On October 20, the CFPB finalized its amendment to Regulation P, which requires that financial institutions meet specific consumer data-sharing requirements, including the delivery of annual privacy notices. Under the new rule, bank and nonbank institutions under the CFPB’s jurisdiction will now be allowed to post privacy notices online, rather than deliver an annual paper copy. Institutions that choose to post notices online must meet certain conditions, including (i) providing notice to consumers if the institution shares any data to third parties, in addition to providing an opportunity to opt out of such sharing; and, (ii) using the 2009 model disclosure form developed by federal regulatory agencies. The institutions that choose to rely on the new delivery method must (i) ensure that customers are aware of the notices posted online; (ii) provide paper copies within ten days of a customer’s request; and, (iii) make customers aware that the privacy notice(s) are available online—and that a paper copy will be provided at the customer’s request—by inserting a “clear and conspicuous statement at least once per year on an account statement, coupon book, or a notice or disclosure.” As outlined when the proposed rule was issued in May, the CFPB anticipates that the rule will: (i) provide consumers with constant access to privacy notices; (ii) limit the amount of an institution’s data sharing with third parties; (iii) educate consumers on the various types of privacy policies available to them; and, (iv) reduce the cost for companies to provide privacy notices.
On February 24, the CFPB announced a proposed rule that would reduce the burden of credit card issuers by suspending – for one year – their obligation to submit credit card agreements to the CFPB on a quarterly basis. The proposed rule would be in effect while the CFPB works to establish a “more streamlined and automated electronic submission system” that would make it easier for issuers to submit the agreements. The proposal amends the 2009 CARD Act, which established the requirement that issuers submit consumer credit card agreements to the CFPB. During the proposed one-year suspension, other requirements of the CARD Act would remain in place, such as the issuers’ “obligations to post currently-offered agreements on their own websites.” Comments on the proposed rule are due by March 13. Credit card issuers would resume submitting credit card agreements on a quarterly basis to the CFPB starting on April 30, 2016.
Recently, the SEC issued a final rule to update its EDGAR system to support changes to the disclosure, reporting, and offering process for asset-backed securities. Specifically, EDGAR will be revised to update Volume I: General Information, Volume II: EDGAR Filing, and Volume III: N-SAR Supplement. The EDGAR system is scheduled to reflect the updates on October 20.
On August 1, the FTC released a staff report on the agency’s review of shopping apps—those used for comparison shopping, to collect and redeem deals and discounts, and to complete in-store purchases. The FTC staff examined information available to consumers before they download the software onto their mobile devices—specifically, information describing how apps that enable consumers to make purchases dealt with fraudulent or unauthorized transactions, billing errors, or other payment-related disputes. The staff also assessed information on how the apps handled consumer data. The FTC staff determined that the apps studied “often failed to provide pre-download information on issues that are important to consumers.” For example, according to the report, few of the in-store purchase apps provided any information prior to download explaining consumers’ liability or describing the app’s process for handling payment-related disputes. In addition, according to the FTC, most linked privacy policies “used vague language that reserved broad rights to collect, use, and share consumer data, making it difficult for readers to understand how the apps actually used consumer data or to compare the apps’ data practices.” The FTC staff recommends that companies that provide mobile shopping apps to consumers: (i) disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions; (ii) clearly describe how they collect, use, and share consumer data; and (iii) ensure that their strong data security promises translate into strong data security practices. The report also includes recommended practices for consumers.
On July 15, Fannie Mae and Freddie Mac announced the availability of additional documentation to support the mortgage industry with the implementation of the Uniform Closing Dataset (UCD), the common industry dataset that supports the CFPB’s closing disclosure. The documents provide information to supplement the MISMO mapping document released in March 2014. Fannie Mae and Freddie Mac intend to collect the UCD from lenders in the future, but have not yet determined the method or timeline for that data collection.
On June 3, Visa announced that it teamed with Pew Charitable Trusts to develop voluntary prepaid card standards and a designation for cards that meet those standards. To qualify for the designation, which Visa believes “will signify a new level of simplicity, protection and opportunity,” a prepaid card must have the following features: (i) flat monthly fee covering all basic activities; (ii) no additional charges for declined transactions, customer service, in-network ATM withdrawal or balance inquiries, PIN or signature transactions, cash back at point of sale, or overdrafts; (iii) “consumer friendly” communication of fees—e.g. fee box and disclosures; and (iv) “quick-use guide” for using the card at the lowest cost. In addition, issuers seeking the designation must provide the following consumer protections: (i) individual FDIC/NCUA insurance; (ii) Regulation E dispute resolution rights; (iii) coverage under Visa’s zero liability policy; and (iv) access to Visa’s Prepaid Clearinghouse Service to assist with fraud prevention.
On April 17, the CFPB issued a guide to completing the disclosure forms required by its November 2013 TILA-RESPA integrated disclosures rule, which generally applies to transactions for which a creditor or broker receives an application on or after August 1, 2015. The guide provides instructions for completing the Loan Estimate and Closing Disclosure and highlights common situations that may arise when completing the forms. The CFPB states in addition to serving as a resource to creditors, the guide also may assist settlement service providers, software providers, and other service providers. The disclosure forms guide follows the release last month of a small entity compliance guide, which summarizes the rule and highlights issues that small creditors, and their partners or service providers, might find helpful to consider when implementing the rule.
On March 18, the CFPB announced that it has begun testing two potential model prepaid card disclosures. After holding field tests last month in Baltimore and this week in Los Angeles, the CFPB plans a final field test next month at a location to be determined. The model forms would provide a standard format for disclosing certain fees, including, among others, monthly, reload, per purchase, ATM withdrawal, and inactivity fees. The two models primarily differ in design—the fees included on the two test models are identical, but for a “decline” fee, which appears only on one of the models.
The field testing follows the CFPB’s May 2012 advance notice of proposed rulemaking soliciting comments to evaluate prepaid cards. The CFPB received hundreds of comments in response to that initial inquiry, and since that time, advocacy groups and members of Congress have continued to pressure the CFPB to take action on prepaid cards. For example, in the last several months, Senate Democrats introduced two prepaid card bills that would establish certain disclosure requirements, and the PEW Charitable Trusts released a paper outlining its latest position and model disclosures.
Finally, in addition to the field testing, the CFPB is seeking comments on the model disclosures through its blog, Twitter, Facebook, or email “from anyone who is interested in making prepaid card disclosures better.” Following completion of the testing, the CFPB expects to propose a rule “later this spring.” That timeline matches one laid out in the CFPB’s most recent rulemaking agenda, in which the Bureau anticipated a proposed rule in May 2014.
On January 6, the U.S. District Court for the District of Utah held that the model TILA rescission disclosure, form H-8, does not clearly and conspicuously disclose the three business day rescission period. Simmons v. Citimortgage Inc., No. 11-171, 2014 WL 37623 (D. Utah Jan. 6, 2014). In this case, two borrowers sued their lender, claiming that the lender improperly refused to rescind the borrowers’ loan within the statutory three-day rescission period. The borrowers, who closed on a Wednesday and sought rescission the following Monday, claimed that their rescission attempt fell within the three business day window granted by TILA. The lender countered that Regulation Z defines Saturday as a business day and therefore the borrowers’ request was untimely. On summary judgment, the court determined that the rescission disclosure the lender provided to the borrowers, model disclosure form H-8, did not clearly and conspicuously disclose the date the rescission period expired. The court explained that the model disclosure is subject to more than one sensible reading and required the borrowers to conduct further research into the meaning of “business day.” The court reasoned that the fact that the borrowers were required to do anything to understand the notice is sufficient to disqualify the notice from being “clear and conspicuous.” The court granted partial summary judgment to the individual borrowers, holding that the borrowers are entitled to the three-year rescission period, and invited further briefing as to whether the borrowers have otherwise met their rescission burden.
Federal District Court Holds Evidence Of Online Notice Regarding Arbitration Policy Change Alone Insufficient To Support Arbitration Demand
On December 2, the U.S. District Court for the Northern District of California denied a bank’s motion to compel arbitration, in part because the bank failed to provide evidence that its customer received an online notice of a contract change that added the arbitration clause. Martin v. Wells Fargo Bank, N.A., No. 12-6030, slip op. (N.D. Cal. Dec. 2, 2013). In this case, a bank customer filed suit alleging the bank violated the Telephone Consumer Protection Act and the state’s Unfair Competition Law. The bank moved to compel arbitration, claiming that it properly amended the controlling customer agreement to include the arbitration clause at issue by providing written notice in a billing insert, and by providing the same notice online to customers who logged into their account. The court held that the bank failed to demonstrate the customer logged on to her online account and received the notice at issue. Similarly, the court explained that the bank’s supporting declaration only stated that the customer’s account was “targeted to receive” the written notice, but the bank did not state the customer actually was provided with the notice. The court also questioned whether the amendment adding the arbitration clause was fair, explaining that the original customer agreement allowed the bank to amend “charges, fees, or other information contained in the disclosure” and suggested that the original agreement’s terms did not indicate the addition of an arbitration agreement was an anticipated modification.
UPDATED OCTOBER 14, 2014: Updated to reflect amendments proposed by the CFPB on October 10, 2014.
On November 20, 2013, the CFPB finalized its long-awaited rule combining the mortgage disclosures consumers receive under the Truth in Lending Act (“TILA”) and the Real Estate Settlement Procedures Act (“RESPA”). For more than 30 years, the TILA and RESPA mortgage disclosures had been administered separately by, respectively, the Federal Reserve Board (“FRB”) and the U.S. Department of Housing and Urban Development (“HUD”). In 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) transferred authority over TILA and RESPA to the Bureau and directed the Bureau to create “rules and model disclosures that combine the disclosures required under [TILA] and sections 4 and 5 of [RESPA], into a single, integrated disclosure for mortgage loan transactions covered by those laws.” Congress did not, however, amend TILA and RESPA provisions governing timing, responsibility, and liability for the disclosures, leaving it to the Bureau to resolve the inconsistencies. The final rule generally applies to covered transactions for which the creditor or mortgage broker receives an application on or after August 1, 2015.
Click here to read our Special Alert. (Updated 10/15/14)
Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.
- Jeffrey P. Naimon, (202) 349-8030
- Clinton R. Rockwell, (310) 424-3901
- Joseph J. Reilly, (202) 349-7965
- John P. Kromer, (202) 349-8040
- Joseph M. Kolar, (202) 349-8020
- Jeremiah S. Buckley, (202) 349-8010
- Benjamin K. Olson, (202) 349-7924
- Jonathan W. Cannon, (310) 424-3903
- Brandy A. Hood, (202) 461-2911
**Update – The CFPB has now released the final rule and related materials, available here.**
Later today, as anticipated, the CFPB will release its final rule combining the TILA and RESPA mortgage disclosure forms and rules. We will review the final forms and rule, monitor the related field hearing, and prepare a preliminary Special Alert followed by a more detailed summary.
The final rule and forms follow two years of drafting, testing, and revision by the Bureau. According to the Bureau, its testing demonstrates that the new forms significantly improve the ability of consumers with a variety of experience levels and loan types to answer questions about their loans, compare competing loans, and compare estimated and final loan terms and costs.
The text of the final rule will not be available until later today. However, we are able to make several preliminary observations based on our review of the materials made available thus far, perhaps most importantly that industry will have until August 1, 2015 to make the changes to systems and training necessary to implement the new forms, which is longer than anticipated. Additional observations follow. Read more…
California Court Holds Website Link To Fair Usage Policy Not Conspicuous Enough To Indicate Limits to Term “Unlimited”
On October 4, the California Court of Appeal held that the disclosure of limits to an “unlimited” calling plan in a linked Fair Usage Policy was not sufficiently conspicuous to support a lower court’s judgment as a matter of law that the calling plan was not misleading. Chapman v. Skype, Inc., B241398, 2013 WL 5502960 (Cal. Ct. App. Oct. 4, 2013). The putative class action complaint alleged violations of California’s Unfair Competition Law, false advertising law, and Consumer Legal Remedies Act, in addition to common law intentional and negligent misrepresentation and unjust enrichment claims. The calling plan in question was advertised as “unlimited,” but included a link to a Fair Usage Policy that explained that the plain was limited to 6 hours per day, 10,000 minutes per month, and 50 numbers called each day. The defendant argued that it had adequately disclosed these limits, but the plaintiff claimed that the terms in the Fair Usage Policy contradicted the word “unlimited” in the plan’s description. The trial court had dismissed all claims without leave to amend. The Court of Appeal held that plaintiff had adequately alleged violations of the statutory provisions, and should be permitted to amend her complaint as to her inadequately pled common law claims. The court concluded that the plaintiff had alleged sufficient facts to create a question of fact as to whether consumers were likely to be deceived by the plan terms, noting that under the applicable laws the plaintiff did not need to show that the use of the word “unlimited” was actually false, but rather that such use was misleading. The court thus instructed the trial court to vacate its order sustaining the defendant’s demurrer as to the statutory claims, and to allow plaintiff to amend the complaint as to the common law claims.
On October 3, the CFPB finalized the trial disclosure policy proposed in December 2012 as part of Project Catalyst, which allows companies to apply for a waiver to test potential disclosure improvements on a trial basis. The Bureau did not make substantive changes to the final policy but clarified certain aspects based on the public comments.
Most comments to the proposed policy concerned the approval process for trial disclosure programs. First, the Bureau clarified that it would welcome collaboration and cost-sharing among participants, so long as all entities involved are specifically identified. Second, the Bureau clarified that potential participants may use ProjectCatalyst@cfpb.gov as a point of contact to request a preliminary discussion of a potential trial disclosure prior to submitting an application. Third, the Bureau clarified that the policy is intended to accommodate iterative testing of disclosures and that, in cases where subsequent iterations are appropriate, it will follow a staggered approach to waiver approval.
In response to requests for clarification on the scope of the safe harbor provision, the Bureau clarified that entities approved for a waiver will generally be shielded from private litigation under federal law by consumers and generally from enforcement proceedings by other federal regulators, so long as their conduct accords with the terms of approval. The Bureau will work to coordinate with state regulators. Entities will be given an opportunity to dispute a potential revocation of a waiver before it is issued.
The Bureau declined requests by consumer groups to subject proposed disclosures to full notice and comment, to make qualitative testing an absolute requirement for test approval, to provide consumers notice and the chance to opt out of testing, and to make test results public.
On October 2, the CFPB released its first review of the consumer credit card market. The Credit Card Accountability Responsibility and Disclosure Act of 2009 (the CARD Act) requires the CFPB to prepare a report every two years to examine developments in the consumer credit card marketplace, including (i) the terms of credit card agreements and the practices of issuers, (ii) the effectiveness of disclosures, and (iii) the adequacy of UDAP protections. The CFPB also must review the impact of the CARD Act on (i) the cost and availability of credit, (ii) the safety and soundness of issuers, (iii) the use of risk-based pricing, and (iv) product innovation. In connection with this initial report, the CFPB hosted a credit card field hearing in Chicago, IL, at which Director Cordray reviewed the report’s findings and industry representatives and consumer advocates discussed the current state of the credit card market.
In its review of the post-CARD Act market, the CFPB found that the CARD Act largely accomplished its intended goals. The CFPB reports that: (i) the total cost of credit declined by two percentage points between 2008 and 2012; (ii) overlimit fees and repricing actions have been effectively eliminated; (iii) the size of late fees has decreased; (iv) there is sufficient available credit, notwithstanding the impacts of the financial crisis, but less than in 2007; and (iv) the CARD Act’s ability-to-repay provisions have protected young consumers.
However, the CFPB identifies numerous concerns it has about the credit card market, including “practices that may pose risks to consumers and may warrant further scrutiny by the Bureau.” Those concerns include:
- Add-on products: The CFPB remains concerned about the ways these products are marketed and will continue to pursue allegedly deceptive practices. All of the CFPB’s major enforcement actions to date have involved add-on products, most of which related to credit cards.
- “Fee harvester” cards: The CFPB recognizes that some upfront fees that exceed 25% of the initial credit limit have been held not to be covered by the CARD Act because a portion of the fees are paid prior to account opening. Still, the CFPB plans to monitor the use of application fees in connection with account openings to determine if it should take action under its available authorities.
- Deferred interest products: The CFPB intends to study the risks and benefits of private label cards that finance purchases without interest for a period of time but then assess interest retroactively if the balance is not paid in full by a given date.
- Online disclosures: The CFPB intends to assess the methods by which card issuers provide consumers with disclosures when they access their accounts online.
- Rewards products disclosures: The CFPB will review whether disclosures for “highly complex” rewards products are being made in a clear and transparent manner and whether “additional action” is warranted.
- Grace period disclosures: The CFPB believes it may need to take action to ensure that disclosures sufficiently inform consumers that once they carry a credit card balance into a new billing cycle, they no longer enjoy the grace period on new purchases.