CFPB Enforcement Continues under Acting Director Mulvaney, Including Against Individuals: But “Responsible Conduct” Gets Attention

Since Acting Director Mulvaney took the helm of the Bureau of Consumer Financial Protection (CFPB) in November 2017, many have questioned whether the CFPB would continue its prior level of enforcement.  Although the CFPB has dropped some high profile lawsuits and investigations under Acting Director Mulvaney, it appears that the CFPB is pursuing other enforcement actions at a significant pace.  The CFPB has issued at least six settlements so far in 2018, including three in June and two in July. 

While this is an indication that the CFPB under Acting Director Mulvaney is still utilizing its enforcement powers, these actions most likely stem from investigations started under former Director Cordray.  It remains to be seen how many new investigations and enforcement actions have been started since Mulvaney became Acting Director.  Further, a new permanent Director could put in place a different policy towards the agency’s use of its enforcement powers.  But we can at least see from this June and July that the CFPB continues to pursue enforcement cases. 

Below, we highlight three recent enforcement actions that show the CFPB is enforcing in different areas of law and for different products.  The first illustrates that engaging in “responsible conduct” (including self-reporting, voluntary restitution, and cooperation with the CFPB, as described in the CFPB’s Bulletin 2013-06) can positively affect the outcome of an enforcement action, in this case resulting in no civil money penalty. 

The last two actions discussed show that, under Acting Director Mulvaney, certain cases can still result in enforcement actions against individuals and include bans from the industry. 

Large National Bank under the CARD Act

The CFPB, on June 29, issued a Consent Order against Citibank, N.A. for failing to reevaluate and reduce the APRs for about 1.75 million consumer credit card accounts as required in violation of the Credit Card Accountability Responsibility and Disclosure Act of 2009 (“CARD Act”) amendments to the Truth in Lending Act.  The CFPB also found that the bank failed to maintain reasonable policies and procedures about APR reevaluations as required.  The consent order requires the bank to pay $335 million in restitution to consumers affected by these practices. The bank must also submit a compliance plan within 60 days.

The CARD Act requires creditors to periodically reevaluate APRs based on certain factors for credit card accounts on which they have increased the APRs, including after imposing default APRs, and maintain reasonable policies and procedures on conducting the reevaluations.  Creditors are generally required to conduct APR reevaluations at least every six months after the rate increase.

The CFPB found that the bank conducted APR reevaluations, but did not apply the required factors correctly, which resulted in overcharges to consumers. The CFPB found several errors that generally involved using criteria that did not align with criteria used for underwriting new accounts or improperly applying the criteria, including an incorrect calculation of the consumer’s ability to pay and incorrect use of FICO scores.

We are often asked about the advantages and disadvantages of self-identifying violations to the CFPB (as well as voluntary corrective action and restitution).  It seems that in this case, self-identification and other “responsible conduct,” enabled the bank to avoid a civil money penalty, at least on top of the substantial restitution payment.  The CFPB noted in its order that the bank originally uncovered the violations in 2016, self-reported the deficiencies to the CFPB, and began providing voluntary restitution in early 2017.  The CFPB apparently took this conduct into account, as described in Bulletin 2013-06, noting in its announcement that, “the Bureau did not assess civil money penalties based on a number of factors, including that Citibank self-identified and self-reported the violations to the Bureau, and self-initiated remediation to affected consumers.”  This enforcement action is worth keeping in mind when evaluating whether to self-identify violations to the CFPB. 

You can find the CFPB’s announcement here:

National Credit Adjusters, LLC and its Former CEO under FDCPA and UDAAP

The CFPB, on July 13, issued a Consent Order against National Credit Adjusters, LLC and its part-owner and former CEO, Bradley Hochstein.  The CFPB found NCA maintained a network of debt collection agencies that used unlawful debt collection practices that harmed consumers in violation of the Fair Debt Collection Practices Act and the CFPB’s prohibition against unfair, deceptive, or abusive acts or practices.  The Consent Order imposed a $3 million civil money penalty against each of NCA and Hochstein, but suspended part of the payment if NCA and Hochstein pay $500,000 and $300,000 penalty, respectively.

According to the CFPB, NCA used collection agencies that told consumers they owed more than they were legally required to pay, and threatened consumers with lawsuits, visits from process servers, and arrest, when they did not have the legal authority to take those actions.  In addition, NCA continued to sell debt portfolios to these debt collection companies even with knowledge, or reckless disregard, of the harmful debt collection practices.  The CFPB pointed to a number of factors that added to NCA’s fault, including that NCA’s compliance personnel recommended that NCA sever its relationship with the debt collection companies due to their illegal collection acts and practices.  However, NCA and Hochstein continued placing accounts with the debt collectors. NCA also provided “critical assistance” to the debt collection companies, including drafting their policies and procedures to give a false impression the debt collectors complied with federal law.

Notably, the CFPB named Hochstein individually in the Consent Order due to his “managerial responsibility for NCA” and “direction and oversight” of NCA’s debt collection activities.

As a result, NCA and Hochstein are barred from certain collection practices, and Hochstein is permanently barred from working in any business that collects, buys, or sells consumer debt.

You can find the CFPB’s announcement here:

Settlement with Individual Defendant in Hydra Group Lawsuit

Also, on July 23, in a lawsuit the CFPB filed back in 2014 involving alleged violations by an online payday lender, the CFPB entered a stipulated final judgment and order against one of the individual defendants in the case with a civil money penalty of $1.  While that may sound small, there was also a five-year broadly worded ban from the industry, and requirements for full cooperation with the CFPB in its continuing investigation against the other defendants, and ongoing reporting for five years covering the individual’s compliance and other business activities.


The CFPB continues enforcement actions under Acting Director Mulvaney.  While, these enforcement actions likely involved investigations that began under former Director Cordray, Acting Director Mulvaney apparently approved these particular actions moving forward.  Moreover, these actions include orders against individuals that included civil money penalties and bans from business. 

Only time will tell whether and at what pace the CFPB will initiate new investigations.  It also remains to be seen how a new permanent Director, including, if confirmed, the President’s recent nominee, Kathy Kraninger (current Associate Director at the Office of Management and Budget), will place on enforcement.  In the meantime, however, lenders should continue to proceed with caution and take compliance seriously.

CFPB’s Statement about Partial HMDA Exemptions Added by S.2155

The Bureau of Consumer Financial Protection (CFPB) on July 5, 2018 issued a statement on the new “partial” exemptions from HMDA that were added by section 104 of S.2155, the Economic Growth, Regulatory Relief, and Consumer Protection Act (the “Act”), which was signed into law on May 24, 2018.  The CFPB’s statement briefly described the scope of the exemptions, and stated it will provide further guidance on the applicability of the Act to HMDA data collected in 2018 later this summer. 

The Act’s partial exemptions from HMDA apply to insured depository institutions and insured credit unions as follows: (1) to closed-end mortgage loans, if the institution originated fewer than 500 closed-end loans in each of the two preceding calendar years; and (2) to open-end lines of credit, if the institution originated fewer than 500 open-end lines of credit in each of the two preceding calendar years. 

The Act exempts such institutions from the “requirements of [HMDA section 304(b)(5) and (6), 12 U.S.C. § 2803(b)(5) and (6)]” for such transactions.  These are the new statutory provisions the Dodd-Frank Act added to HMDA that mandate the new data points that are required by the CFPB’s 2015 HMDA rule.  Institutions subject to the exemption are not required to collect or report the new data points, such as the ULI, credit score and model, rate spread, and the AUS.  But note that such institutions would remain otherwise subject to HMDA reporting.  The CFPB acknowledged in its statement that, “for these transactions, those institutions are exempt from the collection, recording, and reporting requirements for some, but not all, of the data points specified in current Regulation C.” 

Interestingly, these new Dodd-Frank Act statutory provisions give the CFPB discretionary authority to require other information not expressly mandated by HMDA, which the CFPB used to modify the requirements for certain former data points, such as the loan purpose, lien status, and denial reason.  It will be interesting to see whether and how this “partial exemption” will be applied by the CFPB to these data points that it modified using this discretionary authority. 

Also note that in December 2017, the CFPB issued a statement that it intended to issue a proposed rule to “reconsider” the “rule's discretionary data points.”  The CFPB’s Spring 2018 regulatory agenda has a proposed rule under HMDA scheduled for January 2019.  It is possible that the CFPB could roll back the new and modified data points that it added under its discretionary authority.

The CFPB also noted that the format and submission of LARs would not be impacted by the exemptions. Institutions filing HMDA data collected in 2018 will report under the previously-released 2018 Filing Instructions Guide (“FIG”).  But the CFPB plans to release a revised FIG later this summer with exemption codes that institutions subject to the partial HMDA exemptions would use for exempt data points. A beta version of the HMDA Platform for 2018 data will be available later this year so filers can test the submission of data collected in 2018.

You can access the CFPB’s statement here:  Also note that federal banking agencies have issued similar statements as well.

Please let me know if you have any questions or would like to discuss.

CFPB's Spring 2018 Regulatory Agenda

The CFPB announced its Spring 2018 rulemaking agenda on May 10, 2018.  The agenda sets forth the regulatory activities the Bureau expects to consider during the next year, and the expected dates of action.  There are some notable entries and omissions that I'd like to highlight for you in this post.   

HMDA “Reconsideration” Proposed Rule.  The agenda has an entry for the HMDA “reconsideration” rule that the CFPB announced in December 2017.  In that announcement, the CFPB stated that it planned to “reconsider” aspects of the HMDA rule, including the scope of the rule and the rule’s discretionary data points.  It is good news to see this rule on the agenda, but note that the proposed rule isn’t expected until January 2019.  It would seem unlikely the CFPB could finalize any amendments before the new data will need to be reported in 2019.  This means that lenders should be prepared to fully comply with the new HMDA rule and ensure the data they submit is accurate. 

Business Loan Data Collection Rule.   The agenda retains an entry for a rulemaking to implement Dodd-Frank Act section 1071, which added section 1691c–2 to ECOA requiring the CFPB to issue rules creating a data collection and reporting requirement for small, women-owned, and minority-owned business loans, similar to HMDA.  The agenda lists this entry with “prerule activities” scheduled for March 2019, which may mean a small business review panel under SBREFA.  Note that the CFPB issued a Request for Information for this rulemaking in May 2017.  The comment period closed in September 2017.  It is noteworthy that the CFPB is continuing to work on this rulemaking, which could create a substantial new regulatory burden. 

Larger Participant Rule for Personal Loans.   The CFPB had been working on a rulemaking to give itself supervisory authority over larger participants in the consumer installment and vehicle title loan markets, using authority under the Dodd-Frank Act.  The previous Fall 2017 agenda had this rulemaking slated for a proposed rule this May 2018.  But this most recent Spring 2018 agenda has not only taken this rule off the back burner, but taken it off the stove entirely, placing it on an “inactive list.”  This is a win for fintech and other unsecured lenders, such as marketplace lenders, because CFPB supervision would have exposed them to potentially far greater compliance liability and costs, e.g., under TILA and fair lending.  Still, we are hearing ever more about aggressive state regulators trying to fill in where any CFPB gaps arise.

You can find the CFPB’s agenda here:

There are other interesting entries and omissions on the CFPB’s new agenda.  Let us know if you’d like to discuss. 


CFPB Issues TRID Black Hole Final Rule

The Bureau of Consumer Financial Protection (CFPB) issued its long-awaited Black Hole final rule today, eliminating one of the major headaches of the TRID rule.  Specifically, the final rule amends TRID to allow lenders to disclose revised estimates for resetting the tolerances on any Closing Disclosure (including the initial and corrected CDs), without regard to how many business days before closing the change occurred.  The rule is effective 30 days after publication in the Federal Register without regard to whether an application was received on or after the effective date.  This represents a solid victory for the industry, thanks to the efforts of the major trade associations and a number of individual institutions.  You can access the final rule here:

I want to highlight an issue that could be a cause for concern, which relates to the accuracy of the CD.  As you may know, the Black Hole provision has the effect of disincentivizing lenders from providing the initial CD very early in the transaction, because doing so can create a long period of time that falls in the Black Hole, meaning the lenders would have to absorb legitimate cost increases during this long period.  Some commenters to the proposed rule cautioned the CFPB against eliminating this disincentive, because lenders might provide CDs very early in the process with largely inaccurate information, possibly as early as the day after the initial LE is provided, which could cause consumer confusion and other market issues. 

The CFPB, in response to these concerns, stated in the preamble that it believes the existing accuracy standard for the CD will prevent lenders from providing the CD very early.  The CFPB clarified that the accuracy standard that applies to any estimated information on the CD is the “best information reasonably available” standard, and cautioned that this standard requires lenders to perform “due diligence” to obtain information before providing any CD.  The preamble references an existing commentary example of a lender that does not request the actual cost of the lender’s title insurance policy from the title company before providing a CD, and states that the lender has not exercised due diligence, i.e., it has not satisfied the accuracy standard for the CD.  The CFPB stated that it “will continue to monitor the market for practices that do not comply with the rule’s Closing Disclosure accuracy standard.”  This preamble language could signal that this will become an issue in federal and state TRID examinations. 

Please let me know if you’d like to discuss the accuracy standards that apply to the information on the CD, or if you have any other questions.