Consumer Financial Services Alert - November 26, 2013

The CFPB announced that it finalized a rule creating mortgage disclosure forms that integrate the requirements of the Real Estate Settlement Procedures Act and the Truth in Lending Act. The final rule creates two forms: the loan estimate and the closing disclosure. The Dodd-Frank Act required the CFPB to promulgate rules to integrate certain disclosures under TILA and RESPA. Under the final rule, the loan estimate must be provided within 3 business days of the application. The closing disclosure must be provided at least business 3 days before the scheduled closing. Notably, among other things, the final rule amends the definition of “application” for purposes of triggering the loan disclosure. The amended definition of “application” removes the seventh catchall factor that was adopted by HUD.  In particular, the definition of application includes six pieces of information: (1) the consumer’s name, (2) income, (3) social security number, (4) property address, (5) estimate of the value of the property, and (6) the mortgage loan amount sought. The rule is effective August 1, 2015.

The CFPB announced it had entered into a consent order with a mortgage insurance company following the CFPB’s filing of a complaint in the United States District Court for the Southern District of Florida against the company for allegedly making illegal kickback payments or unearned fees, disguised as reinsurance premiums, in violation of Section 8 of RESPA. Section 8 generally prohibits receiving kickbacks, fees, or anything of value in exchange for referring a consumer to a real estate settlement service provider or the sharing of real estate settlement service fees for reasons other than for services actually performed. According to the complaint, the mortgage insurance company entered into captive mortgage reinsurance arrangements with lenders in which fees were paid, in increasing percentages over time up to 40% of the premium, to captive reinsurers that were wholly-owned subsidiaries of the lenders in exchange for reinsurance that was far less in value than the payments made to the captive reinsurers. The terms of consent order require the mortgage insurance company to (1) relinquish to the CFPB any rights it has under any captive mortgage reinsurance arrangement, with limited exceptions, (2) pay a civil money penalty of $100,000 to the CFPB, and (3) submit to compliance monitoring and reporting.

The CFPB announced its first public enforcement action against a payday lender—a consent order alleging, among other things, unfair and deceptive acts or practices in connection with affidavits. According to the consent order, the payday lender’s service provider engaged in unfair and deceptive practices by, among other things, manually stamping attorney and manager signatures on affidavits—a practice commonly named “robosigning.” The CFPB also found that the payday lender violated the Consumer Financial Protection Act by failing to preserve materials responsive to its requests; in particular, the payday lender failed to cease routine shredding of documents after receiving correspondence from the CFPB requesting it to preserve materials. Finally, the CFPB alleged that the payday lender violated the Military Lending Act by imposing an annual percentage rate above 36% on loans made to servicemembers.

The terms of the consent order require the payday lender to institute a compliance plan that, among other things: (1) addresses the manner of compliance with the order, consumer protection laws, and the MLA; and (2) includes written job descriptions of duties and responsibilities of key compliance staff. The payday lender is also required to deposit $8 million into a restitution fund for the purpose of redressing affected consumers.

The OCC issued guidance establishing standards that it will use when requiring its supervised entities—national banks, federal savings associations or federal branches or agencies—to employ independent consultants to comply with an enforcement action involving alleged significant violations of law, fraud, or harm to consumers. The guidance provides that in assessing whether the OCC will require a supervised entity to retain an independent consultant in an enforcement action, it will consider seven factors, including: (1) the severity of the violations (including their impact on consumers, the supervised entity and others); (2) the criticality of the function requiring remediation; (3) the OCC’s confidence that the supervised entity’s management has the ability to identify and correct violations in a timely manner; (4) whether the supervised entity has the expertise, staffing and resources necessary to take the required corrective actions; (5) the actions already taken by the supervised entity to correct the violations or address the problematic issues; (6) the type of services the independent consultant would provide; and (7) the available alternatives to the engagement of an independent consultant.  Notably, the guidance cautions that a supervised entity’s use of an independent consultant does not absolve its management or board of directors of their responsibility to see that “all needed corrective actions are identified and implemented.”

The guidance also provides that if an independent consultant is required to be retained in connection with an enforcement order, the OCC will require the supervised entity to submit information to the OCC regarding the due diligence that the supervised entity has conducted regarding the independent consultant it proposes to retain. In particular, the OCC will seek information concerning the qualifications, independence, resources, expertise, capacity, reputation, information security and document security practices, risk management and reporting, conflicts of interest and financial viability of the proposed independent consultant. In assessing the independence and level of objectivity of the proposed independent consultant, the OCC expects that a supervised entity’s submission to the OCC in support of a proposed independent consultant will address, among other things: (1) the scope and volume of other contracts or services provided (or previously provided) by the independent consultant to the supervised entity; (2) whether the supervised entity proposed any mitigating actions to address any potential conflict of interest (or the appearance of a conflict of interest); (3) the amount of fees to be paid to the independent consultant (and any other financial relationship with the consultant); and (4) any business or personal relationship of the independent consultant (or its employees) with a board member or executive officer of the supervised entity.

In conjunction with the FDIC, the OCC, finalized guidance highlighting supervisory concerns and expectations for deposit advance products.   The guidance largely mirrors the proposal the agencies published in April 2013.  In the guidance, the OCC addressed criticism that the guidance was intended to address consumer protection issues and not safety and soundness concerns and that the guidance created new rules and regulations that the OCC did not have jurisdiction to promulgate.  According to the OCC, the guidance was intended to “make a bank aware of the risks related to deposit advance products” and to “help a bank understand what specific consumer compliance laws and regulations” are applicable to deposit advance products. 

Noting that deposit advance products “pose supervisory risks” and that the products “share a number of characteristics” with payday loans (i.e., high fees and short repayment terms), the guidance identifies several categories of safety and soundness risks: credit risks, reputation risks, operational risks, and compliance risks. Of note, the guidance states that the significant risks of deposit advance products may subject banks to the risks of litigation and regulatory enforcement actions.

The guidance also sets forth applicable federal law and regulations to include:

• Section 5 of the Federal Trade Commission Act, which generally prohibits unfair and deceptive acts or practices. The guidance notes that Section 5 of the FTC Act applies not only to the deposit advance product, but to every stage and activity (e.g., product development, marketing campaigns);

• Truth in Lending Act and its implementing regulation, Regulation Z, which generally requires creditors to provide disclosures when extending consumer credit;

• Electronic Fund Transfer Act and its implementing regulation, Regulation E;

• Truth in Savings Act and its implementing regulation, Regulation DD; and

• Equal Credit Opportunity Act and its implementing regulation, Regulation B.  The guidance notes that steering or targeting certain consumers on a prohibited basis to deposit advance products while offering other consumers more favorable credit products could raise fair lending risks.

The guidance communicates the OCC’s supervisory expectations noting that examinations will focus on potential safety and soundness issues and compliance with applicable consumer protection laws. The guidance provides that the OCC will examine assess the credit quality, including underwriting and credit administration policies and practices, adequacy of capital, reliance on fee income, adequacy of the allowance for loan and lease losses, compliance with applicable federal consumer protection law, management oversight, and third-party relationships.  In particular, the guidance states that supervised entities should have written underwriting policies that address certain factors such as, the length of a consumer’s deposit relationship with the bank, classified credits, cooling off periods, and increasing deposit advance credit limits, among other factors. For example, according to the guidance, supervised entities should require that each deposit advance loan be repaid in full and for a cooling off period of at least one monthly statement cycle after repayment before extending another deposit advance product in order to avoid repeated use.

Finally, the guidance highlights “reasonably priced small dollar loans” as an alternative to deposit advance products. Noting that if structured properly, small dollar loans could be a “safe and affordable means” for consumers.

In a split decision, the United States Court of Appeals for the Second Circuit ruled that a creditor can be held liable for sending letters using a law firm’s letterhead when plaintiffs alleged that the substance of the letters was created by the creditor itself, pursuant to a “program” in which the law firm marketed use of its letterhead by creditors as a “collection tool.” After defaulting on their mortgages, defendants contracted with a law firm to send breach notices to plaintiffs. Plaintiffs filed suit alleging defendants violated the Fair Debt Collection Practices Act and the Truth in Lending Act. In particular, plaintiffs alleged that the breach letters violated FDCPA by creating a false impression that a third party was hired to collect the debt and falsely implied that the law firm was retained to collect the debt and commence legal proceedings.

The issue before the Court was whether FDCPA and TILA applied to a mortgage lender that purchased mortgages initially payable to another lender, and after the homeowners defaulted, hired a law firm to send debt collection letters on its behalf. The ruling concerns an exception to the general rule that creditors are not liable under FDCPA.  Under section 1692a(6) of  FDCPA, a creditor may not send communications under “any name other than [its] own” (e.g., such as the name of a creditor’s in-house collections unit). The Court ruled that plaintiffs stated a triable issue of fact as to whether the creditor was merely using the law firm’s letterhead to send out debt collection letters—and thus “impersonating” a debt collector—or whether the law firm was actively performing debt collection services. The record showed that the law firm physically printed and mailed the letters, but there was some question on the extent of the law firm’s services. Citing an FTC policy statement, the Court held that a law firm must be more than a mere “conduit” of information to qualify as an independent debt collector under FDCPA, and should exercise “considered, professional judgment” regarding the propriety of collection from the particular debtor, which would showing the law firm to be a “bona fide” debt collector.

The Court also affirmed dismissal of a TILA claim alleging that the creditor should have refunded credit balances owed to their accounts, alleging the credit balances resulted from “unauthorized fees and expenses.” Because defendant was not the original creditor of the debts in question, but rather an assignee, TILA liability did not apply. Though the Court questioned whether this result stemmed from a drafting oversight as opposed to a reasoned Congressional determination, the Court nonetheless declined to impose TILA liability on the assignee. A lengthy dissent criticized the majority’s FDCPA holding as “sow[ing] ambiguity into an otherwise straightforward statutory scheme” by allowing suits against creditors to determine whether their lawyers are “insufficiently involved in ‘bona fide’ collection efforts.” In the dissent’s view, any deception lay with the attorney who claimed to be collecting the debt, not with the creditor that used the attorney’s services. But the dissent found no such deception here, given that the attorneys had follow-up communications with the letterhead, and appeared to have some involvement in the drafting of the form debt collection letter.

In the wake of a recent hearing before the Senate Committee on Homeland Security and Governmental Affairs regarding the threats and promises of virtual currency, the value of Bitcoin soared above the $700 mark—a record high for the nascent financial platform. The support offered in some testimony at the hearing suggests that there may be an optimistic face toward the future of digital currency. However, the Senate Banking Committee’s hearing on the same topic proved divisive and ill-focused, with regulators and industry specialists each touting Bitcoin’s potential to survive or fail in the coming months and years.

FinCEN reiterated its sentiment from the recent hearing that it is important for financial institutions to put controls in place to mitigate threats of abuse. These controls include FinCEN’s March 2013 guidance on virtual currencies (see April 2, 2013 Alert), which recommends that administrators and exchanges of virtual currency, including Bitcoin, must register with FinCEN, set-up anti-money laundering controls, and provide frequent reports to FinCEN. FinCEN additionally felt “lucky” that any misuse of digital currency can be tackled under existing flexible regulations, which their international counterparts are finding more difficult.

David Cotney, the Commissioner of the Massachusetts Division of Banks, looked at state-level participation in the regulation of Bitcoin. A cooperative venture among states, including an open dialogue among state regulators, was proposed as the goal of determining the appropriate level of government oversight of digital currency. The main difference in the ability to regulate the virtual currency space, as stated, was the fact that the state regulatory regime is about consumer protection, rather than investor protection. Its needs, however, remain virtually identical to the federal regulators, in that it seeks to make financial actors “Play by the rules through agencies like mine.”

Moving outside the scope of previous hearings, there was greater debate over how virtual currency should be defined. While FinCEN noted that a definition is outside its purview, it did recognize the fact that Bitcoins are “filtering through our financial system.” This, in turn, gives FinCEN the ability to regulate digital currency, since it falls into the broad-sweeping regulatory pool of “other value that substitutes for currency.” Pushback from Sen. Heidi Heitkamp on the need to categorize virtual currency focused on the ability of more than “just illegal, terrorist groups that have the ability to skirt the edges” of the law. However, FinCEN stated that, from its counter-terrorist, money-laundering perspective, defining digital currency is not as important, because they have similar regulations across different parts of the industry, whether it involves currency, securities, or commodities. FinCEN’s current unease with putting digital currency into a particular financial bucket is perhaps colored by the assumption that Bitcoin may not grow as many enthusiasts think it will. In fact, FinCEN admitted that it may be a “binary investment: either it will be the cell phone of twenty years ago, or it will fail completely.” BITS, the Technology Policy Division of the Financial Services Roundtable, demonstrated how complicated it will be to develop this “standard” definition. BITS delineated Bitcoin’s tripartite makeup as (1) a currency, (2) a depository system, (3) and a payment system. Whether or not a government body will want to demarcate these boundaries further, or to offer up a new definition that encompasses them all, remains to be seen.

As just witnessed, the industry, legal, and academic panelists seemed to offer, at times, divergent ideas about how best to incorporate Bitcoin into the U.S. financial landscape. BITS observed that digital currencies are subject to significant market unreliability without any government backing or funding. The spike in Bitcoin values the previous day adequately evidenced this claim. BITS pressed for more regulatory protections, especially consumer protections, because there are none currently existing outside March 2013 FinCEN guidance. The unstable market for virtual currency strongly correlates to Bitcoin’s uncertain acceptability, legitimacy, and usage, BITS acknowledged.

Much like BITS, Ms. Sarah Jane Hughes of Maurer School of Law also underscored the need for users of virtual currency to have the same protections that other consumers currently receive under the Gramm-Leach-Bliley Act and the Right to Financial Privacy Act of 1978, for example. Hughes’ enthusiastic support for virtual currency was coupled with the feeling that any new regulatory regimes, though, need to be crafted with “great care and … great flexibility” so as not to make investors “get cold feet.” An “open set of rules,” then, was what Hughes advocated. Additionally,  she was careful to recognize that “[i]f we do regulate, then we do legitimize.” Yet,  Hughes believed that amounts to “a risk worth taking,” and a greater structure around Bitcoin would lend itself to both more clarity and growth in the space.

A unique perspective on these issues was provided by BitPay, Inc., which is considered “pretty old” in the Bitcoin space (founded May 2011). BitPay promoted a “wait and see approach,” analogous to the government’s method of dealing with the advent of the Internet in the early 1990s. As a way to combat illicit use of digital currency, BitPay did not encourage greater law enforcement of criminal activities. Rather, its approach was to separate legitimate from illegitimate uses of Bitcoin by having a “know your users” policy. The “bad guys” will, BitPay alleged, figure out how to conduct illegal activities on their own, without the services of companies like BitPay. A counter to this argument, however, was raised by BITS, which queried whether BitPay’s controls and mitigations are an industry-wide standard or are merely an exception to the rule.

This hearing reflected general agreement that Bitcoin does have the potential to positively influence the U.S. financial system and ease money transfers internationally. Nonetheless, virtual currency’s future impact is confronted by lack of consensus even among industry, legal, and academic supporters of how to control its entry into the U.S. financial landscape.