In This Issue:

For the latest updates on the Coronavirus pandemic visit the Ballard Spahr Coronavirus Resource Center

 

PLI 25th Annual Consumer Financial Services Institute – 25% Discount Available

PLI’s 25th Annual Consumer Financial Services Institute will take place on December 7-8, 2020 by live webcast.

The Institute is considered the country’s premier consumer financial services CLE program and this year’s Institute will once again explore in detail important developments in consumer financial services regulation and litigation. I am again co-chairing the event, as I have for the past 24 years.

While the leadership and priorities of the Consumer Financial Protection Bureau, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, and Federal Trade Commission have changed under the Trump Administration, these agencies have remained active in enforcing consumer financial services laws. In addition, state regulators and attorneys general have increased their enforcement activity to fill any void created by a decline in activity at the federal level. The volume of private litigation, particularly under the Telephone Consumer Protection Act, the Fair Debt Collection Practices Act, and the Fair Credit Reporting Act, also remains high. At the same time, the improved economy prior to COVID-19, the deregulatory environment at the federal level, and the increase in technological innovation has resulted in new entrants into the consumer financial services industry and the offering of new products by existing industry players.

Former CFPB Director Richard Cordray will deliver a keynote address. The morning session on the first day will feature two consecutive panel discussions titled “Federal Regulators Speak,” that will be divided into two segments and focus on federal regulatory, enforcement, and supervisory developments. I will co-moderate both. The first panel will feature a discussion among CFPB and FTC representatives. The second panel will feature OCC and FDIC representatives.

My partner Chris Willis, Practice Leader of our firm’s Consumer Financial Services Litigation Group, will participate as a panel member on an afternoon panel each day. The first, titled “The Rapidly Evolving Landscape for FinTech,” will examine the legal issues facing users of aggregated data and data providers, the use of artificial intelligence (AI), alternative data, and Blockchain, and the legal challenges facing marketplace lenders (including Madden and “true lender”). The other panel is titled “Fair Credit Reporting Act/Debt Collection Issues,” and will include a discussion of the CFPB’s final debt collection rule, FCRA litigation trends, and FCRA legislative activity.

The Institute will also focus on a variety of other cutting-edge issues and developments, including:

  • State regulatory and enforcement developments
  • Data security and privacy issues
  • TCPA developments
  • Class actions and UDAP litigation developments
  • Consumer advocates’ perspectives on current regulatory and litigation issues

In addition, attendees can receive up to one full hour of Ethics credit exploring ethical issues unique to the consumer space and satisfy their Diversity & Inclusion/Elimination of Bias credit requirements.

We hope you can join us for this informative and valuable program. PLI has made a special 25 percent discounted registration fee available to those who register using the link that follows. To register and view a complete description of PLI’s 25th Annual Consumer Financial Services Institute, click here.

For more information and/or assistance with registration, contact PLI Customer Service at 800.260.4PLI.

- Alan S. Kaplinsky

Back to Top   


HUD Proposes Rule to Permit Use of Private Flood Insurance Policies With FHA Loans

On November 9, 2020, the Federal Trade Commission (FTC) announced in a press release that it had reached a settlement with Zoom Video Communications, Inc. (Zoom) to resolve allegations that Zoom had engaged in unfair and deceptive acts with regard to its video conferencing services. Financial institutions and other companies that allowed remote workers to utilize this platform should carefully assess what impact this consent order may have and what changes may need to be made to protect virtual business meetings going forward.

The FTC alleged in its complaint that:

  • Zoom deceptively marketed its services as offering “end-to-end, 256-bit encryption”, when in fact it provided a lower level of security. The FTC claimed that Zoom’s misleading claims gave users a false sense of security when discussing sensitive topics such as financial information.
  • Zoom deceived some users who wanted to store recorded meetings on the company’s cloud storage by falsely claiming that those meetings were encrypted immediately after the meeting ended. Instead, some recordings allegedly were stored unencrypted for up to 60 days on Zoom’s servers before being transferred to its secure cloud storage.
  • Zoom engaged in unfair practices when it allegedly installed software that allowed Zoom to automatically launch and join a user to a meeting by bypassing an Apple Safari browser safeguard that protected users from a common type of malware. The software is alleged to have remained on users’ computers even after they deleted the Zoom app, and would automatically reinstall the Zoom app—without any user action—in certain circumstances without adequate notice or user consent.

Under the terms of the consent order, Zoom has agreed to do the following for the next twenty years:

  • establish and implement a comprehensive security program;
  • assess and document on an annual basis any potential internal and external security risks and develop ways to safeguard against such risks;
  • implement a vulnerability management program;
  • deploy safeguards such as multi-factor authentication to protect against unauthorized access to its network, institute data deletion controls, and take steps to prevent the use of known compromised user credentials;
  • review any software updates for security flaws and must ensure the updates will not hamper third-party security features;
  • implement regular security training for all employees, including specialized training for developers and engineers;
  • not to make misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information, its security features, and the extent to which users can control the privacy or security of their personal information;
  • obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve; and
  • notify the FTC if Zoom experiences a data breach.

In a blog post about the settlement, the FTC felt it was necessary to justify the need for an enforcement action by noting that, “Even though Zoom has discontinued most of the practices challenged in the complaint, the most effective means for future compliance is a comprehensive security make-over assessed by a qualified third party, monitored by the FTC, and enforceable in court.”

Perhaps foreshadowing what future FTC enforcement actions may look like under a Biden Administration, both of the Democratic FTC Commissioners submitted dissenting statements calling for stronger actions to be taken against Zoom. In his dissenting statement, Commissioner Rohit Chopra criticized the consent order for failing to provide any remediation for Zoom users or payment of any civil penalties by Zoom. In her dissenting statement, Commissioner Rebecca Kelly Slaughter also criticized the consent order for failing to require Zoom to take any corrective action to mitigate the harm to customers. In addition, she asserted that the consent order should have gone beyond security allegations and also addressed privacy, such as by requiring Zoom to engage in a review of the risks to consumer privacy presented by its products and services, to implement procedures to routinely review such risks, and to build in privacy-risk mitigation before implementing any new or modified product, service, or practice.

For more insights on the consent order’s implications, please listen to our upcoming Business Better podcast on this topic which will be available here.

- Kim Phan

Back to Top


FTC-Zoom Consent Order: Implications for Remote Workforces

On November 9, 2020, the Federal Trade Commission (FTC) announced in a press release that it had reached a settlement with Zoom Video Communications, Inc. (Zoom) to resolve allegations that Zoom had engaged in unfair and deceptive acts with regard to its video conferencing services. Financial institutions and other companies that allowed remote workers to utilize this platform should carefully assess what impact this consent order may have and what changes may need to be made to protect virtual business meetings going forward.

The FTC alleged in its complaint that:

  • Zoom deceptively marketed its services as offering “end-to-end, 256-bit encryption”, when in fact it provided a lower level of security. The FTC claimed that Zoom’s misleading claims gave users a false sense of security when discussing sensitive topics such as financial information.
  • Zoom deceived some users who wanted to store recorded meetings on the company’s cloud storage by falsely claiming that those meetings were encrypted immediately after the meeting ended. Instead, some recordings allegedly were stored unencrypted for up to 60 days on Zoom’s servers before being transferred to its secure cloud storage.
  • Zoom engaged in unfair practices when it allegedly installed software that allowed Zoom to automatically launch and join a user to a meeting by bypassing an Apple Safari browser safeguard that protected users from a common type of malware. The software is alleged to have remained on users’ computers even after they deleted the Zoom app, and would automatically reinstall the Zoom app—without any user action—in certain circumstances without adequate notice or user consent.

Under the terms of the consent order, Zoom has agreed to do the following for the next twenty years:

  • establish and implement a comprehensive security program;
  • assess and document on an annual basis any potential internal and external security risks and develop ways to safeguard against such risks;
  • implement a vulnerability management program;
  • deploy safeguards such as multi-factor authentication to protect against unauthorized access to its network, institute data deletion controls, and take steps to prevent the use of known compromised user credentials;
  • review any software updates for security flaws and must ensure the updates will not hamper third-party security features;
  • implement regular security training for all employees, including specialized training for developers and engineers;
  • not to make misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information, its security features, and the extent to which users can control the privacy or security of their personal information;
  • obtain biennial assessments of its security program by an independent third party, which the FTC has authority to approve; and
  • notify the FTC if Zoom experiences a data breach.

In a blog post about the settlement, the FTC felt it was necessary to justify the need for an enforcement action by noting that, “Even though Zoom has discontinued most of the practices challenged in the complaint, the most effective means for future compliance is a comprehensive security make-over assessed by a qualified third party, monitored by the FTC, and enforceable in court.”

Perhaps foreshadowing what future FTC enforcement actions may look like under a Biden Administration, both of the Democratic FTC Commissioners submitted dissenting statements calling for stronger actions to be taken against Zoom. In his dissenting statement, Commissioner Rohit Chopra criticized the consent order for failing to provide any remediation for Zoom users or payment of any civil penalties by Zoom. In her dissenting statement, Commissioner Rebecca Kelly Slaughter also criticized the consent order for failing to require Zoom to take any corrective action to mitigate the harm to customers. In addition, she asserted that the consent order should have gone beyond security allegations and also addressed privacy, such as by requiring Zoom to engage in a review of the risks to consumer privacy presented by its products and services, to implement procedures to routinely review such risks, and to build in privacy-risk mitigation before implementing any new or modified product, service, or practice.

For more insights on the consent order’s implications, please listen to our upcoming Business Better podcast on this topic which will be available here.

- Kim Phan

Back to Top


The CFPB’s Final Collections Rule: Mortgage Servicing Provisions and Impacts

The CFPB’s debt collection final rule will significantly impact the operations of mortgage servicers. Not surprisingly, the CFPB declined to generally exempt mortgage servicers from the definition of a “debt collector” under the federal Fair Debt Collection Practices Act (“FDCPA”). Accordingly, there are a number of important provisions in the final rule that must be addressed by the mortgage servicing industry.

As we will discuss in our upcoming webinar, a number of the final rule’s requirements also represent important developments for mortgage servicers. For example, the final rule includes call frequency limitations and limited content messages, restrictions on communications at an inconvenient time or place, and provisions regarding electronic communications, email and text messages, and credit reporting, all of which will impact the operations of mortgage servicers.

The final rule also includes certain provisions that specifically apply to mortgage servicers, which we detail below.

“Consumers” under Section 1006.6 include a confirmed successor in interest

Certain provisions of the proposed rule attempted to harmonize the FDCPA with certain of the CFPB’s mortgage servicing rules and related guidance. This effort is reflected in the final rule.

The final rule defines a “consumer,” for purposes of Section 1006.6 (the general collection communication section which is analogous to Section 805 of the FDCPA) to include a “confirmed successor in interest” (CSII), as that term is defined under the CFPB’s mortgage servicing rules (Regulation X, 12 CFR 1024.31, or Regulation Z, 12 CFR 1026.2(a)(27)(ii)). A CSII is therefore deemed a “consumer” for purposes of opt-out notices for electronic communications and the restrictions on: (1) communications at unusual or inconvenient times or places; (2) communications with consumers represented by an attorney; (3) communications at a consumer’s place of employment; (4) communications with a consumer after a refusal to pay or cease communication notice; and (5) communications with third parties, including the procedures for email and text communications.

Communications after a refusal to pay or cease communication request

As does the FDCPA statutory language, the final rule, in Section 1006.6(c)(1), includes certain exceptions from the general prohibition on communicating with a consumer after a refusal to pay or cease communication request. The Official Commentary to the final rule clarifies that, in accordance with a previous CFPB Interpretive Rule and Bulletin, a mortgage servicer does not violate the FDCPA, despite a cease communication request, by complying with the CFPB’s mortgage servicing requirements for written early intervention notices (12 C.F.R. 1024.39(d)(3)), force-placed insurance notices (12 C.F.R. 1024.37), adjustable-rate loan initial adjustment notices (12 C.F.R. 1026.20(d)), and periodic statements (12 C.F.R. 1026.41).

Mortgage-specific content for debt validation notices–on hold

The proposed debt collection rule included optional, alternate content, to be used in a debt validation notice for loans subject to the mortgage periodic statement requirement in 12 C.F.R. 1026.41. However, the CFPB reserved addressing the debt validation notice provisions for a forthcoming rule to be released in December 2020.

- Reid F. Herlihy

Back to Top


The CFPB’s Final Collections Rule: Meaningful Attorney Involvement Safe Harbor Removed; Debt Sale Restrictions Modified

Our blog post series has detailed a number of ways in which the CFPB’s final debt collection rule departs from last year’s NPRM. There are two additional topics approached very differently in the final rule: (1) the proposed “meaningful attorney involvement” safe harbor; and (2) restrictions on certain types of debt sales or placements. In the final rule, the former was dropped entirely, and the latter was significantly revised.

Meaningful Attorney Involvement

In the final rule, the CFPB declined to finalize the proposed safe harbor for meaningful attorney involvement. Indeed, the final rule contains no provisions at all related to this subject.

The issue of meaningful attorney involvement has been a key dimension in the CFPB’s enforcement actions brought against debt collection law firms. For example, two Bureau consent orders have previously detailed highly specific requirements for the documents that must be in the law firm’s possession, the documents the attorneys must review, and the legal issues debt collection attorneys must consider before sending a case to the courthouse to be filed. In a CFPB enforcement action that went to trial and resulted in a judgment for the collections law firm, one of the central allegations was a lack of meaningful attorney involvement in the preparation of the firm’s pre-suit collection letters. Another case centering on meaningful attorney involvement, brought by the CFPB in 2019, is currently stayed pending the outcome of the Supreme Court’s ruling in Collins v. Mnuchin (relating to the constitutionality of the Federal Housing Finance Agency’s structure).

Actions such as these led to the CFPB proposal of a “safe harbor” for debt collection law firms in the NPRM. Cribbing heavily from Rule 11 of the Federal Rules of Civil Procedure, the proposed safe harbor appeared to take a somewhat more relaxed approach to what is required for “meaningful attorney involvement” than what the Bureau had required in its earlier consent orders. Specifically, as proposed in the NPRM, an attorney would be deemed “meaningfully involved” in the document review and filing process if:

[T]he attorney: (1) drafts or reviews the pleading, written motion, or other paper; and (2) personally reviews information supporting the submission and determines, to the best of the attorney’s knowledge, information, and belief, that, as applicable: the claims, defenses, and other legal contentions are warranted by existing law; the factual contentions have evidentiary support; and the denials of factual contentions are warranted on the evidence or, if specifically so identified, are reasonably based on belief or lack of information.

The Bureau decided to drop this safe harbor in its entirety from the final rule, citing predominantly negative comments from both industry and consumer representatives. Industry comments focused on whether existing meaningful attorney involvement case law has been properly decided under the FDCPA, concerns about whether the Bureau had authority to promulgate a rule regarding a safe harbor that is not addressed in the FDCPA itself, whether a safe harbor would infringe on the practice of law, and whether the safe harbor would itself lead to a further lack of clarity, and thus, more litigation. Consumer advocates, on the other hand, expressed concern that the Bureau’s approach was “too lenient and would sanction debt collection attorney practices that these commenters believe to be problematic.”

In considering these comments and eliminating the safe harbor in the final rule, the Bureau reiterated that it believes the doctrine of meaningful attorney involvement “has a valid basis in the text of FDCPA section 807” and predicted continued litigation against debt collection law firms under this theory. We expect this theory to remain at the center of CFPB activity with respect to legal debt collection.

Debt sale and placement restrictions

In the NPRM, the CFPB proposed two specific restrictions that would have prohibited a debt collector from selling, transferring, or placing for collection a debt if the debt collector knows or should know that the debt: (1) has been paid or settled, discharged in bankruptcy, or (2) that an identity theft report has been filed with respect to the debt. In the final rule, the first prohibition was modified, while the second was removed altogether.

With respect to the restriction on debts paid, settled, or discharged in bankruptcy, the final rule remains largely unchanged from the CFPB’s proposal, but adds an exception based on several industry comments that argued for a different treatment for secured debt. According to these commenters, “if the discharged debt is a secured debt, including but not limited to a residential mortgage, the transfer ban should not impede a creditor’s ability to maintain and exercise its security interest in the collateral that secures the discharged debt.” Under the exception adopted, a debt collector may sell, transfer for consideration, or place for collection a debt that has been discharged in bankruptcy if the debt is secured by an enforceable lien and the debt collector provides notice to the transferee that the consumer’s personal liability for the debt was discharged in bankruptcy.

As to the proposed prohibition against selling or placing debts subject to identity theft claims, the CFPB eliminated this restriction entirely from the final rule. While recognizing that the “transfer of these debts is a consumer protection concern,” the CFPB cited comments about the complexities raised by incorporating FCRA provisions into its debt collection rule. Concluding that the FCRA already prohibits such sales or placements, the CFPB decided to resolve the issue by adding a comment in the Official Commentary clarifying that nothing in the final rule alters a debt collector’s obligation to comply with the FCRA section that prohibits a person from selling, transferring for consideration, or placing for collection a debt after such person has been notified in accordance with the FCRA that the debt resulted from identity theft. Unlike the provision that appeared in the NPRM, the FCRA section permits an investigation into whether the identity theft report is false. Indeed, industry commenters noted this distinction between the FCRA and the provision in the NPRM.

- Stefanie Jackman & Jeremy C. Sairsingh

Back to Top


The CFPB’s Final Collections Rule: Impact on Credit Reporting

This latest installment of our blog posts about the CFPB debt collection rule examines how the final rule will impact credit reporting.

As an initial matter, let’s discuss what is not in the final rule.

  • Furnishing before communicating with the consumer: In the CFPB’s proposed rule, §1006.30(a) would have prohibited a debt collector from furnishing information about a debt to consumer reporting agencies (“CRAs”) under the Fair Credit Reporting Act (“FCRA”) before communicating with the consumer about the debt. The CFPB justified this proposal by arguing that subjecting a consumer to pressure by furnishing information to a consumer reporting agency without first providing notice to the consumer constitutes conduct that may have the natural consequence of harassment, oppression, or abuse in violation of FDCPA §806, and that is an unfair or unconscionable means to collect or attempt to collect a debt under FDCPA §808. Specifically, the CFPB was concerned about debt collectors that engage in “passive” collections practices that pressure consumers to pay debts that they otherwise would dispute in an effort to remove the debts from their consumer reports when applying for credit, housing, employment, or another product or service.
    • In the final rule, the CFPB chose not to finalize proposed §1006.30(a) and instead said the Bureau will take up this issue in the disclosure-focused final rule that it expects to release in December 2020.
  • Validation notices: The CFPB was asked to clarify that credit reporting during the validation period does not constitute overshadowing in violation of FDCPA §809(b), which states that, for 30 days after the consumer receives the validation notice, a debt collector must not engage in collection activities or communications that overshadow or are inconsistent with the disclosure of the consumer’s right to dispute the debt or request information about the original creditor. The CFPB is expected to address this issue as part of its disclosure-focused final rule in December.

We will discuss how the Bureau addresses both of these issues in a future blog post once its next final CFPB debt collection rule is released.

While we await the CFPB’s future rulemaking on credit reporting, the final rule does reference the FCRA and the impact on credit reporting in a number of places. These references include:

  • Negative credit reporting: The CFPB cited negative credit reporting concerns raised by commenters about the CFPB proposed debt collection rule’s call frequency limit. The commenters argued that such a limit would harm consumers by preventing communications that could resolve issues before information is furnished, which would ultimately lead to increases in negative credit reporting. In response to these concerns, the CFPB modified the final rule so that the CFPB will impose a rebuttable-presumption approach toward call limits rather than implementing a bright-line rule.
  • False representations about credit reporting: Despite calls by the industry to provide a list of specific statements that debt collectors could use to inform consumers of the credit reporting status of their debts or of the effect of paying their debts without violating the FDCPA’s prohibition on false representations, the CFPB declined to do so. Instead, the CFPB concluded that safe harbors for general statements about credit reporting are unnecessary for simple statements about a debt collector’s actions. The CFPB further concluded that safe harbors may not be accurate or effective for complicated statements about the effects of paying a debt on a consumer’s credit report, credit score, creditworthiness, or likelihood of receiving credit because these effects depend on the facts and circumstances of a particular case.
  • Identity theft: The CFPB chose not to include in the final rule proposed §1006.30(b)(1) that would have prohibited a debt collector from selling, transferring, or placing for collection a debt if the debt collector knows or should know that an identity theft report was filed with respect to the debt. While the CFPB recognized the importance of this consumer protection, the CFPB stated that it believes that FCRA §615(f) already prohibits a person from selling, transferring for consideration, or placing for collection a debt after such person has been notified in accordance with the FCRA that the debt resulted from identity theft. Thus, §1006.30(b)(1)–2 merely states that nothing in the final rule alters a debt collector’s obligation to comply with the prohibition already set forth in FCRA § 615(f) (15 U.S.C. 1681m(f)(1)).
  • Furnishing is not a sale: The final rule states that a debt collector does not transfer a debt for consideration if the debt collector reports to a consumer reporting agency information that a debt has been paid or settled or discharged in bankruptcy.
  • Record retention: Many public comments were submitted to the CFPB about the record retention period, including calls for the final rule to parallel the length of time that information generally may stay in consumer credit reports under the FCRA. While the CFPB noted that debt collectors who furnish information to consumer reporting agencies pursuant to the FCRA must also comply with the recordkeeping requirements of the FCRA (generally seven years), the CFPB decided to finalize a three-year record retention period. Under the final rule, records that reasonably substantiate a debt collector’s claims that a consumer owes a debt should be retained for three years after the last collection activity on an account. However, the CFPB noted that if a debt collector deletes an account’s records, then a FDCPA violation of the record retention provision would occur if the debt collector undertook any further collection activity with respect to that account because restarting debt collection activity at any time would mean that the last collection activity on the debt had not yet occurred.
  • Debtor’s list: In connection with the collection of a debt, a debt collector must not publish a list of consumers who allegedly refuse to pay debts, except to a consumer reporting agency. Under the final rule, the publication of any such list would constitute harassing, oppressive, or abusive conduct in violation of the FDCPA.
  • Misrepresentations: A debt collector must not falsely represent or imply that it operates or is employed by a consumer reporting agency. Under the final rule, any such statements would constitute false, deceptive, or misleading representations or means in violation of the FDCPA.

- Kim Phan

Back to Top


The CFPB’s Final Collections Rule: Contact Frequency Limitations and Limited Content Messages

Among the items proposed in the CFPB’s NPRM that were adopted in its final collections rule are restrictions on call attempts and a limited content message definition. While many observers are somewhat dismayed that the proposed call frequency limitations were adopted, the Bureau’s inclusion of a rebuttable presumption standard in the final rule was a notable departure from the NPRM. Additionally, many observers appear to approve of the Bureau’s decision to permit a debt collector to include its name in a limited content message as defined in the final rule, although concern remains about whether that information will be enough to alert consumers of the opportunity return the call and resolve their debt.

With respect to the final rule’s call attempt restrictions, a debt collector may not place more than seven telephone calls to a person within seven consecutive days in connection with the collection of debt, or within a period of seven consecutive days after having had a telephone conversation with the person in connection with the collection of such debt. See § 1006.14(b)(1). Further, under the rule, voicemails left for the consumer, including ringless voicemails, count as “calls” for purposes of calculating the call attempt limitation, as do limited content messages left for consumers (notwithstanding that such messages are not “collection calls” within the meaning of the FDCPA). Calls excluded from the call attempt calculation include calls placed with prior consumer consent given directly to the debt collector and which are returned by the collector within a period no longer than seven consecutive days after receiving that consent; calls that do not connect to the dialed number; and calls placed to certain professional persons. See § 1006.14(b)(3).

While the call attempt restrictions apply on a per debt basis (meaning 7 call attempts can be placed on each debt owed by the consumer in any 7-day period), an aggregate approach is taken with student loans serviced under a single account number. The final rule added commentary that provides illustrative examples of how a debt collector should properly place telephone calls when collecting on multiple debts from the same consumer. See comment 14(b)(4)–2. This commentary provides a mechanism to maximize call attempts when a debt collector is working on several different debts, but it requires debt collectors to “count” unsuccessful call attempts toward one particular debt, even if a successful call would have included a discussion of more than one of the debts.

Instead of adopting the bright-line rule for permissible and prohibited call frequencies, as proposed in the NPRM, the Bureau finalized the call attempt restrictions in the form of a rebuttable presumption. The final rule added commentary stating that even if the frequency limits are not exceeded, a debt collector could still violate the FDCPA if the natural consequence of another aspect of the debt collector’s communications is to harass, oppress, or abuse any person in connection with the collection of a debt. Specifically, Comment 14(b)(2)(i)–2 discusses how the presumption of compliance can be rebutted and includes a non-exhaustive list of factors that may rebut the presumption of compliance. Generally, to rebut a presumption of compliance, it must be proven that a debt collector who did not place calls in excess of the frequency limits still placed calls or engaged a person in a telephone conversation repeatedly or continuously with intent to annoy, abuse, or harass. Conversely, the commentary also includes a non-exhaustive list of factors that a debt collector can use to rebut the presumption of a violation if the collector ends up exceeding the limits. The practical impact of the presumption approach is that while collectors are likely to still treat the call attempt restrictions as hard limits, now they also cannot take comfort that doing so will protect them from potential claims in all instances.

With regard to the final rule’s definition of limited content messages, a limited-content message must include the following information to qualify as a limited content message: (i) a business name for the debt collector that does not indicate that the debt collector is in the debt collection business; (ii) a request that the consumer reply to the message; (iii) the name or names of one or more natural persons whom the consumer can contact to reply to the debt collector, and (iv) a telephone number that the consumer can use to reply to the debt collector. See § 1006.2(j). While the final rule provides for a handful of additional, optional items that a collector can include in a limited content message, nothing else can be included in the limited content message for it to retain its status as a non-collection communication.

Further, it is important to note that the NPRM proposed allowing the use of limited content messages in voicemails, live calls, and text messages. However, in the final rule, the Bureau confined limited content messages to voicemail only. See § 1006.2(j). The final rule instructs that if a collector places a call to a consumer that results in a live connect with an unauthorized third-party, the collector should not leave any message (limited content or otherwise) and instead, simply state that they will call back another time.

The impact of the Bureau’s decision not to allow the use of limited content messages in texts as proposed is potentially significant. A number of states require specific (and lengthy) disclosures, in addition to those already required by the FDCPA, in all written collection communications, which includes text messages. States certainly are not bound to use the Bureau’s limited content message definition when interpreting and applying their own state collection laws and regulations. However, if a state does use the Bureau’s definition for purposes of determining whether a text is a collection communication under state law, collectors could have argued that because limited content messages sent by text are not collection communications under the FDCPA or state law, such texts do not need to include required collection communication disclosures. The ability to make this argument would have been extremely useful to collectors as many of these required disclosures (on their own) can exceed SMS text character limitations. Now that this argument is no longer available, it seems that the only alternatives available to collectors using texts in these states are: (1) avoid sending texts (which is not ideal and may present operational challenges); (2) send multiple texts to deliver all required disclosures (not recommended because of related TCPA risk); or (3) provide the disclosures via a hyperlink (the sufficiency of which is far from a settled issue under the FDCPA, let alone under each state’s laws).

- Stefanie Jackman & Rene T. McNulty

Back to Top  


The CFPB’s Final Collections Rule: Inconvenient Time and Place Restrictions

Our series of blog posts breaking down the CFPB’s final debt collection rule now turns to a discussion of how to understand and comply with the final rule’s inconvenient time and place provisions. For the most part, the final rule restates the FDCPA’s statutory provisions related to time and place restrictions for consumer communications, including contacts at a consumer’s place of employment. However, the Official Commentary provides some helpful guidance regarding how to comply with these provisions.

First, Section 1006.6(b)(1) of the rule restates the statutory prohibition against communicating with a consumer at any unusual time or place that the debtor “knows or should know” is inconvenient, absent prior consent from the consumer. In the Official Commentary, the CFPB explains that information contained in the file provided by the creditor regarding requests not to be contacted at certain times or places is sufficient to give the collector knowledge that such times and places are inconvenient. So, right out of the gate, it seems that the Bureau may envision the debt collector conducting a review of any existing account notes at the time of placement to ensure that any previously identified inconvenient times and places are noted and honored, absent contrary direction from the consumer.

The Official Commentary also does away with some of the vague indefinite examples of inconvenient times and places (e.g., “don’t call me at school”) and replaces them with highly specific examples in which consumers designate particular times and places as inconvenient. We believe this clarifies that the obligation of a debt collector to heed time and place restrictions is contingent on the consumer actually specifying those restrictions.

With respect to inconvenient times, the final rule reiterates that, in absence of known circumstances to the contrary or prior consent, any communications (whether by phone, ringless voicemail, text, or email) are presumptively inconvenient if placed before 8 a.m. or after 9 p.m. in the consumer’s time zone. The Official Commentary further specifies that in determining inconvenient times, collectors must use a combination of the consumer’s area code (for both landlines and cell phones) and mailing address to determine permissible call times. The Bureau also affirmed that the “time” of a communication for purposes of the time of day restrictions is the time the communication is sent by the collector – and not when it is received by the consumer. Additionally, the Official Commentary clarifies that the sending of a single, auto-reply in response to a consumer communication received by the collector after-hours will not violate this provision of the rule.

The final rule does permit a debt collector to ask follow-up questions when communicating with the consumer regarding what would be a convenient time or place in order to clarify statements made by the consumer. However, once a consumer indicates that the time or place of a communication is inconvenient, the collector cannot ask for consent to continue that communication beyond asking permissible follow up questions. Under Section 1006.6(b)(4)(i), consent to speak with a consumer at an inconvenient time or place must be given prior to placing the inconvenient call for which consent is now sought. Additionally, a debt collector cannot rely on consent given to the creditor or a prior collector because the rule specifies that consent must be given directly to the debt collector to communicate at a time or location that has been identified as inconvenient by the consumer. Id.

Under Section 1006.6(b)(1), mail, text messages, and emails are treated in the same manner as telephone calls. As illustrated by one of the examples in the Official Commentary, if the consumer tells a collector that it is inconvenient to be contacted at home, absent follow up questions or clarification from by the consumer, the collector is deemed to have knowledge that all communications to the home, including mail and calls to a landline at the home, are inconvenient and prohibited. However, absent express direction from the consumer, such a request likely does not include email and text communications. In the NPRM, the CFPB had included an example in which a consumer told a debt collector not to contact him or her at school. The CFPB received many comments from the industry asking how to determine when a consumer was at a specific location, given the prevalence of mobile technology. In response, the Bureau revised that example to the one discussed above. Therefore, it appears there is a basis for taking the position that prohibited communications are those specifically associated with the location, like calls to a landline or mail.

Importantly, if a consumer contacts a collector at a time or place the consumer previously designated as inconvenient, the final rule permits the collector to respond once at the same time and place and through the same medium of communication used by the consumer. However, unless the consumer affirmatively advises thereafter that the time or place is no longer inconvenient, further communications at the designated inconvenient time or place are prohibited.

With respect to consumers who are represented by counsel, in Section 1006.6(b)(2), the CFPB reiterates the FDCPA language that limits when a debt collector can contact such consumers. Specifically, under the rule, debt collectors are prohibited from communicating with consumers when the collector “knows or should know” that the consumer is represented by an attorney, and knows, or can readily ascertain, the attorney’s name and address. However, in the Official Commentary, the CFPB confirmed that if a represented consumer initiates a communication with the debt collector, the collector may respond to that specific communication, notwithstanding the representation, because the consumer’s initiation is deemed to be prior consent to that communication.

In Section 1006.6(b)(3), the final rule adopts the FDCPA language prohibiting collectors from contacting consumers at their place of employment if the collector “knows or has reason to know” that the consumer’s employer prohibits such calls. In finalizing the rule, the CFPB concluded that a consumer did not have to use any specific language to receive the statutory protections of the FDCPA’s place of employment provision. Accordingly, a statement by a consumer that the consumer cannot take personal calls while at work constitutes knowledge by the collector that the consumer’s employer prohibits calls. However, consistent with Section 1006.6(b)(1), the collector may ask follow up questions regarding the employer’s prohibitions or limitations to clarify. Moreover, the CFPB specifically declined to require collectors to track which employers prohibit employees from receiving debt collection communications due to the significant burden and complexity associated with such a requirement. Thus, whether a place-of-employment call is permitted is to be determined on an individual consumer basis, not by the identity of the employer.

The CFPB also addressed the thorny issue of whether calling a consumer’s personal cell phone while they are at work falls under 15 U.S.C. § 1692c and Section 1006.6(b)(3) of the final rule. In the Official Commentary, the CFPB clarified that the place of employment prohibition clearly applies to landlines at work, as well as employer-provided cell phones and email addresses. However, unless the collector knows or should know that the consumer is at work, the place of employment provisions of the FDCPA and Regulation F do not prohibit a collector from calling a consumer’s personal cell phone even if the consumer is at work. Of course, should the consumer then identify the time of the call as an inconvenient time to receive cell phone calls, the debt collector would need to honor that designation and refrain from further calls at that time.

The requirements outlined above are consistent with the larger purpose of the final rule, as stated by Bureau – increasing consumer control over how and when they are contacted by collectors. As such, attention is likely to be paid by both the Bureau and the plaintiffs’ bar to a collector’s compliance with the final rule’s time and place restrictions. For many collectors, the ability to operationalize sufficient controls to ensure compliance seems likely to require additional investments in data management and tracking, agent training and scripting, and related oversight to address the inherently subjective and case-by-case nature of these limitations.

- Stefanie Jackman & Sarah T. Reise

Back to Top   


The CFPB’s Final Collections Rule: Using Email and Text Messages

Continuing our series of blog posts breaking down the CFPB’s final debt collection rule, we now discuss the use of email and text messages, and how to qualify for a safe harbor from civil liability for unintentional third party disclosures resulting from these types of communications.

In terms of the frequency of email and text messages, the final rule does not set any hard limit. However, Section 1006.14(a) sets forth a general standard that prohibits a debt collector from engaging in conduct, the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of a debt. The rule’s commentary makes clear that while not subject to a hard, numerical limitation, text messages and emails, either alone or in combination with other communication types, may result in harassment, and therefore, violate the FDCPA. Section 1006.6(e) also requires that each of a debt collector’s emails and text messages include clear and conspicuous instructions for a reasonable and simple method by which a consumer can opt-out of receiving further emails or text messages.

Turning to the available safe harbors for unintentional third party disclosures, the final rule treats email and text messages separately, and the safe harbor options for text messages are much narrower than those for email. With respect to email, Sections 1006.6(d)(4)(i)-(iii) provide three “safe harbor” procedures under which a debt collector may send an email to a consumer.

Under the first procedure—communication between the consumer and the debt collector—a debt collector may send an email to an address if the consumer used the address to communicate with the debt collector about the debt (as opposed to marketing or other advertising materials) and the consumer has not opted out of communications to that email. Alternatively, the debt collector may send an email to an address if the debt collector received prior consent directly from the consumer to use the email and the consumer has not since withdrawn that consent. See § 1006.6(d)(4)(i). The Official Commentary further states that if the consumer provides his or her email address to the debt collector through an online portal or through some other method, the debt collector may treat the provision of this address as consent to use the address for communications, but only if “the debt collector discloses clearly and conspicuously that the debt collector may use the email address to communicate with the consumer about the debt.”

The second procedure—communication by the creditor—requires the creditor to send an opt-out notice that informs the consumer that the debt has been or will be transferred to the debt collector, that the collector might communicate using the consumer’s email address, and that if others have access to the email address, such communications could be seen. The creditor must then provide a simple and reasonable method for opt-out and a deadline that is no sooner than 35 days after notice is sent for when the creditor or debt collector must receive the opt-out request. This opt-out notice can be sent to the email address for which transfer of consent is sought. Additionally, although the final rule does not place a time limit for when the opt-out notice must be sent, the CFPB indicates in the discussion of the rule that creditors should send the notice close in time to the placement of the debt with the debt collector. The CFPB has suggested, but not mandated, model notice language for notices sent via mail and email. Finally, consent can be transferred only for addresses that are on domains that are “available for use by the general public,” unless the debt collector is informed by any person that the address is provided by the consumer’s employer.

Under the third procedure—communication by the prior debt collector—a debt collector may send an email to an address if the immediately prior debt collector obtained the address under the first two procedures, the immediately prior debt collector used the email address to communicate with the consumer about the debt, and the consumer did not opt-out of such communications.

With respect to text messages, under Section 1006.6(d)(5), the rule does not provide a safe harbor for the transfer of consent for such messages from a creditor or other debt collector. Instead, the final rule states that a debt collector may qualify for one of two available safe harbors.

First, section 1006.6(d)(5)(i) provides that a debt collector may send a text message to a number the consumer used to communicate with the debt collector about the debt by text message (by telephone is not sufficient to provide consent) and the consumer has not since opted-out from receiving text message communications to that telephone number. The debt collector must also show that within the past 60 days, either the consumer sent a text message to the debt collector, or the debt collector confirmed, using a complete and accurate database, that the telephone number has not been reassigned since the date of the consumer’s most recent text message. The Official Commentary provides that the database established by the FCC in In re Advanced Methods to Target & Eliminate Unlawful Robocalls (33 FCC Rcd. 12024 (Dec. 12, 2018)) qualifies as a complete and accurate database, as does any commercially available database that is substantially similar in terms of completeness and accuracy to the FCC’s database (although the Commentary also notes that the FCC database was created because the existing commercial databases were not complete).

The second option is described is Section 1006.6(d)(ii). This option allows a debt collector to send a text to a telephone number if the debt collector directly received from the consumer prior consent to use the telephone number to communicate via text, and the consumer has not withdrawn that consent. The debt collector must also show that within the past 60 days either the consumer sent a text message to the debt collector or otherwise renewed consent, or the debt collector, using a complete and accurate database, confirmed the telephone number had not been reassigned since the date of the consumer’s most recent text message.

The CFPB also provided guidance in the supplementary information regarding opt-outs. In terms of timing, the CFPB explained that it was declining to impose a specific period of time in which debt collectors could update their systems to effectuate an opt-out, although it considered periods ranging from 24 hours to ten days. However, the CFPB did state that a collector that unintentionally communicates with a consumer after receiving, but before processing, an opt-out may have a bona fide error defense to civil liability. While this gives debt collectors some flexibility and accommodates the varying operational capabilities across the industry, the lack of specific guidance on this issue may result in increased litigation.

Under Section 1006.6(d)(4)(ii)(C)(4), email and text opt-out methods must be reasonable and simple. The CFPB declined to specify what, exactly, “reasonable and simple” means. Importantly, the consumer cannot be required to pay any fee to opt-out, such as by requiring opt outs to be sent via certified mail. The CFPB does provide examples in the Official Commentary that make clear that what constitutes a reasonable and simple method will, in part, be determined by the method by which the notice is sent. For example, if notice is sent in writing, providing the consumer with an opt-out form and a pre-addressed envelope would be reasonable and simple, whereas requiring the consumer to call or write to request an opt-out form would not be. If notice is sent electronically, a hyperlink or responding with the word “STOP” would be reasonable and simple, but not requiring the consumer to opt-out via mail, telephone or visiting a website without providing a link is not.

Regarding consumer consent to receive text messages and the intersection with the Telephone Consumer Protection Act, it should be noted that the CFPB specifically declined to clarify how the final rule interacts with the TCPA, particularly with respect to the transfer of consent from the creditor to the debt collector. It is possible (but not guaranteed) that the TCPA consent transfer principles may provide a platform for transferring consent from creditors to collectors. However, given that Regulation F as finalized is focused on giving consumers control over debt collection communications and does not provide for the transfer of consent for text messages, the case law interpreting the TCPA may not prove to be informative.

- Stefanie Jackman & Sarah T. Reise

Back to Top   


The CFPB’s Final Collections Rule: Using Electronic Communications to Send Required Disclosures

One of the initial promises of the CFPB’s NPRM was a level of certainty as to the use of electronic communications to provide legally-required collection disclosures to consumers. In adopting the final rules, however, the CFPB left this promise unfilled by creating different standards for different types of disclosures.

Electronic Delivery of Disclosures Related to Validation, Original Creditor Information Requests, or Consumer Disputes.

The NPRM initially clarified that the E-SIGN Act’s consumer-consent requirements generally apply to the electronic delivery of validation notices, original creditor information request responses and dispute responses. It specifically proposed two approaches to electronic delivery of such notices: a debtor collector could (1) obtain an E-SIGN Act-compliant consent (an “E-SIGN Consent”) directly from the consumer; or (2) comply with certain alternative procedures that would allow the collector to rely on a creditor’s previously obtained E-SIGN Consent.

Industry reaction to the first option proposed in the NPRM was, at best, lukewarm. Most industry members found the option to offer little utility in the context of most collection activities because an E-SIGN Consent requires affirmative consent and cannot be obtained orally. As a result, an E-SIGN Consent generally could not be obtained easily during the normal course of a collections call or by implied consent, such as in response to an email or text. But the second approach in the NPRM held potentially more (albeit imperfect) promise. It proposed that so long as certain procedures were followed, a debt collector could utilize email or text messages for these notices so long as a creditor or another debt collector previously obtained the consumer’s E-SIGN Consent for that delivery method. In short, the debt collector could avoid having to obtain E-SIGN Consent directly from the consumer in such circumstances.

The final rule, however, muddies this certainty. While helpfully eliminating the first approach’s requirement for a debt collector to obtain E-SIGN Consent directly from the consumer, the final rule removed entirely the second, more promising option outlined above. This effectively leaves debt collectors in the same pre-rule position for these notices: a complete lack of certainty as to whether a debt collector can rely on a previously obtained E-SIGN Consent.

In taking this action, the CFPB explained that the revisions primarily stemmed from a lack of data because “debt collectors do not presently engage in widespread use of electronic communications.” See Preamble to Debt Collection Practices (Regulation F) (the “Preamble”), page 255. The CFPB indicated that it was “not taking a position . . . on whether a consumer’s E-SIGN consent provided to a creditor (or to a prior debt collector) transfers to a debt collector . . .” and also expressed an intent to “in the future, revisit specific procedures for electronic delivery of required notices.” See Preamble, page 429. These actions will likely further debt collectors’ hesitation to provide notices and disclosures electronically given the difficulty of obtaining E-SIGN consent directly from a consumer and the lack of certainty as to reliance on a previously obtained E-SIGN consent.

Electronic Delivery of Validation Notices with Initial Communications

Despite the ambiguity created by the deletion of the NPRM’s second option, at least one potential silver lining is buried in the final rule’s section-by-section analysis of a specific type of validation notice. This analysis, but not the final rule itself, appears to clarify that a validation notice delivered in an email that constitutes the collector’s initial communication with the consumer about the debt can be delivered without first obtaining E-SIGN Consent. Specifically, the CFPB reasoned that the “FDCPA does not require the validation notice information to be provided in writing when it is contained in the initial communication” and, accordingly, “the E-SIGN Act’s consumer-consent requirements do not apply to a debt collector’s electronic delivery of the validation notice information within the debt collector’s initial communication to a consumer.”

The CFPB’s logic mirrors that of the district court in Greene v. TrueAccord Corp., a 2020 decision that held the use of email to send the initial communication containing the validation notice without first obtaining the consumer’s E-SIGN consent to receive the notice electronically did not violate the FDCPA.

Electronic Delivery of Certain Notices to Debt Collectors by the Consumer

The CFPB separately clarified that E-SIGN Consent was unnecessary for a consumer to provide a cease and desist request or refusal to pay notification electronically under the FDCPA. Specifically, in the final rule’s section-by-section analysis of Section 1006.6(c)(1), the CFPB stated that the FDCPA’s requirement that such notices be in writing is satisfied when the consumer provides the communication electronically (e.g., in an email message or through a debt collector’s web portal). In doing so, the CFPB utilized authority granted by the E-SIGN Act to federal agencies with rulemaking authority under a particular law to interpret the E-SIGN Act’s application to that law. (This is the same authority on which the CFPB originally relied to create the NPRM’s two approaches to electronic disclosures discussed above.) While compliance-minded debt collectors likely already honored such communications, the final rule now leaves no doubt that collectors must “give legal effect to a consumer’s electronic cease communication request if the debt collector generally accepts electronic communications from consumers.” See Preamble, page 145.

Conclusions

In our view, the final rule ultimately sends a mixed message on whether the CFPB wants to encourage the use of email or other electronic methods to deliver legally-required notices to consumers. This is because, for most notice types, the rule continues to cast doubt on whether a debt collector may rely on previously obtained E-SIGN consents. As a result, the final rule forestalls any rapid, wide-spread use of electronic methods to replace the current industry practice of sending such notices by U.S. mail. But, at the same time, the CFPB at least appears to provide a viable, albeit limited, path forward for sending electronic validations notices if sent as the initial communication with a consumer. Depending on a collector’s ability to operationalize and manage that path, it could open the door to this new opportunity.

- Stefanie Jackman & Jason M. Cover

Back to Top   


Ninth Circuit Rules Debt Collector That Contractually Required Creditors to Provide Accurate Information Could Not Rely on FDCPA Bona Fide Error Defense

The U.S. Court of Appeals for the Ninth Circuit, in Urbina v. National Business Factors Inc., ruled that a debt collector could not rely on the FDCPA’s bona fide error defense by contractually obligating its creditor clients to provide accurate information.

The collection services contract that National Business Factors (NBF) had entered into with a medical clinic contained a provision pursuant to which the clinic agreed that it would assign debts for collection “‘with only accurate data and that the balances reflect legitimate, enforceable obligations of the consumer.’” NBF also had a routine practice of requesting its clients to notify NBF if they recognize errors in any accounts listed in the automatic response it generated when clients referred accounts for collection.

After the clinic referred the plaintiff’s account to NBF for collection, NBF sent a letter to the clinic requesting that it verify the amount due. The following day, without receiving a response from the clinic, NBF sent a collection letter to the plaintiff seeking the balance owed plus interest. The plaintiff filed a complaint alleging violations of the FDCPA and moved for summary judgment. In opposing the motion, NBF admitted that it received an incorrect payment history from the clinic and had mistakenly calculated interest. Because NBF had charged too much interest and attempted to collect more than the plaintiff owed, it was undisputed that NBF had violated the FDCPA. However, NBF argued that it was entitled to the benefit of the FDCPA’s bona fide error defense and, as a result, summary judgment should be entered in its favor.

The bona fide error defense requires a showing that the debt collector violated the FDCPA unintentionally, the violation resulted from a bona fide error, and the collector maintained procedures “reasonably adapted to avoid the violation.” The district court agreed that NBF qualified for the bona fide error defense and entered summary judgment in NBF’s favor.

In reversing the district court, the Ninth Circuit observed that “[t]he procedures that have qualified for the bona fide error defense [in cases decided by the Ninth Circuit and other circuits] were consistently applied by collectors on a debt-by-debt basis; they do not include one-time agreements committing creditor-clients to provide accurate information that are later acted upon without question.”

As a fallback position, NBF argued that even if its collection service contract was insufficient to qualify for the bona fide error defense, it still qualified because it sends its clients follow up requests seeking verification of the accuracy of their information. While calling this “closer to the mark,” the Ninth Circuit found that it still fell short because it was uncontested that NBF did not wait for a response from the clinic before attempting to collect from the plaintiff. The Ninth Circuit stated that because NBF did not argue that it routinely waits for clients to respond before sending collection letters to debtors, NBF had failed to show that its practice of requesting account verification “was genuinely calculated to catch errors of the sort that occurred here.”

- Stefanie Jackman

Back to Top   


California Voters Approve CPRA

On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).

As background, the original CCPA emerged in 2018 as a compromise between legislators and the advocacy group, Californians for Consumer Privacy, which had secured a ballot measure vote for its proposed privacy law. Californians for Consumer Privacy withdrew the ballot measure upon the passing of the CCPA. However, the group became concerned that amendments to the CCPA resulted in diluted privacy protections, and it thereafter secured a spot on the 2020 ballot for California citizens to vote on the CPRA.

As mentioned in our prior posts, the CPRA creates some of the following new rights and requirements:

  • Right to restrict use of “sensitive personal information”;
  • Right to correct data;
  • Storage limitation: right to prevent companies from storing information longer than necessary and right to know the length of time a business intends to retain each category of personal information;
  • Data minimization: right to prevent companies from collecting more information than necessary;
  • Right to opt out of advertisers using precise geolocation (< than 1/3 mile);
  • Penalties if email address and email password are stolen due to negligence;
  • Restrictions on onward transfers of personal information;
  • Establishes California Privacy Protection Agency to protect consumers;
  • Requires high risk data processors to perform regular cybersecurity audits and risk assessments; and
  • Requires the appointment of a chief auditor with power to audit businesses’ data practices.

The CPRA mandates a minimum of $10 million in annual funding to the newly created Privacy Protection Agency. The Privacy Protection Agency has the power to draft additional regulations, which may provide further clarity or raise new questions on the CPRA’s scope. Businesses will therefore need to stay apprised of changes over the coming months and years in order to fully understand their compliance obligations.

- Philip N. Yannella & Gregory P. Szewczyk

Back to Top   


Federal Banking Regulators Issue Statement on Loan Reference Rates and Advise Prompt Transition From LIBOR

The Fed, FDIC, and OCC have issued a “Statement on Reference Rates for Loans“ that addresses replacement rates for the London Inter-Bank Offered Rate (LIBOR). LIBOR, which many creditors currently use as the index for calculating the interest rate on credit cards and other variable-rate consumer credit products, is expected to be discontinued sometime after 2021.

In July 2020, the Federal Financial Institutions Examination Council issued a “Joint Statement on Managing the LIBOR Transition.” The statement highlighted the financial, legal, consumer protection, and operational risks that will result from LIBOR’s expected discontinuation. It indicated that new loan contracts should either use a reference rate other than LIBOR or have fallback language that includes an alternative reference rate after LIBOR’s discontinuation. The Secured Overnight Financing Rate (SOFR) published by the Federal Reserve Bank of New York has been recommended by the Alternative Reference Rates Committee as its preferred alternative for both cash and derivative transactions. (The Committee is a group of private-market participants convened to ensure a successful transition from LIBOR.)

In the new statement, the agencies emphasize that they are not endorsing a specific replacement rate for LIBOR for loans. They indicate that they recognize that banks have differing funding models and that in structuring their lending activities, it is appropriate for banks to select LIBOR replacement rates that are most appropriate for their specific circumstances, such as credit-sensitive LIBOR alternatives. (SOFR is understood not to be a credit-sensitive rate.) The agencies stress that banks should include fallback language that provides for the use of a “robust fallback rate” if the initial reference rate is discontinued. Banks are advised to have risk management processes in place to identify and mitigate their LIBOR transition risks and that they will not be criticized by examiners solely for using a reference rate for loans other than SOFR.

Banks are encouraged to begin transitioning loans away from LIBOR “without delay,” accelerate outreach to lending customers to ensure they are aware of, and prepared for, the transition, and consider any technical changes that may be required for internal systems to accommodate new reference or fallback rates.

In June 2020, the CFPB proposed amendments to Regulation Z to address the discontinuation of LIBOR.

- John L. Culhane, Jr.

Back to Top   


Podcast: A Look at the CFPB’s Section 1033 Rulemaking to Provide Consumer Access to Financial Information

Our discussion looks at the CFPB’s rulemaking activities before issuing its Advance Notice of Proposed Rulemaking (ANPR), the ANPR’s focus points, and differences from the California Consumer Privacy Act. Other topics include the role of data aggregators and how banks are responding to them, technical and other issues arising from third party access to consumer data, and the application of the FCRA and other federal consumer financial protection laws to data aggregators.

Click here to listen to the podcast.

- Alan S. Kaplinsky, Christopher J. Willis & Kim Phan

Back to Top   


CFPB Halts Planned Shake Up of Enforcement and Supervisory Functions

Coming on the heels of the Presidential election results, the CFPB circulated an internal e-mail suspending a reorganization that would have stripped the Office of Enforcement’s autonomy to open investigations and issue civil investigative demands.

Bloomberg Law reported the suspension after obtaining a copy of the internal e-mail. According to the Bloomberg article, Bryan Schneider, who leads the Bureau’s Division housing its supervision, enforcement, and fair-lending (SEFL) functions, reversed his earlier decision to reorganize the SEFL Division:

I continue to believe that SEFL should make changes to its organization, processes, and procedures to remain effective and efficient in protecting consumers in light of experience and new circumstances. However, the feedback I received raised important concerns that warrant more considered thought and analysis.

As we previously blogged, the reorganization would have created a new Office of SEFL Policy and Strategy, headed by Peggy Twohig, that would decide when to open enforcement investigations and whether potential violations uncovered during examinations would be transferred to enforcement attorneys.

- James Kim

Back to Top   


Podcast: The CFPB’s Plan to Reorganize Its Supervision, Enforcement, and Fair Lending (SEFL) Division: What it Means for Industry

We take a close look at the role of the new Office of SEFL Policy and Strategy to be created by the plan and how the plan would change the CFPB’s current enforcement decision-making process. We also look at how the plan aligns with the approach of federal banking regulators, share our reactions to criticism of the plan by Democratic lawmakers and thoughts on the new Office’s expected leadership, and discuss the Presidential election’s potential impact.

Click here to listen to the podcast.

- Alan S. Kaplinsky, Christopher J. Willis & James Kim

Back to Top   


Did You Know?

The Michigan Department of Insurance and Financial Services recently published its annual schedule of licensing fees for all applicants, licensees, and registrants under the Mortgage Brokers, Lenders, and Servicers Licensing Act; Mortgage Loan Originator Licensing Act; and Secondary Mortgage Loan Act.

These fees are effective from January 1, 2021 to December 31, 2021.

Tennessee Announces 2020-2021 Annual Supervision Fees for Mortgage Licensees

The Tennessee Department of Financial Institutions announced its annual supervision fee for non-depository financial institutions for 2020-2021. For mortgage licensees, the fee is $1,000. Mortgage loan originators (MLOs) will continue to pay a licensing and renewal fee of $100 and a sponsorship fee of $100.

The fees went into effect on November 1, 2020.

- Aileen Ng

Back to Top  


Looking Ahead

RESPRO Webinar

Potential Implications of the California Consumer Financial Protection Law for the Real Estate Settlement Services Industry

Webinar | December 8, 2020

Speakers: Richard J. Andreano, Jr., Michael R. Guerrero

Moderator: John D. Socknat

 

California MBA Legal Issues and Regulatory Compliance Conference

What Will New QM Look Like?

Online Only | January 12-13, 2021

Speaker: Richard J. Andreano, Jr.

 

 

Back to Top  


Copyright © 2020 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.