Ballard Spahr
Legal Alert

Mortgage Banking Update - December 19, 2024

December 19, 2024

December 19 – Read the newsletter below for the latest Mortgage Banking and Consumer Finance industry news, written by Ballard Spahr attorneys. In this issue, we discuss end-of-year happenings at the FTC, a slew of rules issued by the CFPB this week, the latest industry insights about the incoming new administration, and much more.

 

This Week’s Podcast Episode: A Look at the FTC’s Click-to-Cancel Rule, With James Kohm, Associate Director of Enforcement Division of the FTC’s Bureau of Consumer Protection

Today’s podcast features James Kohm, the Associate Director for the Enforcement Division of the Federal Trade Commission’s Bureau of Consumer Protection. We discuss the FTC’s “Click-to-Cancel” Rule (consisting of significant amendments to the longstanding “Negative Option Rule”) which was promulgated by the FTC on October 16, 2024, by a vote of 3-2 along party lines.

Before discussing the specifics of the new rule, Mr. Kohm describes the FTC’s Negative Option Rule adopted in 1973. It required sellers to clearly disclose the terms of any such negative option plan for the sale of goods before consumers subscribe. In such plans, consumers are notified of upcoming merchandise shipments and have a set period to decline the shipment. Sellers interpret a customer’s silence, or failure to take an affirmative action, as acceptance of an offer. The Negative Option Rule was initially adopted to deal with mail order plans like the “book-of-the-month” club. With the proliferation of sales of goods and services over the Internet, the FTC concluded that it was necessary to update the Negative Option Rule to remedy what it considered to be widespread unfair and deceptive practices related to subscription plans sold over the Internet, particularly the difficulty consumers were often having in canceling subscriptions.

There are several parts of the Click-to-Cancel Rule. The first part of the Rule prohibits material misrepresentations related not only to the negative option feature, but also any other material feature of the transaction for the goods or services. Another part of the Rule are the disclosure requirements which relate to the cost of the goods or services, the fact that the charges will be assessed periodically, how often the consumer will be charged and how to cancel the subscription. The Rule also requires that the seller obtain the consumer’s express consent to the transaction which the seller must maintain in its records for a prescribed period of time. The centerpiece of the Rule is that the seller must make it as easy to cancel the subscription as it is to enter into the subscription.

Mr. Kohm explains that because the Rule was adopted under the Magnusson Moss Act, the FTC will be able to recover monetary relief and civil money penalties for violations – something which the Supreme Court ruled that the FTC may not recover for enforcement actions brought under section 13 of the FTC Act alleging unfair and deceptive acts or practices. Mr. Kohm also explains that sellers are covered by the Rule to the full extent of the FTC’s jurisdiction. Therefore, the Rule covers business-to-business transactions as well as business-to-consumer transactions. Banks and other depository institutions are not covered by the Rule. There is also no private right of action under the Rule.

Mr. Kohm then describes several petitions to invalidate the Rule which have been filed in four federal circuits courts of appeal. There have not yet been any substantive rulings in any of the cases.

We then ask Mr. Kohm for his opinion as to whether the composition of the Commission would change as a result of the outcome of the Presidential election and whether that might result in the Rule being repealed or amended to satisfy industry concerns. The President has the right to nominate the new Chair who will undoubtedly be a Republican. At that point, the Commission will be controlled 3-2 by Republicans. Since two Republican Commissioners have already dissented from the Rule, there is some possibility that the Rule might be repealed or amended before it goes effective. Mr. Kohm observes that since the rulemaking was launched at a time when Republican Commissioners held a majority of the five seats, it was not a foregone conclusion that the Commission would vote to repeal or amend the Rule. Since the Rule does not prohibit the use of negative options subscription contracts and just about everyone has had difficulty in canceling such contracts, it could very well be that the Rule remains largely intact.

Senior Counsel and former chair for 25 years of the Consumer Financial Services Group, Alan Kaplinsky,  hosts the discussion.

To listen to this episode, click here.

Back to Top

FinCEN Concedes Nationwide Stay Regarding CTA Compliance and Enforcement

FinCEN has posted the following on its website in light of a recent litigation outcome regarding the Corporate Transparency Act (CTA) in the Eastern District of Texas. As we have blogged, and as the below notes, other federal district courts have reached opposite conclusions. Also, the 11th Circuit still needs to rule on related issues, which creates the possibility of confusion and conflicting results regarding the national application of the CTA.

We don’t purport to have clear predictions here, so we simply quote FinCEN’s posting below. The government recently filed a notice of appeal of the below ruling. Whether the government also might obtain a stay of the district court’s ruling, and, if so, when, remains unclear. For now, the only clear take-away is that the CTA remains in a state of limbo, nationwide.

On Tuesday, December 3, 2024, in the case of Texas Top Cop Shop, Inc., et al. v. Garland, et al., No. 4:24-cv-00478 (E.D. Tex.), a federal district court in the Eastern District of Texas, Sherman Division, issued an order granting a nationwide preliminary injunction that: (1) enjoins the CTA, including enforcement of that statute and regulations implementing its beneficial ownership information reporting requirements, and, specifically, (2) stays all deadlines to comply with the CTA’s reporting requirements. The Department of Justice, on behalf of the Department of the Treasury, filed a Notice of Appeal on December 5, 2024.

Texas Top Cop Shop is only one of several cases in which plaintiffs have challenged the CTA that are pending before courts around the country. Several district courts have denied requests to enjoin the CTA, ruling in favor of the Department of the Treasury. The government continues to believe—consistent with the conclusions of the U.S. District Courts for the Eastern District of Virginia and the District of Oregon—that the CTA is constitutional.

While this litigation is ongoing, FinCEN will comply with the order issued by the U.S. District Court for the Eastern District of Texas for as long as it remains in effect. Therefore, reporting companies are not currently required to file their beneficial ownership information with FinCEN and will not be subject to liability if they fail to do so while the preliminary injunction remains in effect. Nevertheless, rereporting companies may continue to voluntarily submit beneficial ownership information reports.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

Peter D. Hardy

Back to Top

FHA Issues Revised Cybersecurity Requirements

As previously reported in May 2024 FHA announced a requirement for FHA approved lenders to notify the U.S. Department of Housing and Urban Development (HUD) of Significant Cybersecurity Incidents, and the requirement was effective immediately. Apparently in response to industry criticism, in Mortgagee Letter 2024-23 FHA announced revised requirements.

Originally, for purposes of the reporting requirement, a Significant Cybersecurity Incident (Cyber Incident) is “an event that actually or potentially jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies and has the potential to directly or indirectly impact the FHA-approved mortgagee’s ability to meet its obligations under applicable FHA program requirements.” Also, lenders were required to report a Cyber Incident to HUD’s FHA Resource Center at answers@hud.gov and HUD’s Security Operations Center at cirt@hud.gov within 12 hours of detection.

The Mortgage Bankers Association (MBA) submitted comments to HUD critical of certain aspects of the Cyber Incident reporting requirements. In particular, MBA believed the 12 hour reporting timeframe to be “both unreasonable and impracticable.” Addressing the scope of what was considered a Cyber Incident, MBA noted that “HUD requires FHA lenders to report any incidents “potentially” affecting “information,” regardless of its relevance to FHA mortgage lending or the mortgagee’s ability to comply with FHA program requirements.”

Under the revised requirements, a Cyber Incident and Reportable Cyber Incident are defined as follows:

“A Cyber Incident is an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.

A Reportable Cyber Incident is a Cyber Incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the FHA-approved Mortgagee’s ability to meet its operational obligations for originating or servicing FHA-insured Mortgages.”

The concept of potential jeopardy to the confidentiality, integrity, or availability of information or an information system was removed, and the concept of a potential direct or indirect impact on a lender’s ability to meet its obligations under applicable FHA program requirements was revised. A Cyber Incident now involves only actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits, and the incident now must be reported only if it has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the lender’s ability to meet its operational obligations for originating or servicing FHA-insured loans. Thus, an incident must actually result in a material disruption or degradation in the ability of a lender to meet its operational obligations for originating or servicing FHA loans to be reportable.

Additionally, the timeframe for reporting was modified from within 12 hours of detection to “as soon as possible and no later than 36 hours after the Mortgagee has determined that a Reportable Cyber Incident has occurred.”

Also, originally the report had to include, among other information, the name, email address, and phone number of lender’s point of contact for Security Operations Center follow-up activities. As revised, the report must include the name, email address, and phone number of the lender’s point of contact for coordinating follow-up activities.

Richard J. Andreano, Jr.

Back to Top

HUD Extends Compliance Date for Portions of 'Modernization of Engagement With Mortgagors in Default' Rule

The U.S. Department of Housing and Urban Development (HUD) has extended from January 1, 2025, until July 1, 2025, the compliance date for certain provisions of the department’s rule entitled “Modernization of Engagement with Mortgagors in Default.’’

That rule requires mortgagees to conduct meetings with all mortgagors in default.

As revised by the Modernization of Engagement with Mortgagors in Default final rule, 24 CFR 203.604(a)(3) the HUD rule will require that ‘‘[a] reasonable effort to arrange a meeting with the mortgagor shall consist of, at a minimum, two verifiable attempts to contact the mortgagor utilizing methods determined by the Secretary.’’ HUD recently issued guidance in Mortgagee Letter 2024-24 [or the portions of the rule that still will become effective on January 1, 2025.

This requirement includes borrowers who do not live in the mortgaged property and mortgagees where the property is not within 200 miles of the mortgagee, its servicer, or a branch office. HUD decided to extend to July 1, 2025 the requirements to follow the new rule for conducting meetings in such circumstances.

HUD said it was taking this action to permit mortgagees enough time to update their mortgage servicing processes and procedures to comply with a forthcoming mortgagee letter entitled ‘‘Modernization of Engagement with Borrowers in Default.’’

HUD said mortgagees have said that they need sufficient time to update their processes, including making updates, to their information technology, staff training, and mortgagor-facing documents and communication. They also have stated the need to update quality controls, align their procedures for HUD’s new requirements with requirements from other federal agencies, establish new contracts for outreach methods, and update internal documentation requirements, among other things.

Under the extension mortgagees still may optionally elect to comply with the entirety of the Modernization of Engagement with Mortgagors in Default final rule beginning on January 1, 2025.

Richard J. Andreano, Jr. and Reid F. Herlihy

Back to Top

On Eve of New Administration (and New Board Composition), NLRB Limits Employer’s Ability to Make Unilateral Changes

On Tuesday, December 10, the National Labor Relations Board (NLRB) issued a decision that will make it more difficult for a unionized employer to make unilateral changes to working conditions. The decision, Endurance Environmental, found here, overturns a President Trump-era rule established in 2019 and returns to the “clear and unmistakable” waiver standard which had been in place for decades.

For background, an employer covered by a collective bargaining agreement may not make unilateral changes to the terms and conditions of employment unless (1) the employer has bargained over such changes with the union, or (2) the union has waived the right to bargain over such changes.

In a 2019 decision, MV Transportation, the NLRB rejected the then-current and well established “clear and unmistakable” waiver standard. In doing so, the President Trump Board adopted a “contract coverage” test to determine whether, through a contract provision, a union waived its right to bargain over changes to the terms and conditions of employment. Applying the employer-friendly contract coverage standard, the Board would examine the plain language of a collective bargaining agreement to determine whether action taken by an employer was within the compass or scope of contractual language. If the answer was yes, the union had waived its right to bargain over those changes, and the employer had the right to take unilateral action.

The NLRB’s decision to return to the “clear and unmistakable” waiver test places a far greater emphasis on the precise wording of the relevant contract provision. Under this more union-friendly approach, the Board will not permit unilateral changes unless the employer is able to show that “the specific issue was fully discussed and consciously explored during negotiations and that the union consciously yielded or clearly and unmistakably waived its interest in the matter.” In other words, the parties’ contract must unequivocally and specifically reference the parties’ shared intent to permit unilateral employer action to make the particular change at issue. It is no longer enough that the contract simply “covers” the general subject of the potential unilateral change – rather, the contract must more specifically grant that right.

Next month will see a second Trump administration. President-elect Trump has the opportunity to appoint several new members and “flip” the Board from a majority of Democratic appointees to a majority of Republican appointees. This includes filling the soon-to-be vacant seat of the Biden-appointed Chair, Lauren McFerran, whose renomination bid was rejected by the Senate yesterday. It is expected (and virtually guaranteed) that the newly constituted Board immediately will begin to reverse many of the Biden Board’s most union-friendly and controversial decisions, swinging the pendulum back to a Board far more receptive to business interests. It is also likely that President-elect Trump will fire current NLRB General Counsel, Jennifer Abruzzo, if she does not resign first. Thus, the return to the “clear and unmistakable” waiver standard likely will be short lived.

Ballard Spahr’s Labor and Employment Group will be issuing alerts on what else to expect from the new Board and how that will affect employers across the country, both unionized and non-union. Should you have any questions on this topic, please feel free to contact any member of our Group.

Justen R. Barbierri and Denise M. Keyser

Back to Top

The CFPB Proposes FCRA Rule With Potential Implications Far Beyond the Stated Focus on Data Brokers

The CFPB has proposed a rule that it promotes as ensuring that Fair Credit Reporting Act (FCRA) protections are applied to sensitive consumer information that the statute was designed to protect, including information sold by data brokers. However, the proposal is much broader than a data broker rule and could have far reaching implications, including what is considered a consumer report, who is considered a consumer reporting agency, and specific requirements to qualify for the written authorization permissible purpose that are not provided for in the FCRA. Comments are due on March 3, 2025.

Please see our CyberAdviser blog post on the data broker implications of the proposal. We also have reported previously on CFPB efforts to bring data brokers within the scope of the FCRA, and to expand the concept of what is a consumer report.

Consumer Report

The FCRA defines a “consumer report” as follows:

“[A]ny written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for

  1. credit or insurance to be used primarily for personal, family, or household purposes;
  2. employment purposes; or
  3. any other purpose authorized under section 604.”

The CFPB proposes to define the concepts of “is used” and “is expected to be used,” as well as add the concept that personal identifiers are consumer reports.

As proposed, information “is used” for one or more of the specified purposes if a recipient of the information uses it for such a purpose. Additionally, as proposed, information “is expected to be used” for one or more of the specified purposes if (1) the person making the communication expects or should expect that a recipient of the information in the communication will use the information for such a purpose, or (2) the information is about a consumer’s credit history, credit score, debt payments, or income or financial tier.

With regard to personal identifiers, as proposed a communication by a consumer reporting agency of a personal identifier for a consumer that was collected by the consumer reporting agency, in whole or in part for the purpose of preparing a consumer report about the consumer, is a consumer report regardless of whether the communication contains any information other than the personal identifier. The CFPB proposes that the following would be personal identifiers: (1) the consumer’s (a) current or former name or names, including any aliases, (b) age or date of birth, (c) current or former address or addresses, (d) current or former telephone number or numbers, (e) current or former email address or addresses, (f) Social Security number (SSN) or Individual Taxpayer Identification Number (ITIN), and (2) any other personal identifier for the consumer similar to the listed identifiers.

The CFPB also proposes three alternatives regarding whether the de-identification of information is relevant to whether the definition of “consumer report” is met:

  • (1)De-identification is not relevant to such determination.
  • (2)De-identification is not relevant to such determination if the information is still linked or linkable to a consumer.
  • (3)De-identification is not relevant to such determination if:
    1. The information is still linked or reasonably linkable to a consumer;
    2. The information is used to inform a business decision about a particular consumer, such as a decision whether to target marketing to that consumer; or
    3. A person that directly or indirectly receives the communication, or any information from the communication, identifies the consumer to whom information from the communication pertains.

Proposed examples of information that is linked or reasonably linkable to a consumer are:

  1. Information that identifies a specific household;
  2. Information that identifies a specific ZIP+4 Code in which a consumer resides; or
  3. Information that includes a persistent identifier (such as a cookie identifier, an Internet Protocol (IP) address, a processor or device serial number, or a unique device identifier) that can be used to recognize the consumer over time and across different websites or online services.

These proposals, when coupled with the proposals addressed below regarding the definition of a “consumer reporting agency,” would greatly expand the reach of the FCRA and make it difficult to imagine what information report regarding a consumer would not be covered.

Consumer Reporting Agency

The FCRA defines a “consumer reporting agency” as follows:

“[A]ny person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.”

The CFPB proposes to adopt a definition of “assembling or evaluating” and also add examples of such activity. The proposed definition is as follows:

“[A] person assembles or evaluates consumer credit information or other information about consumers if the person:

  1. Collects, brings together, gathers, or retains such information;
  2. Appraises, assesses, makes a judgment regarding, determines or fixes the value of, verifies, or validates such information; or
  3. Contributes to or alters the content of such information.”

The proposed examples of assembling or evaluating are as follows:

“A person assembles or evaluates consumer credit information or other information about consumers . . . if, for example, the person:

  1. Collects such information from a consumer’s bank account and assesses it, such as by grouping or categorizing it based on transaction type;
  2. Alters the content of information the person has received about a consumer, such as by modifying the year date fields to all reflect four, rather than two, digits to ensure consistency;
  3. Determines the value of such information, such as when a company that hosts an online database regarding consumers’ criminal histories arranges or orders search results in order of perceived relevance to users, or provides scores, color coding, or other indicia of weight or import to users;
  4. Retains information about consumers, such as by retaining data files containing consumers’ payment histories in a database or electronic file system; or
  5. Verifies or validates information the person has received about a consumer, such as by checking whether a consumer’s date of birth received from a third-party data provider matches the consumer’s date of birth as listed in an external database or is properly formatted regardless of whether the person takes any action to correct any errors found.”

The proposed expansions of information that is subject to the FCRA and who constitutes a consumer reporting agency are well beyond what would be tailored to address data brokers. The proposals are so broad it appears the analysis of whether a party is a consumer reporting agency providing a consumer report would mainly focus on whether they are providing the information for monetary fees, dues, or on a cooperative nonprofit basis. Credit header data and other basic contact information being used to confirm the identity of a consumer for important purposes, such as to avoid fraud or money laundering, would be a consumer report. Additionally, there is the issue of what falls within the vague concept of financial tier. The proposed expansions are so significant that they are matters to be addressed by Congress and not an executive agency.

Written Authorization Permissible Purpose

Under the FCRA, a consumer reporting agency may furnish a consumer report “[i]n accordance with the written instructions of the consumer to whom it relates.” The CFPB proposes to add significant conditions to this permissible purpose.

As proposed, for a consumer report to be furnished pursuant to the written authorization permissible purpose:

  • (1)The consumer reporting agency or the person to whom the consumer reporting agency will furnish the consumer report must:
    1. provide the consumer, either in writing or electronically, with a disclosure that satisfies specified requirements addressed below;
    2. obtain the consumer’s express, informed consent to the furnishing of a consumer report in accordance with the limitation on furnishing addressed below; and
    3. obtain the consumer’s signature, either in writing or electronically, authorizing the consumer reporting agency to furnish the consumer report, and the consumer must not have revoked consent to such furnishing.
  • (2)The consumer reporting agency must furnish the consumer report to a person only in connection with the person’s provision to the consumer of a specific product or service that the consumer has requested, or, if the consumer has not requested a product or service, in connection with a specific use the consumer has identified. (The required disclosure, which is addressed below, would need to identify the specific product or service, or if the consumer has not requested a product or service, the specific use identified by the consumer.)
  • (3)The person to whom the consumer reporting agency furnishes the consumer report:
    1. procures, uses, or retains the consumer report, or provides the report to a third-party, only as reasonably necessary to provide the product or service the consumer has requested or, if the consumer has not requested a product or service, for the specific use the consumer has identified;
    2. procures the consumer report no more than one year after the date on which the consumer consents to the furnishing of the report; and
    3. provides the consumer report to a third-party only if the third-party agrees by contract to comply with such limitations.

With regard to the “reasonably necessary” element, the CFPB proposes that examples of uses of consumer reports that are not part of, or reasonably necessary to provide, any other product or service include targeted advertising, cross-selling of other products or services, and the sale of information in the consumer report.

The consumer reporting agency or the person to whom the consumer reporting agency will furnish the consumer report would need to provide the consumer with a method to revoke consent for their report to be furnished that is as easy to access and operate as the method by which the consumer provided consent for their report to be furnished. Additionally, no person could charge the consumer any costs or penalties to revoke their consent.

The required consumer disclosure would need to be clear, conspicuous, and segregated from other material, and include:

  • (1)the name of the person for whom the consumer is providing consent to obtain their consumer report, which name must be readily understandable to the consumer;
  • (2)the name of the consumer reporting agency that will furnish the consumer report to the person to whom the consumer is providing consent, which name must be readily understandable to the consumer;
  • (3)a brief description of the specific product or service that the consumer is requesting from such person and in connection with which that person will use the consumer report, or, if the consumer is not requesting a product or service, the specific use for which the report will be furnished;
  • (4)statements notifying the consumer of the procurement, use, and retention limitations described above, and a statement that the person to whom the consumer is providing consent, and any third-party to whom the consumer report is provided, will comply, or will be required to comply, with the limitations; and
  • (5)a description of the method by which the consumer may revoke consent for their consumer report to be furnished that is as easy to access and operate as the method by which the consumer provided consent for their report to be furnished, and a statement that the consumer will not incur any costs or penalties to revoke their consent.

The requirements are not provided for in the FCRA. Given the significance of such requirements, if imposed, they should be imposed by Congress and not an executive agency.

Legitimate Business Need Permissible Purpose

In addition to providing that a consumer reporting agency may furnish a consumer for certain specific purposes, the FCRA also provides that a consumer reporting agency may furnish a consumer report to a person who otherwise has a legitimate business need for the information (1) in connection with a business transaction that is initiated by the consumer, or (2) to review an account to determine whether the consumer continues to meet the terms of the account.

The CFPB proposes examples of when business transactions are and are not initiated by the consumer. As proposed, examples of business transactions initiated by the consumer include when the consumer applies to rent an apartment, applies to open a brokerage account or checking account, or offers to pay for merchandise by personal check. A proposed example of a situation in which a consumer does not initiate a business transaction would be when the consumer asks about the availability or pricing of products or services.

The CFPB also proposes that the legitimate business need permissible purpose does not apply if the consumer reporting agency has reason to believe the person requesting a consumer report is seeking information from the report to solicit the consumer for a transaction the consumer did not initiate or to otherwise market products or services to the consumer.

With regard to the account review aspect of the permissible purpose, the CFPB proposes that an example of a permissible purpose would be if a consumer reporting agency has reason to believe that a bank needs a consumer report to determine, as part of an account review, whether to modify the terms of the consumer’s existing checking account based on whether there are credible and meaningful indicia that the consumer used the account to defraud others. The CFPB also proposes that the permissible purpose does not authorize the consumer reporting agency to furnish a consumer report to the bank if the consumer reporting agency has reason to believe the bank is seeking the information from the report to market other products or services to the consumer.

The CFPB is considering an effective date that is six months or one year after the final rule is published in the Federal Register. However, given the breadth of the proposal, it may not be viewed favorably by the next CFPB Director. Nonetheless, stakeholders should consider submitting comments.

Richard J. Andreano, Jr., John L. Culhane, Jr., and Alan S. Kaplinsky

Back to Top

The CFPB Proposes Broad New Data Broker Rule That Would Greatly Expand the FCRA

On December 3, 2024, the Consumer Financial Protection Bureau (CFPB) published its long-anticipated proposed rule aimed at regulating data brokers under the Fair Credit Reporting Act (FCRA). Although the CFPB’s future is uncertain under the upcoming administration, if implemented, the rule would significantly expand the reach of the FCRA.

In the accompanying press release, the CFPB stated that its “proposal would ensure data brokers comply with federal law and address critical threats from current data broker practices, including” national security and surveillance risks; criminal exploitation; and violence, stalking, and personal safety threats to law enforcement personnel and domestic violence survivors. The CFPB expanded on these stated risks in a separate fact sheet.

To address these risks, the proposed rule would treat data brokers like credit bureaus and background check companies: Companies that sell data about income or financial tier, credit history, credit score, or debt payments would be considered consumer reporting agencies required to comply with the FCRA, regardless of how the information is used. So, the rule would turn data brokers’ disclosure of such information into the communication of consumer reports subject to FCRA’s regulation. The CFPB did not propose any express exceptions for use of credit header data for fraud prevention, identity verification, compliance with Bank Secrecy Act or Know-Your-Customer requirements, or law enforcement uses.

If enacted, the proposed rule would significantly impact the data broker industry and restrict the information that data brokers can sell to third parties. It would also likely increase compliance costs for all data brokers—regardless of the types of data in which they deal. Unsurprisingly, as with other CFPB initiatives of late, industry reactions were immediate and clear. For example, the Consumer Data Industry Association (CDIA) expressed concerns that the proposed rule could have “severe unintended consequences for public safety, law enforcement, and the consumer economy.” Specifically, the CDIA noted that the proposed rule could make “it harder to identify and prevent fraudulent schemes” and that it “may become more difficult for police to identify and track fugitives or locate missing and exploited children.” It therefore called “on the CFPB to engage in a more collaborative approach with industry stakeholders and lawmakers to address data privacy concerns without compromising the integrity and efficiency of the credit reporting system that has long been the envy of the world.”

In any event, the proposed rule has a 90-day comment period, meaning that the comment period alone will run until March 3, 2025. Based on the incoming Trump administration’s apparent position toward the CFPB and FCRA, it seems unlikely that the rule will go into effect as proposed. But until anything becomes formal, companies that would be impacted by the proposed rule should still consider submitting comments to ensure that their interests are protected.

Gregory P. Szewczyk and Mudasar Khan

Back to Top

The CFPB Issues Final Rule Amending Regulation Z CARD Act, HOEPA, and QM Dollar Amounts

The CFPB has issued a final rule regarding various annual adjustments it is required to make under provisions of Regulation Z under the Truth in Lending Act (TILA) that implement the CARD Act, Home Ownership and Equity Protection Act (HOEPA), and the ability to repay/qualified mortgage provisions of TILA. The adjustments reflect changes in the Consumer Price Index (CPI) in effect on June 1, 2024, and will take effect January 1, 2025. The adjustments do not include adjustments to the credit card penalty fees safe harbor.

CARD Act. Regulation Z provides for the CFPB to annually adjust (1) the minimum interest charge threshold that triggers disclosure of the minimum interest charge in credit card applications, solicitations and account opening disclosures, and (2) the penalty fees safe harbor amounts.

In the notice, the CFPB announced that the calculation did not result in a change for 2025 to the current minimum interest charge threshold (which requires disclosure of any minimum interest charge above $1.00). (An increase in the minimum interest charge requires the change in the CPI to cause an increase in the minimum charge of at least $1.00.)

As was the case with the recent adjustments, the notice does not mention the credit card penalty fees safe harbors, which are set forth in Regulation Z Section 1026.52(b)(1)(ii)(A) and (B). Section 1026.52(b)(1)(ii)(D) provides that that these amounts “will be adjusted annually by the Bureau to reflect changes in the Consumer Price Index” (emphasis added). The “late fee” rule issued by the CFPB, which would set an $8 safe harbor for late fees assessed by all issuers other than “smaller” card issuers, a safe harbor for smaller card issuers of $32 for the first late payment and $43 for repeat violations within six months, and a safe harbor for all other penalty fees of $32 for the first violation and $43 for repeat violations within six months, purports to eliminate any inflation adjustment for the $8 late fee while retaining the inflation adjustment for all other fees. However, the effective date of that rule has been stayed in pending litigation.

HOEPA. Regulation Z provides for the CFPB to annually adjust the total loan amount and fee thresholds that determine whether a transaction is a high cost mortgage. In the final rule, for 2025, the CFPB increased the total loan amount threshold to $26,968, and the points and fees threshold to $1,348. As a result, in 2025, under the points and fees trigger a transaction will be a high-cost mortgage (1) if the total loan amount is $26,968 or more and the points and fees exceed 5 percent of the total loan amount, or (2) if the total loan amount is less than $26,968 and the points and fees exceed the lesser of $1,348 or 8 percent of the total loan amount.

Ability to Repay/QM Rule. The CFPB’s ability to repay/QM rule provides for the CFPB annually adjusting the points and fees limits that a loan cannot exceed to satisfy the requirements for a QM. The CFPB must also annually adjust the related loan amount limits. In the final rule the CFPB increased these limits for 2025 to the following:

  • For a loan amount greater than or equal to $134,841, points and fees may not exceed 3 percent of the total loan amount;
  • For a loan amount greater than or equal to $80,905 but less than $134,841, points and fees may not exceed $4,045;
  • For a loan amount greater than or equal to $26,968 but less than $80,905, points and fees may not exceed 5 percent of the total loan amount;
  • For a loan amount greater than or equal to $16,855 but less than $26,968, points and fees may not exceed $1,348; and
  • For a loan amount less than $16,855, points and fees may not exceed 8 percent of the total loan amount.

Additionally, under the general qualified mortgage requirements, to be a QM the annual percentage rate on the loan may not exceed the average prime offer rate by a specified percentage, which varies based on the loan amount, lien status and home type. A number of the loan amounts used for the points and fees trigger also are used for this purpose. In 2025, to be a QM the annual percentage rate on the loan may not exceed the average prime offer rate by:

  • 2.25 or more percentage points for a first lien loan with a loan amount greater than or equal to $134,841;
  • 3.5 or more percentage points for a first lien loan with a loan amount greater than or equal to $80,905 but less than $134,841;
  • 6.5 or more percentage points for a first lien loan with a loan amount less than $80,905;
  • 6.5 or more percentage points for a first lien loan on a manufactured home with a loan amount less than $134,841;
  • 3.5 or more percentage points for a subordinate lien loan with a loan amount greater than or equal to $80,905;
  • 6.5 or more percentage points for a subordinate lien loan with a loan amount less than $80,905.

Richard J. Andreano, Jr. and John L. Culhane, Jr.

Back to Top

The CFPB Issues Overdraft Rule Prior to Administration Change

The CFPB has issued its long-awaited final rule that covers overdraft policies at financial institutions with at least $10 billion in assets. The final rule offers those financial institutions three options for designing their overdraft programs.

The rule came one day after Senate Banking Committee ranking Republican Sen. Tim Scott, (R-SC) criticized CFPB Director Rohit Chopra for failing to heed his call for the CFPB to pause rulemaking and enforcement actions until President-elect Donald Trump takes office. During a committee hearing, Chopra declined to make that commitment.

In issuing the rule, the CFPB said that it addresses a 1969 exemption in which the Federal Reserve Board excluded overdraft services from Truth in Lending Act protections. At the time, overdraft services were not considered profit drivers, but were offered as a courtesy service. That since has changed and some banks use overdraft programs as profit drivers, according to the CFPB.

The CFPB estimated that if implemented, the final rule is expected to add up to $5 billion in annual overdraft fee savings to consumers.

The CFPB’s final rule gives financial institutions with at least $10 billion in assets three choices for their overdraft programs. Those financial institutions may:

  • Cap their overdraft fee at $5 breakeven fee, which is the CFPB’s estimated level at which most banks would be able to recoup their costs associated with administering a courtesy overdraft program.
  • Set their overdraft fee based on a calculation from the allowed costs and losses associated with operating overdraft service.
  • Offer “overdraft lending” by complying with Regulation Z requirements. This option would require financial institutions to deliver TILA and MLA disclosures, make an ability-to-repay determination, send consumers periodic statements and give them the opportunity to pay automatically or manually.

Consumer groups praised the rule. “The CFPB’s overdraft rule ensures that the most vulnerable consumers are protected from big banks trying to pad their profits with junk fees,” said Carla Sanchez-Adams, senior attorney at the National Consumer Law Center.

She said that big banks often charge $35 for an overdraft, far more than the cost of covering an overdraft.

However, the overdraft rule may never take effect.

Incoming President-elect Trump, an opponent of Director Chopra’s actions as bureau director, is likely to work to rescind the rule, which is not scheduled to go into effect until October 1, 2025. In addition, several trade groups and three banks almost immediately filed suit challenging the overdraft rule.

Congress also could use the Congressional Review Act to attempt to rescind the rule. That resolution would be subject to a presidential veto. If the current Congress attempted to repeal it, President Biden would be certain to veto it. However, next year, Republicans will control both houses of Congress, as well as the White House. They could use the CRA to rescind the rule.

A coalition of trade groups and three banks immediately filed suit challenging the overdraft rule seeking a declaration that the overdraft rule violates the APA, TILA, and CFPA and injunctive relief.

The Mississippi Bankers Association; the American Bankers Association; the Consumer Bankers Association; America’s Credit Unions, Arvest Bank in Fayetteville, Arkansas; the Bank of Franklin in Meadville, Mississippi; and the Commercial Bank in DeKalb, Mississippi filed suit in the U.S. District Court for the Southern District of Mississippi.

In their suit, the plaintiffs claim the CFPB violated the Administrative Procedures Act by exceeding their statutory authority under TILA and CFPA and the overdraft rule is arbitrary and capricious. They contend that the overdraft rule appears to rely primarily on TILA, a law that established disclosure obligations for credit products and specifically excluded overdrafts services from its scope. However, they argue that overdraft services are not credit products since consumers do not have a right to incur overdrafts or defer repayment of the overdraft.

To distinguish overdrafts from “credit,” the plaintiffs said that financial institutions retain discretion whether to pay or decline items that would overdraw a customer’s account in exchange for a fee disclosed in the customer’s account agreement. To support their arbitrary and capricious arguments, the plaintiffs allege that the overdraft rule contains (i) an inadequate cost-benefit analysis, (i) an interpretation unsupported by legislative history and prior Federal Reserve Board and OCC issuances, (iii) no indication that statutory factors were considered to determine the $10 billion threshold, and (iv) no basis for the breakeven fee distinction.

The plaintiffs also indicated that discretionary overdraft services provide a significant benefit to consumers that may not be able to qualify for credit.

The complaint makes compelling arguments about how the CFPB exceeded its statutory authority under TILA that may be difficult for the CFPB to overcome as overdrafts have been regulated under Regulation E and Regulation DD not Regulation Z. The CFPB’s use of TILA authority for this rulemaking is far more attenuated than the credit card late fee rule, for which an injunction remains in place.

Kristen E. Larson, Scott A. Coleman, and Ronald K. Vaske

Back to Top

The CFPB Plans to Issue Proposed Rule Mitigating the Financial Consequences to Abuse Survivors

The CFPB intends to issue a proposed rule to address the impact of credit reporting relating to accounts of survivors of domestic violence, elder abuse, and other forms of financial abuse.

The bureau has issued an Advance Notice of Proposed Rulemaking (ANPR) to gather input on potential amendments to the regulation that implements the Fair Credit Reporting Act. Comments on the ANPR are due March 7, 2025.

The ANPR was prompted by a petition for rulemaking from the National Consumer Law Center and the Center for Survivor Agency and Justice. The petition requested that the CFPB:

  • Modify the definition of “identity theft” to include “without effective consent” to provide relief for persons with coerced debt and specify what constitutes effective consent.
  • Modify the definition of “identity theft report” to reflect the modified definition of “identity theft.”
  • Allow the modified definition of “identity theft” to enable persons with coerced debt to utilize the block of information resulting from identity theft.
  • Clarify that no consumer reporting agency (CRA), including specialty CRAs can refuse to block information under the FCRA if the consumer is a person with coerced debt.

“Expanding identity theft protections could help survivors rebuild their financial lives and would ensure that our credit reporting system is not used as a tool for domestic and elder abuse,” bureau Director Rohit Chopra said.

The bureau said that abusers often use coerced debt as a tool of control, forcing their partner or other family members to take out credit cards or loans through threats, physical violence, or manipulation. Studies show this type of financial abuse creates substantial, long-lasting harm for survivors, according to the CFPB.

The ANPR asks consumer advocates, credit reporting companies, and the public to comment on various topics, including:

  • Whether the CFPB should consider alternatives to what is considered “coerced debt,” which the petition for rulemaking defines as “all non-consensual, credit-related transactions that occur in a relationship where one person uses coercive control to dominate the other person.”
  • The prevalence and extent of harm to people with coerced debt, including through the credit reporting system.
  • Evidence regarding how relevant coerced debt is to a survivor’s credit risk.
  • Barriers to accessing existing protections under federal or state law for survivors of economic abuse.
  • Challenges resulting from coerced debt facing specific populations including survivors of intimate partner violence and gender-based violence, older Americans, and children in foster care.
  • Potential documentation or self-attestation requirements for showing that a person’s debt was coerced.
  • Whether there are there circumstances that should give rise to a presumption of coercion.

As with all recent CFPB pending and final rules, this proposal faces an uncertain future. The comment due date of March 7 is well after President-elect Donald Trump takes office. President-elect Trump and his aides have been outspoken critics of the CFPB, with some going so far as to call for abolishment of the agency.

Recognizing the uncertain future of agency actions, Senate Banking Committee ranking Republican U.S. Senator Tim Scott, (R-S.C)., has called on financial regulators, including the CFPB, to pause all rulemaking and enforcement actions until the new administration takes office. Several agencies agreed to that request.

However, the CFPB did not. In fact, the bureau has been particularly active, recently issuing a final rule governing overdrafts, a proposed FCRA rule that would greatly expand the scope of the statute and taking several enforcement actions.

Richard J. Andreano, Jr. and John L. Culhane, Jr.

Back to Top

The CFPB Issues Final Rule to Give Bureau Supervisory Power Over Digital Consumer Payment Applications

The CFPB has issued a final rule to supervise large nonbank financial services providers that offer general-use digital consumer payment applications such as digital wallets and peer-to-peer payment apps.

Many of those apps are owned by large technology companies. While banks and credit unions are subject to CFPB supervisory examinations, many of the largest technology firms offering consumer payment services have not been subject to that scrutiny, according to the CFPB.

In its press release, CFPB stated, “Digital payment apps have become a cornerstone of daily commerce, rivaling traditional payment methods like credit cards and debit cards for both online and in-store purchases. These services have gained popularity among middle and lower-income consumers, who now use the apps for daily spending and fund transfers that now rival or exceed the use of cash.”

The CFPB said that while the agency always has had enforcement authority over these companies, the final rule gives the bureau the authority to conduct examinations to ensure that companies are complying with the law. “The rule will help the CFPB to ensure that these companies – specifically those handling more than 50 million transactions per year – follow federal law just like large banks, credit unions, and other financial institutions already supervised by the CFPB,” the CFPB said, in announcing the rule. The CFPB estimates that the most widely used apps covered by the rule collectively process more than 13 billion consumer payment transactions each year.

The final rule will allow the CFPB to supervise companies in several areas covered by federal law, including:

  • Privacy and Surveillance. Large technology companies are collecting vast quantities of data about a person’s transactions. Federal law allows consumers to opt-out of certain data collection and sharing practices. In addition, misrepresentations about data protection practices are prohibited.
  • Errors and Fraud. Under federal law, consumers may dispute transactions they believe are incorrect or fraudulent, and financial institutions must investigate those complaints. CFPB officials said they are particularly concerned about how payment apps may be used to defraud older adults and active duty servicemembers.
  • Debanking. Consumers can face serious harm when they lose access to their app without notice or when they cannot make or receive payments. The CFPB said that consumers have reported concerns to the CFPB about disruptions to their lives due to closures or freezes.

The CFPB noted that the final rule includes key changes from the proposed rule, which was released in November 2023. The threshold for examination was set at five million transactions a year in the proposed rule. The final rule increases that to 50 million transactions a year. The CFPB also limited the scope of the rule to count only transactions conducted in U.S. dollars. The final rule is effective 30 days after publication in the Federal Register.

Kristen E. Larson and Ronald K. Vaske

Back to Top 

Colorado Department of Law Adopts Amendments to Colorado Privacy Act Rules

On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA).

The DOL had released the first set of the proposed amended rules—which relate to the interpretative guidance and opinion letter process, biometric identifier consent, and additional requirements for the personal data of minors—on September 13, 2024. The Attorney General discussed the proposed rules at the 2024 Annual Colorado Privacy Summit, sought and received comments from the public, and revised the rules. The adopted rules will now be sent to the Attorney General, who will issue a formal opinion. After that formal opinion is issued, the rules will be filed with the Secretary of State, and they will become effective 30 days after they are published in the state register.

Lexi Chapman and Gregory P. Szewczyk

Back to Top 

FTC Takes Action Against Small Business Lender Seek Capital

The FTC filed a complaint in the U.S. District Court for the Central District of California against Seek Capital and its CEO, Roy Ferman, alleging that the company operated a bogus business finance scheme that cost small business owners more than $37 million. The FTC alleges violations of the FTC Act, Telemarketing and Consumer Fraud and Abuse Prevention Act, Telemarketing Sales Rule, and Consumer Review Fairness Act of 2016, and requests a temporary, preliminary and permanent injunction, monetary damages and other relief.

“The company has targeted new and aspiring small business owners looking for loans or lines of credit to open or grow their businesses,” according to the complaint. The complaint asserts that “[w]hile the company’s advertising implies that business owners would have access to cash, instead Seek charges clients thousands of dollars simply to open credit cards in the owners’ names” that the business owners “could have applied for on their own”.

The FTC said that Seek offers to provide sources of funding to small businesses to make payroll and pay other ongoing expenses. Seek’s ads call the company “the market leader in business loans for small businesses” and the company’s website advertises the “Best Startup Business Loans of 2024,” according to the complaint.

The FTC alleged that when business owners express an interest in Seek’s products, telemarketers use high pressure sales tactics.

“Once business owners sign the contract, instead of procuring business loans or lines of credit, Seek begins applying for numerous credit cards, typically personal credit cards in the name of the business owner,” the FTC alleged. “Seek then charges the business owner 10 percent of the total credit amount on the cards issued—an amount that can total thousands of dollars, according to the complaint.”

Business owners never see or approve any credit card applications that Seek submits on their behalf.

The FTC contended that “the first time many business owners learn that Seek has applied for credit cards in their name is when they receive an alert about a drop in their credit score, an invoice from Seek listing the credit cards Seek obtained in their name, or a letter from a bank approving or denying them for a credit card.”

This, the FTC said, is the first time business owners learn of Seek’s hefty fees.

If business owners try to cancel their agreement with Seek–even before Seek has submitted a single application on the business owner’s behalf– Seek charges them an early termination fee of as much as $995, according to the complaint.

The FTC said that Seek distorts online ratings by pressuring consumers to provide five-star reviews of the company even before they have received any funding, encouraging employees to post positive reviews. The complaint also asserts that a document that business owners must sign “contains a clause that prohibits consumers from causing harm to Seek’s reputation, specifically from posting online any negative comments, reviews, or complaints about Seek for three years. Such clauses are prohibited by federal law.”

The Commission vote authorizing the staff to file the complaint was 5-0.

Richard J. Andreano, Jr. and Ronald K. Vaske

Back to Top 

The CFPB Issues Matched Pair Testing Report on Small Business Lending

The CFPB recently issued a report entitled Matched-Pair Testing in Small Business Lending Markets that summarizes results of small business lending matched pair testing that it conducted in conjunction with the U.S. Department of Justice.

The CFPB notes that its Small Business Lending Rule, which implements section 1071 of the Dodd-Frank Act, requires financial institutions to collect and report to the CFPB data regarding applications for credit by small businesses. However, the CFPB observes that usable data from the Small Business Lending Rule will not be available for some time. The rule is currently subject to litigation, and updates can be found here and here.

Additional information on the Rule can be found here, here, and here.

The report is based on matched pair testing conducted in 25 bank branches located in Fairfax County, Virginia and 25 branches located in Nassau County, New York, with 100 total visits by testers across 23 financial institutions over several months in 2023. The CFPB explains that testers were trained to present themselves based on a pre-developed small business profile and inquire about available business financing options. Each visit was audio recorded and testers completed a post-visit survey documenting their visit to generate the data analyzed in this report. The CFPB also explains that, consistent with prior research, each Black tester was assigned a slightly more favorable financial profile compared to their matched White counterpart.

The CFPB cautions that “[g]iven the design and scope of this pilot research, these findings should not be generalized to the broader small business lending market or to specific financial institutions. These findings do, however, highlight the existence of differential treatment in small business lending.”

The testing focused on four domains of treatment: (1) level of encouragement/discouragement to apply for financing, (2) information provided to the tester about available credit products and potential steering toward product types, (3) overall quality of treatment or customer service, and (4) business and credit information requested of the tester. Significantly, the CFPB states that “[b]ased on related prior work, we hypothesized that white testers would receive favorable outcomes relative to Black testers who were at least equivalently qualified. Broadly, we predicted that any differences in treatment would tend to favor white relative to Black testers, who were each slightly more qualified than their white counterparts.” Thus, the CFPB assumed that the testing would show less favorable treatment of Black testers. The findings are summarized below.

Encouragement/Discouragement

  • Lenders provided more favorable levels of objective encouragement/discouragement to apply for credit to White testers as compared to paired Black testers, although both Black and White testers were encouraged to apply, on average.
  • White testers also subjectively reported feeling more encouraged to apply than Black testers, although both Black and White testers reported feeling encouraged, on average.

Examples:

In one paired test, the Black tester was told his business was too small to qualify for any of the bank’s small business loan products. The paired White tester, with a business of the same size, met with the same bank representative at the same banking office and was encouraged to apply for a small business line of credit at the bank for the amount of 10 percent of his business revenues.

In one test, the White tester was told he qualified for a loan with the bank by a representative who provided encouragement to apply. The Black tester, with a similar business and credit profile, met with the same representative, who told him he did not qualify and suggested he go to a Small Business Administration loan office instead.

Products and Potential Steering

  • Bank representatives were similarly likely to discuss the requested products with both White and Black testers. However, these bank representatives were more likely to discuss non-requested products with Black testers.

Example

In one test, the bank representative directed the Black tester toward a home equity line of credit product but recommended that the White tester apply for a business line of credit. Both the White and Black tester requested business credit. (The CFPB states that a home equity credit product is not business purpose credit and can place the owner’s personal residence at risk if the loan should default.)

The CFPB observes that because testers were instructed to explicitly request information about specific credit products during their visits, it remains unclear if differences might emerge in product discussions in the absence of these instructions. The CFPB adds that future research may consider evaluating and testing hypotheses related to differences in products discussed and the quality of these discussions.

Customer Service

  • White testers subjectively reported higher levels of customer service than Black testers, but there were no statistically significant differences in the objective index measure of observed customer service behaviors (e.g., whether testers were greeted or thanked).

Example

In one test, the Black tester was not greeted or acknowledged upon entering the branch office and had difficulty finding an employee who could discuss his needs. The bank representative he met with also told him that he couldn’t answer many of his questions. The White tester was greeted upon entry and waited only briefly to meet with the same bank representative. The representative brought in their manager to talk with the White tester, who offered to assist the tester in starting a loan application, sent the tester’s information to a small business loan specialist, and told the tester to call the manager the next day if he did not hear from the specialist. On the follow-up survey the White tester gave a customer service rating of 7 out of 8, while the Black tester gave a rating of 2 out of 8.

Information Requested of Tester

  • The CFPB did not observe statistically significant differences between Black and White testers on the amount of information requested during the visit or on rates of follow-up contact after the test visit occurred.

The CFPB also advises that there were no statistically significant differences by race in the likelihood that testers received a post-visit follow-up email or phone call from a bank representative. Overall, a little under one third of test visits resulted in a follow-up email or call.

Overall, the differences between Black and White testers observed in the testing in general appear to be minimal, although there was a more significant difference in the incidences of the bank representative discussing a credit product not requested by the tester—39 percent for White testers and 59 percent for Black testers.

The CFPB notes that the prohibition under Equal Credit Opportunity Act (ECOA) against discrimination is not limited to consumer transactions, as it also applies to business-purpose credit transactions, including credit extended to small businesses. The CFPB continues that it has previously identified several compliance management practices that may serve to mitigate the risk of an ECOA violation in a financial institution’s small business lending program. These include:

  • Active oversight by the board of directors and management of the institution’s compliance management system framework.
  • Comprehensive risk-focused policies and procedures for small business lending.
  • Periodic reviews of policies and procedures in place to address the risk of an ECOA violation, with revisions as needed and supported by documentation.
  • Small business lending monitoring programs and risk assessments.

The CFPB adds that a financial institution may also conduct its own testing to identify the risk of an ECOA violation and that, for example, institutions may adopt a testing methodology such as the matched-pair testing framework used in the study.

Richard J. Andreano, Jr. and John L. Culhane, Jr.

Back to Top 

Republican Leaders of House Financial Services Committee Tell CFPB to Stop Issuing Final Rules

The current and incoming Republican leaders of the House Financial Services Committee have asked financial regulators, including the CFPB, to stop “finalizing partisan rulemaking” over the next several weeks.

“The financial system, its institutions, consumers, and the CFPB itself do not benefit from last-minute partisan rulemaking attempts,” current Chairman Rep. Patrick McHenry, R-N.C.; and Rep. French Hill, R-Ark, the likely incoming chairman, wrote in a December 16 letter to CFPB Director Rohit Chopra.

They added, “The Congressional Review Act (CRA) authorizes Congress to disapprove rulemakings, including those finalized toward the end of the Congress.”

Similar letters were sent to the Treasury Department, HUD, the SEC, the Federal Reserve, the FDIC, the OCC and the FHFA.

McHenry and Hill also directed the CFPB to “preserve all existing and future documents, communications, and other information, including electronic information and metadata, that are or may potentially be responsive to a congressional inquiry, request, investigation, or subpoena that may be initiated or otherwise undertaken by a committee of Congress or any other investigative entity.”

The letters echo a call by Senate Banking Committee ranking Republican Sen. Tim Scott, R-S.C., who has called on financial regulators, including the CFPB, to pause all rulemaking and enforcement actions until the new administration takes office. Several agencies agreed to that request. During a hearing with Chopra last week, Scott indicated that while several of the agencies agreed to his request, the CFPB did not.

In recent weeks, the CFPB has been busy. The bureau has issued its long-awaited and controversial final rule governing overdrafts. On December 17, the day after the House committee leaders sent their letter, the CFPB issued a final rule that applies certain existing residential mortgage protections to Property Assessed Clean Energy (PACE) loans. In the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act, Congress directed the CFPB to prescribe ability to repay rules under the Truth in Lending Act/Regulation Z for PACE financings. The bureau also has issued proposed rules and taken enforcement actions.

Ballard Spahr Consumer Financial Services Group

Back to Top

Senator Tim Scott: CFPB Ignoring Call to Pause Rulemaking Until President-Elect Trump Takes Office

Senate Banking Committee ranking Republican Sen. Tim Scott, R-S.C. said on December 11 that unlike several other regulators, the CFPB is ignoring his call to pause rulemaking until the Trump administration takes office.

“It is paramount that President-elect Trump can begin his administration on January 20 with a fresh slate to implement the economic agenda that the American people resoundingly voted for,” Scott, who will become Chairman of the committee in the next Congress, said at a hearing that featured CFPB Director Rohit Chopra.

Scott said he had sent a letter to financial regulators asking them to pause any agency actions.

“To ensure an orderly transition, federal financial and housing regulators should suspend any rulemaking and nomination related activities,” Scott wrote, in his letter to the financial regulators. “As the top Republican on the Senate Committee on Banking, Housing, and Urban Affairs, I call on the agencies overseen by the Committee to cease all rulemaking, including the finalization of any pending or proposed regulations or guidance, and to comply with federal record retention laws and preserve all agency documents, records, and communications.”

Scott said that the OCC, FDIC, NCUA and Federal Reserve have agreed to pause their activities.

He said that that Chopra has ignored these calls, and instead, “pushed a partisan agenda.”

At the same time, Sen. Raphael Warnock, D-Ga. said that he, and Senate Banking Committee Chairman Sen. Sherrod Brown, D-Ohio, sent a letter to Chopra urging him to finalize the agency’s rule restricting the listing of medical debt on credit reports.

Chopra defended the CFPB’s current rulemaking. “We will continue to defend consumers’ rights and to hold companies accountable,” he said. He added, “I don’t think it makes sense for the CFPB to be a dead fish,” he said.

When asked, Chopra declined to say whether he would resign when President-elect Donald Trump takes office. He said that President-elect Trump has the power to remove him.

In his opening statement, Chopra noted that the Trump administration has expressed support for an interest rate cap on credit cards.

He also highlighted recent agency actions.

“The CFPB is taking action to crack down on credit card companies exploiting loopholes, to make it easier to switch to a new company, to ensure consumers can obtain and redeem promised rewards, and more,” Chopra said.

The CFPB recently proposed a rule under the Fair Credit Reporting Act (FCRA). While the CFPB touts the proposal as one focusing on data brokers, with Chopra stating the proposal would curb access to sensitive financial data by foreign adversaries and others seeking to exploit Americans by spying on their personal information, as we have reported, the proposal is much broader and would have wide-sweeping implications.

The bureau also issued a Notice of Proposed Rulemaking in advance of a rule intended to mitigate the financial consequences of domestic violence and abuse. In addition, the agency issued a final rule making clear its jurisdiction over popular digital payment apps.

The bureau also has recently initiated several enforcement actions.

Richard J. Andreano, Jr. and John L. Culhane, Jr.

Back to Top

President-Elect Trump Designates Andrew Ferguson as Next FTC Chair

President-elect Donald Trump said he has selected Andrew Ferguson to be the next chair of the FTC. Ferguson is a current Republican member of the commission; he will not have to be confirmed by the Senate to become chair.

He will replace Democrat Lina Khan as FTC chair.

President-elect Trump also announced his intention to nominate Mark Meador as a member of the FTC. As a new nominee for the commission, Meador is subject to Senate confirmation.

Before being nominated for his commission seat, Ferguson served as Virginia Solicitor General from 2022 to 2024. Before that, he served as Senate Minority Leader Mitch McConnell’s chief counsel. He also was Chief Counsel for Nominations and the Constitution for then-Judiciary Committee Chairman Sen. Lindsey Graham, R-S.C. He also served as Senior Special Counsel to then-Judiciary Chairman Sen. Chuck Grassley, R-Iowa.

In addition, Ferguson practiced antitrust law at several Washington, D.C., law firms, representing clients before the Justice Department and the FTC.

As chairman, Ferguson is likely to appoint new directors for FTC divisions, including those handling consumer protection issues.

Meador is a partner at Kressin Meador Powers LLC and previously served as the deputy chief counsel for antitrust for Sen. Mike Lee, R-Utah. In addition, he has worked in the antitrust divisions of the FTC and Department of Justice.

Ballard Spahr Consumer Financial Services Group

Back to Top

House Steering Panel Chooses French Hill as Next Financial Services Chair

It is all but certain that U.S. Representative French Hill, (R-AR), will chair the House Financial Services Committee in the next Congress. Rep. Hill was selected on December 12 by the House Republican steering committee, although his selection still must be approved by House Republicans in the next Congress. That approval is considered to be pro forma.

Rep. Hill would replace current Chair U.S. Representative Patrick McHenry, (R-NC), who is retiring from the House.

Rep. Hill is a former banker. Before being elected to the House, he was the founder, Chair, and Chief Executive Officer of Delta Trust & Banking Corporation.

Currently Rep. Hill serves as the Vice Chair of the House Financial Services Committee and as Chair of the new Digital Assets, Financial Technology and Inclusion subcommittee.

Before his election to the House, Rep. Hill also served as Deputy Assistant Secretary of the Treasury for Corporate Finance, as well as Executive Secretary to the President’s Economic Policy Council.

The Financial Services chair position has been one of the most hotly contested leadership races among House Republicans. In receiving the steering committee nod, Rep. Hill defeated Republican U.S. Representatives Andy Barr of Kentucky, Bill Huizenga of Michigan, and Frank Lucas of Oklahoma.

U.S. Representative Maxine Waters, (D-CA.), will continue to serve as ranking Democrat on the panel.

Ballard Spahr Consumer Financial Services Group

Back to Top

Subscribe to Ballard Spahr Mailing Lists

Get the latest significant legal alerts, news, webinars, and insights that affect your industry. 
Subscribe

Copyright © 2024 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.