CFPB proposes settlement with debt collector for failing to investigate identity theft reports | Holland & Knight LLP


With the current COVID-19 pandemic, credit card companies could come under increased scrutiny, as Dave Uejio, acting director of the Consumer Financial Protection Bureau (CFPB), recently said that “the reports Credit Cards play a huge role in the financial lives of consumers “and” we will not tolerate companies that put inaccurate data on credit reports or that do not investigate consumer disputes. “

On August 16, 2021, the CFPB has submitted a proposal for a regulation to attempt to resolve a lawsuit against a debt collection firm, Fair Collections & Outsourcing (FCO), and its owner. The full impact of the case and the resulting settlement terms proposed by the CFPB remain to be seen, but the proposed settlement requires the attention of many players in the consumer debt selling and buying sectors. Creditors, including credit card companies and other institutions selling receivables, should be aware of the procedures put in place by debt buyers to ensure accurate reporting. The CFPB may seek to hold accountable not only those buyers of debt with inadequate policies and procedures or with insufficient adherence to them, but also those who sell them debt.

OCC background and guidelines

The idea of ​​a federal regulator examining the sellers of debt for the misdeeds of the buyers of that debt is not a new phenomenon. In 2014, the Office of the Comptroller of the Currency (OCC) issued a surveillance bulletin titled “Consumer debt sales: risk management guidelines“, OCC Bulletin 2014-37 (August 4, 2014), in which the OCC published what was a precedent on the sale by national banks of written off receivables to third party debt buyers.

What made these guidelines so groundbreaking was that they marked what appeared to be the first time that the OCC (or any federal banking regulator) asked banks to perform some measure of due diligence in matters of compliance on a counterparty to a sale of assets. According to the OCC: “Banks need to know what resources debt buyers are using to manage and pursue collections and take into account the past performance of debt buyers with consumer protection laws and regulations. The OCC was concerned that domestic banks “would give debt buyers access to customer files so that they could assess credit quality before the debt was sold, without banks first making disclosures. appropriate customer relationships, which was inconsistent with the banks’ internal privacy policies and applicable laws and regulations. ” The OCC also identified instances in which banks, debt buyers, or both had inadequate controls in place to protect the transfer of customer information, and further identified debt sale agreements between them. banks and debt buyers who lacked provisions for confidentiality and information security.

In order to address the risks perceived by the OCC in the sale of consumer receivables to third party receivables buyers, the OCC offered several recommendations for corrective measures for compliance. These recommendations include, but are not limited to, the following.

  • Ensure that appropriate internal policies and procedures are developed and implemented to govern debt sales agreements consistently across the bank.
  • Perform proper due diligence when selecting a debt buyer.
  • Make sure that the receivables sales agreements with the receivables buyers cover all important considerations.
  • Provide accurate and complete information regarding each debt sold at the time of the sale.
  • Certain types of receivables are not suitable for sale.
  • Comply with applicable laws and regulations. The consumer protection laws specifically referenced by the OCC are: the Fair Debt Collection Practices Act (FDCPA), the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Equal Credit Opportunity Act (ECOA) and the Federal Trade Commission Act (FTC Act).

Although the OCC, like other “prudential” banking regulators (for example, the Federal Reserve and the Federal Deposit Insurance Corporation), has long required its supervised banks to select suppliers, joint venture partners and other “third parties,” the 2014 guidelines marked the first time that the OCC has required banks to protect their existing customers by controlling a counterparty. It should be noted that the concerns of the OCC did not end with the national banks. Instead, the OCC made it clear that when it “becomes aware of concerns about buyers of non-bank debt, the agency refers these issues to the CFPB, which has jurisdiction over these entities.” Thus, there is clear regulatory coordination between prudential and consumer protection agencies to ensure that allegedly unfair, deceptive or abusive debt collection practices do not go unnoticed.

CFPB complaint and proposed settlement

CFPB’s complaint filed in the District of Maryland in 2019 alleged that the FCO violated the Consumer Financial Protection Act of 2010, FCRA and Regulation V by not having reasonable policies and procedures regarding accuracy and integrity information provided to credit reporting agencies (CRAs), including identity theft disputes that consumers submit to rating agencies. The CFPB alleged that the FCO failed to establish or implement reasonable written policies and procedures regarding the accuracy of the information provided and failed to conduct reasonable investigations into indirect consumer disputes, which resulted in the persistence of inaccurate information in credit reports. Specifically, the CFPB alleged that the FCO:

  • represented that consumers were in debt, when there was no reasonable basis for claiming that these consumers were in debt
  • failed to establish reasonable policies and procedures to investigate consumer disputes
  • failed to conduct reasonable investigations into disputes when consumers submitted identity theft reports

The CFPB also alleged that FCO violated the FDCPA by telling consumers they were in debt when they did not have a reasonable basis for this claim. The terms of the proposed settlement require that the FCO:

  • establish reasonable policies and procedures regarding the accuracy and integrity of the information provided
  • continue to assess the effectiveness of its policies and procedures by creating internal controls to identify practices or activities that compromise the accuracy or integrity of the information provided
  • establish an identity theft review program to guard against FCRA violations
  • create written admission policies and procedures to assess account information before starting collections
  • create policies to assess trends in consumer disputes and other signs of potential unreliability on accounts
  • retain the services of an independent consultant to conduct reviews of the information provided and debt collection activities in order to make further recommendations on its policies and procedures for compliance with federal law
  • pay a penalty of $ 850,000 to the Civil Sanctions Fund

What should I do now?

The proposed settlement emphasizes to creditors and debt buyers that a thorough review is likely to extend in the future. Buyers of receivables should have procedures in place that seek to accurately report consumer data, as well as comply with those procedures and seek improvement where improvements can be made. Some key considerations when reviewing policies for providing consumer information should include ensuring that internal controls exist to review policies relating to consumer data and also to continue to analyze and implement new ones. methods to improve reporting accuracy. Creditors need to do all of these same things and also take action to confirm that when they sell debt, so do buyers of that debt.

Given the CFPB’s emphasis on identity theft issues and in particular the alleged non-compliance with FTC Identity Theft reports submitted with indirect litigation received through the agencies of rating, all creditors and buyers of debt should consider reviewing their policies regarding these matters. It has long been essential to ensure that identity theft disputes are properly investigated to limit exposure to liability. Some of the FCRA’s biggest rewards relate to identity theft cases that have not been adequately investigated. CFPB’s emphasis on identity theft review programs reinforces the need for further compliance analysis in this area.

Finally, expect continued information sharing between prudential regulators and the CFPB to generate increased oversight and enforcement of CFPB oversight and enforcement on companies acquiring debt from banks. . In addition, the CFPB retains the authority to apply the principles of counterparty due diligence to any sale of debt from an unregulated lender by a bank to a debt buyer. The same principles to ensure that clients who are transferred to a debt buyer do not experience the abusive debt collection practices that inspired the OCC guidelines also inform the CFPB’s review of debt sales by originators. non-banking.

Leave A Reply

Your email address will not be published.