CFPB Orders "Buy-Here, Pay-Here" Auto Dealer and Affiliate to Pay $6.5 Million for FCRA and CFPA Violations

by Carlton Fields
Contact

Last week, the Consumer Financial Protection Bureau (“CFPB” or “the Bureau”) filed a consent order against “buy-here, pay-here” (BHPH) auto dealer Interstate Auto Group d/b/a Car Hop (“Car Hop”), and its affiliated financing company, Universal Acceptance Corporation (UAC), assessing a $6,465,000 civil penalty for violations of the Fair Credit Reporting Act (FCRA) and the Dodd Frank Consumer Financial Protection Act (CFPA) prohibitions against deceptive acts and practices.

BHPH dealers typically sell vehicles to consumers with poor or insufficient credit histories in need of deep subprime credit. BPHP dealers may both originate and service the loans, at times through affiliated lenders, rather than selling them to third-party indirect lenders with more stringent credit guidelines. According to the Bureau, Car Hop is the nation’s largest BHPB dealer, with 50 locations in 15 states. Car Hop furnished credit for consumer automobile purchases through its related company, UAC, making it a “covered person” under the CFPA. The CFPB also found Car Hop subject to CFPB enforcement authority because it “operates a line of business [involving] extension of retail credit directly to consumers” and does not routinely assign contracts to unaffiliated third party sources.” Instead, CarHop assigned the contracts to UAC, which in turn reported customer account information to consumer reporting agencies (CRAs) on a monthly basis using industry standard electronic format.

The FCRA (§1681s-2(a)) prohibits a furnisher from reporting consumer information to a CRA that the furnisher knows or has reasonable cause to believe is inaccurate.” The CFPB’s  Reg V furnisher rule requires furnishers to establish and implement reasonable written policies and procedures regarding the accuracy of consumer information provided to CRAs. §1031 of the CFPA prohibits “unfair, deceptive, or abusive practices” in offering or providing consumer financial products and services. 

In its investigation, the Bureau found that on numerous occasions between 2009 and 2013, and on “a wide-spread and systematic basis,” UAC furnished information to CRAs “which it had reason to believe was inaccurate,” affecting more than 84,000 customers. The Bureau said that the information could harm the customers by lowering credit scores, hindering their ability to obtain credit, and hurting job application prospects. UAC also failed to specify an address to which consumers could send notice that information furnished was inaccurate. The CFPB found UAC violated the FCRA and Reg V Furnisher Rule by:

  • Reporting inaccurate information on consumers who returned vehicles:  Although CarHop permitted customers to voluntarily return vehicles within 72 hours of purchase for a full refund without any penalty or obligation, for some customers who did so, UAC inaccurately reported that the cars had been repossessed, that the consumers still owed money, that the account was paid or closed, or showed a charge off amount.
  • Reporting inaccuracies associated with resolved disputes:  CarHop often resolved disputes by accepting return of the vehicle and providing the customer with a notice that his or her account was settled with no further financial obligations. But UAC continued to inaccurately report information that said that the vehicle had been repossessed and the customer still had an outstanding balance or had been charged off, for months and years after some customers returned their vehicles and received the notice.
  • Failing to establish and implement reasonable written policies and procedures regarding the accuracy of consumer information provided to the CRAs until 2013.

Deceptive acts and practices found to be in violation of the CFPA involved marketing misrepresentations. Specifically, Car Hop represented to consumers that it reports “good credit” to the credit reporting companies and emphasized its part in “helping them build and maintain good credit.” However, through UAC, the company failed to furnish certain positive information, including information that would support “good credit,” for tens of thousands of consumers. The CFPB found that CarHop’s misrepresentations were material and likely to mislead consumers, in violation of §1031 (a) and 1036(a)(1)(B) of the CFPA. Under the terms of the CFPB orders, in addition to paying the $6,465,000 civil penalty CarHop and UAC must: 

  • Stop misrepresenting that they will report “good credit” or other positive information to the credit reporting companies. 
  • Notify the CRAs of inaccuracies reported by UAC and provide corrected information or request deletion of incorrect information if accurate information is not available.
  • Provide free credit reports to harmed consumers
  • Develop and Implement a process for auditing information furnished to CRAs to ensure accuracy of reported information, including monitoring and evaluating disputes received.
  • The consent order can be found on the CFPB website.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carlton Fields | Attorney Advertising

Written by:

Carlton Fields
Contact
more
less

Carlton Fields on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.