CFPB Roundup

By Matt Walker
(Published in the Fall 2023 issue of The Bankers' Statement)

The Consumer Financial Protection Bureau (CFPB) has been active in recent months, publishing regulatory guidance and other pronouncements on a wide-range of topics. It’s been so prolific, in fact, that it is understandable if a few of these initiatives may have slipped under the radar. With that in mind, the following is an overview of some recent CFPB releases that received less publicity during the first half of the year, when other industry issues grabbed the headlines.

Reopening Deposit Accounts

In a circular published in May of 2023, the CFPB concludes that that the unilateral reopening of a consumer deposit account by a financial institution can constitute an unfair act or practice under the Consumer Financial Protection Act (CFPA). According to the circular, there have been examples of financial institutions unilaterally reopening deposit accounts after they have been closed by consumers in order to process a debit or deposit. When a closed account is reopened to process a debit, it can lead an institution to charge the account overdraft fees, NSF fees, and potentially maintenance fees. On the other hand, the processing of a deposit through a closed account could result in a consumer’s funds becoming available to third party creditors, unbeknownst to the consumer.

In reaching this conclusion, the CFPB analyzed the issue using its unfair, deceptive or abusive acts and practices (UDAAP) authority, finding the practice may impose a substantial injury on consumers that cannot be reasonably avoided and that is not outweighed by countervailing benefits to consumers or competition. Under these circumstances, the “substantial injury” consists of the penalty fees and third-party access to funds that may result from a reopened account, as well as the resulting negative credit reporting information should the fees not be timely repaid. Per the CFPB, this injury cannot be reasonably avoided because a consumer cannot control or anticipate the timing of a bank’s account closure process, nor can they control or anticipate the timing of a third party’s attempt to deposit to or debit from a closed account. According to the circular, the nature of deposit agreements can also make the injury unavoidable in that such agreements are often silent as to a bank’s authority to reopen an account or contain non-negotiable provisions regarding the practice. The analysis concludes by asserting that the reopening of a closed account is not outweighed by benefits to the competitive landscape, as banks can choose to decline transactions received after an account is closed in order to minimize costs. From the consumer’s perspective, any potential benefits of a deposit posting to a reopened account are outweighed by the fees and other potential harms noted above.

Financial institutions should review their practices surrounding consumer account closings and reopenings in light of this circular. The CFPB notes it has brought an enforcement action based on a financial institution’s practice of reopening previously closed deposit accounts without prior authorization by the consumer or timely notice, and it requests other “government enforcers” be observant of the practice and consider similar enforcement actions.

Use of Chatbots in Consumer Finance

The CFPB recently published a research report outlining the use of chatbot technology by financial institutions and how it affects the customer service experience. While the research report does carry the same regulatory weight as formal guidance or administrative rulemaking, it does provide some clues about the CFPB’s position on the use of chatbot technology in the context of customer service.

According to the report, banks, especially larger institutions, are increasingly utilizing chatbots to interact with customers to the extent that in 2022, 37% of the U.S. population engaged with one. Many banks use the technology of third-party service providers, but some have developed their own platforms. While banks have generally realized a cost benefit from the shift away from staffed call centers, the CFPB notes it has seen an uptick in complaints from consumers describing the challenges they have experienced when engaging with chatbots. Based on these consumer complaints, the report outlines the CFPB’s “areas of interest” as they pertain to financial institutions’ use of chatbots.

These areas of interest are centered on the fact that the technology behind chatbots varies widely in its sophistication and ability to satisfactorily assist consumers. Importantly, such technological limitations may a result a system being unable to recognize when a consumer dispute is being raised which, in turn, inhibits the ability to provide an adequate resolution. The report points out that this could be especially true for consumers with a limited English proficiency. The report also conveys concerns about the overall reliability, accuracy, and timeliness of the information chatbots are providing in response to consumer questions and concerns. Such unreliability can be of critical importance when a consumer is seeking feedback and advice on consequential financial questions and can lead to legal risks for the institution.

According to the report, the use of chatbot technology can also result in an increase in the overall frustration level for consumers, and frustration in their ability to access live customer service support. Further, system requirements may hinder some consumers’ ability to access a chatbot service and a chatbot system itself can be subject to system crashes and other factors limiting its accessibility. Finally, the report identifies potential data privacy concerns and the possible misuse of chatbots for perpetrating phishing attacks or similar scams by bad actors.

Banks and other financial institutions utilizing chatbots for customer service functions should take note of the concerns detailed in the CFPB’s research report, as they could be a precursor of supervisory or enforcement priorities to come or the subject of future rulemaking. Particular attention should be paid to the report’s concerns about chatbot technology being unable to properly recognize the existence of a consumer’s dispute. This failure can create legal risks for an institution, for example, under Regulation E, when the timing of when a dispute is made, and the institution’s response, are of critical importance.

Supervisory Highlights

This summer, the CFPB released the latest issue of its biannual Supervisory Highlights, a publication which describes findings of unfair, deceptive, or abusive acts or practices (UDAAPs) made by the CFPB’s supervision program across a variety of product lines. The findings are anonymized and describe the acts or practices in question, why the CFPB has determined them to be UDAAPs, and how the supervised entities responded. There’s value in reviewing these findings, as they can provide insight into the CFPB’s supervisory priorities and highlight acts or practices which may not have previously garnered regulatory attention. The following findings are summarized from the most recent Supervisory Highlights issue and describe those that may be of particular interest to the banking industry.

Auto servicing

• The CFPB found that some auto dealers fraudulently included vehicle options in the documentation provided to institutions purchasing retail installment contracts, artificially inflating the value of the collateral. CFPB examiners found that servicers that collected and retained interest paid on improperly inflated loan amounts engaged in an unfair and abusive act or practice.
• CFPB examiners found that certain auto loan servicers engaged in unfair acts or practices by suspending recurring ACH payments before a consumer’s final payment without sufficient notification that the final payment must be manually made.
• When a financing contract allows a servicer to use vehicles to cross-collateralize other debts, and the servicer requires a borrower to pay those other debts to redeem their repossessed vehicles, the CFPB found this to be an unfair and abusive act or practice.

Consumer reporting

• Furnishers of consumer credit information were found to be violating Regulation V (Fair Credit Reporting Act) by failing to periodically review and update their policies and procedures concerning the accuracy and integrity of furnished information. The example cited in the publication occurred when a furnisher updated its consumer dispute software but failed to update the corresponding policies and procedures.
• The CFPB also found examples of furnishers failing to conduct a reasonable investigation of direct consumer disputes, which is a violation of Regulation V. The finding stemmed from instances where furnishers directed consumer disputes to addresses that differed from those provided to the consumer reporting companies. Regulation V requires furnishers to investigate direct disputes received at a qualifying address.
• Furnishers were also found to have violated Regulation V by not providing consumers notice of frivolous or irrelevant disputes, such as those duplicative of a prior dispute. Furnishers have a duty under Regulation V to investigate disputes and send consumers notice of the determination and an explanation of the additional information needed to investigate the dispute.

Deposits

• For institutions offering an overdraft line of credit, the CFPB found it was an unfair act or practice to assess both an NSF fee and a line of credit transfer fee on the same transaction. Examiners found examples where a consumer’s line of credit was not sufficient to cover a transaction and a NSF fee was assessed. The issue arose when there were also insufficient funds in the consumer’s checking account to cover the NSF fee, which triggered the line of credit and an additional accompanying fee.

Fair lending

• The CFPB also found instances in which the granting of pricing exceptions by mortgage lenders to e.g. match a competitor’s offer, resulted in violations of the Equal Credit Opportunity Act and Regulation B. The findings note ineffective policies and procedures around pricing exceptions, weaknesses in training programs, and insufficient management and board oversight.
• Findings of discriminatory lending were also made when a lender’s underwriting determinations involved an applicant’s criminal history or income derived from public assistance. The CFPB found inconsistent policies and procedures around the underwriting of an applicant’s criminal record, such that it creates a heightened risk for violations of ECOA and Regulation B. Regarding public assistance, examiners found examples of policies and procedures which may violate the ECOA and Regulation B prohibition against credit discrimination based on all or any part of an applicant’s income being derived from a public assistance program.

Information technology

• CFPB examiners also found some institutions engaged in unfair acts or practices by failing to implement adequate IT security controls, such as sufficient password management policies, that could have prevent or mitigated cyberattacks. The publication cites the steps taken in response to the findings, including the implementation of multi-factor authentication, enhanced password management practices, and adequate controls for failed log-in attempts.

Mortgage origination

• It was found that institutions with compensation plans providing mortgage loan originators with different levels of compensation for brokered-out loans as compared to in-house loans, were in violation of Regulation Z. Having MLO compensation vary based on loan product type violates Regulation Z’s general prohibition against basing compensation on the terms of a transaction.
• Additional Reg Z violations were found in the context of the regulation’s requirement that loan disclosures must reflect the terms of the legal obligations between the parties. Specifically, it was found that an institution’s adjustable-rate promissory note provided for the rounding up or down of an interest rate component, but their loan origination system was not programmed to round.