The CFPB’s Fall 2018 Rulemaking Agenda – A Busy Schedule for the Next Year

The Bureau of Consumer Financial Protection (the “Bureau” or “CFPB”) recently announced its Fall 2018 Rulemaking Agenda (“Fall 2018 Agenda” or “Agenda”) in a blog post on its website on October 17, 2018.  The Agenda indicates several new and significant rulemakings.  In addition, the Bureau announced that it will continue work on some previously announced rulemakings, including rules that reconsider rules issued by the Bureau’s previous leadership.  These rulemakings include both discretionary rules, as well as rules that implement new regulatory reform legislation.  It appears that the Bureau’s current interim leadership is looking at an active rulemaking schedule for 2019, despite there being an outstanding nomination for the permanent Director position. 

In this post, I walk you through the Agenda, briefly describe some of the background of each initiative, and provide you with some of my thoughts.  

I.  Implementing S.2155 (the Economic Growth, Regulatory Relief, and Consumer Protection Act)

A.  The Bureau’s Plan to Implement S.2155

The Economic Growth, Regulatory Relief, and Consumer Protection Act (the “Act” or “S.2155”) was signed into law on May 24, 2018.  The Act contained amendments and new provisions for many of the statutes that the Bureau governs.  The intent of the Act was to provide regulatory relief for the industry. Some of the amendments require or will benefit from regulatory amendments by the Bureau.  The Bureau has indicated in its agenda that it will work on rulemakings to implement several provisions of the recently enacted S.2155.  But it also appears that the Bureau may not issue new rulemakings to implement some of the Act’s amendments. 

The Bureau noted in its blog post announcing the Agenda that it has already implemented two of the Act’s amendments.  First, in September 2018, the CFPB published a rule modifying the model forms under the Fair Credit Reporting Act (“FCRA”) to implement the new consumer notice of rights added by the Act in new FCRA section 605A(i)(5), which reflects the new security freeze requirements and timeframe for initial fraud alerts.  Second, also in September 2018, the CFPB published a procedural and interpretive rule to implement the Act’s exemption for certain depository institutions from certain new data points that were added to the Home Mortgage Disclosure Act (“HMDA”) by the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”). I wrote a post on this statutory amendment to HMDA here.

The Bureau added two new rulemakings to implement the Act: (1) a rule to exempt certain creditors with assets of $10 billion or less from the escrow requirements for higher-priced loans, which exemption was added to the Truth in Lending Act  (“TILA”) under section 108 of the Act; and (2) a rule to implement the statutory mandate for the Bureau to issue rules implementing TILA’s Ability to Repay requirements with respect to Property Assessed Clean Energy loans (“PACE” loans) under section 307 of the Act.  The Bureau scheduled prerule activities for the escrow rulemaking for June 2019 and an Advance Notice of Proposed Rulemaking (“ANPR”) or Request for Information (“RFI”) for the PACE loan rulemaking for February 2019.

For the other provisions of S.2155, the Bureau stated in its blog post that some provisions of the Act do not require a rule to take effect, and provided as examples, sections 101, 104, 106, 107, 109(a), 301, and 601 of the Act.  But the Bureau also stated that it is considering whether notice and comment rulemaking may be helpful to implement or clarify these provisions of the Act.

B.  What about the new Portfolio QM?

Of note is that section 101 of the Act added the new “portfolio Qualified Mortgage” for depository institutions under $10 billion in assets that was added to TILA’s Ability to Repay requirements.  This new Qualified Mortgage has a number of criteria: (1) the loan must be retained in portfolio, with exceptions for certain transfers; (2) not have interest only or negative amortization features; (3) comply with the standard Qualified Mortgage limits on prepayment penalties; (4) comply with the 3% limit on points and fees; and significantly, (5) the institution must “consider[] and document[] the debt, income, and financial resources of the consumer.”  The Act expressly provides that this last “consideration and documentation” requirement does not mean compliance with Appendix Q and must be “construed to permit multiple methods of documentation.”

Note that this last criterion does not state that the income needs to be “verified,” as does the standard Qualified Mortgage definition, or the general ability to repay requirement.  But also note that this new standard is vague with respect to the definition of “consider and document” and the “multiple methods of documentation” that must be construed to be permitted.  In addition, the “verification” requirements under the CFPB’s rules implementing TILA’s ability to repay requirements were not changed by this legislation, and were, in part, based off of a statutory requirement to “verify” income, which could indicate that Congress intended this new statutory requirement to be something different from the CFPB’s regulatory verification requirements. 

In light of the uncertainty about the statutory “consideration and documentation” standard for the new Portfolio QM, a rulemaking interpreting this new portfolio Qualified Mortgage standard could be very helpful to the industry.

The CFPB also noted in its blog post that it was working on non-rulemaking activities to implement certain provisions of the Act.  This includes an initiative to implement section 109 of the Act, which states that the Bureau should provide “clearer, authoritative guidance” on certain issues relating to the TILA-RESPA Integrated Disclosure (“TRID”) rule, including assumptions and construction-to-permanent lending.

II.  HMDA Changes on the Horizon

A.  Reconsideration of HMDA Scope and Data Points

The Bureau stated that it will continue working on a rulemaking to reconsider the Bureau’s 2015 rule implementing the Dodd-Frank Act’s changes to HMDA (the 2015 HMDA rule).  The Bureau had previously announced this rulemaking in December 2017 in a statement on its website.  With the release of its Fall 2018 Agenda, the CFPB re-confirmed that the rulemaking would “potentially revisit[] such issues as the institutional and transactional coverage tests and the rule's discretionary data points.”  In addition, the CFPB stated that it would incorporate its previous procedural and interpretive rule to implement S.2155, noted above, in this rulemaking.   

The CFPB also stated that it will follow up on its August 2017 rule that temporarily increased the open-end threshold to 500 or more open-end lines of credit for two years (so that institutions below that threshold would not need to begin collecting data under the new rule before January 1, 2020. The CFPB’s Agenda states that it will consider these issues in conjunction with each other and has a proposed rule scheduled for March 2019.  

B.  Modification of Public Data for Privacy Reasons

In addition, the Bureau added a new rulemaking to its agenda to address whether any HMDA data points should be modified for public release.  The Dodd-Frank Act, in addition to amending HMDA to require a greatly expanded set of data about the applicant, property, and loan transaction, directed the CFPB to address by rulemaking the modification of publicly released HMDA data for privacy reasons.  Specifically, the Dodd-Frank Act stated that the CFPB “shall develop regulations that… modify or require modification of itemized information…that is or will be available to the public” for privacy reasons.

In its 2015 HMDA rule, the CFPB did not modify or require the modification of data that was publicly released.  Instead, the CFPB only provided that it would use a “balancing test” to address the issue of modifying publicly released data for privacy reasons.  Specifically, the Bureau confirmed in its 2015 HMDA rule that it would use a “balancing test to determine whether and how HMDA data should be modified prior to its disclosure to the public in order to protect applicant and borrower privacy while also fulfilling the disclosure purposes of the statute.”  The Bureau stated in the preamble to the 2015 HMDA rule that it would provide, “a process for the public to provide input on the application of the balancing test to determine the HMDA data to be publicly disclosed.”

In 2017, the CFPB published for comment a proposed policy on how it would apply this balancing test.  The Bureau has not yet finalized the proposed policy, but the Bureau stated in its blog post for the Fall 2018 agenda that, in response to public comments to the proposed policy urging a more formal process, it will be conducting a new rulemaking to implement the Dodd-Frank Act’s statutory mandate to develop a rule requiring the modification of public data for privacy reasons.  The Agenda has scheduled the issuance of the proposed rule for May 2019.  In addition, the Bureau stated in its Agenda that it plans to finalize in late 2018 the policy guidance with respect to the HMDA data collected in 2018.

III.  Dodd-Frank Act Section 1071 - Small, Minority, and Women Owned Business Data

The Bureau’s Fall 2018 Agenda has moved its rulemaking to implement the Dodd-Frank Act section 1071’s new business loan data collection requirement to an unscheduled “long-term action.”  Section 1071 of the Dodd-Frank Act added section 1691c–2 to the Equal Credit Opportunity Act (“ECOA”), which required the CFPB to issue rules creating a data collection and reporting requirement for small, women-owned, and minority-owned business loans, similar to HMDA. 

The Bureau appears to have been working on this rulemaking up until recently.  The CFPB issued an RFI for this rule in May 2017, for which the comment period closed in September 2017.  And the Bureau’s Spring 2018 rulemaking agenda scheduled prerule activities for the rule for March 2019.  However, the Bureau stated in its blog post that it was moving the rule to a long-term action, “in light of the need to focus additional resources on various HMDA initiatives discussed elsewhere in this agenda.” 

It is important to note that, although the Bureau has delayed work on this business loan data rule, the Bureau has publicly stated that it is examining its supervised institutions’ business lending for fair lending under its authority to enforce compliance with ECOA.  The Bureau’s latest Supervisory Highlights report, which it issued on September 6, 2018 and later published in the Federal Register, described how ECOA applies to business-purpose credit and acknowledges that the CFPB began conducting examinations of institutions’ small business lending in 2016 and 2017 for compliance with ECOA.  The CFPB stated that these examinations focused on the risks of an ECOA violation in underwriting, pricing, and redlining.  The CFPB stated that it, “anticipates an ongoing dialogue with supervised institutions and other stakeholders as [it] moves forward with supervision work in small business lending.”  For this reason, although the Dodd-Frank Act section 1071 rulemaking has been delayed, the industry should expect the Bureau to continue addressing fair lending issues in business lending through examinations.

IV. Payday Loan Rule Reconsideration 

The CFPB also stated that it would continue work on its previously announced rulemaking to reconsider the previous Bureau leadership’s 2017 Payday Loan rule, which it had issued in November 2017.  The CFPB stated in its blog post that it will, “address reconsideration of the rule on the merits as well as address changes to its compliance date.”  The Bureau’s 2017 Payday Loan rule requires compliance beginning in August 2019, which makes the timing of this rulemaking of critical importance to the industry, as it could affect whether lenders of payday loans and certain longer term loans subject to the rule need to implement the rule by August.   

The CFPB’s Agenda has scheduled the proposed rule for January 2019.  This should leave enough time to finalize a delay of the rule’s compliance date before August 2019.  But considering the January proposal will need at least a 30-day comment period, and that the Bureau will need time to analyze comments and draft the final rule, the final rule delaying the compliance date could be issued too close for comfort to the August compliance date.  This close timing and uncertainty about what the final rule will look like (e.g., how far the compliance date will be delayed, whether there will be an optional compliance period) could affect industry’s implementation plans.  

Adding to the confusion regarding the 2017 Payday Loan rule’s compliance date, this month, in a lawsuit by two trade associations challenging the rule, the U.S. District Court for the Western District of Texas issued a stay of the rule’s August 2019 compliance date, pending further order of the court.  It is uncertain when this stay will be lifted, or whether the court will give enough notice in such an order to allow industry time to implement the provisions.  In light of these developments, it is uncertain how and when the Payday Loan rule will become mandatory for the industry, and the industry should consider these issues in developing implementation plans.

In addition, it is also uncertain which aspects of the Payday Loan rule the Bureau will propose to amend in its forthcoming proposed rule.  In a statement issued on October 26, 2018, after issuance of its Fall 2018 agenda, the Bureau stated that it is “currently planning” to reconsider “the ability-to-repay provisions and not the payments provisions.”  The Bureau stated that this is because, “the ability-to-repay provisions have much greater consequences for both consumers and industry than the payment provisions.”  But the Bureau also stated that it “will make final decisions regarding the scope of the proposal closer to the issuance of the proposed rules.”  This statement leaves uncertain whether the Bureau’s delay of the compliance date will also only affect the ability-to-repay provisions, or whether it will also affect the payment provisions it currently plans to leave untouched.

V.  Other Significant New and Continued Rulemakings

A.  Debt Collection Rulemaking

The Bureau stated that it is continuing work on a rulemaking under the Fair Debt Collection Practices Act (“FDCPA”).  The Bureau had previously issued an ANPR for an FDCPA rule in 2013.  In addition, the Bureau convened a small business review panel to obtain input from small businesses on a potential rulemaking under FDCPA in August 2016, as required under the Small Business Regulatory Enforcement Fairness Act.  The Bureau stated that this rule will address communication and disclosure practices under the FDCPA.  The CFPB’s Agenda has scheduled a proposed rule for March 2019. 

It is interesting to note that when the Bureau had previously convened the small business review panel for its FDCPA rulemaking, it stated that its rulemaking only addressed third-party debt collectors, and that the Bureau would “address consumer protection issues involving first-party debt collectors and creditors on a separate track.”  Although the Bureau did not expressly address the issue in its blog post, it appears from the Bureau’s Agenda that this rulemaking is a continuation of work on the third-party debt collection rulemaking, and will not be the beginning of a “separate track” on first-party debt collectors.  The Bureau’s continuation of work on this rulemaking is consistent with the current Acting Director’s public statements regarding his focus on the debt collection industry.

B.  Abusive Prong under UDAAP

In addition, the CFPB announced two significant new rulemaking initiatives.  The first of these is a consideration of whether the Bureau should issue a rule to define the “abusive” prong of the Dodd-Frank Act’s prohibition against unfair, deceptive, or abusive acts or practices (“UDAAP”). Specifically, the Bureau stated in its blog post that it is considering if such a rule would be “helpful to further clarify the meaning of ‘abusiveness’.”

The industry should not expect a rulemaking on this issue any time soon.  The “abusiveness” rule is on the Bureau’s agenda as a “long-term action,” meaning there is no specific schedule for any actions on this rulemaking. 

C.  Disparate Impact under ECOA

In addition, the Bureau stated in its blog post that it is considering whether to reexamine the requirements of the disparate impact doctrine under ECOA, as it had announced it would in May 2018.  The Bureau stated this was because of two reasons: (1) “recent Supreme Court case law;” and (2) “the Congressional disapproval of a prior Bureau bulletin concerning indirect auto lender compliance with ECOA and its implementing regulations.”  It appears that the reference to recent Supreme Court case law is to the recent U.S. Supreme Court case Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc., which opined on the disparate impact doctrine under the Fair Housing Act, a statute that prohibits discrimination in housing, including residential mortgage lending.  In Inclusive Communities, the Supreme Court incorporated a requirement into the Fair Housing Act that a party must show a “robust causality” to prove discrimination using a disparate impact theory under the Fair Housing Act.  The CFPB has authority to enforce ECOA, which also prohibits discrimination in lending, but authority over the Fair Housing Act was not transferred to the CFPB under the Dodd-Frank Act. 

The reference to the Congressional disapproval of the Bureau’s guidance on indirect auto-lending is referring to the 2018 disapproval by Congress under the Congressional Review Act (“CRA”) of the CFPB’s bulletin regarding fair lending in indirect auto-lending.  In response to a request from Republicans in Congress, the Government Accountability Office issued a decision in December 2017 that the CFPB’s bulletin regarding fair lending in indirect auto-lending, which was considered non-binding guidance, was covered by the CRA and must be submitted for review by Congress, as do rules that go through the notice and comment process under the Administrative Procedures Act.  As a result of this decision, in May 2018, the Congress used its authority under the CRA to invalidate the Bureau’s auto-lending bulletin.  It is important to note that this action under the CRA also prohibits the CFPB from reissuing the same rule or issuing a new rule that is “substantially the same,” unless the rule is “specifically authorized” by a new law.   

In light of the above, the industry can expect that any rule by the current Bureau leadership addressing the disparate impact doctrine under ECOA would differ substantially from the previous Bureau leadership’s view of disparate impact espoused in the bulletin.  If undertaken by the Bureau, the industry could see a rule that places limitations on the use of disparate impact, similar to the Inclusive Communities case.

Although this rulemaking would be a significant development for the industry, the industry should not expect any formal action on this rulemaking in the near future.  Neither the Bureau’s agenda, nor its previous May 2019 statement, provide a timeframe for such a rulemaking.

D. Potential Process Changes

The Bureau also noted that it is considering whether to make certain process changes related to its rulemaking function, in response to comments received to the Bureau’s Call for Evidence. This was a series of RFIs seeking public comment on the Bureau’s activities. One of these RFIs sought public comment on the Bureau’s rulemaking process, and others related to the Bureau’s inherited and new rules. I have written about this Call for Evidence here, and the Bureau’s website for the Call for Evidence is here.

VI.  TRID’s Five-Year Look-Back 

The Bureau stated in its blog post that it “expects to begin work in 2019 on its assessment of the TILA-RESPA Integrated Disclosure Rule.”  This “assessment” of the TRID rule is required under section 1022(d) of the Dodd-Frank Act.  Section 1022(d) requires that the Bureau “conduct an assessment of each significant rule or order adopted by the Bureau,” which must address, “the effectiveness of the rule or order in meeting the purposes and objectives of this title and the specific goals stated by the Bureau.”  The Dodd-Frank Act requires a report on this assessment to be published not later than five years after the effective date of the rule. For the TRID rule, this deadline is October 3, 2020.

The CFPB is required to seek public comment on recommendations for modifying, expanding, or eliminating the newly adopted the rule before issuing the report. The industry can expect the Bureau to issue an RFI seeking such comments on the TRID rule in 2019.  This will likely signal that the Bureau has started working on this assessment. In expectation of this RFI and in light of the substantial impacts and breadth of the TRID rule, the legal issues concerning compliance with the rule, and the various forms and large quantity of industry data that may be helpful to the Bureau’s assessment, it would be prudent for the industry to begin thinking about how it might respond to this RFI. 

VII.  Conclusion

The Bureau’s current interim leadership has planned an active rulemaking agenda.  The Bureau’s Fall 2018 Agenda has scheduled rulemaking activity for almost every month in the next half year. There are rulemaking activities scheduled for January 2019 (Payday Loan reconsideration proposed rule), February 2019 (ANPR or RFI for PACE loans), March 2019 (HMDA reconsideration and FDCPA proposed rules), and May 2019 (HMDA public data/privacy proposed rule), and June 2019 (prerule activities for the exemption from higher-priced loan escrow requirements).  In addition, the Bureau plans to issue a finalized policy on the balancing test for the modification of public data under HMDA for privacy purposes in late 2018, and is considering whether other rulemakings would be beneficial to implement S.2155. 

On top of these rulemaking activities, the Bureau has indicated that it will begin its Dodd-Frank Act assessment of the TRID rule in 2019.  This will most likely involve the issuance of an RFI in 2019 to seek public comment as required by the Dodd-Frank Act.  The Bureau will also engage in long-term rulemaking initiatives, including a rule to define the abusiveness prong of the Bureau’s UDAAP authority and a rule addressing use of the disparate impact theory under ECOA.  And while the Bureau moved its rulemaking under Dodd-Frank Act section 1071 to long-term status as well, this does not indicate it is ceasing work on this rule.

Given this busy rulemaking schedule, it is apparent that the Bureau’s current interim leadership is moving ahead on its policy objectives.  The industry should be prepared to respond to the Bureau’s proposals and other issuances in 2019.  But considering there is an outstanding nomination for the permanent Director position, the industry should also be prepared for possible changes in the Bureau’s rulemaking agenda should a new permanent Director be confirmed in 2019. And although it is a remote possibility considering it will be a divided Congress, there is the potential for legislative changes to the agency or the consumer statutes under the new Congress.

The Bureau’s blog post is available at  It will be published in the Federal Register on Nov. 16, 2018. Please let us know if you would like to discuss any of the issues in this post.

Webinar on the Lehman Bankruptcy Case

We will be hosting a free webinar regarding an important update on the Lehman Brothers Holdings Inc. bankruptcy case affecting what could be thousands of mortgage originators. The webinar will be November 15, 2018 from 2 - 3:30 p.m. ET.

LBHI now appears to be suing more than 3,000 mortgage companies for indemnification (i.e., reimbursement) for monies LBHI is said to have paid to settle claims by various RMBS Trusts.  The claims are filed in the Bankruptcy court in New York, and arise from loans allegedly sold – many long ago – by mortgage companies to Lehman Brothers Bank.  The loans were securitized into RMBS Trusts.  Complaints are being served now, and many companies are receiving demands for mediation or complaints.

The issues in the case are complex, and our firm has been working closely with Lani Adler, a renowned litigator in New York and former partner at a large international law firm.  Lani has been one of the leaders of a group of defense counsel representing hundreds of mortgage originators in this matter since near the beginning, and has been involved in the cases for many years.  Together, Lani and Garris Horn bring deep and broad experience to the matter in both litigation and mortgage, and with the range of defenses, and procedural, substantive and strategic issues that demand assessment.  

To assist our clients and friends, our two firms are teaming up to host a webinar on November 15, 2018 from 2 - 3:30 p.m. ET regarding this litigation.  Please contact Shawna Secker at to register for the webinar. 

In the meantime, if you want to disscuss the case, please contact us.

CFPB Issues New Supervisory Highlights

The Bureau of Consumer Financial Protection (CFPB), on September 6, 2018, published a new issue of its Supervisory Highlights report.  This issue of Supervisory Highlights, the only one issued this year so far, provides information on the CFPB’s supervisory findings in the areas of auto loan servicing, credit card account management, debt collection, mortgage servicing, and payday lending.  Of particular interest is that the CFPB included findings from fair lending examinations of small business lending at supervised institutions, and provides information on its Office of Innovation’s efforts to update the CFPB’s no action letter and trial disclosure program policies. 

Updates to the No Action Letter and Trial Disclosure Policies

The report notes that the CFPB’s new Office of Innovation is “in the process of revising” the CFPB’s “no action letter” and “trial disclosure” policies to increase participation by companies seeking to advance new products and services.  The CFPB did not provide any timeframe or description of the process it is using for these revisions. 

As you may know, the CFPB issued its current “Final Policy on No-Action Letters” in February 2016 under former Director Cordray.  Many in the industry have viewed the current policy as unworkable, and only one no action letter has been issued under the current policy (the report provides a status update on the CFPB’s ongoing work monitoring the entity that obtained that no action letter).  The trial disclosure policy is authorized under section 1032(e) of the Dodd-Frank Act and allows the public to obtain a compliance safe harbor to test trial disclosures with the purpose of improving on a model form.  This policy has also been viewed as unworkable, though it could provide significant benefits to the industry if utilized, as it could result in significant regulatory changes.

It would be beneficial if the CFPB published proposed changes to these policies for notice and comment, as input from the industry could greatly enhance the CFPB’s efforts.  These two policies could significantly benefit the public by enabling further innovation in the consumer financial services markets.  We encourage the industry to provide input to the agency to assist its efforts in improving these policies. 

UPDATE:  The CFPB will publish a proposed policy on trial disclosure programs on Monday, Sept. 9, 2018, with comments due Oct. 10, 2018.  You can find the proposal here:  I will post a summary of that proposal on this blog.  Please note that our firm is uniquely positioned to assist your organization with submitting a comment letter to this proposal, or designing a trial disclosure program.  While at the CFPB, I led the CFPB’s qualitative and quantitative consumer testing of the TRID mortgage disclosures, which remains the most extensive testing the CFPB has conducted.  I can provide your organization with unique insight into the intersection of consumer testing, policy objectives, and regulatory requirements.

Small Business Lending

The report notes that the Equal Credit Opportunity Act applies to business-purpose credit and that the CFPB began conducting examinations of institutions’ small business lending in 2016 and 2017 for compliance with ECOA.  The CFPB stated that these examinations focused on the risks of an ECOA violation in underwriting, pricing, and redlining.  The CFPB stated that it, “anticipates an ongoing dialogue with supervised institutions and other stakeholders as [it] moves forward with supervision work in small business lending.” 

The CFPB stated in the report that it found that institutions “effectively managed the risks of an ECOA violation in their small business lending programs,” including self-monitoring.  However, the CFPB stated that it observed institutions collect and maintain only limited data on small business lending decisions, which could impede their ability to monitor and test for the risks of ECOA violations through statistical analyses.  This is an interesting point, considering that the CFPB retained in its Spring 2018 rulemaking agenda its rulemaking to implement Dodd-Frank Act section 1071.  As I’ve written about before, this provision added section 1691c–2 to ECOA requiring the CFPB to issue rules creating a data collection and reporting requirement for small, women-owned, and minority-owned business loans, similar to HMDA.  The agenda scheduled “prerule activities” for March 2019. 

The report also notes that the CFPB’s supervisory program includes a fair lending assessment of the institution’s compliance management system related to small business lending, using Module II of the ECOA Baseline Review Modules.  These reviews include assessments of the institution’s board and management oversight, compliance program (policies and procedures, training, monitoring, and/or audit, and complaint response), and service provider oversight.  The examinations also use the Interagency Fair Lending Examination Procedures.

Mortgage Servicing Findings

The CFPB’s findings in mortgage servicing exams included servicers that failed to timely place consumers who successfully completed trial modifications into permanent modifications.  One or more servicers failed to move hundreds of consumers to permanent modification for more than 30 days.  The CFPB also identified servicers that charged consumers more than permitted under loan modification agreements.  The CFPB stated that the errors were data driven, affecting the modified loan’s starting balance, step-rate and interest-rate changes, deferred interest, and amortization maturity date when the loan was entered into the servicing system.  The CFPB identified both of these issues as unfair practices under the Dodd-Frank Act’s prohibition against unfair, deceptive, or abusive act or practices (UDAAP). 

The CFPB also identified servicers initiating foreclosure after representing that they would not do so if a consumer accepted a loss mitigation offer by a certain date, and the consumer timely accepted.  Again, the CFPB labeled this practice a UDAAP violation.  The CFPB also identified as a risk of a deceptive practice under UDAAP a servicer providing a notice to consumers who submitted a complete loss mitigation application less than 37 days from a scheduled foreclosure sale that the servicer would notify them of a decision on the application within 30 days, but proceeded to conduct the scheduled foreclosure sales without making a decision on the application.  Notably, the report stated that the CFPB, “did not find that this conduct amounted to a legal violation but observed that it could pose a risk of a deceptive practice.”

Other Findings

In the CFPB’s auto loan servicing examinations, the CFPB identified failures of servicers to apply insurance payments after a total vehicle loss according to the promissory note and failed to cancel repossessions according to their programs, which the CFPB labeled unfair practices.  In its credit card examinations, the CFPB identified failures to reevaluate APRs after rate increases according to the CARD Act.   In its debt collection examinations, the CFPB identified failures of debt collectors to cease debt collection and properly validate debts according to the FDCPA.  In its payday lending examinations, the CFPB identified as a UDAAP issue a lender providing notices that it would repossess consumers’ vehicles when it had no practice or relationships to do so.  In addition, the CFPB identified violations of UDAAP and Regulation E involving the use of unauthorized debit card or ACH credentials to initiate electronic funds transfers.  The CFPB also identified invalid authorizations of preauthorized electronic funds transfers being used in loan agreements. 


If you would like to discuss any of these issues, please contact us.  We advise many clients on these and similar issues.  In addition, if you are interested in pursuing a no action letter or a trial disclosure program under the CFPB’s current policies, our firm can assist.  As noted above, while at the CFPB, I led the CFPB’s qualitative and quantitative consumer testing of the TRID mortgage disclosures and can assist your organization in designing a trial disclosure program.

You can access the report here:


CFPB Issues Annual Privacy Notice Exception Rule under GLBA

The Bureau of Consumer Financial Protection (CFPB or Bureau) on August 10, 2018 amended Regulation P, which implements the Gramm-Leach Bliley Act (GLBA), to provide an exemption for certain financial institutions from providing an annual privacy notice under GLBA.  The amendment will be effective September 17, 2018.

The amendment implements a December 2015 statutory change to GLBA that provided an exception to the annual privacy notice requirement for financial institutions that do not share nonpublic personal information (NPI) about customers except under certain statutory exceptions under GLBA, and have not changed their privacy policies.   The statutory change is already effective.  The CFPB now has issued this rulemaking to implement the change and provide more specific criteria than what was in the statute.  In addition, the rule eliminates the alternative delivery method that allowed providing the annual privacy notice on a website that the CFPB had previously added to Regulation P in 2014 to address regulatory burden, as this statutory amendment applies to the institutions that would have qualified for the CFPB’s alternative method.

Specifically, the new provision generally provides that a financial institution is exempt from the annual notice requirement if it: (i) provides NPI to nonaffiliated third parties only in accordance with the exceptions from the notice and opt-out requirements; and (ii) has not changed its policies and practices with regard to disclosing NPI from those disclosed in its most recent privacy notice.  If a financial institution loses the exception because it changes its policies and procedures, it must begin providing annual privacy notices according to the timing required under Regulation P. 

As our readers know, information sharing with affiliates, and disclosure and opt-out requirements, intersect under GLBA and FCRA.  It is worth noting that financial institutions that share consumer information with their affiliates and must provide an opt-out under FCRA (either under sections FCRA sections 603(d)(2)(A)(iii) or 624) can still qualify for this annual privacy notice exception, but would be required to provide any opt-out disclosure required under FCRA separately.  In addition, changes to such sharing with affiliates that would require a new disclosure and opt-out under FCRA would not cause a financial institution to lose this exception (but, again, a separate disclosure under FCRA may be required).  It is also worth noting that voluntarily disclosing and providing an opportunity to opt-out from certain unrestricted sharing under GLBA would not preclude an institution from being subject to the exception, even if it changes its policies and procedures for such sharing (although such an institution may want to provide a separate disclosure of any changes to its sharing that was previously the subject of a voluntary disclosure for UDAAP purposes).

We frequently handle federal and state privacy issues for its clients.  Please let us know if you’d like to discuss this amendment or would like any additional information.