB alleges that Citizens Bank failed to properly manage and respond to customers' credit card disputes and fraud claims. The order requires Citizens Bank to pay a $9 million civil money penalty.

Footnotes