Consumer Financial Services Law

CFPB Releases Prepaid Rule Guidance

The Consumer Financial Protection Bureau (CFPB) released guidance on the agency's forthcoming Prepaid Rule, set to take effect on October 1, 2017. Although described as aimed at "small businesses," the guidance is useful for all participants in the prepaid card space.

What happened

Last October, the CFPB finalized the Prepaid Rule, which created new requirements for prepaid accounts under Regulation E of the Electronic Fund Transfer Act as well as Regulation Z of the Truth in Lending Act. Initially proposed in November 2014, the Prepaid Rule was intended to "fill key gaps" for consumers with regard to prepaid products.

Pursuant to the Rule, providers of prepaid products—defined to include payroll card accounts, government benefit accounts, student financial aid disbursement cards and tax refund cards, among others—must protect consumers against fraud and theft (with liability limited to $50 where a consumer promptly notifies the institution of theft), provide consumers with free and easy access to product information (by phone, online or in writing upon request), work with consumers to investigate any errors on covered products (with provisional credit for the dispute during the investigation), and add "Know Before You Owe" prepaid disclosures to highlight key costs associated with the product prior to use (including any periodic fees, balance inquiry fees or fees for inactivity).

In addition, prepaid cards need to adopt certain protections provided to credit cards such as monthly account statements, consideration of whether a consumer has the ability to repay the debt before offering credit, and limits on late fees.

With the rule set to take effect within the year, the CFPB released the Small Entity Compliance Guide for the Prepaid Rule "to provide an easy-to-use summary of the Prepaid Rule and to highlight information that may be helpful when implementing the Prepaid Rule."

The guidance delineates the different types of prepaid accounts, from a government benefit account to prepaid accounts whose primary function is to perform certain transactions, such as accounts that allow a consumer to purchase goods and services at multiple unaffiliated merchants, noting exceptions such as gift cards and gift certificates.

Entities subject to the Prepaid Rule—financial institutions and issuers subject to Regulation E—generally must provide consumers with three forms of disclosures, the guidance explains: a short form disclosure which must appear in a specific format and remain segregated from other disclosures with information about both static and variable fees; certain information disclosed outside but in close proximity to the short form disclosure; and a long form disclosure, "the companion" to the short form disclosure that provides more comprehensive fee information.

The CFPB provided a host of examples of different types of fees and how they need to be calculated and disclosed to consumers. Model forms were also included in the guidance.

Disclosure requirements apply—with slight variations—depending on whether the consumer obtains the information in writing, online or by phone. Some disclosures—e.g., the financial institution's name and contact information—must also appear on the prepaid card or other access devices, the guidance noted.

Entities are required to provide notice to consumers for changes in terms and provide periodic statements pursuant to the Prepaid Rule. The compliance guide walks through the information that must be included in such statements and outlines the alternative option of making account balance information available via telephone and online. A financial institution must provide a written account transaction history dating back 24 months "promptly" in response to a consumer's oral or written request.

Other discussion in the guide focused on error resolution and limitations on liability, overdraft credit features, the need to post prepaid agreements offered to the general public on the issuer's publicly available website, and record retention.

To access the Small Entity Compliance Guide for the Prepaid Rule, click here.

Why it matters

With the October 1, 2017 deadline for compliance with the Prepaid Rule looming, financial institutions should familiarize themselves with the guidance and the new requirements. While the Rule appears to be on the new administration's chopping block (see here), covered entities may nevertheless desire to be prepared.

back to top

CFPB Claims National Bank Impeded Loss Mitigation for Distressed Mortgage Borrowers

In separate consent orders, one bank will pay $28.8 million to resolve claims by the Consumer Financial Protection Bureau (CFPB) that it gave its distressed mortgage borrowers the "run-around" during the loss mitigation process.

What happened

On January 23, 2017, the CFPB issued two related consent orders directed against the mortgage servicing practices of mortgage-related operating subsidiaries of one of the country's largest banks. These servicing entities collect payments from borrowers for loans the bank services. According to the CFPB, both servicers ran afoul of the Real Estate Settlement Procedures Act (RESPA) and the Dodd-Frank Wall Street Reform and Consumer Protection Act's prohibition against deceptive acts or practices, with one subsidiary also attacked for alleged violations of the Fair Credit Reporting Act.

The CFPB allegations are straightforward. The CFPB alleges that, when borrowers applied to have their payments deferred, one of the servicing entities failed to consider it a request for foreclosure relief options. The CFPB's mortgage servicing rules require certain protections—such as helping borrowers complete their applications and considering them for all available relief alternatives—but the mortgage servicer kept consumers in the dark, the Bureau claims.

The servicer also allegedly misled borrowers about the impact of postponing a payment due date, specifically that additional interest that accrued by deferring payment would be added to the end of the loan rather than become due when the deferment ended. Instead, the deferred interest became due immediately, and the Bureau claimed that more of the borrowers' payments went to interest and not principal, making it harder for them to pay down their loans.

The CFPB asserts that customers were charged for credit insurance that should have been canceled, with approximately 7,800 borrowers allegedly billed for the product between July 2011 and April 2015, despite allegedly having missed four or more monthly payments (the trigger to cancel the product). Other consumers had their credit insurance prematurely canceled and then had claims denied, the CFPB claims.

Other statutory violations occurred, the CFPB further claims, when the mortgage servicer incorrectly reported settled accounts as being charged off and then failed to correct the information, and when the servicer allegedly failed to investigate consumer disputes about such incorrect reports within the required time periods.

The CFPB's consent order requires the mortgage servicer to pay $4.4 million in restitution to consumers who were either charged premiums on credit insurance after it should have been canceled as well as those who were denied claims for insurance that was canceled prematurely. An additional $4.4 million civil monetary penalty was imposed.

Going forward, the servicer must treat a request for deferment as a trigger for loss mitigation options under the Bureau's mortgage servicing rules and must make clear disclosures to consumers about the impact of loan deferments on interest accrual. In addition, the mortgage servicer must stop reporting settled accounts as charged off to credit reporting agencies and investigate consumer disputes within the requisite time period.

Turning to the second entity, which both originates and services mortgage loans for the bank, the CFPB again alleged violations of Dodd-Frank and RESPA in that entity's mortgage servicing activities. This entity allegedly sent letters to borrowers requesting foreclosure relief demanding dozens of documents and forms that, the CFPB claims, had no bearing on the specific circumstances of the borrower's application (e.g., a "teacher contract" or "Social Security award letter"), or documents that the borrower had already provided. Roughly 41,000 such letters were sent, the CFPB claims.

As required by the consent order, the second entity must pay a substantially larger amount, $17 million, to the approximately 41,000 recipients of the allegedly improper letters as well as pay a $3 million civil monetary penalty. As with the first servicer, the entity must also comply with the Bureau's mortgage servicing rules in the future, clearly identifying specific documents or information needed when a borrower applies for foreclosure relief. For any consumers that never received a decision on their foreclosure application, the mortgage servicer must freeze any current foreclosure action and reach out to the borrower to determine if they want foreclosure relief options.

In an interesting comment on the bank's practices, the CFPB noted that the consent order reflects that the mortgage servicer took affirmative steps to reach out to some borrowers before it was required to by the Bureau's rules. "While those borrowers also would have benefited from more tailored and accurate notices, and the institution will provide compliant notices to them going forward, those individuals were not included [in] the affected group of consumers in this settlement," the CFPB clarified. "This will avoid penalizing the institution for making additional efforts, which the Bureau encourages other institutions to make as well."

Why it matters

The CFPB continues to take very seriously the obligation of mortgage servicers to meet the letter and spirit of the mortgage servicing rules. Recently, the CFPB has paid particular attention to alleged violations of RESPA against two mortgage servicer subsidiaries of a national bank to an action alleging illegal kickbacks paid by a mortgage lender to real estate brokers and a mortgage servicer (see story below).

back to top

CFPB Fines Real Estate Entities Over RESPA Violations

Targeting violations of the Real Estate Settlement Procedures Act (RESPA) by a mortgage lender, two real estate brokers, and a mortgage servicer, the Consumer Financial Protection Bureau (CFPB) announced almost $4 million in penalties and consumer relief.

What happened

According to the Bureau, a California-based mortgage lender with nearly 100 branches across the country engaged in a variety of schemes from at least 2011 through 2016 to pay kickbacks for referrals of mortgage business in violation of RESPA. One tactic: agreements with real estate brokers that served as a cover to deliver payments based on the number of referrals, the CFPB alleged.

The lending company had various types of agreements in place with more than 100 brokers and tracked the number of referrals to adjust payments up or down accordingly, the CFPB claimed. More informal, co-marketing arrangements also operated as vehicles to make payments for referrals, the agency added.

Another kickback payment method—known as "writing in"—required paid brokers to have their clients prequalify with the lender, the Bureau alleged, even consumers that had already prequalified with another lender. The lender also paid kickbacks to a mortgage servicer, the CFPB alleged, where the servicer worked to persuade eligible consumers to refinance for Home Affordable Refinance Program mortgages. The servicer and the lender split the proceeds of the sale of each loan, the Bureau said.

To settle the charges, the mortgage lender will pay a civil penalty of $3.5 million. The company is also prohibited from future RESPA violations, may not pay for referrals and cannot enter into any agreements with settlement service providers to endorse the use of their services.

Two of the real estate brokers that received payments from the lender also reached a deal with the Bureau. The California and Oregon brokers both had marketing services agreements, lead agreements and desk-license agreements that were, in whole or in part, vehicles to obtain illegal payments for referrals, the CFPB alleged. To settle the allegations, the companies promised not to enter into any agreements with settlement service providers to endorse the use of their services and will pay a total of $85,000 in civil penalties, with one realtor chipping in an additional $145,000 in disgorgement.

As for the mortgage servicer, the Connecticut-based company took half the proceeds earned by the lender for the sale of each mortgage loan that originated as a result of its referral, the CFPB alleged, and accepted the return of the mortgage servicing rights of that borrower's new mortgage loan. The servicer also used "trigger leads" from one of the major consumer reporting agencies to target its marketing to consumers seeking to refinance, a use of credit reports prohibited by the Fair Credit Reporting Act (FCRA), the Bureau said.

The consent order with the servicer requires the company to provide $265,000 in redress and halt future violations of both RESPA and the FCRA.

Why it matters

The action "sends a clear message that it is illegal to make or accept payments for mortgage referrals," CFPB Director Richard Cordray said in a statement. "We will hold both sides of these improper arrangements accountable for breaking the law, which skews the real estate market to the disadvantage of consumers and honest businesses." The Bureau has taken aggressive action in both interpreting the anti-kickback provisions of RESPA and then enforcing RESPA's kickback prohibition on prior occasions, including a February 2015 action as well as the basis for the ongoing litigation against PHH Corporation.

back to top

Service Breakdown Costs Prepaid Card Company, Processor $13M

The Consumer Financial Protection Bureau (CFPB) entered into a Consent Order on January 31 with UniRush, a prepaid debit card company, and its processor over a breakdown in October 2015 that left RushCard holders unable to access their funds.

What happened

In October 2015, holders of the RushCard, a reloadable prepaid debit card, suddenly faced problems. Some consumers saw their balance drop to zero despite having money in the account; in other cases, direct deposits made to their accounts were returned while other consumers were completely locked out of their accounts even though funds were available.

According to UniRush, LLC, program manager for the RushCard, technical problems stemming from a switch in its payment processors was the cause of the problems faced by over 650,000 active cardholders. But the problems continued even for a few weeks after the conversion took place. As a result of a large number of consumer complaints, the CFPB started an investigation into the problems RushCard cardholders were experiencing.

As a result of the investigation, the Bureau concluded that there were "a rash of preventable failures" by UniRush and its processor, and ordered the companies to pay an estimated $10 million in restitution to affected customers as well as a $3 million civil penalty. Their failures "cut off tens of thousands of vulnerable consumers from their own money, and threw some into a personal financial crisis," CFPB Director Richard Cordray said in a statement. "The companies must set things right for consumers and make sure such devastating service disruptions are not repeated."

Despite the fact that the companies spent 13 months preparing for the switch to the new payment processing platform, the CFPB received hundreds of complaints from cardholders in the weeks that followed the change. The actions of the companies harmed tens of thousands of active cardholders, the CFPB alleged.

The CFPB claimed that UniRush did not accurately transfer all of the accounts to the new payment processer, leaving many consumers unable to access the funds stored on their cards for days or weeks. It also found that UniRush exacerbated the problem by delaying cash deposits, shutting off access to certain funds and failing to issue a working replacement card for consumers whose cards were lost or stolen during this period.

Of the 270,000 cardholders whose pay or government benefits were deposited onto the cards, an estimated 45,000 cardholders had their direct deposits delayed, while another 2,000 cardholders had their deposits improperly returned or not processed at all, the CFPB alleged. Some cardholder deposits were double-posted, some cardholders were incorrectly told their balance was zero when there were funds in the account, and other debit transactions were not promptly processed, leaving consumers with falsely inflated account balances that resulted in "thousands" of cardholders spending more than they had, the CFPB alleged.

Communication between the company and the processor was also problematic, the CFPB said, with the payment processor failing to ensure it sent accurate information to UniRush when it declined to authorize transactions. Finally, the CFPB chastised both companies for poor customer service. UniRush did not have adequate plans in place to handle the increased demand caused by the service disruptions, the CFPB alleged, and even though it hired additional personnel, it did not provide proper training. Cardholders waited on hold for hours during the breakdown and were often unable to obtain information about their funds and accounts, the CFPB claimed.

The CFPB took action under the Consumer Financial Protection Act, which prohibits unfair, deceptive or abusive acts or practices. Pursuant to the Consent Order, the companies must pay an estimated $10 million restitution to "tens of thousands" of cardholders who could not access their funds or who suffered other problems created by the breakdown. The amount to be received by any individual cardholder will range from $25 to $250, depending on the particular failure the cardholder experienced.

In addition, under the Consent Order, each company must institute, maintain and test a series of written policies and procedures, such as: avoiding program disruptions, providing for disaster recovery and contingency plans and ensuring that proper and accurate information is provided to cardholders. Also, they must improve their audit procedures and are required to submit to Board oversight.

Why it matters

The incident has drawn attention to problems consumers face with prepaid cards. In a press call about the $13.5 million deal, Cordray noted that the Bureau's Prepaid Card Rule is set to take effect in October 2017, adding that "we are putting the prepaid industry on notice that companies will face the consequences if consumers are denied access to their money or to the services they pay for and on which they have the right to depend."

Perhaps more significantly, the case has further defined the standards by which the CFPB measures what constitutes unfair, deceptive or abusive acts and practices. In the instant case, the failure to conduct adequate testing and preparation for conversion to a new processor, and poor administration of customer accounts post-conversion, were deemed unfair acts and practices under the statute.

back to top