The Consumer Financial Protection Bureau (CFPB) announced a consent order with Navy Federal Credit Union (Navy Federal) on October 11, 2016. While financial institutions should always analyze CFPB consent orders closely and carefully scrutinize their relevant practices in light of the consent order, first-party creditors, debt collectors, and any financial institution that electronically restricts access due to a consumer’s default status should pay particular attention to this agreement.
CFPB Applies FDCPA Restrictions via UDAAP
In the consent order, the CFPB indicated that Navy Federal:
Threatened legal action or wage garnishment unless the consumer made a payment even though Navy Federal rarely took legal action;
Threatened to contact the consumer’s commanding officer when it had no intention to do so; and
Made representations to consumers regarding the impact on the consumer’s credit score of paying or failing to pay the debt when Navy Federal had not analyzed the particular consumer’s credit history to validate those assertions.
These allegations are common in enforcement actions involving the Fair Debt Collections Practices Act (FDCPA). See 15 U.S.C. § 1692e (“The threat to take any action that cannot legally be taken or that is not intended to be taken.”); July 2013 Bulletin on Representations Regarding the Effect of Debt Payments on Credit Reports and Credit Scores. The CFPB, in this consent order, however, indicated that these actions constituted “unfair, deceptive, or abusive” acts or practices (UDAAP) under the Consumer Financial Protection Act of 2010 (CFPA).
The CFPB’s use of UDAAP in this instance demonstrates the importance of FDCPA compliance for first-party creditors, as the CFPB has shown on numerous instances that it views conduct that would otherwise violate the FDCPA as a UDAAP. See, e.g., July 2013 Bulletin on UDAAPs (indicating that the CFPB views “empty threat” type allegations as UDAAPs). This will be even more important once the CFPB issues its new debt collection rules implementing the FDCPA. As a result, first-party creditors, like third-party debt collectors, should pay close attention to the CFPB’s debt collection proposal.
CFPB Ignores a Contractual Provision to Find a UDAAP
In the consent order, the CFPB also indicated that Navy Federal’s threats to disclose the debts to consumers’ military commanders constituted a UDAAP because Navy Federal was not authorized to disclose the debt to the consumers’ commanding officer. In doing so, the CFPB ignored a provision in the consumers’ account agreements that authorized this practice because the provision “was buried in fine print, non-negotiable, and not bargained for by consumers.”
The CFPB clearly believed this was an important point to make, as it had already established the conduct at issue was a UDAAP. Nonetheless, the consent order provided no guidance as to what constitutes “fine print” or how a financial intuition should structure its agreements to avoid similar results in the future. Additionally, given that virtually no contractual provisions in credit agreements are negotiated and bargained for by consumers, the implications of this consent order could be extremely broad. Under this line of reasoning, the CFPB could invalidate almost any provision.
Electronic Access Restrictions
The CFPB also addressed Navy Federal’s practice of freezing consumers’ electronic access and disabling electronic services after consumers became delinquent on credit accounts. The CFPB claimed that Navy Federal’s electronic access restriction was unfair to consumers because it was likely to cause injuries to consumers, the injuries were not reasonably avoidable, and the injuries were not outweighed by any countervailing benefit. The CFPB appeared to take issue with Navy Federal’s practice of applying the restriction at the member level by freezing the consumer’s access for all accounts even though the delinquency was only related to the credit account.
Financial institutions, however, should be careful about interpreting this consent order too narrowly. For instance, while the CFPB’s statement of its claim targeted Navy Federal’s specific electronic access restrictions, it is not hard to envision the CFPB claiming electronic access restrictions based upon default status constitute UDAAPs. For instance, the CFPB noted that Navy Federal’s restrictions:
Prevented consumers from “managing their accounts online;”
Prevented consumers from “accessing online or mobile platforms to check account balances;” and
Prevented consumers from “adding travel alert[s] to the consumer’s account through mobile platforms.”
Any electronic account restriction that limits a consumer’s ability to view account information and manage their account online arguably presents these same issues. Moreover, while the CFPB focused on the fact that the injuries were not reasonably avoidable because Navy Federal did not clearly disclose the policy when consumers opened accounts or before they became delinquent, a clearer disclosure may not have ultimately resolved the issue, as the CFPB may have simply said the disclosure was too “fine print” or non-negotiable. Plus, in the past, the CFPB has indicated that this prong may be satisfied simply by the fact that the practice is common in the industry. See CFPB Exam Manual, p. 175 (“[I]f almost all market participants engage in a practice, a consumer’s incentive to search elsewhere for better terms is reduced, and the practice may not be reasonably avoidable.”).
In light of the Navy Federal consent order, financial institutions should take a close look at their policies, practices, disclosures, and exceptions to electronic access restrictions tied to default status. While it is clear that access restrictions at the consumer level rather than the account level are problematic, it may have much broader implications and may be a shot across the bow to the financial industry concerning electronic access restrictions.