January 2025 Newsletters

The Little Rule that Could ā€¦ Be Enacted by the New Administration?

On January 13, 2025, the outgoing Consumer Financial Protection Bureau (ā€œCFPBā€) issued a Notice of Proposed Rulemaking (ā€œNPRMā€) intended to forbid certain types of contract clauses that ā€œcensor speech or wipe away rights enshrined in law.ā€ The proposed rule comes on the heels of a 2023 proposed rule designed to limit terms that may be allowed in ā€œcontracts of adhesion,ā€ or contracts for which the terms may not be negotiated by the consumer, which includes the contracts and terms of service for most consumer products and services.

The proposed rule is comprised of two substantive sections. The first, subpart B, is intended to codify the Credit Practices Rule by prohibiting certain practices that are already largely eradicated, such as confessions of judgment, which are provisions in which a consumer waives their right due process in a lawsuit, enabling a creditor or other business to obtain a judgment against them without notice and opportunity to appear in court.

It similarly would prohibit waivers of exemption that would allow a creditor to seize assets beyond what is normally permitted under applicable law, an attachment of wages allowing a creditor to seize wages without a garnishment order or in excess of the legal maximum for wage garnishments, non-purchase money security interests in household goods, and pyramiding of late charges. Subpart B would also require creditors to provide a ā€œNotice to Cosignerā€ informing any cosigner of their potential liability if the primary borrower does not pay an obligation. Because regulators generally already view these practices as UDAAP/UDAP issues, enactment of this portion of the rule would likely have relatively little effect on banksā€™ existing practices.

Subpart C focuses on ways that contractual provisions may interfere with consumersā€™ basic rights. It would prohibit:

  • Waivers of law: Provisions that require a consumer to waive a consumer protection established in State or Federal law, such as a waiver of the right to sue;
  • Unilateral amendments: Changes to the terms of an agreement made without the consumerā€™s agreement and without providing the consumer notice and the opportunity to opt out of the change; and
  • Restraints on expression: Restrictions on the consumerā€™s free and lawful expression, including reviews of the company, product, or service that is the subject of the agreement, but also prohibiting practices such as de-banking a customer based on their political or religious views.

It is not clear yet what will happen to the numerous pending NPRMs, including this one, proposed by Chopraā€™s CFPB but requiring further action by the new administration in order to become effective. Based on the way this rule is framed, it appears that the CFPB was aware of many observersā€™ hope or expectation that the new administration will not pursue many of the rules proposed under the prior administration. Where it goes beyond codifying practices that are largely already in place, this rule focuses on issues, like freedom of expression and belief, that are popular across a broad political spectrum.

While predictions indicate that the CFPB will be significantly different under the new administration and new director, we donā€™t yet know specifics. It is not impossible to envision a new CFPB that could continue to move forward with this rule or portions of it; only time will tell.

DĆ©jĆ  Vu All Over Again: The CFPB Identifies Foreseeable Compliance Concerns

The Consumer Financial Protection Bureau released its Winter Supervisory Highlights in December 2024, focusing on deposits, data furnishing, and small-dollar lending. Because the Payday Lending rule only recently became effective, the small-dollar lending section addressed Buy Now Pay Later (BPNL) products for the first time. In other respects, however, the Highlights discusses issues that have been raised in prior guidance, namely fees on deposit accounts and credit reporting.

Overdraft and Re-Presentment Fees.
The CFPB reiterated regulator concerns over Authorize Positive Settle Negative (ASPN) transactions and re-presentment fees, which have previously been identified as a UDAAP concern.

Regarding overdraft fees, the CFPB focused on core processors and identified UDAAP concerns where core processors designed systems to assess re-presentment and ASPN overdraft fees by default. In these examples, the Bureau determined that although the core processor did not impose the fee and the bank had the ability to prevent the fee, the default setting made the imposition of the fee foreseeable and therefore presented UDAAP concerns about the core processorā€™s practices.

On the topic of re-presentments, the Bureau found that some originating depository financial institutions (ODFIs) failed to review indicators that their clients were processing re-presentments as initial payments. Failure to flag likely re-presentments would circumvent ACH network limits on re-presentments and result in harm to consumers whose accounts were consequently subject to additional presentments for the same item. The Bureau concluded that this may constitute a UDAAP even though the ODFI does not assess the fee on the consumer, because the fee is a foreseeable consequence of the ODFIā€™s failure to adequately screen presentments.

The report also reviewed stop payment orders on preauthorized debit card transactions, finding that many debit card network operators do not offer a stop payment service that meets the requirements of Regulation E or that such services were not widely used where available. Again, although the debit card network operators offered the stop payment service, it was foreseeable that the low use rate for the service would result in the processing of payments that were subject to a valid stop payment request.

Data Furnishing.
The report details a variety of concerns related to the furnishing of consumer data to credit bureaus. The Bureau stated that some furnishers failed to establish or follow procedures to respond to identity theft block request notifications from the credit bureaus, which resulted in those furnishers continuing to report information that should have been blocked.

The Bureau also identified deficiencies in the handling of credit reporting disputes and inaccuracies. Particularly focusing debt collectors, the report states that an investigation of a dispute by a third party may require the third party to review records belonging to the institution. Risk management of third parties, including debt collectors, should consider whether the third partyā€™s procedures include a process for determining whether the third party has sufficient records to complete the required investigation and then also obtaining from the bank any records that may be necessary for the investigation. Additionally, banks and their third parties should not respond to a dispute by deleting a tradeline without investigation, as this does not meet the FCRA requirement to complete an investigation.

In addition to concerns about investigations of disputes, the report reviews other basic procedural requirements, such as identifying frivolous and duplicative disputes, replacing dispute codes after resolution, quality assurance processes to ensure the accuracy of reported information, and timely correction of inaccuracies identified through disputes or other processes. Banks may therefore want to make sure they are able to identify and demonstrate compliance with the procedures they have established to ensure compliance with these requirements.

Compliance Allianceā€™s UDAAP and FCRA Toolkits are a great place to start when reviewing your practices in these areas. As always, our hotline staff is also available to answer any questions you have about these or other regulatory requirements.

CFPB: What the Zelle?

The Consumer Financial Protection Bureau (CFPB) closed out 2024 by filing a lawsuit against Bank of America, JPMorgan Chase, and Wells Fargo over those banksā€™ involvement in Early Warning Services (EWS), which operates Zelle, a peer-to-peer payment network.

The basic gist of the lawsuit is that the banks involved did not provide adequate security for the Zelle payment app, advertised the app as more secure specifically because it is operated by banks, allowed fraudsters to remain active on the network by hopping between banks, and failed to meet their Reg E requirements related to unauthorized transactions completed through Zelle.

The lawsuit alleges various failures to comply with Regulation E by, for example, instructing consumers to contact the fraudster to resolve a dispute once the bank determined that it could not claw back the funds. In this respect, the action serves as yet another reminder that banks should closely follow the dispute resolution process set out in Regulation E.

There is, however, additional guidance to be gleaned from the CFPBā€™s arguments. The lawsuit highlights the risks associated with poor management of reputational risk and third-party service providers. The CFPBā€™s argument is rooted in UDAAP as well as Reg E. It includes consumer statements that they relied on the banksā€™ recommendations when deciding to trust the Zelle app and concludes that the banks misled consumers about the appā€™s security and protection against unauthorized transactions. For example, banks included a Zelle function within bank-branded mobile banking applications offered to consumers and advertised that, unlike other P2P apps, Zelle was bank-backed or bank-endorsed.

Even though Zelle is ultimately owned by these banks and therefore not truly a third party in this situation, the CFPB complaint provides an example of how a bankā€™s endorsement or promotion of a third-party service can create direct legal risk to the bank. The allegations in the Zelle complaint do not depend on the banksā€™ ownership of EWS; the Bureauā€™s arguments could apply to any third-party service provider relationship. The Bureau argues that consumers relied on the banksā€™ representations that Zelle was secure and reasonably assumed, due to the banksā€™ endorsement of Zelle, that they would receive substantial protection against fraud and unauthorized transactions conducted through Zelle.

Because Zelle was not secure, according to the CFPB, and because the banks were not adhering to Regulation E requirements, consumers relying on the banksā€™ representations about Zelle security were subsequently harmed by fraudsters. Furthermore, the CFPB alleges that when fraud concerns came to light and when consumers complained to the banks about Zelleā€™s security shortcomings, the banks failed to take timely action to improve security or mitigate risks to consumers.

The lawsuit highlights how banks may be responsible for representations that they make about the reliability, security, or services offered by third parties. Additionally, banks may be liable for failure to take timely action to address third partiesā€™ deficiencies or to resolve consumersā€™ issues with a third party that is recommended, used, or endorsed by the bank.

Ongoing monitoring of service providers and reviews of consumer complaints about service providers are therefore central to an effective third-party risk management program. The Compliance Alliance Vendor Management Toolkit is a great place to start when reviewing your vendor relationships and our Hotline staff is available to answer any additional questions you may have.

A Review of HELOC Freezes Under Regulation Z

Because Reg. Z only permits freezing a HELOC in limited circumstances and imposes specific obligations on institutions, itā€™s important to be familiar with the regulatory requirements.

As you probably know, a lender may freeze a HELOC in only a limited number of circumstances, which are for the most part listed inĀ Ā§ 1026.40(f)(3)(vi), with few exceptions. This portion of the regulation lists six circumstances, which are:

ā€œ(A)Ā The value of the dwelling that secures the plan declines significantly below the dwelling’s appraised value for purposes of the plan;

(B)Ā The creditor reasonably believes that the consumer will be unable to fulfill the repayment obligations under the plan because of a material change in the consumer’s financial circumstances;

(C)Ā The consumer is in default of any material obligation under the agreement;

(D)Ā The creditor is precluded by government action from imposing the annual percentage rate provided for in the agreement;

(E)Ā The priority of the creditor’s security interest is adversely affected by government action to the extent that the value of the security interest is less than 120 percent of the credit line; or

(F)Ā The creditor is notified by its regulatory agency that continued advances constitute an unsafe and unsound practice.ā€

While each circumstance has its own set of rules, we receive questions more frequently on two of these circumstances. The first involves the value of the dwelling declining significantly below its appraised value. While a ā€œsignificant declineā€ is generally determined on a case-to-case basis, the commentary provides one clear threshold for lenders to rely on: when the value of the dwelling declines so much that the initial difference between the credit limit and available equity is reduced by fifty percent, this is considered a ā€œsignificant decline.ā€

The second circumstance is when the lender reasonably believes the borrower will be unable to fulfill the repayment obligations because of a material change in financial status.Ā Ā This circumstance can be broken down into two parts:

  • First, there must be a material change in the financial circumstances of the borrower, such as a decrease in income.
  • Second, the lender must have a reasonable belief that the material change will prevent the borrower from meeting the repayment obligations. While the commentary does not specify what exactly must occur in order to rise to theĀ level of ā€œreasonable belief,ā€ it does specify that a lender does not need to rely on specific evidence, such as failure to pay other debts. Regardless, a lender would want to be sure to document what occurred that formed their belief.

Once a HELOC account is frozen, it is the responsibility of the lender to unfreeze it as soon as reasonably possible once the applicable circumstance no longer exists.Ā Ā A lender has two options in which it can meet this responsibility:

  • First, the lender can monitor the line on a continuing basis to determine whether the circumstance that permitted the freeze still exists. The commentary states that the monitoring frequency depends on the nature of the circumstance that permitted the freeze in first place. While this guidance makes clear that some freezes will require more frequent checks than others, as far as specific diligence requirements, it leaves much to interpretation. Because the regulation does not provide clear guidelines as to the required frequency, lenders may find the second alternative more desirable.
  • The second alternative allows for lenders to shift the duty to the consumer to request reinstatement of credit privileges. A lender can accomplish this by including a provision that the lender is requiring the consumer to request reinstatement of credit privileges in the original freeze notice.

As always, if you have any specific questions about HELOC freezes, feel free to contact us on the Compliance Hub Hotline.