On July 26, the Consumer Financial Protection Bureau (CFPB or Bureau) released the summer edition of its Supervisory Highlights report, providing a high-level overview of alleged unfair, deceptive, or abusive acts or practices (UDAAP) identified by the agency during examinations from July 1, 2022 to March 31, 2023. The findings included in the report cover examinations in the areas of auto origination, auto servicing, consumer reporting, debt collection, deposits, fair lending, information technology, mortgage origination, mortgage servicing, payday and small dollar lending, and remittances.

In the report and accompanying press release, the CFPB promotes the purported benefits of being supervised by the agency. The CFPB also announces that several nonbanks have voluntarily consented to the CFPB’s supervisory authority, while citing its April 25, 2022 warning that it would use its “dormant authority” to examine nonbanks who “pose risks to consumers.” This signals that the CFPB will leverage its dormant supervisory authority (discussed here) to pressure companies into “voluntarily” consenting to be supervised because, if the company does not consent, the CFPB will publish its finding that the company poses risks to consumers as part of the process of imposing its supervisory authority.

For the most part, the UDAAP examples in this edition of Supervisory Highlights fall into well-understood issues that the Bureau has commented on in the past. But the finding related to powerbooking in the indirect auto industry — addressed in the first bullet of the list below — is brand-new and represents the CFPB’s effort to impose an unprecedented (and in our view, not well supported) duty on auto finance companies to make adjustments to a principal balance based on the existence of a misrepresentation made by the dealer to the lender about the vehicle. The Bureau last did this in 2016 by announcing in Supervisory Highlights that auto finance companies should prohibit repossession agents from charging personal property storage and retrieval fees, and the Bureau followed that announcement with both supervisory activity and a consent order in 2020 on the same subject. This is a statement that the auto finance industry should pay close attention to.

Below is a list of what the CFPB considered the most significant compliance issues identified by examiners during their supervisory activities:

Auto Lending/Servicing:

  • Examiners found that some dealers fraudulently documented options that were not actually present on the vehicle — sometimes called “powerbooking”. In the instances where these discrepancies were identified, servicers did not reduce the amount the consumers owed on the loan.
    • This strikes us as a major, brand-new expectation from the CFPB related to powerbooking that has little legal basis and which could be very significant for auto finance companies.
  • Examiners found that some institutions engaged in deceptive marketing when they used advertisements that pictured cars that were significantly larger, more expensive, and newer than the advertised loan offers related to.
  • Examiners found that some servicers engaged in unfair acts or practices by suspending recurring automated clearing house (ACH) payments prior to consumers’ final payment without notifying the consumers that the final payment must be made manually, resulting in missed payments and late fees.
  • Examiners found some servicers engaged in blanket cross-collateralization by accelerating and requiring payments from consumers on unrelated debts, such as credit cards, before consumers could reclaim their repossessed vehicles.

Debt Collection:

  • Examiners found that some debt collectors continued collection attempts for work-related medical debt after receiving information that the debt was uncollectible under state worker’s compensation law.
  • Examiners found some debt collectors advised consumers that if they paid the balance in full by a certain date any interest assessed on the debt would be reversed, but then failed to credit the consumers’ accounts for the accrued additional interest.

Payday Lending:

  • Examiners found that some payday lenders engaged in abusive and deceptive acts or practices by including language in loan agreements purporting to prohibit consumers from revoking their consent for the lender to call, text, or e-mail them.
  • Examiners found that some institutions made false collection threats related to litigation, garnishment, and late fees.
  • Examiners found that, with respect to consumers who signed voluntary wage deduction agreements, certain lenders sent demand notices to their employers incorrectly conveying that the employer was required to remit the full amount of the consumer’s loan balance when, in fact, the consumer had agreed to permit the lenders only to seek a wage deduction in the amount of the individual scheduled payment due.
  • Examiners found that some installment lenders failed to confirm that several thousand borrowers were not covered borrowers under the Military Lending Act (MLA), and thus originated loans at rates and terms impermissible under the MLA.
  • Examiners found that some lenders misrepresented to borrowers the impact that payment or nonpayment of debts in collection may have on the borrower’s credit reports.
    • This finding hearkens back to Bulletin 2013-08, where the Bureau asserted that such statements would be viewed as UDAAP violations.

Fair Lending:

  • Examiners found that some mortgage lenders violated the Equal Credit Opportunity Act (ECOA) and its implementing regulation, Regulation B, by discriminating in granting pricing exceptions across a range of ECOA-protected characteristics, including race, national origin, sex, or age.
  • The CFPB reviewed lending restrictions in underwriting policies and procedures at several lenders to evaluate fair lending risks and to assess compliance with ECOA and Regulation B specifically relating to how those lenders handled the treatment of applicants’ criminal records and whether the lenders properly treated income derived from public assistance.
    • Examiners found that criminal records prompted enhanced or second-level underwriting review, but policies and procedures at several institutions did not provide sufficient detail regarding how that review should be conducted, creating fair lending risk around the use of discretion.
    • Examiners also identified lenders whose underwriting policies and procedures improperly excluded income derived from certain public assistance programs or imposed stricter standards on income derived from public assistance programs.

Mortgage Servicing:

  • Examiners found that some servicers violated Regulation X by failing to evaluate loss mitigation applications within 30 days of receipt. Relatedly, some examiners found that servicers engaged in deceptive acts or practices when they informed consumers that they would evaluate their complete loss mitigation applications within 30 days, but then moved toward foreclosure without completing the evaluations.
  • Examiners found that some servicers violated Regulation X by failing to include required loss mitigation language on Spanish language application acknowledgment notices.
  • Examiners found that some servicers treated payments received by the transferor servicer during the 60-day period, but not transmitted by the transferor to the transferee until after the 60-day period, as late in violation of Regulation X. Relatedly, examiners found that some servicers violated Regulation X when they failed to maintain policies and procedures reasonably designed to achieve the objective of facilitating transfer of information during servicing transfers.

Information Technology:

  • Examiners found that some institutions engaged in unfair acts or practices by failing to implement adequate information technology security controls that could have prevented or mitigated cyberattacks. Specifically, according to the CFPB, the institutions’ password management policies for certain online accounts were weak, the entities failed to establish adequate controls in connection with log-in attempts, and the entities did not adequately implement multi-factor authentication or a reasonable equivalent for consumer accounts.
Photo of Chris Capurso Chris Capurso

Chris focuses his practice on consumer financial services compliance, guiding clients through the many federal and state laws and regulations that impact consumer credit programs.

Photo of Stefanie Jackman Stefanie Jackman

Stefanie takes a holistic approach to working with clients both through compliance counseling and assessment relating to consumer products and services, as well as serving as a zealous advocate in government inquiries, investigations, and consumer litigation.

Photo of James Kim James Kim

As a former senior enforcement attorney with the CFPB, James provides the industry knowledge and expertise that fintechs and financial institutions require when launching new products or facing regulatory scrutiny.

Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

Photo of Joseph Reilly Joseph Reilly

Financial services companies depend on Joe for all aspects of their regulatory and compliance needs. Drawing from two decades of experience in the sector, he provides actionable guidance in a complex and evolving landscape.

Photo of Lori Sommerfield Lori Sommerfield

With over two decades of consumer financial services experience in federal government, in-house, and private practice settings, and a specialty in fair lending regulatory compliance, Lori counsels clients in supervisory issues, examinations, investigations, and enforcement actions.

Photo of Chris Willis Chris Willis

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending…

Chris is the co-leader of the Consumer Financial Services Regulatory practice at the firm. He advises financial services institutions facing state and federal government investigations and examinations, counseling them on compliance issues including UDAP/UDAAP, credit reporting, debt collection, and fair lending, and defending them in individual and class action lawsuits brought by consumers and enforcement actions brought by government agencies.

Photo of Alan D. Wingfield Alan D. Wingfield

Alan Wingfield helps consumer-facing clients navigate compliance, litigation and regulatory risks posed by the complex web of state and federal consumer protection laws. He is a trusted advisor and tireless advocate, helping clients develop practical compliance and dispute-resolution strategies.