Financial Services Law

CSBS Sues OCC Over Fintech Charters

An organization of state banking regulators hit the Office of the Comptroller of the Currency with a lawsuit, claiming the federal agency’s plan to issue fintech charters exceeds its authority.

What happened

While brewing for some time, the dispute can officially be traced back to December, when the OCC announced that it will consider applications from fintech companies seeking special purpose national bank (SPNB or fintech) charters, enabling the company to originate loans and access the payment system directly without relying on third-party banks. An OCC charter would further allow fintech companies to operate across the country without the need for a separate license in each state where customers are located.

After accepting comments on the proposal—ranging from staunch opposition to possible acceptance with some caveats and recommendations for the regulator—the OCC published draft licensing standards in March.

To be sure, much remains unclear about the OCC’s proposal, including capital requirements, access to the Federal Reserve discount borrowing window and other compliance requirements. It also remains unclear how the Trump administration plans to handle the fintech charter proposal, which was proposed under the leadership of the now-departed comptroller, Thomas Curry, an appointee of President Obama.

The draft supplement to the regulator’s licensing manual that explains how financial technology companies may seek SPNB charters was the final straw for one opponent. The Conference of State Bank Supervisors responded by filing a complaint in D.C. federal court accusing the OCC of going “far beyond” the authority granted to it by Congress.

Federal lawmakers imbued the OCC with the power to issue charters to firms that engage in deposit taking and other traditional banking activities—not for charters outside these boundaries, the CSBS argued. “[T]he OCC has, through its latest effort, created, without express statutory authorization, a new charter for nonbank companies that would not be engaged in deposit-taking and, thus, would not carry on either the business of banking or any expressly authorized special purpose,” the group alleged. On the other hand, the OCC proposal adopted the view that deposit taking was not an essential prerequisite to being a bank, provided the company undertook another fundamental function of banking, such as lending money.

“The OCC’s Nonbank Charter Decision exceeds the OCC’s authority under the [National Bank Act],” CSBS told the court. “Congress has never conferred upon the OCC the broad power to redefine the business of banking to exclude deposit taking, so as to enable the OCC to create new categories of charters for companies that do not engage in the business of banking. In fact, each time the OCC has attempted to issue such charters, the federal courts have struck down its efforts.”

State authorities have been successfully overseeing and regulating nonbank companies—including those viewed as fintechs—for many years, the complaint added, where in addition to various prudential requirements, those companies must meet state safety and soundness requirements and conform to both state and federal consumer protection and anti-money laundering laws.

By acting outside its statutory authority, the OCC has acted contrary to the National Bank Act (NBA) and the Administrative Procedure Act by failing to follow the required notice and comment procedures for agency rulemaking or conducting a cost-benefit analysis, CSBS alleged. The OCC also stated that approval criteria, supervisory requirements, acceptable activities of the charter holder and applicable federal banking laws will be determined on a case-by-case basis, eschewing comprehensive regulations, CSBS said.

“It is improper and unlawful for the OCC to handle this matter of fundamental importance to the U.S. banking and financial systems outside the agency rulemaking process established by the APA,” the group said. “The OCC has opted instead to approve nonbank charters pursuant to broadly worded policy statements that are subject to change at the whim of the agency and modification based on the type of business seeking a charter. The OCC likewise will incorporate otherwise inapplicable federal banking laws and protections on a confidential, non-transparent, case-by-case basis.”

An attempt at unauthorized pre-emption, the fintech charters also create conflict with state law and threaten to pre-empt state sovereign interests, CSBS told the court.

“Specifically, the OCC’s actions impede the states’ ability to continue their existing regulation of financial services companies within their borders and to enforce state laws designed to protect the consuming public and ensure the safety and soundness of nondepository companies,” the group alleged. “This also creates difficulties for the states in detecting unlicensed activity within their borders. Similarly, companies facing or at risk of state enforcement actions could escape state enforcement authority by obtaining a national charter.”

The complaint requests declaratory and injunctive relief setting aside the OCC’s charter decision as unlawful. It is unclear which argument will win out, although courts have typically sided with the OCC (and other agencies) when its actions do not clearly violate the statutory mandate. If that trend holds, it could be a long battle for the CSBS and state regulators, who are loath to cede control or see erosion of their current bank and financial oversight roles.

To read the complaint in CSBS v. OCC, click here.

Why it matters

Since the OCC announced its plan last year, the agency has received pushback and criticism, particularly from state regulators arguing that the federal agency’s charters would allow companies to potentially harm consumers by sidestepping state regulations. Now that the CSBS has thrown down the gauntlet with its federal court complaint, the industry should keep a close eye on developments.

back to top

CFPB Updates: Consumer Reporting Supervisory Highlights, Loss Over CID

In news at the Consumer Financial Protection Bureau, the agency released a special edition of its Supervisory Highlights focused on consumer reporting and was handed a major loss from the U.S. Court of Appeals for the D.C. Circuit in an attempt to enforce a civil investigative demand (CID).

What happened

A special 14th edition of the CFPB’s Supervisory Highlights reported examination findings in the area of consumer reporting, discussing the bureau’s experiences with both “consumer reporting companies” and furnishers, or the companies that provide information to CRCs.

As the first federal agency to have supervisory authority over many of the key institutions in the consumer reporting ecosystem, the CFPB explained it has worked to achieve its vision for the industry, rooted in the obligations and rights set forth in the Fair Credit Reporting Act (FCRA) and Regulation V: “A system where furnishers provide and CRCs maintain and distribute data that are accurate, supplemented by an effective and efficient dispute management and resolution process for consumers.”

Recent supervisory reviews of CRCs under the CFPB’s supervisory authority have emphasized accuracy throughout the life cycle of the data collected, maintained and used by the CRC. While the agency hailed “significant advances” that promote greater accuracy, it acknowledged that continued improvements are necessary.

Data accuracy for CRCs requires four key elements, the bureau said: data governance, quality control, public records oversight, and furnisher vetting and data monitoring.

Initial reviews of data accuracy revealed that many CRCs’ data governance functions were decentralized and had undefined responsibilities. But one or more CRCs have improved their policies and procedures and formalized a data governance program, the bureau reported, with personnel authorized and directed to oversee a centralized repository of data definitions, business rules and data quality rules, for example.

On the subject of quality control, follow-up reviews at one or more CRCs found improvements ranging from the establishment of “robust” quality control programs that regularly assess the accuracy of information included in consumer reports to enhancements in oversight of third-party public records providers. Changes have also been made in the way CRCs vet furnishers after the CFPB expressed concern that new furnishers were initially vetted but not subject to ongoing monitoring. Such oversight has been stepped up, the bureau said, with “improved” efforts at one or more CRCs to establish and implement enhanced controls, like review of an existing furnisher’s ability to maintain minimum data security standards.

The CFPB reviewed CRC policies and procedures to monitor furnisher dispute data as a component of CRCs’ data accuracy program (such as the use of data indicating that particular furnishers receive a higher rate of disputes from consumers under the FCRA, for example) and found that new procedures “improved furnishers’ dispute response levels.” However, the bureau noted that one or more CRCs has yet to implement policies or procedures to monitor furnisher dispute data.

Dispute handling and resolution was another focus of the CFPB’s supervision. CRCs have obligations under the FCRA to process and investigate consumer disputes, the bureau said, and prior Supervisory Highlights have shared improvement in industry processes such as online portals consumers can use to submit disputes and provide supporting documentation.

Building on this progress, the CFPB has kept its eye on “the dispute resolution procedures in place to conduct a reasonable investigation of consumers disputes and communicate the results of the investigation adequately to the consumer.” The bureau discovered failures at one or more CRCs to fulfill the obligation to complete a reasonable reinvestigation of an item contained in a consumer file (by relying entirely on the furnisher to investigate the dispute) and directed the CRCs to revise policies and procedures accordingly.

Other areas needing improvement: providing notice to furnishers of disputes and reporting the results of reinvestigations to consumers.

At furnishers, supervisory observations revealed weaknesses in compliance management systems as well as “numerous violations” of the FCRA and Regulation V that required corrective action. At one or more furnishers, bureau examiners discovered weak oversight by management and the board of directors over furnishing practices, no formal data governance program in place, and failure to update policies and procedures.

The CFPB also provided a laundry list of policies and procedures that one or more furnishers lacked, from handling the investigation of direct disputes from consumers to preventing duplicative or mixed file reporting. Furnishers were found similarly lacking in their compliance with Regulation V, the bureau added, and corrective actions were ordered with respect to maintaining records, internal controls for the accuracy of information furnished, and staff training.

One or more furnishers were found to have provided consumer information to CRCs “while knowing or having reasonable cause to believe that the information was inaccurate because the information furnished did not accurately reflect the information in the furnishers systems,” the bureau said, with errors such as consumers being delinquent or having no payment history. Furnishers were also tripped up by failures to report the results of direct dispute investigations to consumers and to comply with indirect dispute handling requirements.

To conclude the report, the CFPB emphasized that its work in the consumer reporting market remains a “high priority,” noting that CRCs and furnishers “lack incentives and under-invest in accuracy.”

“Overall, we are satisfied with the steady pace of progress in addressing weaknesses identified in Supervision’s first round of accuracy and dispute resolution reviews and will continue to work with supervised companies to ensure that they invest the necessary resources to solve compliance challenges,” the bureau wrote.

In other CFPB news, the D.C. Circuit refused to enforce a CID issued by the bureau to the Accrediting Council for Independent Colleges and Schools, reminding the agency of the limits of its enforcement powers. A nonprofit organization that accredits for-profit colleges in the United States, the ACICS received a CID from the agency in August 2015. The “Notification of Purpose” stated:

“The purpose of this investigation is to determine whether any entity or person has engaged or is engaging in unlawful acts and practices in connection with accrediting for-profit colleges, in violation of Sections 1031 and 1036 of the Consumer Financial Protection Act of 2010, 12 U.S.C. Sections 5531, 5536, or any other Federal consumer financial protection law. The purpose of this investigation is also to determine whether Bureau action to obtain legal or equitable relief would be in the public interest.”

ACICS petitioned the bureau to set aside or modify the CID but the agency refused, filing a petition for enforcement in federal court. A district court judge denied the petition, and the federal appellate panel affirmed.

The Consumer Financial Protection Act, which established the CFPB, provided the bureau with the authority to issue CIDs requiring the production of documents and oral testimony from “any person” it believes may be in possession of “any documentary material or tangible things, or may have any information, relevant to a violation” of the laws that the bureau enforces. “But there are real limits on any agency’s subpoena power,” the D.C. Circuit wrote. “The statutory power to enforce CIDs in the district courts entrusts courts with the authority and duty not to rubber-stamp the bureau’s CIDs, but to adjudge their legitimacy.”

Pursuant to the CFPA, “[e]ach [CID] shall state the nature of the conduct constituting the alleged violation which is under investigation and the provision of law applicable to such violation.” This provision “ensures that the recipient of a CID is provided with fair notice as to the nature of the Bureau’s investigation,” the court said. “Because the validity of a CID is measured by the purposes stated in the notification of purpose, the adequacy of the notification of purpose is an important statutory requirement.”

Considering the Notification of Purpose in the CID issued to ACICS, the panel found it “perfunctory” at best. “[T]he Bureau’s ability to define the boundary of its investigation does not absolve it from complying with the CFPA,” the court said. “We conclude that, as written, the Notification of Purpose fails to state adequately the unlawful conduct under investigation or the applicable law.”

The nature of the conduct under investigation was merely described as “unlawful acts and practices,” which failed to provide ACICS with sufficient notice as to the nature of the conduct and the alleged violation under investigation, the panel wrote, despite the statutory requirement to adequately inform the CID recipient of the link between the relevant conduct and the alleged violation.

“We cannot determine, for example, whether the information sought in the CID is reasonably relevant to the CFPB’s investigation without knowing what ‘unlawful acts and practices’ are under investigation,” the D.C. Circuit said. “That is to say, where, as in this case, the Notification of Purpose gives no description whatsoever of the conduct the CFPB is interested in investigating, we need not and probably cannot accurately determine whether the inquiry is within the authority of the agency and whether the information sought is reasonably relevant.”

Judged similarly inadequate was the CID’s description of “the provision of law applicable to such violation,” which broadly referenced “any other Federal consumer financial protection law.” Combined with the insufficient explanation of the conduct at issue, the CID told ACICS “nothing about the statutory basis for the Bureau’s investigation,” the panel said. “Indeed, were we to hold that the unspecific language of this CID is sufficient to comply with the statute, we would effectively write out of the statute all of the notice requirements that Congress put in.”

To read the CFPB’s Supervisory Highlights, click here.

To read the opinion in CFPB v. Accrediting Council for Independent Colleges and Schools, click here.

Why it matters

The CFPB said its emphasis on data accuracy and compliance management has shifted the perspective of the consumer reporting industry to one of “proactive attention to compliance, as opposed to a defensive, reactive approach in response to consumer disputes and lawsuits.” The bureau promised to continue its efforts, writing that it was “encouraged by some positive trends.” The CFPB’s focus on furnishers should be noted by those supplying information to CRCs.

While those in the consumer reporting industry can expect continued supervisory oversight, other entities may see changes as a result of the D.C. Circuit’s refusal to enforce a CID issued by the CFPB and in light of other recent CFPB reversals. Given the federal appellate panel’s conclusion that the bureau failed to comply with statutory requirements in its investigatory efforts, the agency might re-evaluate its approach to CIDs going forward.

back to top

Prepaid Card Company to Pay $53M to Settle FTC Charges

A prepaid card company agreed to pay the Federal Trade Commission $53 million to settle charges that the company tricked consumers about access to their funds.

What happened

Last December, the FTC sued a prepaid card company that markets, sells and services prepaid debit cards, manages cardholder accounts, processes card transactions, performs dispute and fraud management services, and handles customer service for cardholders.

The company’s prepaid debit cards—including general purpose reloadable cards—are sold nationwide. Consumers can load cash on the cards at retail locations and have their paychecks, government benefits and tax refunds deposited directly onto the cards. Consumers can use the cards as they would a credit or debit card to make purchases, withdraw cash and pay bills.

Targeting unbanked and underbanked consumers, the prepaid card company touted its cards as available for immediate use with guaranteed approval and provisional credit provided for disputed transactions, the FTC alleged.

Marketing materials for the cards emphasized that consumers would have immediate access to the funds deposited on the cards, with claims including “Ready to use? Immediately,” “Instant access to money with no holds, no waiting,” “Use it today!” and “No waiting!” Similar claims were made for the guaranteed approval of consumers, as well as the speed with which the prepaid card company addressed account errors and applied provisional credits for funds subject to such errors, according to the agency.

But the promises were deceptive, in violation of Section 5 of the Federal Trade Commission Act, the agency alleged.

“Despite these claims, many consumers have been unable to use their cards immediately or access funds on their cards, including for prolonged periods of time—sometimes as much as weeks, or at all, meaning they never regain access to their own money,” according to the complaint. “Despite the prepaid card company’s claim of ‘guaranteed approval,’ the prepaid card company’s approval is contingent upon consumers meeting unexpected requirements; ultimately, many consumers have not been approved, and have lost funds they have already placed on the cards.”

But the parties elected to settle the case with a stipulated order for permanent injunction and monetary judgment in the amount of $53 million entered in Georgia federal court. Pursuant to the agreement, the prepaid card company is prohibited from a laundry list of future misrepresentations.

Specifically, the defendants are banned from misrepresentations of any fact regarding the length of time or conditions necessary before prepaid products will be ready to use or consumers will have access to funds; any fact regarding the length of time or conditions necessary to gain approval to use a prepaid product (including that consumers are guaranteed approval); any fact regarding the protections consumers have in the event of account errors; and the comparative benefits of the defendants’ prepaid products versus debit card accounts or other payment methods.

The defendants are required to work with third parties to remove problematic marketing and advertising materials and submit to record-keeping requirements and compliance reporting to the agency for a period of 20 years.

In addition, the prepaid card company agreed to provide monetary relief totaling “no less than” $53 million. Of that total, $40 million is allotted for customers, to reimburse account balances and the fees associated with opening accounts, with the remaining $13 million paid to the FTC. Any money not used for equitable relief will be deposited to the U.S. Treasury as disgorgement.

Approval of the deal split the commission, passing by a vote of 2 to 1. Commissioner Terrell McSweeny filed a statement expressing her support for the agreement, writing that the facts outlined in the complaint “clearly support” the allegations that the prepaid card company made deceptive representations about its card and violated the FTC Act, and that the monetary relief “effectively address” the challenged conduct.

“General purpose prepaid cards, such as the prepaid card company cards, can provide significant benefits to consumers, especially those who may not participate in or have access to the traditional banking system,” McSweeny wrote. “Nevertheless, as our action against the prepaid card company underscores, all marketers must provide truthful and complete information to consumers about their products.”

Commissioner Maureen K. Ohlhausen, who was designated by President Trump as acting chair of the FTC on Jan. 25, dissented from the approval of the settlement, arguing that the majority failed to consider the context of the prepaid card company’s representations and ordered monetary relief unrelated to the prepaid card company’s allegedly deceptive advertising.

“Context often has a significant effect on what reasonable consumers take away from representations in advertising,” she said. “In the context of direct deposit advertising, reasonable consumers would interpret ‘immediate access’ to refer to the timesaving benefits of direct deposit as compared to 1) waiting for a paper check to be mailed, 2) physically depositing the check at the bank, and 3) waiting for the bank to make those funds available in an individual’s account.”

Consistent with this interpretation of the prepaid card company’s claims, “I believe that the overwhelming majority of consumers received their funds on their prepaid card company cards before or on the date when the payer made the funds available for transfer,” she wrote.

Ohlhausen also took issue with the monetary relief imposed by the agency, which she believed was “not sufficiently related” to the claims against the defendants. “Some consumers place money on a card but never activate it,” she said. “Based on the evidence I have seen, I do not believe that consumers abandoned such funds because of the prepaid card company’s allegedly deceptive advertising.”

To read the stipulated order as well as the statements from the commissioners, click here.

Why it matters

The deal is notable not just for its size and subject matter (the FTC efforts in the deceptive advertising realm do not typically focus on the prepaid card industry and certainly not to the tune of $53 million) but also for a demonstration of the split among commissioners. Acting Chair Ohlhausen has repeatedly emphasized her position that agency action must be based on actual consumer harm, which she did not find was demonstrated in the prepaid card company action. “When, as in this case, the FTC misses the mark in its deceptive advertising enforcement and instead prohibits or limits truthful claims, we harm consumers and competition,” she wrote in her dissenting statement.

back to top

OCC Publishes New Booklet on Retail Lending

The OCC published a new booklet discussing the risks associated with retail lending and providing a framework for evaluating retail credit risk and management activities.

What happened

Part of the Safety and Soundness Asset Quality category of the Comptroller’s Handbook, “Retail Lending” applies to examinations of all institutions engaged in retail lending, defined as “closed- and open-end credit extended to individuals for household, family, and other personal expenditures.” Retail lending products include consumer loans, credit cards, auto loans, student loans and loans to individuals secured by their personal residences, including first mortgage, home equity and home improvement loans.

“Because of the number of consumer protection laws and regulations, banks engaged in retail lending are highly vulnerable to compliance risk,” the OCC noted, in all eight categories of risk for bank supervision purposes (credit, interest rate, liquidity, price, operational, compliance, strategic and reputation).

The characteristics of an effective retail credit risk management framework include structured oversight by the board and senior management (with an established risk appetite and properly approved policies and procedures, such as approval of all credit policies at least annually) and clear and consistent policies and operating procedures, the OCC explained. “Lending policies and operating procedures help employees make consistent decisions, providing a sound foundation for sustainably profitable operations,” the agency wrote.

The framework should also feature a well-developed risk appetite, the booklet said, covering retail risk strategies, retail risk tolerances (that must be measurable), retail risk preferences, retail risk attractiveness and retail risk limits. Structured risk assessment, well-defined policy exception protocols, effective monitoring reports, and well-designed strategies and business plans are also key elements of the framework.

What criteria will examiners consider when evaluating retail credit originations, account management, collections, and portfolio management activities and processes? The OCC set forth the issues for review.

For example, when weighing the quantity of risk associated with retail credit activities, an examiner should evaluate changes to the size, composition, growth rate and performance of the retail portfolio since the last exam, the regulator explained, with consideration of changes in products, product mix, marketing channels, underwriting standards, operations or technology as well as changes in the composition or mix of performing loans.

Looking at the quality of risk, examiners should weigh whether the board has established an organizational structure responsible for monitoring retail credit risk across the bank that is commensurate with the size, complexity and risk profile of the portfolio. The OCC asked whether the retail credit risk governance program is explicit, well-documented and well-communicated, with a review of risk appetite statements to determine whether a clear link exists between the stated risk appetite and the products or market the bank pursues.

Also highlighted by the OCC: discussion of the objective of control functions commonly used in a retail lending business to measure performance, make decisions about risk, and assess the effectiveness of processes and personnel.

The guidance also provided examples, such as the risks a retail lender might consider during a credit risk assessment exercise and an Internal Control Questionnaire to help assess a bank’s standard controls that provide day-to-day protection of bank assets and financial records.

To access the “Retail Lending” booklet, click here.

Why it matters

Banks subject to OCC supervision should familiarize themselves with the new booklet, which supplements the core assessment sections of the “Large Bank Supervision,” “Community Bank Supervision” and “Federal Branches and Agency Supervision” booklets of the Comptroller’s Handbook. “Examiners should refer to the ‘Retail Lending’ booklet when specific retail lending products, services, activities or risks warrant review beyond the core assessment because they have a material impact on the risk profile and financial condition of national banks and federal savings associations,” the OCC noted.

back to top

New York Bank Must Face Class Action Over Transaction Ordering

A New York bank was unable to dodge a lawsuit accusing it of violations of state consumer protection law in the way it ordered customer transactions.

What happened

Josefina Valle and her son Wilfredo filed suit against the bank in November 2012, accusing it of engaging in a host of deceptive practices. After some pretrial wrangling, the trial court narrowed the dispute down to a single count under New York’s General Business Law Section 349 based on the alleged reordering of ATM transactions to maximize overdraft charges.

The bank moved to dismiss the suit, arguing that its actions did not violate the state law and that state banking regulations provide discretion to process transactions in the order selected by the bank. The trial court disagreed, denying the motion in February 2016, although it agreed with the bank that certain transactions cited by the Valles fell outside the applicable statute of limitations.

On appeal, a five-member panel unanimously affirmed.

“The complaint states a claim under General Business Law Section 349 by alleging that defendant employed a deceptive and misleading consumer-oriented policy, not disclosed to plaintiff, of high-to-low reordering of ATM transactions that resulted in plaintiffs’ being charged an additional overdraft fee on April 18, 2012,” the court wrote.

Finding the defendant’s contentions “unavailing,” the court found the plaintiffs backed up their claims with contentions about the bank’s inadequate balance information.

“The claim is also properly supported by allegations that defendant provided plaintiffs with inaccurate balance information, often showing a positive balance when in fact their account balance was negative, and failed to provide real-time notice that a given transaction would overdraw the account, despite the feasibility of doing so, and that these practices also resulted in additional overdraft fees,” the panel said.

To read the opinion, click here.

Why it matters

Providing an important lesson for banks, the appeals court wasted little ink on the dispute but did manage to make clear that the plaintiffs’ allegations of transaction reordering were strengthened by additional allegations of the bank’s inaccurate balance information, such as showing a positive balance when it was actually negative and failing to provide notice in real time that a transaction would overdraw the account.

back to top