In its Spring 2014 Supervisory Highlights report issued yesterday, the CFPB highlighted deficiencies and violations it found during examinations of consumer reporting agencies (CRAs), debt collectors and payday lenders. The CFPB has authority to examine entities that qualify as “larger participants” under the final rules it adopted to supervise participants in the debt collection and consumer reporting markets and to examine payday lenders regardless of their size.
The report covers supervision work completed by the CFPB between November 2013 and February 2014. In the report, the CFPB stated that in 2013, it conducted over 100 supervisory activities such as full scope reviews and subsequent follow-up examinations and plans to conduct about 150 of such activities in 2014. It also noted that its “recent supervisory activities” (which included examinations of banks and non-bank entities) have resulted in more than $70 million in remediation to approximately 775,000 consumers. According to the report, these non-public actions have occurred in areas such as deposits, consumer reporting, credit cards, mortgage origination, and mortgage servicing.
The report also includes a discussion of the fair lending risks that arise when a lender makes exceptions to its credit standards, noting that CFPB examiners had observed instances “in which financial institutions lack adequate policies and procedures for managing [such risks].” In the report, the CFPB discussed the relevant fair lending elements of a “strong” compliance management system (CMS) and commented that its recommendations “will assist lenders in mitigating fair lending risk when making exceptions to credit standards while also furthering the purposes of Regulation B in promoting the availability of credit.”
Among those fair lending elements are policies and procedures that require documentation of credit standards exceptions, which the CFPB highlights in its discussion. The CFPB stated that such documentation should be appropriate to the specific exception and, at a minimum, sufficient to effectively monitor compliance with the exception policies. The documentation should also be sufficient to explain and provide details regarding the basis for granting any exception.
As to all three markets highlighted in the report (credit reporting, debt collection and payday lending), the CFPB found weaknesses in the CMSs of the nonbank entities it examined. Such weaknesses included lack of oversight by management of an entity’s CMS, ineffective oversight of third-party providers, failure to adopt appropriate written policies and procedures and/or establish a mechanism for regular reviews and updates, inadequate monitoring and tracking of complaints, and lack of effective compliance audit programs.
The specific deficiencies and violations that the CFPB found in the three markets included the following:
Consumer Reporting. CFPB examiners found that “one or more” CRAs were not forwarding to furnishers of disputed information all relevant documents submitted by consumers as required by Section 611 of the Fair Credit Reporting Act. It also found that “one or more CRAs” had refused to accept disputes filed online or by telephone unless the consumer used an identification number that the CRA had assigned to a consumer report or file disclosure it had provided to the consumer. While this practice did not apply to disputes sent by mail, the CRAs were not informing consumers of that option. According to the CFPB, because this practice suggested to consumers that they had to obtain a current report (often for a fee) to file a dispute, it was not consistent with Section 611 which requires a CRA to investigate disputes free of charge. The CFPB directed the relevant entities to eliminate this practice.
- In addition to the general CMS issue noted above, the CFPB noted the failure of “a creditor that relied on a network of debt buyers to collect its debts” to adequately assess the debt buyers’ compliance with Federal consumer financial law. According to the CFPB, although the creditor “ostensibly [regularly] reviewed” debt buyers for compliance, it did not have “specific policies and procedures to guide the assessment process” and the creditor documented its review “in a cursory manner, and often failed to retain the review results.”
- The CFPB noted an instance in which a creditor had sold an account after issuing an IRS form to the consumer indicating that the debt had been cancelled and the consumer was no longer liable. Upon a subsequent review of its files, the creditor found “dozens of other instances where, because of a flaw in its record retention policy, it had sold cancelled debts.” The creditor agreed to modify its procedures going forward and was required to identify any consumers harmed by the sale of cancelled debts and remediate such harm.
- In “several examinations,” the CFPB found that “supervised entities,” presumably debt collectors, were not obtaining the written authorization required by Regulation E when setting up payment plans for consumers providing for electronic payments.
- Upon reviewing collection lawsuits initiated by a debt collector, the CFPB found that, in 70% of the cases where the consumer filed an answer, the entity would dismiss the lawsuit because it could not locate supporting documentation. The CFPB found that this practice violated the Fair Debt Collection Practices Act (FDCPA) because, having made an express or implied representation to a consumer that it intended to establish that the consumer owed a debt in the amount claimed in the lawsuit, the entity misled the consumer because it had no intention of proving its claim.
- The CFPB found in one review that a debt collector that furnished information to CRAs failed to investigate disputes regarding that information and instead only directed the CRAs to delete the information. The CFPB directed the collector, going forward, to investigate such disputes.
- The CFPB noted that debt collection is an “important focus” of its examination of payday lenders, with lender collection activities reviewed for UDAAP compliance and third-party collection activities reviewed for FDCPA and UDAAP compliance. The CFPB cited “multiple” lenders for UDAAP violations for their policies of: repeatedly making calls to third parties after making contact with the debtor, improperly disclosing personal debt information to third parties, continuing to call borrowers after receiving verbal or written do-not-call requests, and making false threats and claims during collection calls.
- The CFPB suggested it has difficulty with loan applications that suggest any contact information provided will only be used for character or credit references when such contacts are sometimes called to locate a borrower who has defaulted.
- The CFPB cited payday lenders for engaging in an unfair practice by making workplace visits to collect debts.
- The CFPB found various FDCPA violations by third-party debt collectors hired by payday lenders. Stressing the obligation of payday lenders to oversee their relationships with third-party debt collectors to ensure compliance with Federal consumer financial law, the CFPB stated that how payday lenders conduct such oversight “will remain a focus for CFPB examiners.”
- The CFPB indicated that at “one or more” payday lenders, it cited the lender for engaging in a deceptive practice by threatening to initiate ACH transactions that were contrary to the terms of the borrower’s loan agreement and that the lender did not intend to initiate.
We find troubling the CFPB’s imprecision as to the number of entities at which it found the various deficiencies and violations discussed. By using imprecise terms such as “multiple” or “one or more” entities instead of providing numbers, the CFPB obscures the magnitude or pervasiveness of the purported problems and detracts from the transparency it has promised.