CFPB Publishes Opinion on FDCPA and Convenience Fees
Most banks do not often find themselves subject to the Fair Debt Collection Practices Act (FDCPA). The FDCPA was a Congressional response, passed in 1977, to the abusive, deceptive, and unfair debt collection practices used by some debt collectors at that time. The FDCPA prohibits a debt collector from using unfair means to collect or attempt to collect any debt.
In order to be subject to the FDCPA, the bank must be acting as a debt collector, which according to the act is anyone who regularly collects or attempts to collect, directly or indirectly, debts owed to another party. The term also includes any creditor that uses any name other than its own to collect or attempt to collect such a debt. In those instances, it would appear to the debtor that a third-party debt collector is attempting to collect such debts, and the creditor would be treated as such. In other words, if ABC Bank collects debts on behalf of ABC Bank then they are not a debt collector, but if DEF Bank collects debts on behalf of ABC Bank then DEF Bank is a debt collector, and if ABC Bank sends out correspondence under the name of DEF Bank, then ABC Bank would be considered a debt collector.
In a recently published advisory opinion, the CFPB advised that the FDCPA prohibits debt collectors from collecting any amount, which includes interest, fees, charges, or incidental expenses unless that amount is expressly authorized by either: a) the agreement creating the debt or b) a law permitting its collection. The CFPB affirmed in the opinion that Section 808(1) of the FDCPA (12 CFR 1006.22) prohibits debt collectors from collecting convenience fees, such as fees for making a payment online or by phone (so called “pay-to-pay” fees), when those fees are not expressly authorized by either the agreement or law. This advisory opinion also clarifies that a debt collector may also violate section 808(1) if a debt collector collects pay-to-pay fees through a third-party payment processor, and the third-party payment processor collects a pay-to-pay fee from a consumer and remits to the debt collector any amount in connection with that fee.
Under the CFPB’s opinion, a fee is not permitted if both the agreement creating the debt and the law are silent. For example, as the CFPB’s interprets the FDCPA, any amounts (including pay-to-pay fees) that are not expressly authorized by an agreement or expressly authorized by law are not permitted under the FDCPA, even if such amounts are the subject of a separate, valid agreement under state contract law. Although some courts have interpreted this separate agreement scenario to permit debt collectors to collect certain pay-to-pay fees, the CFPB disagrees with these courts’ decisions.
Additionally, in light of the CFPB’s recent actions regarding “junk fees,” there’s no guarantee that fees authorized by an agreement or by state law might not still be seen by the CFPB as a UDAAP issue, in the sense that it might not be a violation of the FDCPA, but it could possibly be a UDAAP concern. The CFPB hasn’t been explicit about these pay-to-pay fees being on their radar, but this seems consistent with the CFPB’s recent stances on fees.
CFPB on FCRA Permissible Purposes
The CFPB recently published an advisory opinion regarding the circumstances under which a credit report may be issued or used pursuant to the Fair Credit Reporting Act (FCRA). Commonly referred to as “permissible purposes,” the CFPB holds the position that obtaining or using a credit report without a permissible purpose is strictly prohibited. This advisory opinion is dually aimed at both consumer reporting agencies that generate credit reports as well as institutions that use credit reports in connection with applications for credit, insurance or employment.
Congress enacted the FCRA in part to ensure that consumer reporting agencies respected consumers’ rights to privacy. The FCRA generally accomplishes this by limiting access to a consumer’s credit information, operating under a general principle that this information may not be provided to third parties unless an exception to the general principle applies. The list of permissible purposes in Section 604 of the FCRA function as exceptions and allow this sensitive credit information to be shared with third parties.
In the section applicable to consumer reporting agencies, the CFPB details the importance of properly identifying the consumer about whom information is requested. The example cited is the insufficiency of using a name-only match which has the tendency to generate information related to multiple consumers, not just the one on whom information was sought. This practice is prohibited by the FCRA because it involves providing the information of consumers for whom the requesting institution did not have a permissible purpose to obtain credit information. For example, if an institution is allowed to submit a request for “John Smith” only, without any other identifiers such as social security number, information belonging to other individuals with the same name will be captured by this same search, and any other John Smith whose information is disclosed to a third party would not be done under a permissible purpose, which would therefore be a violation of the Fair Credit Reporting Act. The takeaway for consumer reporting agencies is clear: improve your matching processes to avoid FCRA violations.
In the section applicable to users of credit reports, the CFPB states that credit reports are prohibited from being used without a permissible purpose. The confusion surrounding the duties of users of credit reports seems to stem from the fact that the FCRA initially did not contain a prohibition aimed at users of credit reports, and only in 1996 was the FCRA amended to include prohibitions on the use of credit reports without a permissible purpose. As might be imagined, pre-1996 court cases established judicial precedent related to the topic, which isn’t easily overcome. The advisory opinion suggests that although some courts still rely on this pre-1996 precedent to apply a “reasonableness” standard when it comes to permissible purpose and users of credit reports, that this interpretation by courts is incorrect and users of credit reports are required to have a permissible purpose. The takeaway is, then, this: to use a credit report without a permissible purpose would violate a consumer’s right to privacy and undermine one of the very purposes of the Fair Credit Reporting Act, so this should be avoided, and institutions should be certain of their permissible purpose in obtaining and using a consumer’s credit report for any purpose.
FinCEN Wants Help in Streamlining 314(a) Requests
The Financial Crimes Enforcement Network (FinCEN) recently published a notice and request for comments related to Section 314(a) requests. FinCEN is looking for comments related to these requests to understand the burden these represent for financial institutions and the processes used to comply with the BSA requirements related to 314(a) requests.
The Section 314(a) request was part of USA PATRIOT Act back in 2001 and was added to the BSA regulations the following year. The rules require financial institutions to search their records for information related to transactions with individuals, entities or organizations that law enforcement agencies have certified is suspected of engaging in terrorist activity or significant money laundering. Further, the requesting agency must certify that they have not been able to locate the information they are seeking through the 314(a) request through traditional methods of investigation.
These 314(a) requests require financial institutions, upon receipt of the request to search their records to determine whether the individual, entity or organization named in the 314(a) request currently maintains any accounts at the financial institution. Further, institutions are to search their records to determine whether those named in the 314(a) request maintained an account at the financial institution within the past 12 months. Additionally, financial institutions are to search their records for any transactions conducted by or on behalf of one of those named in a 314(a) request. Finally, institutions are to search their records to determine if any funds were transmitted in which the named subject of the 314(a) request was either the sender or receiver during the previous six months. The regulations require that institutions that identify accounts or transactions in response to the 314(a) request to report the match to FinCEN in the time frame specified on the request, and that institutions designate one person to be the point of contact for the institution for Section 314(a) requests.
FinCEN is seeking comment on the hourly burden and costs associated with complying with 314(a) request, in particular the estimated amount of time spent per subject and the levels of employees engaged in responding to these requests. FinCEN estimates that searches average about 4 minutes per subject with an average cost of about $95 per hour, and they’re also seeking feedback about the validity of their estimates.
FinCEN is additionally seeking comment on which employees participate in the 314(a) searches, and the involvement of senior management with the searches or reviewing of results. FinCEN would also like to know the extent that institutions can rely on existing software to conduct its 314(a) searches and what types of records the institution maintains to document that a search has been conducted.
Further, FinCEN is interested in the procedures institutions use when a match to a 314(a) request, including the determination of it being an actual match or a false positive. How often does the institution generate a positive match that requires additional research for confirmation? How often does the institution identify matches that ultimately result in a false positive?
This FinCEN notice has a comment period that is open until Friday September 9, 2022.
In the UCC, is Midnight the Deadline, or Do You Have Other Options?
Your customer calls to let you know that an unauthorized check has cleared their account. It’s a regrettable but a common occurrence in the world of banking. Whenever you get word that an unauthorized check was presented to your bank, your first thought may be to return the check to the bank where it was initially deposited.
What you will quickly find out, though, is that your window to return checks is limited by the “midnight deadline,” which requires checks presented for payment be returned by midnight on the banking day after the banking day on which the check is presented (UCC 4-301). In other words, if the check is presented on a non-holiday Monday, the bank must decide to pay or return the check by midnight on Tuesday, the following banking day. Most unauthorized checks caught by your customers will not be reported quickly enough for the bank to make a return before the midnight deadline. It is unfortunate, but it is a daily reality. So, what happens if you miss the midnight deadline? The rest of the article is dedicated to answering this question.
Does the customer take the loss? Does your bank take the loss? Is there a way that the bank which first took the deposit can take the loss? It depends on the facts of the situation, but there are ways in which any of those three questions above could be answered with a “yes.” Who takes the loss will depend on several factors, the first of which involves the customer and your account agreement.
In your account agreement you give your customer a certain amount of time to discover errors on their statement and report those errors to you (UCC 4-406). This amount of time varies from account agreement to account agreement, so there’s no fixed amount of time, and it’s largely dependent on bank policy. Once you determine what that amount of time is, the question is, did the customer report this unauthorized check within the time you give them to report errors? If the answer to this question is no, then the inquiry is generally concluded with the customer bearing the loss.
However, if the customer exercises reasonable promptness and reports the error to you within the time frame you give them in their account agreement, then the facts will determine whether your bank takes the loss, or whether you can make a claim that the bank of first deposit should take the loss. The mechanism by which you would make this assertion against the other bank would be to claim that they breached their warranty to you. Which may make you ask, “how does the other bank provide a warranty to my bank?”
As part of the UCC, when a check is presented to the bank on which the check is drawn (paying bank), the bank presenting the check provides a “presentment warranty” to the paying bank. The presentment warranty is a guarantee that 1) the bank presenting the check is entitled to obtain payment, 2) the check has not been altered, and 3) to the knowledge of the bank presenting the check, your customer’s signature is genuine (UCC 4-208). The genuineness of your customer’s signature may present a problem for you under the presentment warranty, but we’ll come back to that in a bit.
The most common scenario for unauthorized checks is an altered check (UCC 3-407), on which information was either changed (such as the name of the payee) or was added without authorization (such as filling in the amount when one is not listed). If the bank of first deposit presents you with an altered check, they have breached their presentment warranty and it is generally your right to make a claim against that bank. There are narrow exceptions, but in general, the depositary bank should take the loss, not yours.
Back to your customer’s signature. The presentment warranty doesn’t cover your customer’s (the maker’s) signature because although the bank of first deposit is in a better position than your bank to identify altered information, they wouldn’t have any idea what your customer’s signature looks like. So, although they warranty that to the best of their knowledge the signature is genuine, if it turns out not to be, your bank (the payor bank) bears the loss. The principle of your bank taking the loss for a problem with your customer’s signature is so old it predates the United States itself and comes from a 1762 decision from the Court of the King’s Bench (Price v. Neal, if you’re interested).
For one final thought, it is generally the case that for a check to be considered “altered” it must be a genuine check. For the bank of first deposit to be guilty of breaching a presentment warranty, the altered item must first be a real check. A loss stemming from the payment of a check that is counterfeit and not a real check will be borne by your bank, the paying bank. I say this is “generally” the case because the matter has been litigated all over the U.S. in state courts, with courts overwhelmingly holding that counterfeit checks are not subject to presentment warranty claims.
A few caveats: 1) the UCC is state law, so although it is “uniform” there are slight variances from state to state, so check your state law before acting; 2) because state law is involved, state courts are also involved, and state courts make interpretations that only apply to that state, so it’s best to check with counsel about any relevant court decisions before acting; and 3) this is a discussion of rights under the UCC, however your bank may be party to clearinghouse rules (such as ECCHO) which might give you different rights and different time frames as a matter of contract, if the bank of first deposit is a party to those same rules, so you’ll want to confirm your bank’s third-party agreements which could give you alternate rights against certain institutions.