Consumer Finance Newsletter - July 2013

July 26, 2013 | Banking & Financial Services


Regulators Focus on Attempts to Recover Delinquent Consumer Debt

Regulators have recently focused their attention on attempts by banks to recover delinquent consumer debt, whether by selling the debt to third parties or by initiating in-house collection efforts. On June 6, 2013, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) and the Federal Trade Commission (“FTC”) held a roundtable focused primarily on the accuracy of data used to collect debt, titled “Life of a Debt: Data Integrity in Debt Collection.” In that roundtable, Acting Deputy Director of the CFPB Steve Antonakes identified three areas of focus: (a) the accuracy of the information used by debt collectors, particularly third-party collectors or debt buyers; (b) the Bureau’s concern that the accuracy of such information may deteriorate as a debt is sold to secondary or tertiary buyers; and (c) consumers’ ability to dispute debts they believe to be inaccurate and the related obligation to investigate and correct inaccurate information provided to credit bureaus.

On July 10, 2013, CFPB Director Richard Cordray announced additional steps being taken by the CFPB to monitor the debt collection market, including the issuance of two bulletins clarifying the legal obligations of debt collectors. Bulletin 2013-07 indicates that collection practices of original creditors that do not meet the definition of “debt collector” under the Fair Debt Collection Practices Act (“FDCPA”) may in the CFPB’s view still violate the Dodd-Frank Act’s prohibition against unfair, deceptive or abusive acts or practices (“UDAAP”).[1] The bulletin further explains the CFPB’s view that in determining whether an action is “unfair,” [2] the “substantial injury” suffered by the consumer need not be monetary—in certain circumstances, emotional impact or other subjective harm may amount to or contribute to substantial injury according to the CFPB. The bulletin also reminds collectors that in addition to proscribing acts that cause an injury, the statute prohibits unfair acts that are “likely to cause” an injury. The bulletin goes on to state that when assessing whether an act is “deceptive,” (a) the CFPB looks not only for misstatements but also for omissions, double meanings and implied representations; (b) the CFPB uses a different standard depending on the audience being targeted (e.g. ads that target older consumers will be measured from the perspective of a reasonable member of that audience); and (c) the CFPB believes that a statement can be deceptive even if only a minority of the targeted audience would be misled.

CFPB Bulletin 2013-08 warns creditors, third-party collectors, and debt buyers against making misleading representations regarding the impact that payments on a debt will have on a debtor’s credit report, credit score or creditworthiness.[3] In addition to the bulletins, the CFPB released five form letters that consumers can use in communicating with debt collectors. The CFPB also announced that it would accept complaints regarding debt collection practices against both the company collecting the debt and the company with which the consumer had the original account.

The Office of the Comptroller of the Currency (“OCC”) has similarly devoted recent attention to sales of consumer debt by national banks. In Senate testimony, OCC Comptroller Curry discussed four pages of guidance issued by the OCC on best practices that banks may wish to follow when selling consumer debt. The OCC suggests that banks, inter alia: (a) establish detailed policies and procedures governing sales of consumer debt and perform audits to assess compliance with those procedures; (b) perform detailed and ongoing due diligence, including on-site inspections, of the entity wishing to buy the debt; (c) ensure that any agreement to sell debt allows the debt buyer to attain additional documentation for no charge or for a minimal charge, to “avoid the appearance of not providing the debt buyer with sufficient and appropriate information to collect debt”; and (d) restrict the debt buyer in certain important respects, e.g., by limiting its ability to resell the debt so as to “control who ultimately will collect on [the bank’s] customers,” or by constraining its permitted litigation strategy--for instance, to ensure that the strategy “take[s] into consideration the borrower’s ability to pay.”

States are also increasingly scrutinizing sales of consumer debt. For example, S.B. 233, which imposes numerous new restrictions on buyers of consumer debt, recently became law in California. The bill applies to a “debt buyer,” defined as a “person or entity that is regularly engaged in the business of purchasing charged-off consumer debt for collection purposes, whether it collects the debt itself, hires a third party for collection, or hires an attorney-at-law for collection litigation.”[4] The bill prohibits debt buyers from making a written statement to a debtor to collect a debt unless the debt buyer possesses certain information regarding the history of the debt and the debt buyer’s right to collect the debt, e.g. as sole owner of the debt, as well as a copy of a contract or other document evidencing the debtor’s agreement to the debt.[5] The bill specifies statements that must be included in the first written communication to the debtor and the debt buyer’s obligation to respond to a debtor’s written request for information regarding the debt or proof of the debt.[6] The bill also provides specific pleading and proof requirements for litigation initiated by a debt buyer to collect a consumer debt.[7] Should a debt buyer fail to appear or fail to properly prepare for a debt collection lawsuit, the bill authorizes courts to dismiss the suit with prejudice.[8] Debt buyers who initiate a lawsuit or arbitration to collect a debt after the statute of limitations has expired are subject to penalties.[9] The bill also creates a series of penalties for violations of its provisions and prohibits any waiver, by the consumer, of their rights under the bill.[10] Finally, the bill alters the procedures for wage garnishment, generally requiring notice to the debtor of his or her right to claim an exemption.[11] The new provisions would apply to consumer debt sold or resold on or after January 1, 2014.

Why You Should Care: Financial institutions have historically sold charged-off consumer debt to third parties to increase recovery in a cost-effective manner. In light of the increased scrutiny and regulation of debt sales and collections practices generally, financial institutions should review their practices and procedures for debt sales. This might include the due diligence they conduct regarding debt buyers. Banks may find it beneficial to revisit agreements they have with debt buyers, particularly as they relate to information provided to buyers regarding the debts and any restrictions on debt buyers regarding litigation activities and resale of debts. To the extent increased scrutiny of debt sales causes financial institutions to move collection activity in-house, they may wish to take note of the CFBP’s recent bulletins.

If You Want Further Information: CFPB Deputy Director’s remarks at the June 6, 2013 CFPB/FTC debt collection roundtable can be found here, and the transcript of the entire event can be found here. CFPB Director Cordray’s July 10, 2013 speech can be found here. The related CFPB’s Bulletins, No. 2013-07 and 2013-08, can be found here. The OCC’s guidance on sales of consumer debt can be found here. The text of S.B. 233, as enrolled, can be found here.

If You Want Further Analysis: Contact Brian Boyle, (202) 383-5327, bboyle@omm.com.

[1] Dodd-Frank sections 1031 and 1036 prohibit providers of consumer financial products or services from engaging in UDAAPs. 12 U.S.C. §§5531, 5536(a)(1)(B).
[2] “Unfair” acts are defined by Dodd-Frank §1031(c). 12 U.S.C. §5531(c).
[3] For example, because the Fair Credit Reporting Act already requires the removal of debts that were placed for collection or charged to profit and loss more than seven years ago, debt collectors should not represent to debtors that the payment of such old debts will cause the debts to be removed from their credit reports. 15 U.S.C. §1681c(a)(4).
[4] Cal. Civ. Code §1788.50(a)(1).
[5] Cal. Civ. Code §1788.52(a)-(b).
[6] Cal. Civ. Code §1788.52(c)-(d).
[7] Cal. Civ. Code §§1788.58,1788.60.
[8] Cal. Code Civ. Proc. §581.5.
[9] Cal. Civ. Code §§1788.56, 1788.62.
[10] Cal. Civ. Code §§1788.62, 1788.64.
[11] Cal. Code Civ. Proc. §§700.010 – 700.122. 

The CFPB Attempts to Measure the Cost of Regulatory Restrictions on Arbitration

Issue: Some speculate that the CFPB will react to the Supreme Court’s recent decision in American Express Co. v. Italian Colors Restaurant, 133 S. Ct. 2304 (2013), by using its authority under Section 1028 of the Dodd-Frank Act[1] to ban mandatory arbitration provisions in consumer finance contracts or to ban class-action waivers in such provisions. But the design of a proposed CFPB consumer survey that was released for comment just days before the Court’s decision in Italian Colors suggests that the Bureau acknowledges the costs that consumers would bear if the CFPB were to impose such a ban.

The Italian Colors decision is the most recent in a series of Supreme Court decisions strictly enforcing arbitration agreements in consumer contracts.[2] In Italian Colors, the Court held that a ban on class arbitration would be enforced even if it would be economically unfeasible for consumers to pursue their claims individually.[3] The Court’s decision followed a number of state-court rulings invalidating class arbitration waivers on the basis that consumers could not profitably pursue their claims on an individual basis.[4]

The Court’s decision was criticized by some consumer groups, and some believe the CFPB will react to the decision by using its authority under Section 1028 of the Dodd-Frank Act to restrict arbitration provisions in consumer finance contracts.[5] However, one question in a recently proposed CFPB telephone survey on arbitration suggests that the CFPB may be aware of the potential costs to consumers of such a ban. The proposed survey starts by asking questions designed to assess the consumers’ awareness of arbitration provisions and familiarity with arbitration and litigation as methods of dispute resolution. The proposed survey also asks about consumers’ impressions about the amount of money that would have to be at stake for a consumer to choose one method over the other.[6] The survey then asks two questions that signal the CFPB is considering the additional cost to consumers of a ban on arbitration provisions in consumer finance contracts. In proposed question number 11, the survey asks consumers (a) whether they would prefer a credit card that did not require mandatory arbitration on an individual basis and (b) if so, how much more they would be willing to pay for such a card. One can expect at least some consumers to state that they are unwilling to pay anything to remove the mandatory arbitration provisions from their credit card contracts. Because a ban on mandatory arbitration provisions could lead to an increase in litigation costs for credit card companies (including costs associated with meritless litigation), and because any such costs would logically be passed onto consumers, a ban on mandatory arbitration provisions could require survey respondents to pay for a feature they do not want. The CFPB continues to accept comments on its proposed survey through August 6, 2013.

Why You Should Care: The next year may be significant for providers who rely on mandatory arbitration provisions to protect the majority of their consumers from the costs of litigation initiated by a small number of customers. While many expect the CFPB to pursue initiatives to restrict the use of mandatory arbitration clauses in the aftermath of the Supreme Court’s most recent rulings, the forthcoming results of the CFPB’s consumer survey on such issues could prove useful to the provider community in engaging with the Bureau on such initiatives.

If You Want Further Information: The Supreme Court’s decision in Italian Colors can be found here. The CFPB’s proposed survey on arbitration can be found here.

If You Want Further Analysis:Contact Brian Boyle, (202) 383-5327, bboyle@omm.com

[1] Section 1028 provides that “[t]he Bureau shall conduct a study of, and shall provide a report to Congress concerning, the use of agreements providing for arbitration of any future dispute between covered persons and consumers in connection with the offering or providing of consumer financial products or services” and that “[t]he Bureau, by regulation, may prohibit or impose conditions or limitations on the use of an agreement between a covered person and a consumer for a consumer financial product or service providing for arbitration of any future dispute between the parties, if the Bureau finds that such a prohibition or imposition of conditions or limitations is in the public interest and for the protection of consumers.” 12 U.S.C. §5518.
[2] See our prior client alert for a summary of prior decisions. O’Melveny & Myers, Arbitration Agreements, June 20, 2012, here. See, e.g., AT&T Mobility LLC v. Concepcion, 131 S. Ct. 1740, 1752 (2011) (“Arbitration is a matter of contract, and the [Federal Arbitration Act] requires courts to honor parties' expectations.”); Stolt-Nielsen S.A. v. AnimalFeeds International Corp., 559 U.S. 662 (2010) (arbitration agreement that was silent on the issue of classwide arbitration did not express intention of parties to submit to classwide arbitration, and the arbitration panel allowing for classwide arbitration exceeded its authority by imposing its own policy rationale rather than looking to the parties’ contract).
[3] Am. Exp. Co. v. Italian Colors Rest., 133 S. Ct. 2304, 2310-2311 (2013) (“Enforcing the waiver of class arbitration bars effective vindication, respondents contend, because they have no economic incentive to pursue their antitrust claims individually in arbitration. . . . But the fact that it is not worth the expense involved in proving a statutory remedy does not constitute the elimination of the right to pursue that remedy.”).
[4] See, e.g., Feeney v. Dell Inc., 465 Mass. 470, 501-02 (2013) (“[W]here a court determines, following an individualized factual inquiry, that class proceedings are the only viable way for a consumer plaintiff to bring a claim against a defendant, as may be the case where the claims are complex, the damages are demonstrably small and the arbitration agreement does not feature the safeguards found in the Concepcion agreement, a court may still invalidate a class waiver.”).
[5] Mandatory arbitration provisions are already prohibited in certain consumer finance contracts by statute. See, e.g., 15 U.S.C. §1639c(e)(1) (“No residential mortgage loan and no extension of credit under an open end consumer credit plan secured by the principal dwelling of the consumer may include terms which require arbitration or any other nonjudicial procedure as the method for resolving any controversy or settling any claims arising out of the transaction.”); see also 12 C.F.R. §1026.36(h) (CFPB regulation to same effect).
[6] Consumer Financial Protection Bureau, Help us design a consumer survey about mandatory pre-dispute arbitration, June 7, 2013, here. A direct link to the proposed survey questions can be found here

The CFPB Issues Bulletin Outlining “Responsible Business Conduct”

Issue: The CFPB recently issued a bulletin purporting to provide guidance regarding “responsible conduct” by providers that “may favorably affect the ultimate resolution of a Bureau enforcement investigation.”[1] Similar to policies developed by other enforcement agencies and entities, such as the Securities and Exchange Commission[2] and the Public Company Accounting Oversight Board,[3] the Bureau’s bulletin describes four broad categories of conduct that the Bureau states it will consider “when evaluating whether some form of credit is warranted in an enforcement investigation.” These categories of conduct include (1) proactively self-policing for potential violations, (2) promptly self-reporting potential violations to the CFPB, (3) quickly and completely remediating harms resulting from violations, and (4) affirmatively cooperating with CFPB investigations, “above and beyond what is required” by law.

In determining “whether and how much to take into account self-policing, self-reporting, remediation, and cooperation,” the Bureau indicated that it would consider issues such as:

  • What compliance procedures or self-policing mechanisms are in place to prevent, identify, or limit violations or potential violations of federal consumer financial laws that have occurred;
  • Whether an investigated party waited until discovery or disclosure was likely to happen before reporting the violations or potential violations to the CFPB;
  • Whether internal controls and procedures were improved in response to any violations or potential violations; and
  • Whether an investigated party took “proper steps to develop the truth quickly and completely and to fully share its findings with the Bureau.”

Although the Bureau stated that it would “put[] special emphasis” on a party’s self-reporting in evaluating the party’s overall conduct, the Bureau explained that the importance of each factor in any given case would depend on the circumstances.

According to the Bureau, the benefits of engaging in “responsible conduct” could include, for example, (a) resolution of an investigation without a public enforcement action; (b) treatment of offending conduct as “a less severe type of violation;” (c) reduction in the number of violations pursued by the Bureau; or (d) reduction in the penalties sought by the Bureau in an enforcement action. The Bureau emphasized, however, that to receive positive consideration, an investigated party’s conduct “must substantially exceed the standard of what is required by law.” The Bureau did not, however, provide any indication regarding the kind of actions it would consider to “substantially exceed” what is required by law. Additionally, the Bureau explained that by issuing its bulletin it was not “adopting any rule or formula” and “not limiting its discretion and responsibility to evaluate” each individual case on its own facts. The Bureau stated that even where a party has engaged in some of the “responsible conduct” described in its bulletin, the Bureau could still bring an enforcement action or seek any remedy “if it believes such a course is necessary and appropriate.”

Why You Should Care: Though offering little concrete guidance, the bulletin does confirm that the Bureau will consider similar factors to what other governmental entities have articulated may result in favorable consideration during an investigation or enforcement action. It also suggests that the Bureau seeks to provide positive incentives to companies that cooperate with the Bureau’s enforcement objectives. The Bureau’s limited enforcement history, however, makes it difficult to gauge exactly how favorably the Bureau will view “responsible conduct.” This, in turn, makes it hard to evaluate whether the benefits are worth the potentially significant legal risks of engaging in activities such as self-reporting and cooperation beyond that required by law. Going forward, it will be important to monitor how the Bureau’s guidance regarding “responsible conduct” affects the exercise of its enforcement discretion in practice.

If You Want Further Information: CFPB Bulletin 2013-06 can be found here.

If You Want Further Analysis: Contact Randy Edwards, (415) 984-8716, redwards@omm.com.

[1]Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation, and Cooperation,CFPB Bulletin 2013-06 (June 25, 2013).
[2] Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions, Exchange Act Release No. 44969 (Oct. 23, 2001).
[3] Policy Statement Regarding Credit for Extraordinary Cooperation in Connection with Board Investigations, PCAOB Release No. 2013-003, Apr. 24, 2013.

Policymakers Express Growing Concerns over Cybersecurity in the Private Sector

In the face of rising, sophisticated cyber-attacks on companies as well as governmental entities, regulators and lawmakers are debating a flurry of new standards intended to enhance protection of the nation’s critical infrastructure and intellectual property. As Congress continues to grapple with a legislative approach to cybersecurity, regulators have chosen a more informal route in recent weeks—including the issuing of reports, the creation of a working group, and engaging private meetings with companies like members of the banking community—in an attempt to promote a greater private-sector focus on cyber threats.

Legislators have introduced several bills in the House and Senate in recent months that touch on cyber security. Among the more recent activities are Senator Carl Levin’s introduction on May 7, 2013 of the Deter Cyber Theft Act, which would create a “watch list” of countries that engage in or facilitate the cyber theft of trade secret information from the U.S., and the June 6 introduction by Representatives Mike Rogers (R-Mich) and Tim Ryan (D-Ohio) of bipartisan legislation that would expand Executive power to identify, deter, and punish foreign entities responsible for the cyber theft of U.S. intellectual property. In addition, Senator John D. Rockefeller IV (D-Wa), who has openly criticized earlier measures for not going far enough, has stated that he is drafting new legislation that would require mandatory information security disclosures as part of any publicly traded company's SEC filings.

While these bills await enactment, regulators have already taken informal steps to encourage voluntary efforts within the business community. Financial regulators, in particular, have issued reports, formed working groups, and met privately with supervised entities to discuss and coordinate cybersecurity efforts. In its Semiannual Risk Perspective Report released on June 18, the OCC identified a surge of sophisticated cyber threats as a new top concern and as the fastest growing threat to banks.[1] Also in June, the Federal Financial Institutions Examination Council (“FFIEC”)—which is comprised of the CFPB, FDIC, Federal Reserve, National Credit Union Association, OCC, and representatives of five state agencies that supervise financial institutions—formed a new Cybersecurity and Critical Infrastructure Working Group to promote inter-agency and private sector coordination on critical infrastructure and cybersecurity issues.[2]

Moreover, in private remarks made on June 19 to directors at the U.S. Chamber of Commerce, Treasury Secretary Jack Lew took the unusual step of urging regulatory agencies and banks to bolster their cybersecurity efforts. Treasury, the OCC, and the Federal Reserve are also reportedly engaged in ongoing, private meetings with financial institutions to discuss their cybersecurity efforts. According to Secretary Lew, the agencies have provided guidance to supervised entities on the need for backup and recovery systems.

Secretary Lew is also calling on Congress to pass comprehensive legislation that would “increase and enhance” the sharing of threat-related information, as well as incentives for companies to adopt cybersecurity best practices and standards, beyond the framework set forth under the President's cybersecurity Executive Order issued earlier this year. Under President Obama's Order, regulatory agencies will be required to review their existing mandates to determine whether they are sufficient for implementing a new cybersecurity "framework" still under development by the National Institute of Science and Technology. And unlike the comparable proposed legislation, the Cybersecurity Act of 2012, the Executive Order does not itself provide statutory immunity from private lawsuits to companies that voluntarily participate in the information-sharing program.[3]

The increased regulatory attention comes after several large banks suffered recent distributed denial of service attacks, which threatened their online and mobile banking systems earlier this year. Many regulators are reportedly concerned that midsized and community banks are particularly vulnerable. The focus also comes in the midst of controversy over the reach and scope of the U.S. government's broad-based surveillance efforts done on national security grounds, which have riled many consumer privacy groups

Why You Should Care: Major U.S. corporations have faced an unprecedented number of cyber attacks over the past two years. A growing chorus of regulators and lawmakers have called for a strengthening of the nation's cybersecurity in one form or another. A Congressional Research Service report issued on June 19 states that any comprehensive overhaul of the nation's cybersecurity policy will likely require additional revisions of at least 31 related federal laws.[4] Successfully maneuvering the attendant legal quagmires will require strategic planning and a thorough understanding of the regulatory and legal framework.

If You Want Further Information: Our prior alert on President Obama’s Feb. 12, 2013 Executive Order on cybersecurity can be found here. For the Detect Cybersecurity Theft Act, S. 884, sponsored by Sen. Levin on May 7, 2013, please see here. For the Cyber Economic Espionage Accountability Act, H.R.2281, sponsored by Rep. Mike Rogers and Rep. Tim Ryan on June 6, 2013, please see here. The FFIEC’s June 6, 2013 announcement of the formation of the Cybersecurity and Critical Infrastructure Working Group can be found here. The OCC’s June 18, 2013 Semiannual Risk Perspective report can be found here. The CRS’s June 20, 2013 report, Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions, can be found here.

If You Want Further Analysis: Contact Randall W. Edwards, (415) 984-8716 or redwards@omm.com.

[1] Office of the Comptroller of the Currency (“OCC”), Semiannual Risk Perspective From the National Risk Committee, Spring 2013, available here.
[2] Federal Financial Institutions Examination Council (“FFIEC”), Press Release, FFIEC Forms Cybersecurity and Critical Infrastructure Working Group, June 6, 2013, available here.
[3] Our previous alert on the Cybersecurity Executive Order is here.
[4] Congressional Research Service (“CRS”), Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions, June 19, 2013, available here.

This memorandum is a summary for general information and discussion only and may be considered an advertisement for certain purposes. It is not a full analysis of the matters presented, may not be relied upon as legal advice, and does not purport to represent the views of our clients or the Firm. Brian D. Boyle, an O'Melveny partner licensed to practice law in California and the District of Columbia, Randy Edwards, an O'Melveny partner licensed to practice law in California, Vivi Lee, an O'Melveny counsel licensed to practice law in California, Danielle Oakley, an O'Melveny counsel licensed to practice law in California, Edgar Martinez, an O'Melveny counsel licensed to practice law in California, Ashley Pavel, an O'Melveny associate licensed to practice law in California, and Mimi Vu, an O'Melveny associate licensed to practice law in California, contributed to the content of this newsletter. The views expressed in this newsletter are the views of the authors except as otherwise noted.

Portions of this communication may contain attorney advertising. Prior results do not guarantee a similar outcome. Please direct all inquiries regarding New York's Rules of Professional Conduct to O’Melveny & Myers LLP, Times Square Tower, 7 Times Square, New York, NY, 10036, Phone:+1-212-326-2000. © 2013 O'Melveny & Myers LLP. All Rights Reserved.