Alston & Bird Consumer Finance Blog

Dodd-Frank Act

CFPB Issues Proposed Rule to Establish Public Registry of Supervised Nonbank Form Contract Provisions that Waive or Limit Consumers’ Legal Protections

By , , ,

A&B ABstract:

On January 11, 2023, the Consumer Financial Protection Bureau (the “CFPB” or “Bureau”) announced a proposed rule to establish a public registry and require  nonbanks supervised by the agency to register their use of certain terms and conditions contained in “take it or leave it” form contracts for consumer financial products or services that “attempt to waive consumers’ legal protections,” “limit how consumers enforce their rights,” or “restrict consumers’ ability to file complaints or post reviews” (the “Proposed Rule”).  The purpose of Proposed Rule’s registration system is to allow the CFPB to prioritize oversight of nonbanks that use the covered terms and conditions based on the agency’s perception these provisions pose risks for consumers.

The CFPB seeks public comment on the practical utility of collecting and publishing this information as well as ways to minimize the burden of the information collection on respondents. The comment period closes on April 3, 2023.

The Proposed Rule

The Proposed Rule would require annual registration by most nonbanks subject to the CFPB’s jurisdiction, with limited exceptions. “Specifically, a “supervised nonbank” would be defined to mean a nonbank covered person that is subject to supervision and examination by the Bureau, except to the extent that such person engages in conduct or functions that are excluded from the Bureau’s supervisory authority pursuant to 12 U.S.C. 5517 or 5519.  A “supervised nonbank” would include any nonbank covered person that (1) offers or provides a residential mortgage-related product or service, any private educational consumer loan, or any consumer payday loan, (2) is a larger participant engaged in consumer reporting, consumer debt collection, student loan servicing, international money transfers, and auto financing, or (3) is subject to a CFPB order issued pursuant to 12 U.S.C. 5514(a)(1)(C).

Those excluded from the scope of the Proposed Rule would include, among others, persons subject to CFPB supervision and examination solely in the capacity of a service provider; natural persons; persons with less than $1 million in annual receipts resulting from offering or providing all consumer financial products and services as relevant to the activities noted in (1) through (3) above.  Also exempt from the rule would be a person that has not, together with its affiliates, engaged in more than de minimis use of covered terms and conditions (i.e., fewer than 1,000 times in the previous calendar year) and a person that used covered terms or conditions in covered form contracts in the previous calendar year solely by entering into contracts for residential mortgages on a form made publicly available on the Internet required for insurance or guarantee by a Federal agency or purchase by Fannie Mae, Freddie Mac, or Ginnie Mae.

Under the Proposed Rule, a “covered term or condition” would be subject to the rule’s reporting requirements. A “covered term or condition” would be defined as “any clause, term, or condition that expressly purports to establish a covered limitation on consumer legal protections applicable to the offering or provision of any consumer financial product or service.” In turn, “covered limitation on consumer legal protections” would be defined to mean any covered term or condition in a covered form contract:

  • Precluding the consumer from bringing a legal action after a certain period of time;
  • Specifying a forum or venue where a consumer must bring a legal action in court;
  • Limiting the ability of the consumer to file a legal action seeking relief for other consumers or to seek to participate in a legal action filed by others;
  • Limiting liability to the consumer in a legal action including by capping the amount of recovery or type of remedy;
  • Waiving a cause of legal action by the consumer, including by stating a person is not responsible to the consumer for a harm or violation of law;
  • Limiting the ability of the consumer to make any written, oral, or pictorial review, assessment, complaint, or other similar analysis or statement concerning the offering or provision of consumer financial products or services by the supervised registrant;
  • Waiving, whether by extinguishing or causing the consumer to relinquish or agree not to assert, any other identified consumer legal protection, including any specified right, defense, or protection afforded to the consumer under Constitutional law, a statute or regulation, or common law; or
  • Requiring that a consumer bring any type of legal action in arbitration.

In the Proposed Rule, the CFPB acknowledges that there may be overlap in the types of covered terms and conditions, so some contract provisions may fall into more than one category.  The Proposed Rule currently proposes to limit the collection of terms and conditions that expressly attempt to establish the covered limitation.  Any contract containing a covered term would be considered a “form contract” provided it was (1) included in the original contract draft presented to the consumer, (2) was not negotiated between the parties, (3) is intended for repeated use in transactions between the company and consumers and contains a covered term or condition.

Supervised nonbanks covered by the Proposed Rule would be required to collect and submit this information through the CFPB’s registration system.  Under the Proposed Rule, the registry of terms and conditions would be publicly available, rather than limited to government regulators or CFPB staff.  The CFPB supports the public availably of this data on the grounds that it will lead to more informed consumers and provide other regulators the opportunity to identify covered terms and conditions that are explicitly prohibited by the laws they enforce or supervise.  The proposed format for the registry is similar to another recent CFPB proposed rule which proposes to establish a public registry of regulatory actions involving certain nonbanks subject to CFPB supervision. We previously discussed this proposed rule in another blog post.

CFPB’s Request for Comment on the Proposed Rule

The CFPB is seeking comment on a range of issues related to the Proposed Rule, including:

  • The prevalence of the covered terms and conditions;
  • Potential impacts of collecting and publishing this information;
  • Reasons why the information should not be publicly disclosed;
  • The burden of collecting and filing these provisions;
  • The use of form contracts purchased from third parties; and
  • Other entities that may be affected by the proposed rule.

The period for public comment ends on April 3, 2023.

Is the establishment of a Public Registry likely?

 The CFPB currently has thirty-seven (37) rules that have been proposed but not implemented, of which only five of were proposed since the start of the Biden Administration.  Most notably, neither the CFPB’s proposed rule for small business lending data collection from September 1, 2021 or its proposed rule for credit card late fees and late payments from June 22, 2022 have been finalized.  Since the substance of this rule is limited to the collection and publication of contract terms, rather than the prohibition of any behavior, enactment might be more likely.  The recent Fifth Circuit decision in Community Financial Services found the CFPB’s funding structure unconstitutional and vacated the agency’s Payday Lending Rule on those grounds.  Accordingly, any rule promulgated by the CFPB would likely be susceptible to legal challenges.

Takeaway

The Bureau’s focus on seeking public disclosure of covered terms and conditions reflects a continued focus on the content of form contracts used in connection with consumer finance products and services of nonbanks.  The public nature of the registry could lead to increased scrutiny of contract provisions from the Bureau, other regulators, and the public, increasing reputational risk to covered entities as well as the likelihood of heightened enforcement activity by Federal and State regulators. Accordingly, entities that would be subject to the Proposed Rule’s requirements should carefully review the Proposed Rule and consider commenting thereon.

Trends in Enforcement and Recommendations on Protecting Financial Institutions

By , ,

In his 2022 speech “Reining in Repeat Offenders” at the Distinguished Lecture on Regulation at the University of Pennsylvania Law School, the director of the Consumer Financial Protection Bureau (CFPB) stated that “[a]chieving general deterrence is an important goal for the CFPB” and “the role of individual liability cannot be discounted.” To that end, the CFPB recently proposed an enforcement order registry that would, among other things, require certain larger participant nonbanks subject to the CFPB’s supervisory authority to designate a senior executive who is responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the registry to attest regarding compliance with covered orders and submit an annual written statement attesting to the steps taken to oversee the activities subject to the applicable order for the preceding calendar year and whether the executive knows of any violations of, or other instances of noncompliance with, the covered order.

It is not surprising that one of the major questions that has arisen about financial institution (FI) insurance coverage is the extent of coverage for regulatory enforcement actions. Other questions arise in interpreting the scope of FI insurance coverage for terms such as a pending and prior claim, the performance of professional services, invasion of privacy (and whether data breaches are covered), and fraud. These terms can be particularly important in the heavily regulated financial services industry. Accordingly, financial institutions need to understand FI coverage options and the negotiable terms.

Are regulatory enforcement actions included in coverage terms?

Responding to inquiries from agencies such as the CFPB, Securities Exchange Commission (SEC), Department of Justice, attorneys general, and federal and state banking agencies can be disruptive and expensive. As a threshold matter it is important to understand the extent of insurance coverage, including the kind of inquiry that is covered. The first step is to make sure you understand which regulators are covered when there is an inquiry or enforcement action. Ideally, financial institutions would have coverage for claims from any federal or state agency.

Is there coverage for costs incurred in responding to informal inquiries?

For example, there may be coverage for an informal document request and employee interview by a government agency. Many policies now offer some coverage of a formal government agency civil investigative demand (CID) or subpoena to a financial institution, and it is important to understand the specific scenarios in which such a CID or subpoena is covered.

When facing an ongoing government investigation, is it subject to the excess policy’s “pending and prior claim” exclusion? 

In a recent case, the policy language provided that the excess policy did not apply to “any amounts incurred by the Insureds on account of any claim or other matter based upon, arising out of or attributable to any demand, suit or other proceeding pending or order, decree, judgment or adjudication entered against any Insured on or prior to July 31, 2011.” The court ruled that the parties had agreed to exclude from the excess policy coverage any claim as defined in the language of the primary policy.

The court also ruled that an ongoing SEC investigation, even though it was not being covered by any insurance policy, was a claim as defined under the primary policy and thus was subject to the pending and prior claim exclusion of the excess policy. This case emphasizes the importance of understanding the definitions of a claim within the relevant policies.

What are some considerations for losses arising out of the performance of professional services? 

Many FI policies have exclusions for loss arising out of the performance of professional services, which distinguish claims covered by a company’s errors and omissions (E&O) insurance. It is important to understand the effect of these exclusions, which are illustrated in recent court decisions.

In one recent case, a court held that a bank’s policy’s professional services exclusion precluded coverage for all insureds, not just those delivering the services. The exclusion in the case provided that there was no liability for claims “made against any Insured alleging, arising out of, based upon, or attributable to the Organization’s or any Insured’s performance of or failure to perform professional services for others….” The court held that the phrase “any Insured” made the insurer’s obligations jointly held, which prohibited recovery from any insured.

However, the policy at issue in this case did not have a severability provision. The court’s opinion suggests that a professional services exclusion in a policy with a severability provision would preclude coverage only for those who actually performed the professional services.

Another consideration is the broad language that was used in the clause in this case—it uses words like “arising out of,” “based upon,” or “attributable to” the professional services provided. Companies should ensure that the clause serves its purpose and does not preclude too much coverage.

Another issue involving professional services exclusions, particularly for banks, are fee cases. Overdraft fees, as well as a lot of other fees, including junk fees, have been a focus of regulators. One court has considered the question of insurance coverage for a bank’s obligation to repay overdraft fees. In this case, a bank customer filed suit against the bank, seeking relief from “unfair and unconscionable assessment and collection of excessive overdraft fees.” The bank filed suit against its insurer for refusing to pay defense costs in the lawsuit.

The policy at issue had a duty-to-defend clause covering claims “for a Wrongful Act committed by an Insured or any person for whose acts the Insured is legally liable while performing Professional Services, including failure to perform Professional Services.” However, the policy also had an exclusion “for Loss on account of any Claim … arising from … any fees or charges.” The court affirmed the denial of the companies’ entitlement to payment for defense costs, ruling that the fees exclusion absolved the carrier of an obligation to pay such costs. Cases like these reinforce the importance of understanding defense costs coverage for these kinds of overdraft fee cases.

How does an exclusion for invasion of privacy impact cyber breaches?

It is not uncommon for policies to have clauses that exclude claims based on invasion of privacy. Recent cases underscore the importance of understanding whether such clauses exclude coverage for claims in cyber breaches.

A court recently held that the Los Angeles Lakers were not entitled to insurance coverage for allegations that the team violated the Telephone Consumer Protection Act (TCPA). The court ruled that “because a [TCPA] claim is inherently an invasion of privacy claim, [the insurer] correctly concluded that the underlying [TCPA] claims fell under the Policy’s broad exclusionary clause.”

This decision could affect coverage of cyber-liability claims involving cybersecurity and data privacy, which are becoming increasingly common and which often touch on invasion of privacy issues. Companies should understand their exclusionary clauses on this score.

What is “final” for purposes of an insurance policy’s fraud exclusion?

Many FI insurance policies exclude coverage if the insured is found to have engaged in fraud. Often, the exclusion is only triggered after a “final” judicial determination that the excluded conduct has occurred. The issue of what a “final” determination is can affect the coverage for a claim.

Financial institutions should look for fraud exclusions in their FI policies to determine whether such exclusions refer to a “final, non-appealable adjudication” or a “final judgment.” In a New York state case, after a former CEO was sentenced for the commission of various fraud crimes, he filed an appeal of his convictions. While the appeal was still pending, however, his insurer asked to be relieved of its obligation to defend the plaintiff because the fraud exclusion in its policy was triggered upon a final judgment against its insured.

The former CEO filed suit against his insurer, but the appellate court affirmed the trial court’s ruling that the insurer was no longer obligated to pay his defense. The court held that the imposition of the criminal sentence was a “final judgment,” which appropriately triggered the fraud exclusion in the policy. The court explained that even if an appeal is successful, the finality of the sentence is not changed.

This case shows how important it is to understand the contours of a policy’s fraud exclusion.

Defense Costs: Duty to Defend v. Duty to Indemnify

Finally, a company needs to consider whether it wants to have primary control over the defense of a covered claim or wants the insurer to have primary control. An advantage of having the insurer control the defense—a “duty to defend” policy—is that the coverage requirements can be a bit more broad in many states. The main advantage of the company having primary control of the defense in a so-called “duty to indemnify” policy is that the company gets wider latitude in choosing lawyers that they trust and know to have the appropriate experience to handle the matter. Under either of these arrangements, the carrier would pay covered defense costs.

Conclusion

As trends in enforcement shift, it is increasingly important to understand liability coverage. Financial institutions should consider reaching out to experienced insurance brokers and attorneys to assist them in reviewing and analyzing the terms and features of their policies in the evolving enforcement climate.

CFPB Proposes Nonbank Registry to Focus on Compliance “Recidivism”

By , ,

A&B ABstract:

On December 12, 2022, the Consumer Financial Protection Bureau (CFPB) announced a proposed rule to require certain non-banks to register with the agency when they become subject to a public written order or judgment imposing obligations based on violations of certain consumer protection laws. The CFPB also proposes to maintain a public online registry of those nonbanks subject to agency or court orders, to “limit the harms from repeat offenders.” We provide below a description of the CFPB’s proposed rule, along with the potential implications for the financial services industry.

Background on Proposed Rule

Earlier this year, CFPB Director Rohit Chopra presented remarks at the University of Pennsylvania, where he asserted that “[c]orporate recidivism has become normalized and calculated as the cost of doing business; the result is a rinse-repeat cycle that dilutes legal standards and undermines the promise of the financial sector and the entire market system.” To address this problem, Director Chopra suggested establishing “dedicated units in our supervision and enforcement divisions to enhance the detection of repeat offenses and corporate recidivists and to better hold them accountable.” With respect to accountability for “serial offenders of federal law,” Director Chopra warned that the CFPB would be focusing on “remedies that are more structural in nature,” including “limits on the activities or functions” of the entity.

Subsequently, in November 2022, and leading up to the proposed rule, the CFPB announced, as part of its Supervisory Highlights, that it would be establishing a Repeat Offender Unit as part of its supervision program. The Repeat Offender Unit would be focused on: reviewing and monitoring the activities of “repeat offenders;” identifying the root cause of recurring violations; pursuing and recommending solutions and remedies that hold entities accountable for failing to consistently comply with Federal consumer financial law; and designing a model for order review and monitoring that reduces the occurrences of repeat offenders. The Bureau asserts that its authority for these efforts, along with any proposed rulemaking, is derived from the Consumer Financial Protection Act’s mandate that the Bureau “monitor for risks to consumers in the offering or provision of consumer financial products or services” and “gather information from time to time regarding the organization, business conduct, markets, and activities of covered persons and service providers.” See 12 U.S.C. § 5512(c)(1), (4).

Proposed Requirements

The CFPB’s proposed rule would require certain nonbanks covered person entities (with exclusions for insured depository institutions, insured credit unions, related persons, States, certain other entities, and natural persons) to register with the Bureau upon becoming subject to a public written order or judgment imposing obligations based on violations of certain consumer protections laws. Such entities would be required to register in a system established by the Bureau, provide basic identifying information about the company and the order (including a copy of the order), and periodically update the registry for accuracy and completeness. For purposes of the proposed rule, “covered person” would have the same meaning as in 12 U.S.C. § 5481(6). Further, “service providers” would be deemed covered persons to the extent that they engage in the offering or provision of their own consumer financial product or services or where they act as service providers to covered person affiliates.

In addition, certain larger participant nonbanks subject to the Bureau’s supervisory authority would be required to designate a senior executive, who is responsible for and knowledgeable of the nonbank’s efforts to comply with the orders identified in the registry, to attest regarding compliance with covered orders and submit an annual written statement attesting to the steps taken to oversee the activities subject to the applicable order for the preceding calendar year, and whether the executive knows of any violations of, or other instances of noncompliance with, the covered order.

Further, the CFPB is considering whether to release, via its publicly available website, the above registry information for non-banks.

Implications for Non-Banks

While the CFPB’s proposed enforcement order registry would provide greater transparency about a lender’s regulatory track record to the various federal and state regulators and the general public, it remains to be seen how the information maintained in this registry might be used against lenders. At a minimum, however, the proposed rule raises the following significant implications for non-banks:

  • Supervision and examination considerations. The CFPB intends to use the information in the registry to coordinate its “risk-based supervisory prioritization,” for those non-bank markets covered by the Bureau’s supervision and examination authority under CFPA section 1024(a). Thus, entities with a local, state, or federal prior enforcement order may be subject to more targeted supervision.
  • Investigation and enforcement presumptions. The CFPB intends to use the information in the registry in connection with its investigation and potential enforcement activities, which presents various risks, including:
    • Increased civil money penalties. Specifically, the CFPB believes that the information contained in the proposed registry can assist the agency in determining the civil penalties that may be assessed for a future violation of federal consumer financial law, given that federal law permits the CFPB to consider the entity’s “history of previous violations.” Indeed, it is possible that the CFPB may use evidence of prior enforcement against an entity, brought by itself or another agency, to establish that the entity acted knowingly or recklessly in violating federal consumer financial law, perhaps even where the prior enforcement order involved a different consumer-related issue.
    • Presumption of consumer harm. Further, the CFPB believes there is a “heightened likelihood” that entities that are subject to public orders relating to consumer financial products and services may pose risks to consumers in the markets for those products and services, since entities that have previously been subject to enforcement actions “present an increased risk of committing violations of laws.” Thus, there may be a presumption of consumer harm against an entity where a prior enforcement order exists. Yet this approach by the CFPB likely will overstate the actual harm to consumers, as most consent orders do not contain an admission by the entity of any liability or wrongdoing.
  • Increased reputational risk. Given that the CFPB maintains Memoranda of Understanding with federal parties (such as the Federal Trade Commission and the U.S. Department of Justice), as well as with at least 20 state attorneys general offices, it appears that the information reported to the registry already would be available to such agencies. However, the registry will permit all agencies, as well as the general public, a readily accessible, one-stop shop to an entity’s entire enforcement track record, which may present significant reputational risk to that entity, as well as a potentially increased risk of class action lawsuits and other consumer claims.
  • Facilitating of private enforcement. The CFPB believes that the proposed registry may “facilitate private enforcement of the Federal consumer financial laws by consumers, to the extent those laws provide private rights of action, where consumers have been harmed by a registered nonbank.” In other words, the “information that would be published under the proposal might be useful in helping consumers understand the identity of a company that has offered or provided a particular consumer financial product or service, and in determining whether to file suit or otherwise make choices regarding how to assert their legal rights.”

Takeaway:

Given the significant implications raised by the CFPB’s proposed rule, non-bank financial institutions should consider submitting comments, which are due 60 days after publication in the Federal Register. In particular, the CFPB seeks comment on “its preliminary conclusion that collecting and registering public agency and court orders imposing obligations based upon violations of consumer law would assist with monitoring for risks to consumers in the offering or provision of consumer financial products and services.” The CFPB also seeks comment on “whether the types of orders described in the proposal, and the types of information that would be collected about those orders and covered nonbanks under the proposal, would provide useful information to the Bureau,” as well as “any other risks that might be identified through collecting the information described in the proposal.” Finally, the Bureau seeks comment on whether it should consider collecting any other information in order to identify risks to consumers associated with orders.

HELOCs On the Rise: Is Your Servicing CMS Ready?

By ,

A&B ABstract:

The Consumer Financial Protection Bureau (“CFPB” or “Bureau”) has moved to clarify its regulatory authority at a time when the economic climate is ripe for a resurgence in HELOC lending. In an amicus brief filed by the CFPB on November 30, 2022 (the “Amicus Brief”), the Bureau acknowledged that its Mortgage Servicing Rules, which, in 2013, amended Regulation X, RESPA’s implementing regulation, and Regulation Z, TILA’s implementing regulation, do not apply to home equity lines of credit (“HELOCs”).  This is consistent with the Bureau’s guidance in the preamble to the CFPB Mortgage Servicing Rules under RESPA, wherein the Bureau recognized that HELOCs have a different risk profile, and are serviced differently, than first-lien mortgage loans, and that many of the rules under Regulation X would be “irrelevant to HELOCs” and “would substantially overlap” with the longstanding protections under TILA and Regulation Z that apply to HELOCs.

During this past refinance boom, consumers refinanced mortgage loans at record rates. Moreover, according to a recent report by the Federal Reserve, consumers are sitting on nearly 30 trillion dollars in home equity.  HELOCs allow consumers the opportunity to extract equity from their homes without losing the low interest rate on their first-lien loan. Generally, a HELOC is a revolving line of credit that is secured by a subordinate mortgage on the borrower’s residence that typically has a draw period of 5 or 10 years.  At the end of the draw period, the outstanding loan payment converts to a repayment period of 5 to 25 years with interest and principal payments required that fully amortize the balance.

Issues to Consider in Servicing HELOCs

Servicing HELOCs raise unique issues given the open-end nature of the loan, the typical second lien position, and the different regulatory requirements.  HELOC servicers will need to ensure their compliance management systems (“CMS”) are robust enough to account for a potential uptick in HELOC lending. Among many other issues, servicers will want to ensure their operations comply with several regulatory requirements, including:

Offsets: In the Amicus Brief, the CFPB argues that HELOCs accessible by a credit card are subject to the provisions of TILA and Regulation Z that prohibit card issuers from using deposit account funds to offset indebtedness arising out of a credit card transaction.

Disclosures: Long before the CFPB Mortgage Servicing Rules, TILA and Regulation Z contained disclosures applicable to HELOCs. As a result, the provisions of the CFPB Mortgage Servicing Rules under Regulation Z governing periodic billing statements, adjustable-rate mortgage (ARM) interest rate adjustment notices, and payment crediting provisions do not apply to HELOCs as these provisions are specifically limited to closed-end consumer credit transactions. However, the payoff statement requirements under Regulation Z are applicable both to HELOCs and closed-end consumer credit transactions secured by a dwelling. In addition to certain account-opening disclosures, a HELOC creditor (or its servicer) must make certain subsequent disclosures to the borrower, either annually (e.g., an annual statement) or upon the occurrence of a specific trigger event, such as the addition of a credit access device, a change in terms or change in billing cycle, or a notice to restrict credit. It is also worth noting that Regulation Z’s mortgage transfer notice (commonly referred to as the Section 404 notice) applicable when a loan is transferred, sold or assigned to a third party, applies to HELOCs. In contrast, RESPA’s servicing transfer notice does not apply to HELOCs.

Periodic Statements: TILA and Regulation Z contain a different set of periodic statement requirements, predating the CFPB Mortgage Servicing Rules, which are applicable to HELOCs. Under TILA, a servicer must comply with the open-end periodic statement requirements. That is true even if the HELOC has an open-end draw period followed by a closed-end repayment period, during which no further draws are permitted. Such statements can be complex given that principal repayment and interest accrual vary based on draws; there will be a conversion to scheduled amortization after the draw period ends; and balloon payments may be required at maturity, resulting in the need for servicing system adjustments.

Billing Error Resolution: Instead of having to comply with the Regulation X requirements for notices of error, HELOCs are subject to Regulation Z’s billing error resolution requirements.

Crediting of Payments: A creditor may credit a payment to the consumer’s account, including a HELOC, as of the date of receipt, except when a delay in crediting does not result in a finance or other charge, or except as otherwise provided in 12 C.F.R. § 1026.10(a).

Restrictions on Servicing Fees: Regulation Z restricts certain new servicing fees that may be imposed, where such fees are not provided for in the contract, because the credit may not, by contract or otherwise, change any term except as provided in 12 C.F.R § 1026.40.  With the CFPB’s increased focus on fees, this provision may be an area of focus for the Bureau and state regulators.

Restriction on Changing the APR: The creditor may not, by contract or otherwise, change the APR of a HELOC unless such change is based on an index that is not under the creditor’s control and such index is available to the general public.  However, this requirement does not prohibit rate changes which are specifically set forth in the agreement, such as stepped-rate plans or preferred-rate provisions.

Terminating, Suspending or Reducing a Line of Credit: TILA and Regulation Z restrict the ability of the creditor to prohibit additional extensions of credit or reduce the credit limit applicable to an agreement under those circumstances set forth in 12 C.F.R § 1026.40.  Similarly, TILA and Regulation Z impose restrictions on when the creditor may terminate and accelerate the loan balance.

Rescission: Similar to closed-end loans, the consumer will have a right of rescission on a HELOC; however, the right extends beyond just the initial account opening. During the servicing of a HELOC, the consumer has a right of rescission whenever (i) credit is extended under the plan, or (ii) the credit limit is increased. But there is no right of rescission when credit extensions are made in accordance with the existing credit limit under the plan. If rescission applies, the notice and procedural requirements set forth in TILA and Regulation Z must be followed.

Default: Loss mitigation and default recovery actions may be limited by the firstien loan. That’s because default or acceleration of the first-lien loan immediately triggers loss mitigation and default recovery to protect the second-lien loan.  The protection of the second-lien loan may involve advancing monthly payments on the first-lien loan.  Foreclosure pursued against the first-lien loan will trigger second lien to participate and monitor for protection and recovery. Even though not applicable to HELOCs, some servicers may consider complying with loss mitigation provisions as guidelines or best practices.

ECOA and FCRA: Terminating, suspending, or reducing the credit limit on a HELOC based on declining property values could raise redlining risk, which is a form of illegal disparate treatment in which a lender provides unequal access to credit or unequal terms of credit because of a prohibited characteristic of the residents of the area in which the credit seeker resides or will reside or in which the residential property to be mortgaged is located. Thus, lenders and servicers should have policies and procedures in place to ensure that actions to reduce, terminate or suspend HELOCs are carried out in a non-discriminatory manner.  Relatedly, the CFPB’s authority under the Dodd-Frank Act to prohibit unfair, deceptive or abusive acts or practices will similarly prohibit certain conduct in connection with the servicing of HELOCs that the CFPB may consider to be harmful to consumers.  It is also important to remember that ECOA requires that a creditor notify an applicant of action taken within 30 days after taking adverse action on an existing account, where the adverse action includes a termination of an account, an unfavorable change in the terms of an account, or a refusal to increase the amount of credit available to an applicant who has made an application for an increase.  Similar to ECOA, FCRA also requires the servicer to provide the consumer with an adverse action notice in certain circumstances.

State Law Considerations: And let’s not forget state law issues. While most of the CFPB’s Mortgage Servicing Rules do not apply to HELOCs, many state provisions may cover HELOCs.  As most HELOCs are subordinate-lien loans, second lien licensing law obligations arise. Also, sourcing, processing and funding draw requests could implicate loan originator and/or money transmitter licensing obligations. Also, at least one state prohibits a licensee from servicing a usurious loan.  For HELOCs, the issue is not only the initial rate but also the adjusted rate (assuming it is an ARM).  There may also be state-specific disclosure obligations, as well as restrictions on product terms (such as balloon payments or lien releases), fees, or credit line access devices, to name a few.

Takeaway

The servicing of HELOCs involve many of the same aspects as servicing first-lien residential mortgage loans.  However, because of the open-end credit line features and the typical second-lien position, there are several unique aspects to servicing HELOCs.  And, because there are no industry standard HELOC agreements, the terms of the HELOC (e.g., the length of draw and amortization periods, interest-only payment features, balloon, credit access, etc.) can vary greatly.  The economic climate is poised for a resurgence in home equity lending.  Now is the time to ensure your CMS is up to the task.

 

CFPB Sues MoneyLion over Membership Program, Uses Military Lending Act as Hook

By ,

A&B Abstract:

On September 29, 2022, the Consumer Financial Protection Bureau (“CFPB”), sued MoneyLion Technologies Inc. and 37 of its subsidiaries (“MoneyLion”) in New York federal court for violations of the Military Lending Act (the “MLA”) and Consumer Financial Protection Act (“CFPA”).

The Allegations

The CFPB alleges that MoneyLion offered installment loans that consumers could not access unless they enrolled in a membership program with monthly membership fees.  While MoneyLion represented to consumers that they “had the right to cancel their memberships for any reason,” it “maintained a policy prohibiting consumers with unpaid loan balances from canceling their memberships.”

According to the CFPB, MoneyLion’s membership model resulted in violations of the MLA’s 36% APR cap.  Under the MLA’s implementing regulation, APR is calculated as including “fee[s] imposed for participation in [an] arrangement for consumer credit.”  Based on this, the CFPB argues that the membership fees MoneyLion required servicemembers to pay to gain access to installment loans must be included in those loans’ APR.  If correct, those loans’ APR would unlawfully exceed 36%.

The CFPB also alleges that the installment loans to servicemembers violated the MLA by containing unlawful arbitration clauses and failing to contain required disclosures.

Lastly, the CFPB alleges that MoneyLion’s membership model resulted in unfair, deceptive, and abusive acts or practices under the CFPA. Particularly, the CFPB alleges that MoneyLion misled and injured consumers by representing to consumers that they had the right to cancel their memberships when, in fact, they did not.

Takeaways

The MoneyLion suit serves as a good reminder that every lending program should: (i) account for the additional protections provided to uniquely situated borrowers, such as servicemembers under the MLA; (ii) scrutinize any fees paid by consumers that could be viewed as increasing a loan’s APR; and (iii) review representations they make to consumers to align with the commercial realities and the regulatory requirements of the products they offer.