On June 5, the FDIC and a Delaware bank entered a consent order that prohibits the bank from entering into any new relationships with third-party prepaid card processors or prepaid card program managers until the FDIC approves a written report from the bank that details the steps taken by the bank to (i) implement new BSA compliance policies and procedures; (ii) improve staff training; (iii) implement controls sufficient to mitigate BSA and safety and soundness risk associated with prepaid card, credit card merchant acquiring, and ACH activities; and (iv) perform a BSA risk assessment. The order similarly restricts the bank’s activities related to credit card merchant acquiring and ACH merchant payment processing. The order does not prohibit the bank from issuing prepaid cards through existing distribution channels under existing contracts with third-parties, but does restrict certain activities related to existing credit card and ACH processing activities. In addition, the bank must (i) retain and designate BSA and OFAC officers; (ii) conduct a suspicious activity reporting look-back review; and (iii) submit periodic progress reports. Finally, the order requires increased board supervision of the bank’s BSA compliance program and mandates the creation of a board-level BSA committee.
Recently, the Federal Reserve Board released two payments-related reports: (i) a report to Congress on government-administered general use prepaid cards; and (ii) a detailed report on the Federal Reserve’s 2013 payments study. The report on government-administered prepaid cards analyzes the $502 million in fee revenue collected by issuers in 2013, a majority of which was attributable to interchange fees. For consumer-related fees, the report indicates such fees derived primarily from ATM-related charges. The second report details findings from the 2013 Federal Reserve Payments Study, the fifth in a series of triennial studies conducted by the Federal Reserve System to comprehensively estimate and study aggregate trends in noncash payments in the United States. The paper expands on the 2013 summary findings originally published last December, and includes, among many other things, the following new findings: (i) credit cards are more prevalent than other general-purpose card types; (ii) among general-purpose cards with purchase activity in 2012, consumers preferred debit cards, with an average use of 23 payments per month, compared with an average of 11 payments per month for general-purpose credit cards and 10 payments per month for general-purpose prepaid cards; (iii) although the number of ATM cash withdrawals using debit cards and general-purpose prepaid cards dropped slightly, growth in the value of ATM withdrawals continued to exceed inflation; (iv) the number of online bill payments reported by major processors, which included those initiated through online banking websites and directly through billers and settled over ACH, exceeded three billion in 2012; and (v) there were more than 250 million mobile payments made using a mobile wallet application, and at least 205 million person-to-person or money transfer payments.
On May 29, the CFPB published a notice and request for comment on an updated plan to conduct a credit card arbitration survey. The following day, the OMB made available the documents submitted by the CFPB in support of the survey.
The amended survey notice follows an initial notice last year that the CFPB planned to conduct a telephone survey of 1,000 credit cardholders to assess (i) the extent of their awareness of dispute resolution provisions in their credit card agreements and (ii) the cardholders’ “assessments of such provisions.” At the time, the CFPB released draft survey questions as part of its information collection request supporting statements. The initial public comment period closed August 6, 2013. During the comment period, banking trade groups objected to the survey and suggested the CFPB instead pursue peer-reviewed research that compares consumer dispute resolution methods.
In its latest notice, the CFPB states that the survey “will explore (a) the role of dispute resolution provisions in consumer card acquisition decisions and (b) consumers’ default assumptions (meaning consumers’ awareness, understanding, or knowledge without supplementation from external sources) regarding their dispute resolution rights vis-a-vis their credit card issuers, including their awareness of their ability, where applicable, to opt-out of mandatory pre-dispute arbitration agreements.”
The supporting statements and attachments thereto detail the CFPB’s rationale for conducting the survey. Appendix A provides the final survey questions, and Appendix B provides the justification for the questions
The public comment period on the notice and supporting materials closes June 30, 2014.
On April 3, Martin Wheatley, Chief Executive of the UK Financial Conduct Authority (FCA), which took over responsibility for overseeing consumer credit markets in the UK on April 1, 2014, identified the FCA’s most “immediate priority” as ensuring “providers of credit, as well as satellite services like credit broking, debt management and debt advice, have sustainable and well-controlled business models, supported by a culture that is based on ‘doing the right thing’ for customers.” He explained that the FCA wants to expand financial service providers’ focus on compliance with specific rules to include “wider FCA expectations of good conduct.” Referencing a paper the FCA published on April 1, the day it began overseeing consumer credit markets, Mr. Wheatley stated that consumer credit providers need to consider how they engage with consumers in vulnerable circumstances. On this issue, the FCA also announced a “competition review” of the UK credit card market to determine, among other things, “how the industry worked with those people who were in difficult financial situations already.”
On March 19, the U.S. Court of Appeals for the Seventh Circuit held that a retailer’s credit card upgrade program that replaced existing customers’ limited use store charge cards with unsolicited general use credit cards did not violate TILA, and affirmed the district court’s dismissal of a putative class action. Acosta v. Target Corp., No. 13-2706, 2014 WL 1045202 (7th Cir. Mar. 19, 2014). Under the upgrade program, the retailer automatically issued new general purpose cards to existing store card customers and closed the old account upon either the activation of the new account or rejection by the consumer of the new card. The class representatives claimed that the program constituted an offer to change the underlying account relationship and violated TILA’s prohibition on the mailing of unsolicited credit cards. The court held that the program fell within TILA’s exemption for substitute cards based on the common understanding of “substitution” and the Federal Reserve Board staff’s Regulation Z commentary. The court also rejected the cardholders’ argument that they were fraudulently induced to accept the new card. The court determined that the retailer disclosed the reasons for a change in the APR and did not raise the rate unless payments were missed, and sufficiently disclosed the potential for a change in credit limit. The court also held that the retailer’s omission of the fact that cardholders could take steps to retain their store card account was not fraudulent, and added that to hold otherwise would require the retailer “to disclose any condition that could theoretically be negotiated with the card issuer.” The court also affirmed the dismissal of the cardholders’ breach of contract and tortious interference claims.
On March 7, Visa and Mastercard announced the formation of a cross-industry payment security working group, which the payment system providers state will be focused on “enhancing payment system security to keep pace with the expectations of consumers, retailers and financial institutions.” The group’s initial focus will be on supporting the adoption of EMV chip technology in the United States. In addition, the group will promote tokenization and point-to-point encryption, and will develop “an actionable roadmap for securing the future across all segments of the payments industry.” The group will include representatives from banks of all sizes, credit unions, acquirers, retailers, point-of-sale device manufacturers and industry trade groups.
On March 3, South Dakota enacted HB 1131, which amends state banking laws to make clear that banks can offer revolving lines of credit not tied to the issuance of a credit card.
This week, several congressional committees held hearings to review recent data security breaches and related consumer privacy issues, particularly those related to consumer financial data and payment systems. Generally, the hearings covered (i) potential enhancements to federal enforcement capabilities, (ii) card and payment system technologies and potential data security standards, and (iii) consumer protection enhancements. The hearings included two by the Senate Banking Committee—the first by a Subcommittee and a second held by the full Committee—as well as hearings held by the Senate Judiciary Committee and a Subcommittee of the House Energy and Commerce Committee. With regard to federal enforcement capabilities, the FTC reiterated its support for federal legislation that establishes a national breach notification requirement and a federal data security standard the FTC can enforce with civil penalties. The FTC also would like (i) its jurisdiction for data security enforcement to include nonprofit organizations, and (ii) APA rulemaking authority to address evolving risks. In support of the FTC’s request for additional authority, several members highlighted their view of the FTC’s limited ability to enforce data security under section 5 of the FTC Act. In particular, Senator Elizabeth Warren (D-MA) asserted that the FTC Act’s demanding standard and lack of strict liability unnecessarily limits the FTC’s authority to protect the public in data security matters. The FTC believes federal legislation should not preempt stronger state laws, and that state attorneys general should have concurrent enforcement authority. Significant debate centered on the possible benefits of implementing “Chip and PIN” technology in payment cards, with several legislators questioning why such technology is in widespread use in other major economies but has not yet been deployed in the U.S. Witnesses representing retailers repeatedly called on banks and payment network companies to move immediately to that technology, claiming that the outdated cards still being issued in the U.S. create unnecessary security risk. Banks outlined their plans to move to chip-based cards by October 2015 and stressed the role retailers must play in helping secure consumer data. As a corollary to technological solutions, committee members debated the role of government in setting data security standards, including for payments. Several members of Congress were critical of non-governmental standards bodies and called for a technologically neutral federal standard. Finally, Senator Mark Warner (D-VA) expressed an interest in amending federal law to extend zero-liability protections currently applicable to credit card transactions to debit card transactions.
On January 21, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s dismissal of a constitutional challenge to certain credit card fees. In re Late Fee and Over-Limit Fee Litig., No. 08-15218, 2014 WL 211729 (9th Cir. Jan. 21, 2014). A group of credit card holders filed a class action suit claiming that credit card overlimit fees and late fees are analogous to punitive damages imposed in the tort context, and therefore such fees are subject to substantive due process limits. The card holders asserted that because banks are compensated through high penalty interest rates for the lost time value and collection costs associated with any breach of the credit contract, the other charges are duplicative and therefore punitive. The court explained that its decision hinged on the similarities and differences between liquidated damages and punitive damages, and determined that the penalty clauses at issue originate from the parties’ private credit card contracts, and are distinct from the jury-determined punitive damages awards. The court held, therefore, that the “jurisprudence developed to limit punitive damages in the tort context does not apply to contractual penalties, such as the credit card fees at issue in this case.”
On December 23, the CFPB announced a coordinated enforcement action taken by federal regulators against a major credit card company and certain subsidiaries alleged to have violated multiple consumer protection laws with respect to credit card add-on products. The action, which is the fourth action taken by the CFPB relating to credit card add-on products, and the fifth add-on product action overall, extends the CFPB’s intense supervisory and enforcement focus on ancillary products and oversight of third-party service providers.
In coordination with the FDIC and the OCC, the CFPB ordered the companies to refund an estimated $59.5 million to more than 335,000 customers for certain credit card practices, including allegedly unfair billing tactics and deceptive marketing. The company must also pay an additional $9.6 million in civil penalties, submit to an independent review of other credit card add-on products, and continue to implement enhanced third-party oversight.
The consent orders allege that the company misled consumers about the benefits, fees, length of coverage, and terms and conditions of certain payment protection products, and that the company billed consumers for services they did not receive, unfairly charged consumers for interest and fees, and failed to comply with federal requirements to inform consumers about their right to a free credit report.
The coordinated action follows another taken by federal regulators last year, in which the same companies were ordered to refund approximately $85 million in connection with alleged UDAAP violations related to the offering of a rewards card and certain debt collection practices.
On December 16, the CFPB published a final rule to review and adjust provisions of Regulation Z that implement amendments to TILA under the CARD Act and HOEPA. Specifically, the CFPB is required to adjust, as appropriate based on the annual percentage change reflected in the Consumer Price Index in effect on June 1, 2013, (i) the threshold amount that triggers requirements for the disclosure of minimum interest charges and (ii) the maximum penalty fee card issuers can impose for violating account terms without violating the restrictions on penalty fees established by the CARD Act. For 2014, the minimum interest charge disclosure threshold will remain unchanged, while the permissible penalty fees will increase to $26 for a first late payment and $37 for each subsequent violation within the following six months. Similarly, the CFPB is required to adjust the combined points and fees threshold that triggers compliance with HOEPA. Effective January 1, 2014, that threshold will be $632.
On December 17, the CFPB released its annual report to Congress on college credit card agreements, prepared pursuant to the CARD Act. The report follows an inquiry launched earlier this year into financial products marketed to students. The study revealed that since 2009, the number of college card agreements in effect has decreased by 41 percent, the compensation paid to colleges and universities has decreased by 40 percent, and the number of new accounts opened by students has decreased by 18 percent.
The Bureau’s press release urges financial institutions to voluntarily disclose to the public any agreements with colleges and universities to market debt, prepaid, and other products to students and warns that “[t]he CFPB prioritizes its supervisory examinations based on the risks posed to consumers” and “[failing to make] college financial product arrangements transparent to students and their families . . . increase[s] such risks.”
On December 12, the CFPB published the preliminary results of its ongoing study of arbitration agreements in consumer finance contracts. Section 1028(a) of the Dodd-Frank Act directs the CFPB to study the use of pre-dispute arbitration contract provisions, and preconditions the CFPB’s exercise of rulemaking authority regarding arbitration agreements on a finding that the regulation is “in the public interest and for the protection of consumers.” The CFPB commenced its arbitration study in early 2012, and expanded its review this year with a proposal to survey credit card holders, and by exercising its authority under Dodd-Frank Act Section 1022 to order some companies to provide template consumer credit agreements, as Director Cordray indicated during a September House Financial Services hearing.
The CFPB reports the following preliminary results, among others:
- Larger banks are more likely to include arbitration clauses in their credit card contracts and checking account contracts than smaller banks and credit unions.
- Just over 50% of credit card loans outstanding are subject to arbitration clauses, while 8% of banks, covering 44% of insured deposits, include arbitration clauses in their checking account contracts.
- Arbitration clauses are prevalent across the general purpose reloadable (GPR) prepaid card market, with arbitration clauses appearing in the cardholder contracts for 81% of GPR prepaid cards studied by the CFPB.
- Class action waivers are ubiquitous, appearing in approximately 90% of arbitration provisions.
- A minuscule number of consumers exercise contract carve-outs permitting disputes to be pursued in small claims courts, while credit card issuers are “significantly more likely” to sue consumers in small claims court.
The CFPB did not consider specific policy options at this stage. However, the report outlines numerous additional steps the CFPB plans to take as part of its arbitration study, which may expand to include other financial product markets. For example, in response to stakeholder comments, the CFPB is revising a prior proposal to conduct a survey of consumers that addresses consumer awareness of arbitration clauses and consumer perceptions of and expectations about formal dispute resolution. The CFPB also intends to assess the possible impact of arbitration clauses on the price of consumer financial products. Finally, the CFPB is examining the interrelationship between public enforcement and private aggregate enforcement (i.e., class actions) by conducting an empirical analysis of the types of cases brought by public and private actors, and the relationship between any actions against the same defendants or challenging similar conduct. The report does not provide anticipated timelines for these or any of the other future steps the Bureau describes.
On December 10, the CFPB released a consent order with a federal savings association, pursuant to which the bank will refund approximately $34 million to more than one million credit card holders who were enrolled in deferred-interest financing for healthcare services. The order does not include a civil penalty. The deferred-interest action is the first public action taken by the CFPB since it promised to scrutinize such products in its October credit card report.
The product at issue typically is offered by healthcare providers who offer personal lines of credit for healthcare services, including medical, dental, cosmetic, vision, and veterinary care. The CFPB alleges that the bank failed to sufficiently train healthcare providers to deliver material information about deferred-interest promotional periods associated with the credit cards, which led to consumers being misled during the enrollment process. The CFPB further claimed that healthcare providers improperly completed applications and submitted them on behalf of consumers, failed to provide consumers with copies of the credit card agreement, and, where disclosures were provided, those disclosures failed to adequately explain the deferred-interest promotion.
In addition to consumer redress, the order mandates certain terms of the bank’s contracts with medical providers offering the healthcare credit card. For example, the bank must incorporate specific “transparency principles” into its agreements with healthcare providers, and the contracts must prohibit certain charges. The bank also must enhance disclosures provided with the card application and billing statements, and improve training for healthcare providers offering the card. In addition, the order details consumer complaint resolution requirements, and prohibits certain incentive arrangements and paid endorsements. To date, the CFPB has not released the attachments to the consent order, which include, among other things, the transparency principles and disclosures.
The New York Attorney General entered into a similar agreement with the bank earlier this year. Under that agreement, the bank was likewise required to add a set of transparency principles to provider contracts to ensure that card terms were described accurately and to revise promotional interest rate options and other disclosures to better inform consumers’ use of the card.
On December 2, the U.S. Court of Appeals for the Fifth Circuit held that a set of parens patriae suits filed by the Mississippi Attorney General (AG) against credit card issuers is not subject to federal jurisdiction under the Class Action Fairness Act (CAFA) or National Bank Act (NBA) preemption. Hood v. JP Morgan Chase & Co., No. 13-60686, 2013 WL 6230960 (5th Cir. Dec. 2, 2013). The consolidated appeal involves cases originally filed by the AG in state court against six credit card issuers for allegedly violating the Mississippi Consumer Protection Act in connection with the marketing, sale, and administering of certain ancillary products, including payment protection plans. After the card issuers removed the cases, a federal district court denied the state’s motion to remand, holding that it had subject matter jurisdiction because: (i) the cases were CAFA mass actions; (ii) the NBA (and the Depository Institutions Deregulation and Monetary Control Act for one state-chartered bank defendant) preempted some of the state law claims; and (iii) it had supplemental jurisdiction over the remaining state law claims. The Sixth Circuit disagreed and held that the card issuers failed to prove that any card holder met CAFA’s individual amount in controversy requirement, rejecting the issuers’ argument that the state is the real party in interest and its claims for restitution and civil penalties exceed the threshold. The court also rejected the issuers’ argument—and the district court’s holding—that the payment protection plans were part of the loan agreement and the fees associated with the plans constitute “interest,” such that the state’s challenge to the plans was an implicit usury claim preempted by the NBA. Instead, the court held that while the plans could conceivably fit within the definition of “interest,” there is no clear rule on this subject that demands removal. Moreover, the court held that even if the payment protection plan fees are “interest,” the claims still would not be preempted because the state does not allege that the issuers charged too much interest, but rather challenges the alleged practice of improperly enrolling customers in the plans. The court reversed the district court and remanded for further proceedings consistent with its opinion.