Déjà Vu All Over Again: The CFPB Identifies Foreseeable Compliance Concerns

The Consumer Financial Protection Bureau released its Winter Supervisory Highlights in December 2024, focusing on deposits, data furnishing, and small-dollar lending. Because the Payday Lending rule only recently became effective, the small-dollar lending section addressed Buy Now Pay Later (BPNL) products for the first time. In other respects, however, the Highlights discusses issues that have been raised in prior guidance, namely fees on deposit accounts and credit reporting.

Overdraft and Re-Presentment Fees.
The CFPB reiterated regulator concerns over Authorize Positive Settle Negative (ASPN) transactions and re-presentment fees, which have previously been identified as a UDAAP concern.

Regarding overdraft fees, the CFPB focused on core processors and identified UDAAP concerns where core processors designed systems to assess re-presentment and ASPN overdraft fees by default. In these examples, the Bureau determined that although the core processor did not impose the fee and the bank had the ability to prevent the fee, the default setting made the imposition of the fee foreseeable and therefore presented UDAAP concerns about the core processor’s practices.

On the topic of re-presentments, the Bureau found that some originating depository financial institutions (ODFIs) failed to review indicators that their clients were processing re-presentments as initial payments. Failure to flag likely re-presentments would circumvent ACH network limits on re-presentments and result in harm to consumers whose accounts were consequently subject to additional presentments for the same item. The Bureau concluded that this may constitute a UDAAP even though the ODFI does not assess the fee on the consumer, because the fee is a foreseeable consequence of the ODFI’s failure to adequately screen presentments.

The report also reviewed stop payment orders on preauthorized debit card transactions, finding that many debit card network operators do not offer a stop payment service that meets the requirements of Regulation E or that such services were not widely used where available. Again, although the debit card network operators offered the stop payment service, it was foreseeable that the low use rate for the service would result in the processing of payments that were subject to a valid stop payment request.

Data Furnishing.
The report details a variety of concerns related to the furnishing of consumer data to credit bureaus. The Bureau stated that some furnishers failed to establish or follow procedures to respond to identity theft block request notifications from the credit bureaus, which resulted in those furnishers continuing to report information that should have been blocked.

The Bureau also identified deficiencies in the handling of credit reporting disputes and inaccuracies. Particularly focusing debt collectors, the report states that an investigation of a dispute by a third party may require the third party to review records belonging to the institution. Risk management of third parties, including debt collectors, should consider whether the third party’s procedures include a process for determining whether the third party has sufficient records to complete the required investigation and then also obtaining from the bank any records that may be necessary for the investigation. Additionally, banks and their third parties should not respond to a dispute by deleting a tradeline without investigation, as this does not meet the FCRA requirement to complete an investigation.

In addition to concerns about investigations of disputes, the report reviews other basic procedural requirements, such as identifying frivolous and duplicative disputes, replacing dispute codes after resolution, quality assurance processes to ensure the accuracy of reported information, and timely correction of inaccuracies identified through disputes or other processes. Banks may therefore want to make sure they are able to identify and demonstrate compliance with the procedures they have established to ensure compliance with these requirements.

Compliance Alliance’s UDAAP and FCRA Toolkits are a great place to start when reviewing your practices in these areas. As always, our hotline staff is also available to answer any questions you have about these or other regulatory requirements.