CFPB Report Details UDAAP Violations Uncovered During Recent Supervisory Examinations
On July 26, 2023, the CFPB released its Summer 2023 Supervisory Highlights, which focuses on alleged unfair, deceptive, and abusive acts or practices (UDAAP) violations found in recent supervisory examinations. The report also detailed violations caused by insufficient technology controls.
Some of the key findings in the Summer 2023 Supervisory Highlights include:
- Auto Lending and Servicing. Examiners found that certain dealers made fraudulent representations about the value of consumer vehicles by including options that were not actually present on their vehicle. This in turn caused servicers to collect and retain interest on improperly inflated loans. In the event the servicer determined the value was improperly inflated, the servicer reduced the amounts they paid to the dealer by the value of the missing options, but the servicers did not reduce the amount that consumers owed, continued to charge interest on the value of the non-existent options, and did not refund any interest already paid by the consumers for the missing options. Examiners also took issue with: 1) servicers suspending automatic payments prior to consumers’ final payment and failing to provide sufficient notice that the final payment must be paid manually; 2) engaging in cross-collateralization by requiring consumers to pay off other debts, like credit card debt, before redeeming their possessed vehicle; and, 3) advertising vehicles that were newer or more expensive with information about loans that actually did not apply to the pictured vehicles.
- Consumer Reports. Examiners found Fair Credit Reporting Act (FCRA) deficiencies in connection with FCRA’s requirement that consumer reporting companies (CRCs) only furnish consumer reports to persons with a permissible purpose. In particular, they found that some CRCs lacked adequate policies and procedures to assess the end users’ permissible purpose, particularly where there were indicia of improper purpose by the end users. Examiners also identified FCRA and Regulation V violations by furnishers related to: (1) not regularly reviewing and updating policies and procedures to ensure continued effectiveness; (2) failing to conduct reasonable investigations where disputes were received but had not been sent to the furnishers’ preferred address; (3) failing to notify consumers when the furnisher deemed a dispute to be frivolous or irrelevant; and, (4) sending consumers notice that a dispute was deemed frivolous or irrelevant without explaining what other information was needed to investigate the dispute.
- Debt Collection. Examiners reported that certain debt collectors attempted to collect work-related medical debt after consumers provided sufficient information that the debt was uncollectable under state worker’s compensation law. Examiners also identified deceptive representations about how interest payments would be waived if paid by certain dates.
- Deposits. Examiners found unfair acts or practices relating to institutions assessing both nonsufficient funds fees and line of credit transfer fees on the same transaction.
- Fair Lending. Examiners alleged that certain mortgage lenders violated ECOA/ Regulation B by discriminating in granting price exceptions, finding that certain lenders had statistically significant disparities for the incidence of pricing exceptions to borrowers with protected characteristic as opposed to other similarly situated borrowers without protected characteristics. The disparities were credited to weaknesses in the lenders’ policies and procedures governing pricing exceptions, a lack of oversight to ensure loan officers followed the policies and procedures, and weaknesses in training programs and management and board oversight. Examiners also reviewed lending restrictions in underwriting policies and procedures and found discriminatory restrictions with how certain lenders approached applicants with a criminal history and applicants who used funding from public assistance programs as part of their income (which is supposed to be treated the same as other types of income).
- Information Technology. Examiners found institutions engaged in unfair acts or practices by failing to implement adequate information technology controls that could have prevented or mitigated cyberattacks, including related to: 1) weak password management policies; 2) failing to take action after an account was subject to repeated failed or suspicious login attempts; and, 3) not implementing multi-factor authentication.
- Mortgage Origination. Examiners found that certain institutions used compensation plans that allowed originators to receive different levels of compensation for brokered-out versus in-house loans, in violation of the Loan Originator Compensation rule. Additionally, the CFPB found Truth in Lending Act (TILA)/ Regulation Z violations where loan agreements required that a variable interest rate be rounded up or down in certain circumstances, but where the lenders’ loan origination systems did not properly round the figures, resulting in interest rates different from those stated in the loan’s promissory note.
- Mortgage Servicing. Servicers violated the Real Estate Settlement Procedures Act (RESPA)/ Regulation X by failing to evaluate complete loss mitigation applications and provide written notices of any loss mitigation options to borrowers within 30 days of receipt. Servicers also engaged in unfair or deceptive acts or practices by delaying processing of borrower requests to enroll in loss mitigation options, and by informing borrowers that the servicers would evaluate loss mitigation applications within 30 days but then move forward with foreclosure without reviewing the applications. Finally servicers violated RESPA/ Regulation X by: 1) not maintaining adequate procedures to ensure continuity of contact with delinquent borrowers; 2) not providing required information, including in cases where required language was included in English-language notices but not in Spanish-language versions; 3) not crediting payments sent to prior servicer after a transfer of servicing; and, 4) failing to maintain adequate policies and procedures to ensure that necessary information is transferred to the new servicer after a servicing transfer.
- Payday and Small-Dollar Lending. Examiners identified UDAAP violations where: 1) loan agreements stated that the borrower could not revoke their consent to receive calls, texts, or emails about their loans, particularly in the context of debt collection communications; 2) debt collection communications contained false threats of litigation, garnishment, and late fees; 3) institutions sent notices to customers’ employers that instructed the employers to conduct unauthorized wage garnishments; and, 4) lenders misrepresenting the impact that payment or nonpayment of debts would have on a borrower’s credit report. The CFPB also found violations of TILA/ Regulation Z when lenders failed to retain evidence of compliance with disclosure requirements and found violations of the Military Lending Act (MLA) where lenders failed to confirm whether borrowers were covered by the MLA.
- Remittances. Examiners found failures by remittance providers to develop policies and procedures to ensure compliance with the Remittance Rule’s error resolution requirements or to properly implement the policies which did exist. They also found that some institutions used anti-money laundering compliance policies in place of a specific Remittance Rule policy, but that these were not sufficient substitutes.