[Federal Register Volume 90, Number 3 (Monday, January 6, 2025)] [Notices] [Pages 607-613] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2024-31670] ======================================================================= ----------------------------------------------------------------------- CONSUMER FINANCIAL PROTECTION BUREAU Supervisory Highlights, Issue 37 (Winter 2024) AGENCY: Consumer Financial Protection Bureau. ACTION: Supervisory Highlights. ----------------------------------------------------------------------- SUMMARY: The Consumer Financial Protection Bureau (CFPB) is issuing its thirty seventh edition of Supervisory Highlights. DATES: This edition of Supervisory Highlights covers recent supervisory findings in the areas of deposits, furnishing, and short-term small dollar lending. The findings in this edition of Supervisory Highlights cover select examinations that were generally completed between January 1, 2024, to October 1, 2024. FOR FURTHER INFORMATION CONTACT: Jaclyn Sellers, Senior Counsel, at (202) 435-7449. If you require this document in an alternative electronic format, please contact [email protected]. SUPPLEMENTARY INFORMATION: 1. Introduction The Consumer Financial Protection Bureau's (CFPB) Supervision program assesses supervised institutions' compliance with Federal consumer financial law including unfair, deceptive, or abusive acts or practices (UDAAPs) prohibited by the Consumer Financial Protection Act of 2010 (the CFPA).\1\ --------------------------------------------------------------------------- \1\ 12 U.S.C. 5531, 5536. --------------------------------------------------------------------------- This edition of Supervisory Highlights covers recent supervisory findings in the areas of deposits, furnishing, and short-term small dollar lending. In connection with deposits, Supervision continues to find that supervised institutions are charging consumers unfair overdraft and non-sufficient funds fees, and this edition provides an update on Supervision's work in this space. Aside from the refunds discussed in the context of deposits accounts below, mortgage originators and servicers have also recently reported issuing refunds related to unfair, deceptive, or otherwise unlawful fees and charges, which the CFPB anticipates reporting on in an upcoming edition of Supervisory Highlights. In short, mortgage servicers have reported issuing $4,251,815 in refunds for 91,931 affected loans. Mortgage originators reported issuing $115,605,024 in refunds for 134,912 affected loans. In connection with furnishing, examiners continue to find violations of the Fair Credit Reporting Act (FCRA) \2\ and its implementing regulation, Regulation V.\3\ These violations include failing to maintain policies and procedures regarding identify theft and the accuracy and integrity of information. Additionally, examiners continue to find that furnishers are not investigating indirect disputes. This edition of Supervisory Highlights also includes, for the first time, supervisory findings in connection with Buy Now, Pay Later and paycheck advance products. More specifically examiners identified multiple violations of law including UDAAPs in connection with both Buy Now Pay Later and paycheck advance products. This edition also highlights how weak technology controls can cause or contribute to violations of Federal consumer financial law. For example, Supervision found that the way that core processors configured their platforms caused violations of Federal consumer financial law. [[Page 608]] Additionally, an institution violated the law by rolling out a dysfunctional online banking platform that made it difficult for credit union members to perform basic banking functions for weeks, with some features unavailable for more than six months. One area of particular concern associated with technology that the CFPB expects to highlight in future publications is the risk associated with ``Bring Your Own Device'' (BYOD) policies, which refers to being able to conduct business on a personally owned device, rather than a company issued device. BYOD policies may increase security risks including, for example, data breaches, malware, and unauthorized access to sensitive data. Institutions that permit BYOD should ensure that they take steps to mitigate the risks associated with these policies. --------------------------------------------------------------------------- \2\ 15 U.S.C. 1681 et seq. \3\ 12 CFR part 1022. --------------------------------------------------------------------------- The findings in this edition of Supervisory Highlights cover select examinations that were generally completed between January 1, 2024, to October 1, 2024. To maintain the anonymity of the supervised institutions discussed in Supervisory Highlights, references to institutions generally are in the plural and the related findings may pertain to one or more institutions.\4\ We invite readers with questions or comments about Supervisory Highlights to contact us at [email protected]. --------------------------------------------------------------------------- \4\ If a supervisory matter is referred to the Office of Enforcement, Enforcement may cite additional violations based on these facts or uncover additional information that could impact the conclusion as to what violations may exist. --------------------------------------------------------------------------- 2. Supervisory Observations 2.1 Deposits Supervision examined the deposit operations of supervised institutions to assess whether they engaged in any UDAAPs prohibited by the CFPA.\5\ In these examinations, Supervision identified unfair overdraft and non-sufficient funds (NSF) fees as well as unfair acts or practices related to consumer requests to stop payment of preauthorized debit card transactions. --------------------------------------------------------------------------- \5\ 12 U.S.C. 5531, 5536. --------------------------------------------------------------------------- 2.1.1 Unanticipated Overdraft Fees and Re-Presentment NSF Fees In recent examinations of depository institutions and service providers, Supervision continued to cite unfair acts or practices at institutions that charged consumers for unfair unanticipated overdraft fees, such as Authorize-Positive Settle-Negative (APSN) overdraft fees, during this time period.\6\ Supervision also continued to cite institutions in connection with charging consumers NSF fees on the transaction that already incurred an NSF fee when it was previously declined.\7\ --------------------------------------------------------------------------- \6\ APSN overdraft fees are overdraft fees that financial institutions assess for debit card or ATM transactions for which the consumer had a sufficient available balance at the time the consumer authorized the transaction, but which, given the delay between authorization and settlement, the consumer's account balance is insufficient to cover at the time of settlement. See Supervisory Highlights: Junk Fees Update Special Edition, Issue 31, 4-7 (March 2023) https://www.consumerfinance.gov/data-research/research-reports/supervisory-highlights-junk-fees-update-special-edition-issue-31-fall-2023 ; Supervisory Highlights: Junk Fees Special Edition, Issue 29, 3-6 (March 2023), https://www.consumerfinance.gov/data-research/research-reports/supervisory-highlights-junk-fees-special-edition-issue-29-winter-2023/; Consumer Financial Protection Circular 2022-06, Unanticipated Overdraft Fee Assessment Practices, at 8-12 (Oct. 26, 2022), https://www.consumerfinance.gov/compliance/circulars/consumer-financial-protection-circular-2022-06-unanticipated-overdraft-fee-assessment-practices/. \7\ These transactions, called re-presentments, occur when, after declining a transaction because of insufficient funds and assessing an NSF fee for the transaction, the consumer's account- holding institution returns the transaction to the merchant's depository institution, and the merchant presents the same transaction to the consumer's account-holding institution for payment again. In some instances, when the consumer's account remains insufficient to pay for the transaction upon re-presentment, the consumer's account-holding institution again returns the transaction to the merchant and assesses another NSF fee for the transaction, without providing consumers a reasonable opportunity to prevent another fee after the first failed presentment attempt. Absent restrictions on the assessment of NSF fees by the consumer's account-holding institution, this cycle can occur multiple times, and consumers may be charged multiple fees for a single transaction. --------------------------------------------------------------------------- Since the CFPB heightened its supervisory attention on overdraft and NSF fees in 2022, financial institutions have agreed to refund nearly $250 million to consumers--approximately $184 million in unfair unanticipated overdraft fees charged on transactions that were authorized when the consumer had sufficient funds, and approximately $66 million in unfair NSF fees charged on the same transaction that already incurred an NSF fee when it was previously declined. This $250 million reflects $240 million that the CFPB previously announced in October 2023 and April 2024, and an additional $10 million that financial institutions have agreed to refund since the period covered by those announcements. 2.1.2 Core Processor Practices Supervision continued to examine core processors in their capacity as service providers to large depository institutions. Core processors provide critical deposit, payment, and data processing services to many supervised institutions, and the system functionality that these entities develop drives many fee practices, including overdraft and NSF fee practices. In examinations of core processors, examiners found that core processors had enhanced their core platforms during the review periods to enable client institutions to avoid assessing re-presentment NSF fees and APSN overdraft fees. However, examiners also found that the core processors configured their platforms so that the platforms would continue to assess the fees by default unless the client institutions took affirmative action to avoid assessing these fees. Examiners concluded that, in the offering and providing of core service platforms, core processors engaged in an unfair act or practice by assessing APSN overdraft fees and re-presentment NSF fees through their core platforms. An act or practice is unfair when: (1) it causes or is likely to cause substantial injury to consumers; (2) the injury is not reasonably avoidable by consumers; and (3) the injury is not outweighed by countervailing benefits to consumers or to competition.\8\ --------------------------------------------------------------------------- \8\ 12 U.S.C. 5531 and 5536. --------------------------------------------------------------------------- The assessment of re-presentment NSF fees and APSN fees results in substantial injury to consumers. These fees also increased the risk of consumers incurring additional fees on subsequent transactions caused by the fees, which lowered consumers' account balances. The core processors caused these injuries because they were a predictable and foreseeable consequence of their core platforms' limitations and configuration. Where the platforms were configured to assess the fees by default, it was foreseeable to the core processors that their clients would fail to take affirmative action to cease charging these fees and thus continue to assess these fees. As with the fees themselves, the relevant system limitations and configurations were not reasonably avoidable by consumers and not outweighed by any countervailing benefits to consumers or competition. In response to these findings, the core processors enhanced their core platforms to not only enable their client institutions to prevent the assessment of these fees but also to ensure that clients would not assess these fees by default if the clients did not take action to prevent their assessment. 2.1.3 Improper Re-Presentment Processing Practices Supervision has reviewed depository institutions' practices in processing automated clearinghouse (ACH) transactions to ensure that they are taking adequate steps to prevent the [[Page 609]] origination of improper re-presentment transactions by their merchant and business clients. When a consumer pays for goods or services, the consumer may authorize the merchant to debit their bank account by submitting an ACH transaction to the consumer's bank. The merchant will originate the ACH transaction by passing an ACH debit entry along to its bank, referred to as an ``originating depository financial institution'' (ODFI), which will then send the entry to the consumer's bank, referred to as a ``receiving depository financial institution'' (RDFI). The RDFI then may either post the transaction and debit the consumer's bank account or return the transaction to the ODFI because of insufficient funds in the consumer's account. The network rules governing ACH transactions impose certain formatting and processing requirements to identify re-presentment transactions. As explained above, in response to supervisory findings, core processors have enhanced their platforms to enable institutions to avoid charging NSF fees on readily identifiable re-presentment transactions. Accordingly, when an ODFI does not ensure that its clients comply with these formatting and processing requirements or otherwise do not originate improper re-presentment transactions, ACH transactions may not be readily identifiable as re-presentments by the RDFI and, by extension, the RDFI's core platform may fail to prevent charging NSF fees on re- presentment transactions. The ACH network rules also generally limit the number of permissible re-presentments for a single transaction by limiting an ODFI and its clients to a maximum of two re-presentment attempts after the initial presentment is returned for insufficient funds. However, as the CFPB has previously observed, an ODFI's clients may, in an attempt to obtain payment from consumers, seek to improperly re-present transactions to circumvent this limit on the number of permissible representments.\9\ --------------------------------------------------------------------------- \9\ CFPB, Online Payday Loan Payments (2016), at 14 (explaining that, according to CFPB analysis of online ACH payments, 50 percent of failed payments are re-presented after three failed payment attempts), https://www.consumerfinance.gov/data-research/research-reports/online-payday-loan-payments/. --------------------------------------------------------------------------- Supervision found that depository institutions engaged in an unfair act or practice in their capacity as ODFIs by processing transactions for payment as initial presentments when the transactions were in fact re-presentments without taking steps to address indicia of inaccuracy. Examiners found that these institutions, in their capacity as ODFIs, did not monitor their originator clients' use of their ACH processing services to identify or prevent them from improperly re-presenting transactions. These depository institutions possessed information that strongly suggested that a percentage of ACH transactions that they processed as ODFIs were re-presented items that were improperly formatted and submitted by their originator clients as new transactions. These indicia included ACH entries reflecting transactions from the same payee, in the same amount, made close in time, which lacked indications that the transactions were recurring payments or otherwise reflected separate transactions. By failing to monitor originators to identify and prevent improper re-presentment practices, these depository institutions caused or were likely to cause substantial injury to consumers in the form of NSF fees that could otherwise have been avoided. These fees would not have been assessed had the transaction been properly re-presented because the transaction would then either be identifiable as a re-presentment and the NSF fee would have been waived by the bank's core platform or would have not been submitted at all to the extent that the business client had already submitted the maximum number of re-presentment attempts. Although the supervised depository institutions, as ODFIs, did not actually assess these NSF fees, examiners found they caused the injury because the assessment of these fees was a probable and foreseeable consequence of their processing transactions for payment as initial presentments when the transactions were in fact re-presentments. Even if a consumer's bank did not assess NSF fees, consumers still suffered injury in the form of improper debiting of funds. When an originator obtains payment for a previously returned transaction by submitting the transaction as initial presentment, rather than a re- presentment, without the consumer's authorization, the consumer suffers monetary harm by their account being debited without their authorization. These injuries were not reasonably avoidable and were also not outweighed by countervailing benefits to consumers or competition. In response to these findings, depository institutions implemented processes to prevent the origination of improper re- presentment transactions by their clients, including regularly monitoring and auditing ACH transactions to identify any re-presented items that are miscoded as initial presentments and any other indicia of inaccuracy. 2.1.4 Stop Payment Services of Debit Card Network Operators Consumers frequently complain that they face challenges in stopping payment of preauthorized debit card transactions, which they have a right to do under the Electronic Fund Transfer Act (EFTA) and its implementing Regulation E.\10\ Supervision has found in examinations that depository institutions likewise face difficulties in executing stop payment requests for recurring debit card transactions for various reasons. --------------------------------------------------------------------------- \10\ 15 U.S.C. 1693e(a); 12 CFR 1005.10(c). --------------------------------------------------------------------------- Unlike other types of recurring payment transactions, depository institutions' core platforms generally do not offer the capability to stop payment of preauthorized debit card transactions. Regulation E recognizes that, in the case of a preauthorized debit made through a debit card network, a depository institution may not have the capability to block a preauthorized debit from being posted to the consumer's account given the manner in which preauthorized debit card transactions are processed.\11\ Accordingly, it allows banks to comply with the stop-payment requirements by using a third party, such as a debit card network, to block the transfer, as long as the consumer's account is not debited for the payment.\12\ To that end, some debit card networks offer stop payment capabilities that network members may use to stop payment of recurring debit card transactions routed through the network. Supervision recently conducted examinations of debit card network operators in their capacity as service providers to large depository institutions. Examiners found that, in some debit card networks, these network operators did not offer a network-based stop payment service that their members may use to stop payment of a recurring debit card transaction. Examiners also found that, in other debit card networks, the network operators did offer such a service but very few of its members elected to use the service. --------------------------------------------------------------------------- \11\ See comment 1005.10(c)-3. \12\ See Id. --------------------------------------------------------------------------- Examiners concluded that these network operators engaged in an unfair act or practice by processing preauthorized debit card payments subject to consumer's valid stop payment requests due to the manner in which they operated their networks. By processing such transactions, the network operators caused substantial [[Page 610]] monetary injury to consumers who were charged for preauthorized debit card transactions that they requested to be and were entitled to have stopped. Even though the consumer's financial institution could likely recover the amount debited through standard dispute resolution and chargeback processes for debit card transactions, consumers would still be deprived of their funds while the dispute was processed. In any event, these processes are not an adequate substitute for a consumer's right to stop payment of preauthorized debit card transactions. Operators of networks that did not offer a stop payment service caused this injury because it was foreseeable to them that not offering such a capability in the network would result in network members lacking the capability to stop payment of the transactions and, by extension, consumers being charged for such transactions after they submit a valid stop payment order. Even where network operators offered a network-based stop payment capability, these operators still caused this injury to consumers, because, given that very few network members elected to use the capability, it was foreseeable to them that consumers would be charged for preauthorized debits that they are entitled to have stopped. The substantial injury identified in these exams was not reasonably avoidable by consumers. When entering a recurring transaction, consumers have little reason to anticipate potential injury, and if they did, few means to avoid it. Consumers have a reasonable expectation that their issuing bank will comply with the requirements of Regulation E and stop payment if a valid request is entered. Consumers also have little to no control over which debit card networks their transactions are routed through, and no control over whether the network offers a stop payment service or whether their bank has voluntarily enrolled in such a service. Lastly, in considering countervailing benefits to consumers and competition from processing preauthorized debit card transactions subject to a consumer's valid stop payment request, Supervision found this practice to be injurious in its net effects. In response to these findings, the network operators revised and implemented relevant network processes and capabilities to ensure that they cease to process preauthorized debit card payments routed through their networks that are subject to consumers' valid stop payment requests. 2.2 Furnishing Entities--such as banks, loan servicers, and others (to which we refer herein collectively as furnishers)--that furnish information to consumer reporting companies (CRCs) \13\ for inclusion in consumer reports play a vital role in availability of credit and have a significant role to play in the fair and accurate reporting of credit information. Furnishers are subject to several requirements under the FCRA \14\ and its implementing regulation, Regulation V,\15\ including obligations to reasonably investigate disputes and to furnish data subject to the relevant accuracy requirements. In recent reviews, examiners continued to find deficiencies in furnishers' compliance with FCRA and Regulation V requirements. --------------------------------------------------------------------------- \13\ The term ``consumer reporting company'' means the same as ``consumer reporting agency,'' as defined in the Fair Credit Reporting Act, 15 U.S.C. 1681a(f), including nationwide consumer reporting agencies as defined in 15 U.S.C. 1681a(p) and nationwide specialty consumer reporting agencies as defined in 15 U.S.C. 1681a(x). \14\ 15 U.S.C. 1681 et seq. \15\ 12 CFR part 1022. --------------------------------------------------------------------------- 2.2.1 Duty To Maintain Reasonable Procedures To Respond To Identify Theft Block Requests Notifications From CRCs The FCRA requires furnishers to have reasonable procedures in place to respond to certain notifications they receive from CRCs related to information resulting from identity theft (i.e., identity theft block request notifications) to prevent the refurnishing of such information.\16\ --------------------------------------------------------------------------- \16\ 15 U.S.C. 1681s-2(a)(6)(A). --------------------------------------------------------------------------- Examiners found that furnishers did not have reasonable procedures in place to respond to identity theft block request notifications from CRCs. Specifically, in recent reviews of installment loan furnishers, examiners identified that the furnishers did not have any procedures in place to respond to identity theft block request notifications received from CRCs. Consequently, the furnishers did not process the requests and repeatedly refurnished information that consumers asserted had resulted from identity theft and, thus, that should have been blocked. In response to these findings, furnishers are establishing and implementing procedures to respond to identity theft block request notifications received from CRCs. 2.2.2 Duty To Conduct Reasonable Investigations of Indirect Disputes After receiving notice of a dispute of the completeness or accuracy of any information from a CRC, furnishers are required to conduct a reasonable investigation with respect to the disputed information.\17\ The furnisher must review all relevant information provided by the CRC and must complete the investigation and report the results to the CRC within a certain requisite timeframe (typically 30 days).\18\ Conducting a reasonable investigation that is responsive to the specific allegations in a dispute often requires furnishers to at least review information relevant to the dispute in its own possession and, in some cases, may necessarily entail accessing or requesting third- party documents and other information relevant to the dispute to which the furnisher reasonably has access. --------------------------------------------------------------------------- \17\ 15 U.S.C. 1681s-2(b)(1)(A). \18\ 15 U.S.C. 1681s-2(b)(1)(B), (C). --------------------------------------------------------------------------- Examiners are continuing to find that furnishers are violating the FCRA duty to conduct reasonable investigations of indirect disputes.\19\ In recent reviews of debt collector furnishers, examiners found that the furnishers failed to conduct reasonable investigations of certain indirect disputes in circumstances in which the furnishers utilized automated dispute response systems that reviewed only their own systems of record to assess the accuracy of the disputed information. Examiners identified instances in which the furnishers, through their automated systems, responded to CRCs verifying the information subject to the dispute even though the furnishers' records were insufficient to confirm the information in a reliable manner. In each instance, the furnishers' automated systems did not consider any records of the furnishers' clients--i.e., the entities, such as creditors, on behalf of which the furnishers were collecting debts-- relevant to the dispute. --------------------------------------------------------------------------- \19\ See for example, Supervisory Highlights Consumer Reporting Special Edition, cfpb_supervisory-highlights_issue-20_122019.pdf. --------------------------------------------------------------------------- In addition, examiners found that debt collector furnishers failed to reasonably investigate certain indirect disputes in circumstances in which the furnishers' agents responded to CRCs regarding the dispute without investigating any relevant information on their clients' systems of record despite the agents having access to those systems of record. Rather than reviewing their clients' records to which they had access to assess the accuracy of the disputed information, the furnishers' agents forwarded the disputes to the clients for investigation and, when the clients failed to respond, instructed CRCs to delete the related [[Page 611]] consumer tradelines. Examiners found that the furnishers in these circumstances failed to conduct reasonable investigations of indirect disputes. 2.2.3 Duty To Establish and Implement Reasonable Policies and Procedures Concerning the Accuracy and Integrity of Furnished Information Examiners are continuing to find \20\ that furnishers are violating the Regulation V duty to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of the information furnished to a CRC and to consider and incorporate, as appropriate, the guidelines of appendix E to Regulation V.\21\ Recent supervisory reviews identifying violations of this Regulation V requirement include: --------------------------------------------------------------------------- \20\ Id. \21\ 12 CFR 1022.42(a), (b). --------------------------------------------------------------------------- [ssquf] In reviews of student loan furnishers, examiners found that the furnishers relied solely on external procedures regarding the technical steps for creating and transmitting consumer reporting files, but maintained no internal policies or procedures with respect to complying with the applicable requirements of the FCRA and Regulation V. Examiners found that the furnishers' failure to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information furnished to CRCs contributed to multiple systemic accuracy issues identified at the furnishers, including, for example, continuing to report accounts that had been discharged in bankruptcy, reporting inaccurate term durations for certain loans, and reporting inaccurate special comment codes regarding the status of certain accounts.In reviews of installment loan furnishers, examiners found that furnishers lacked reasonable policies and procedures for identifying practices or activities that can compromise the accuracy or integrity of furnished information. Specifically, examiners found weaknesses in furnishers' policies and procedures with respect to considering feedback received from CRCs--resulting in the furnishers failing to identify that furnishing files were rejected by CRCs--and processing identity theft block requests received from CRCs. Deficiencies in the furnishers' internal controls regarding the accuracy and integrity of furnished information led to failures in identifying, and promptly remediating, accounts that were furnished inaccurately. Examiners also found that furnishers failed to design means of communication with CRCs to prevent erroneous association of information with the wrong consumers, which resulted in the furnishing of mismatched personal information for thousands of consumers. [ssquf] In reviews of credit card furnishers, examiners found that the furnishers failed to maintain and implement reasonable written furnishing policies and procedures, including by failing to adequately provide for, among other things: the identification and handling of frivolous or irrelevant disputes, the replacement of dispute codes following resolution of disputes, and quality assurance with respect to the accuracy and integrity of information furnished to CRCs. Examiners also identified deficiencies in furnishers' policies and procedures for correcting information after determining it to be inaccurate, finding that, for example, such deficiencies allowed inaccuracies to persist for over a year on average before being remediated. In response to these findings, furnishers are implementing and/or enhancing written policies and procedures to address the identified procedural deficiencies. 2.3 Short-Term Small Dollar Lending The short-term small dollar lending market continues to evolve, and as part of this market, the Buy Now, Pay Later market, where lenders advertise buying products over four payments, has expanded rapidly over the past few years. The paycheck advance market, where lenders tie funding amounts to accrued or estimated wages and those amounts are repayable on the next payday or withheld from the next paycheck, also has expanded rapidly in recent years. Firms sometimes market these products as ``earned wage'' products. Certain Buy Now, Pay Later firms and certain paycheck advance firms consented to CFPB's examination authority. Across these examinations, examiners identified a number of unfair, deceptive, or abusive acts or practices. In addition to the examinations giving rise to the findings discussed in this section, CFPB staff worked with certain State regulators on their examinations of Buy Now Pay Later firms. 2.3.1 Failing To Timely Resolve Consumer Disputes Consumers who used Buy Now, Pay Later loans to purchase products or services frequently alleged that the merchants did not provide the items or services as agreed or communicated other disputes to the lender. Lenders engaged in unfair acts or practices by failing to timely resolve consumer disputes in which consumers alleged they were owed refunds for various reasons, such as where the delay was contrary to the dispute policy on its website regarding dispute resolution timelines. These delays were long, with hundreds of consumers deprived of funds for months at a time. Consumers incurred substantial injury in the form of deprivation of funds that should have been refunded in a timely manner. Additionally, consumers whose claims were denied may have been required to make full payments at unpredictable times after delayed investigations during which they were not permitted to make payments. The injuries were not reasonably avoidable as consumers lacked control over the dispute resolution process. The substantial injuries to consumers were not outweighed by any countervailing benefits to consumers or competition. In response to these findings, the Buy Now, Pay Later lenders refunded the amounts at issue and implemented monitoring to eliminate delayed resolutions. 2.3.2 Misrepresenting Loan Costs or Terms Buy Now, Pay Later lenders worked with merchant partners to advertise their loans, and in certain instances, the merchant partner websites advertised incorrect loan costs or terms. The lenders exercised control and approval rights over these advertisements. Thus, the lenders engaged in a deceptive act or practice when its merchant partners ran advertisements on their behalf that included false representations. These advertisements misled or were likely to mislead reasonable consumers, and the deceptive representations were material because they related to the cost and terms of the loans as payment methods. In response to these findings, the lenders contacted the relevant merchants to ensure they updated their websites and refunded overcharges to customers. They also enhanced the marketing review process across merchant partners. 2.3.3 Denying Credit Based On Payment Processing Deficiencies on Earlier Loans Buy Now, Pay Later lenders' payment platforms prevented consumers with loan balances below $1 from making payments. Subsequently, the lenders denied those consumers' loan applications on the basis that consumers had not paid those balances. The lenders engaged in an unfair act or practice by preventing consumers with loan balances below $1 from making [[Page 612]] payments, while denying those consumers' loan applications because of those same balances. This conduct caused or was likely to cause substantial injury, as it resulted in the lenders denying additional credit for consumers with outstanding balances of less than $1. In addition, consumers may have incurred costs attempting to secure alternative credit. Consumers also may have spent time contacting the lenders to resolve these outstanding balances. This practice was not reasonably avoidable, as the lenders did not allow consumers to make payments to cure an outstanding balance of less than $1. The substantial injury to consumers was not outweighed by any countervailing benefits to consumers or competition. In response to these findings, Supervision directed the lenders to enhance system capabilities to allow consumers to pay off or automatically remove loan balances of less than $1 and refrain from preventing consumers from obtaining additional loans if they have balances of less than $1. 2.3.4 Designing Consumer Interfaces To Include Misrepresentations About Uses and Benefits of Tips and Tipping Examiners found that lenders designed consumer interfaces for paycheck advance products--sometimes marketed as ``earned wage'' products--to include statements and illustrations representing that if consumers paid tips, the tips would help specific numbers of customers and were a way to help other borrowers. In fact, lenders added tips to general revenues. A representation, omission, act, or practice is deceptive when: (1) the representation, omission, act or practice misleads or is likely to mislead the consumer; (2) the consumer's interpretation of the representation, omission, act or practice is reasonable under the circumstances; and (3) the misleading representation, omission, act or practice is material.\22\ Examiners found lenders engaged in deceptive acts and practices when they misled or were likely to mislead reasonable consumers through written and graphic references that correlated amounts of tips provided to numbers of people helped. They also misled or were likely to mislead reasonable consumers into believing tips directly benefited other customers, although in reality they added tips to general revenue. These representations were material because they were likely to affect customers' choices regarding tipping, including whether to tip and how much. --------------------------------------------------------------------------- \22\ 12 U.S.C. 5531. --------------------------------------------------------------------------- An abusive act or practice: (1) materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or (2) takes unreasonable advantage of: a lack of understanding on the part of the consumer of the material risks, costs or conditions of the product or service; the ability of the consumer to protect the interest of the consumer in selecting or using a financial product or service; or the reasonable reliance by the consumer on a covered person to act in the interest of the consumer.\23\ Examiners found that lenders engaged in abusive acts or practices when they took unreasonable advantage of consumers' inability to protect their interests in selecting or using consumer financial products or services. Lenders took unreasonable advantage of superior information in knowing that tips went to general revenue. Under the circumstances and given the misrepresentations, customers lacked the ability to make fully informed choices about whether and how much to tip, which affected the ability to protect their monetary interests. Lenders gained unreasonable advantages when they designed interfaces to take advantage of consumers' misimpressions, based on specific consumer research they conducted, and profited from tips that would not have been made or were higher than if customers had known tips went to general revenue. --------------------------------------------------------------------------- \23\ 12 U.S.C. 5535(a)(1)(B). See also CFPB, Policy on Abusive Acts or Practices, (Apr. 3, 2023), https://www.consumerfinance.gov/compliance/supervisory-guidance/policy-statement-on-abusiveness/#1. --------------------------------------------------------------------------- 2.3.5 Blocking Loan Account Closure and Continuing to Debit Deposit Accounts Examiners found that lenders engaged in deceptive acts and practices when they prevented paycheck advance product consumers from closing their loan accounts until they resolved pending debits, and continued debiting consumer deposit accounts, despite representations that accounts could be closed at any time and that lenders would not engage in collection activity. Lenders misled or were likely to mislead consumers through confusing and conflicting representations about how to close loan accounts and that consumers could cancel agreements and use of services at any time, the only consequences of nonpayment being placing loan accounts on hold. Consumers could reasonably interpret lenders' statements to mean that they could cancel agreements and services at any time, along with pending debits, and would not be blocked from closing their loan accounts until pending debits were processed. Lenders' representations were material because they were likely to affect consumer choice regarding whether to use the service in the first place and how they might employ funds differently if consumers understood debits continued after attempted account closure. Examiners also found that lenders engaged in abusive acts or practices when they took unreasonable advantage of consumers' inability to protect their interests when they blocked consumers from closing their loan accounts and continued to attempt to debit their deposit accounts, despite statements that consumers could close their accounts any time and that lenders would not engage in collection activity. Consumers could not protect their interests in selecting or using paycheck advance products because they were blocked from closing their loan accounts and were subject to repeated debits, despite representations that they could close their loan accounts at any time and lenders would not take repayment actions against them. At account opening, lenders led consumers to believe they could close their accounts anytime and avoid repeated debits. But after attempting account closure, consumers were subject to repeated debits and potentially to third-party fees. Lenders gained unreasonable advantage by inducing consumers to take out paycheck advance products under false premises, gaining more loan accounts than they otherwise would have. 2.3.6 Blocking Funds Transfers Examiners found that lenders engaged in unfair acts or practices when technology failures resulted in consumer having certain transfers blocked from linked deposit accounts to other personal accounts. Specifically, lenders offered a payment card linked to a particular deposit account in concert with the paycheck advance product, and during a specific time period, consumers who had not repaid the paycheck advances timely and had balances in these linked accounts were unable to access their funds in a timely manner. Lenders caused substantial injury because consumers were unable to access their funds in a timely manner and were denied access to funds. Other injury included time spent and trouble and aggravation caused when consumers tried to cure the problem. Consumers could not reasonably avoid or anticipate the injury because they were not warned of the error and could not resolve it themselves. The [[Page 613]] underlying technology failures and their consequences provided no discernible benefit to consumers or competition. 3. Supervisory Developments Set forth below are select supervision program developments including final rules and orders that have been issued since the last edition of Supervisory Highlights. 3.1.1 CFPB Issues Final Rule Governing Overdraft Lending at Very Large Financial Institutions On December 12, 2024, the CFPB issued a final rule related to overdraft lending.\24\ The final rule updates the Federal regulations governing overdraft fees for financial institutions with more than $10 billion in assets. Extensions of overdraft credit provided by these institutions will now adhere to the consumer protections required of similarly situated products, unless the overdraft fee is $5 or less, or otherwise only recovers estimated costs and losses. The rule will allow consumers to better comparison shop across credit products and provides substantive protections that apply to other consumer credit. --------------------------------------------------------------------------- \24\ The final rule is available at: cfpb_overdraft-regulatory- text-and-commentary_2024-12.pdf. --------------------------------------------------------------------------- 3.1.2 CFPB Orders Federal Supervision of Google Following Contested Designation On December 6, 2024, the CFPB published an order establishing supervisory authority over Google Payment Corp.\25\ This was the CFPB's second supervisory designation order in a contested matter. While Google Payment Corp. is already subject to CFPB's enforcement jurisdiction, the CFPB determined that Google Payment Corp. met the legal requirements for supervision. --------------------------------------------------------------------------- \25\ The Decision and Order is available at: cfpb_Publication- Redacted-Decision-and-Order-Designating-Google-Payment-for- Su_6EZQyMz.pdf. --------------------------------------------------------------------------- 3.1.3 CFPB Issues Final Rule Defining Larger Participants of a Market For General-Use Digital Consumer Payment Applications On November 21, 2024, the CFPB issued a final rule to establish authority over nonbank covered persons that are larger participants of a market for providing general-use digital consumer payment applications.\26\ The rule, which takes effect January 9, 2025, will allow the CFPB to supervise these firms, which provide widely-used payment wallet and funds transfer apps. Nonbank firms qualify as larger participants if their general-use digital consumer payment applications facilitate more than 50 million consumer payment transactions denominated in U.S. dollars per year and they are not small business concerns as defined by Small Business Administration regulations. The CFPB estimates that nonbank larger participants in this market collectively facilitated over 13 billion such consumer payment transactions annually. The rule will help the CFPB to ensure that these companies follow Federal consumer financial law just like large banks and credit unions already supervised by the CFPB. The rule also will help the CFPB to detect and assess risks to consumers and markets including emerging risks. --------------------------------------------------------------------------- \26\ The final rule, as published in the Federal Register, 89 FR 99582 (Dec. 10, 2024). Rohit Chopra, Director, Consumer Financial Protection Bureau. [FR Doc. 2024-31670 Filed 1-3-25; 8:45 am] BILLING CODE 4810-AM-P