CFPB highlights unlawful practices by consumer reporting agencies, debt collectors and payday lenders

by Ballard Spahr LLP

In its Spring 2014 Supervisory Highlights report issued yesterday, the CFPB highlighted deficiencies and violations it found during examinations of consumer reporting agencies (CRAs), debt collectors and payday lenders. The CFPB has authority to examine entities that qualify as “larger participants” under the final rules it adopted to supervise participants in the debt collection and consumer reporting markets and to examine payday lenders regardless of their size.

The report covers supervision work completed by the CFPB between November 2013 and February 2014. In the report, the CFPB stated that in 2013, it conducted over 100 supervisory activities such as full scope reviews and subsequent follow-up examinations and plans to conduct about 150 of such activities in 2014. It also noted that its “recent supervisory activities” (which included examinations of banks and non-bank entities) have resulted in more than $70 million in remediation to approximately 775,000 consumers. According to the report, these non-public actions have occurred in areas such as deposits, consumer reporting, credit cards, mortgage origination, and mortgage servicing.

The report also includes a discussion of the fair lending risks that arise when a lender makes exceptions to its credit standards, noting that CFPB examiners had observed instances “in which financial institutions lack adequate policies and procedures for managing [such risks].” In the report, the CFPB discussed the relevant fair lending elements of a “strong” compliance management system (CMS) and commented that its recommendations “will assist lenders in mitigating fair lending risk when making exceptions to credit standards while also furthering the purposes of Regulation B in promoting the availability of credit.”

Among those fair lending elements are policies and procedures that require documentation of credit standards exceptions, which the CFPB highlights in its discussion. The CFPB stated that such documentation should be appropriate to the specific exception and, at a minimum, sufficient to effectively monitor compliance with the exception policies. The documentation should also be sufficient to explain and provide details regarding the basis for granting any exception.

As to all three markets highlighted in the report (credit reporting, debt collection and payday lending), the CFPB found weaknesses in the CMSs of the nonbank entities it examined. Such weaknesses included lack of oversight by management of an entity’s CMS, ineffective oversight of third-party providers, failure to adopt appropriate written policies and procedures and/or establish a mechanism for regular reviews and updates, inadequate monitoring and tracking of complaints, and lack of effective compliance audit programs.

The specific deficiencies and violations that the CFPB found in the three markets included the following:

Consumer Reporting. CFPB examiners found that “one or more” CRAs were not forwarding to furnishers of disputed information all relevant documents submitted by consumers as required by Section 611 of the Fair Credit Reporting Act. It also found that “one or more CRAs” had refused to accept disputes filed online or by telephone unless the consumer used an identification number that the CRA had assigned to a consumer report or file disclosure it had provided to the consumer. While this practice did not apply to disputes sent by mail, the CRAs were not informing consumers of that option. According to the CFPB, because this practice suggested to consumers that they had to obtain a current report (often for a fee) to file a dispute, it was not consistent with Section 611 which requires a CRA to investigate disputes free of charge. The CFPB directed the relevant entities to eliminate this practice.

Debt Collection.

  • In addition to the general CMS issue noted above, the CFPB noted the failure of  “a creditor that relied on a network of debt buyers to collect its debts” to adequately assess the debt buyers’ compliance with Federal consumer financial law. According to the CFPB, although the creditor “ostensibly [regularly] reviewed” debt buyers for compliance, it did not have “specific policies and procedures to guide the assessment process” and the creditor documented its review “in a cursory manner, and often failed to retain the review results.”
  • The CFPB noted an instance in which a creditor had sold an account after issuing an IRS form to the consumer indicating that the debt had been cancelled and the consumer was no longer liable. Upon a subsequent review of its files, the creditor found “dozens of other instances where, because of a flaw in its record retention policy, it had sold cancelled debts.” The creditor agreed to modify its procedures going forward and was required to identify any consumers harmed by the sale of cancelled debts and remediate such harm.
  • In “several examinations,” the CFPB found that “supervised entities,” presumably debt collectors, were not obtaining the written authorization required by Regulation E when setting up payment plans for consumers providing for electronic payments.
  • Upon reviewing collection lawsuits initiated by a debt collector, the CFPB found that, in 70% of the cases where the consumer filed an answer, the entity would dismiss the lawsuit because it could not locate supporting documentation. The CFPB found that this practice violated the Fair Debt Collection Practices Act (FDCPA) because, having made an express or implied representation to a consumer that it intended to establish that the consumer owed a debt in the amount claimed in the lawsuit, the entity misled the consumer because it had no intention of proving its claim.
  • The CFPB found in one review that a debt collector that furnished information to CRAs failed to investigate disputes regarding that information and instead only directed the CRAs to delete the information. The CFPB directed the collector, going forward, to investigate such disputes.

Payday Lending.

  • The CFPB noted that debt collection is an “important focus” of its examination of payday lenders, with lender collection activities reviewed for UDAAP compliance and third-party collection activities reviewed for FDCPA and UDAAP compliance. The CFPB cited “multiple” lenders for UDAAP violations for their policies of: repeatedly making calls to third parties after making contact with the debtor, improperly disclosing personal debt information to third parties, continuing to call borrowers after receiving verbal or written do-not-call requests, and making false threats and claims during collection calls.
  • The CFPB suggested it has difficulty with loan applications that suggest any contact information provided will only be used for character or credit references when such contacts are sometimes called to locate a borrower who has defaulted.
  • The CFPB cited payday lenders for engaging in an unfair practice by making workplace visits to collect debts.
  • The CFPB found various FDCPA violations by third-party debt collectors hired by payday lenders. Stressing the obligation of payday lenders to oversee their relationships with third-party debt collectors to ensure compliance with Federal consumer financial law, the CFPB stated that how payday lenders conduct such oversight “will remain a focus for CFPB examiners.”
  • The CFPB indicated that at “one or more” payday lenders, it cited the lender for engaging in a deceptive practice by threatening to initiate ACH transactions that were contrary to the terms of the borrower’s loan agreement and that the lender did not intend to initiate.

We find troubling the CFPB’s imprecision as to the number of entities at which it found the various deficiencies and violations discussed. By using imprecise terms such as “multiple” or “one or more” entities instead of providing numbers, the CFPB obscures the magnitude or pervasiveness of the purported problems and detracts from the transparency it has promised.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP

Ballard Spahr LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.